lvs-dr模式

lvs-dr 模式配置

环境 IP 服务
centos8

eth0  NAT   DIP  192.168.248.202/24

lo  VIP 192.168.248.240/32

DR
centos8

eth0 NAT 192.168.248.200/24

lo VIP 192.168.248.240/32

RS1 httpd
centos8

eth0 NAT  192.168.248.201/24

lo VIP 192.168.248.240/32

RS2 httpd
centos8

192.168.248.129

Client

 

配置RS,两台RS都需要配置

#临时生效,修改内核参数,关闭通过与应答
[root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce 
[root@RS1 ~]#  ifconfig  lo:1  192.168.248.240/32
[root@RS1 ~]# route add -host 192.168.248.240 dev lo
#RS2 临时生效
[root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce 
[root@RS2 ~]#  ifconfig  lo:1  192.168.248.240/32
[root@RS2 ~]# route add -host 192.168.248.240 dev lo


#RS1
[root@RS1 ~]# yum -y  install httpd
[root@RS1 ~]# echo RS1 > /var/www/html/index.html
[root@RS1 ~]# systemctl  start httpd

#RS2
[root@RS2 ~]# yum -y  install httpd
[root@RS2 ~]# echo RS2 > /var/www/html/index.html
[root@RS2 ~]# systemctl  start httpd

 

 

DR的配置

[root@DR ~]  ifconfig  lo:1  192.168.248.240/32

#配置路由信息
[root@DR ~]# route add -host 192.168.248.240 dev lo

[root@DR ~]# yum -y install ipvsadm

#添加规则
[root@DR ~]# ipvsadm -At 192.168.248.240:80 -s wrr
[root@DR ~]# ipvsadm -at 192.168.248.240:80 -r 192.168.248.200 -g
[root@DR ~]# ipvsadm -at 192.168.248.240:80 -r 192.168.248.201 -g

 

Client上测试访问

[root@Client ~]# for i in `seq 5`;do curl 192.168.248.240;done
RS1
RS2
RS1
RS2
RS1

 

实现HTTPS负载均衡集群

#RS上安装mod_ssl
[root@RS1 ~]# yum -y install mod_ssl
[root@RS2 ~]# yum -y install mod_ssl

#这里就不做证书,使用默认的证书,重启服务查看443是否启动
[root@RS1 ~]# systemctl  restart httpd
[root@RS2 ~]# systemctl  restart httpd

#443端口已经起来
[root@RS1 ~]# ss -antl
State          Recv-Q         Send-Q                 Local Address:Port                  Peer Address:Port         
LISTEN         0              128                          0.0.0.0:22                         0.0.0.0:*            
LISTEN         0              128                                *:80                               *:*            
LISTEN         0              128                             [::]:22                            [::]:*            
LISTEN         0              128                                *:443 

 

DR上配置规则

[root@DR ~]# ipvsadm -At 192.168.248.240:443 -s wrr
[root@DR ~]# ipvsadm -at 192.168.248.240:443 -r 192.168.248.200 -g
[root@DR ~]# ipvsadm -at 192.168.248.240:443 -r 192.168.248.201 -g

 

Client上访问

[root@Client ~]# for i in `seq 5`;do curl -k https://192.168.248.240;curl http://192.168.248.240 ;done
RS2
RS2
RS1
RS1
RS2
RS2
RS1
RS1
RS2
RS2

 

添加防火墙标签

[root@DR ~]# iptables -t mangle -A PREROUTING -d 192.168.248.240 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 999

[root@DR ~]# ipvsadm -C
[root@DR ~]# ipvsadm -Af 999 -s wrr
[root@DR ~]# ipvsadm -af 999 -r 192.168.248.200 -g
[root@DR ~]# ipvsadm -af 999 -r 192.168.248.201 -g

 

访问测试

[root@Client ~]# for i in `seