NAT模式
顺序 | 发出方 | 接收方 |
1 | CIP:192.168.10.6/24 Client/eth0.MAC | VIP:192.168.10.100/24 LVS/eth1.MAC |
2 | 192.168.10.6/24 Client/eth0.MAC | RIP:10.0.0204/24(205/24) RS1(RS2)/eth0.MAC |
.3 | RIP:10.0.0.204/24(205/24) RS1(RS2)/eth0.MAC | CIP:192.168.10.6/24 Client/eth0.MAC |
4 | VIP:192.168.10.100/24 LVS/eth1.MAC | CIP:192.168.10.6/24 Client/eth0.MAC |
#实验准备四台机器
client CIP:192.168.10.6/24
LVS VIP:192.168.10.100 DIP:10.0.0.203
RS1 RIP:10.0.0.204
RS2 RIP:10.0.0.205
#准备网络配置
[root@client ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 192.168.10.6/24
[root@LVS ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.204/24
gateway4: 10.0.0.2
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
eth1:
addresses:
- 192.168.10.100/24
[root@RS1 ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.205/24
gateway4: 10.0.0.204
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
[root@RS2 ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.206/24
gateway4: 10.0.0.204
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
#安装RS1和RS2应用
apt -y install apache2 mysql-server
echo Hello Welcome To RS2 > /var/www/html/index.html
curl localhost
mysql -e "select @@hostname"
#配置LVS
[root@LVS ~]#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@LVS ~]#sysctl -p
[root@LVS ~]#apt -y install ipvsadm
[root@LVS ~]#ipvsadm -A -t 192.168.10.100:80 -s rr #此处使用的调度算是是静态的轮询rr
[root@LVS ~]#ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.205:80 -m #此处使用的模式是NAT模式
[root@LVS ~]#ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.206:80 -m #此处使用的模式是NAT模式
[root@LVS ~]#ipvsadm -Ln #cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.100:80 rr
-> 10.0.0.205:80 Masq 1 0 0
-> 10.0.0.206:80 Masq 1 0 0
#client 测试(rr轮询算法,所以各出现一次)
[root@client ~]#curl 192.168.10.100
Hello Welcome To RS2
[root@client ~]#curl 192.168.10.100
Hello Welcome To RS1
[root@client ~]#curl 192.168.10.100
Hello Welcome To RS2
[root@client ~]#curl 192.168.10.100
Hello Welcome To RS1
[root@client ~]#curl 192.168.10.100
Hello Welcome To RS2
[root@client ~]#curl 192.168.10.100
Hello Welcome To RS1
#LVS服务器上查看CIP记录
[root@LVS ~]#ipvsadm -Lnc #cat /proc/net/ip_vs_conn
IPVS connection entries
pro expire state source virtual destination
TCP 01:15 TIME_WAIT 192.168.10.6:35014 192.168.10.100:80 10.0.0.206:80
TCP 01:21 TIME_WAIT 192.168.10.6:35036 192.168.10.100:80 10.0.0.205:80
TCP 01:18 TIME_WAIT 192.168.10.6:35024 192.168.10.100:80 10.0.0.205:80
TCP 01:17 TIME_WAIT 192.168.10.6:35022 192.168.10.100:80 10.0.0.206:80
TCP 01:19 TIME_WAIT 192.168.10.6:35028 192.168.10.100:80 10.0.0.205:80
TCP 01:17 TIME_WAIT 192.168.10.6:35020 192.168.10.100:80 10.0.0.205:80
TCP 01:16 TIME_WAIT 192.168.10.6:35018 192.168.10.100:80 10.0.0.206:80
TCP 01:15 TIME_WAIT 192.168.10.6:35012 192.168.10.100:80 10.0.0.205:80
TCP 01:20 TIME_WAIT 192.168.10.6:35034 192.168.10.100:80 10.0.0.206:80
TCP 01:20 TIME_WAIT 192.168.10.6:35032 192.168.10.100:80 10.0.0.205:80
TCP 01:19 TIME_WAIT 192.168.10.6:35030 192.168.10.100:80 10.0.0.206:80
TCP 01:18 TIME_WAIT 192.168.10.6:35026 192.168.10.100:80 10.0.0.206:80
TCP 01:16 TIME_WAIT 192.168.10.6:35016 192.168.10.100:80 10.0.0.205:80
TCP 01:14 TIME_WAIT 192.168.10.6:47002 192.168.10.100:80 10.0.0.206:80
#Ubuntu保存规则
[root@LVS ~]#ipvsadm -Sn > /etc/ipvsadm.rules
[root@LVS ~]#vim /etc/default/ipvsadm
# if you want to start ipvsadm on boot set this to true
AUTO="true"
#Redaht保存规则
[root@rocky8 ~]#ipvsadm-save -n > /etc/sysconfig/ipvsadm
[root@rocky8 ~]#systemctl enable ipvsadm.service
#问题:LVS 打开监听VIP相关的端口吗?
不打开,因为LVS监听端口是内核的工作,不是应用服务的,所以用ss命令无法看到集群对应端口
#修改调度算法为 WRR 和后端服务器的端口(加权重的轮询,后端RS1的apache服务修改为8080端口)
[root@RS1 ~]#curl localhost:8080
Hello Welcome To RS1
[root@LVS ~]#ipvsadm -E -t 192.168.10.100:80 -s wrr
[root@LVS ~]#ipvsadm -d -t 192.168.10.100:80 -r 10.0.0.205:8080
[root@LVS ~]#ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.205:8080 -m -w3 #权重设置为三
[root@LVS ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.100:80 wrr
-> 10.0.0.205:8080 Masq 3 0 0
-> 10.0.0.206:80 Masq 1 0 0
#测试client访问(wrr算法,因为RS1权重3,RS2权重1所以RS1出现三次,RS2出现1次)
[root@client ~]#while :;do curl 192.168.10.100;sleep 0.5;done
Hello Welcome To RS1
Hello Welcome To RS2
Hello Welcome To RS1
Hello Welcome To RS1
Hello Welcome To RS1
Hello Welcome To RS2
Hello Welcome To RS1
Hello Welcome To RS1
Hello Welcome To RS1
Hello Welcome To RS2
Hello Welcome To RS1
DR模式
#准备机器
client CIP:192.168.10.6/24
Route: 10.0.0.207/24 192.168.10.200/24
LVS VIP:10.0.0.100 DIP:10.0.0.204
RS1 VIP:10.0.0.100 RIP:10.0.0.205
RS2 VIP:10.0.0.100 RIP:10.0.0.206
#网络配置
[root@client ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 192.168.10.6/24
gateway4: 192.168.10.200
[root@Route ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.207/24
gateway4: 10.0.0.2
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
eth1:
addresses:
- 192.168.10.200/24
[root@LVS ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.204/24
gateway4: 10.0.0.207
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
[root@RS1 ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.205/24
gateway4: 10.0.0.207
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
[root@RS2 ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.206/24
gateway4: 10.0.0.207
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
#配置后端机器RS1,RS2
#设置vip地址
ifconfig lo:1 10.0.0.100/32
#防止VIP地址冲突禁止lo网卡回应广播
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#查看参数变量
cat /proc/sys/net/ipv4/conf/all/arp_ignore
cat /proc/sys/net/ipv4/conf/all/arp_announce
cat /proc/sys/net/ipv4/conf/lo/arp_ignore
cat /proc/sys/net/ipv4/conf/lo/arp_announce
#恢复参数变量
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
#永久生效就写入/etc/sysctl.conf文件
#配置LVS
[root@LVS ~]#ipvsadm -A -t 10.0.0.100:80 -s rr
[root@LVS ~]#ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.205:80 -g
[root@LVS ~]#ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.206:80 -g
[root@LVS ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 rr
-> 10.0.0.205:80 Route 1 0 0
-> 10.0.0.206:80 Route 1 0 0
#测试访问
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS2
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS1
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS2
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS1
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS2
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS1
#LVS的eth0的网关可否不配置?如果随便配置,发现什么问题?如果不配置,怎么解决?
没修改内核参数的情况下必须配置,但可以随便配置,因为内核会校验数据包是否有可能返回,不配置网关的话会导致内核认为数据包不可能返回所以就会丢包,随意配置可以让内核认为数据包可能返回就不会丢包,但随意配置会导致服务器不能连接外网,所以生产请正确配置
内核参数:
#默认值为1
[root@centos8 ~]#cat /proc/sys/net/ipv4/conf/all/rp_filter
1
#修改内核参数为0
[root@lvs ~]#echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter
#说明:参数rp_filter用来控制系统是否开启对数据包源地址的校验。
#0标示不开启地址校验
#1表开启严格的反向路径校验。对每一个收到的数据包,校验其反向路径是否是最佳路径。如果反向路径不是最佳路径,则直接丢弃该数据包;
#2表示开启松散的反向路径校验,对每个收到的数据包,校验其源地址是否可以到达,即反向路径是否可以ping通,如反向路径不通,则直接丢弃该数据包。
#LVS的VIP可以配置到lo网卡,但必须使用32位的netmask,为什么?
因为lo为回环网卡,回环网卡的特点,上面配置的IP网段全段都会被服务器认为是本机,这样会导致某一网段的地址全部无法正常访问
TUNNEL模式
#机器配置
client CIP:192.168.10.6/24
Route: 10.0.0.207/24 192.168.10.200/24
LVS VIP:10.0.0.100 DIP:10.0.0.204
RS1 VIP:10.0.0.100 RIP:10.0.0.205
RS2 VIP:10.0.0.100 RIP:10.0.0.206
#网络配置
[root@client ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 192.168.10.6/24
gateway4: 192.168.10.200
[root@Route ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.207/24
gateway4: 10.0.0.2
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
eth1:
addresses:
- 192.168.10.200/24
[root@LVS ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.204/24
gateway4: 10.0.0.207
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
[root@RS1 ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.205/24
gateway4: 10.0.0.207
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
[root@RS2 ~]#vim /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.206/24
gateway4: 10.0.0.207
nameservers:
addresses: [180.76.76.76, 223.6.6.6]
#配置后端RS1,RS2
ifconfig tunl0 10.0.0.100 netmask 255.255.255.255 up
#防止VIP地址冲突禁止lo网卡回应广播
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#查看参数变量
cat /proc/sys/net/ipv4/conf/all/arp_ignore
cat /proc/sys/net/ipv4/conf/all/arp_announce
cat /proc/sys/net/ipv4/conf/lo/arp_ignore
cat /proc/sys/net/ipv4/conf/lo/arp_announce
#恢复参数变量
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
#永久生效就写入/etc/sysctl.conf文件
#LVS配置
[root@LVS ~]#ifconfig tunl0 10.0.0.100 netmask 255.255.255.255 up
[root@LVS ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:ed:47:94 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.204/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feed:4794/64 scope link
valid_lft forever preferred_lft forever
4: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 10.0.0.100/32 scope global tunl0
valid_lft forever preferred_lft forever
[root@LVS ~]#ipvsadm -A -t 10.0.0.100:80 -s rr
[root@LVS ~]#ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.205 -i
[root@LVS ~]#ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.206 -i
[root@LVS ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 rr
-> 10.0.0.205:80 Tunnel 1 0 0
-> 10.0.0.206:80 Tunnel 1 0 0
#client测试
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS2
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS1
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS2
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS1
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS2
[root@client ~]#curl 10.0.0.100
Hello Welcome To RS1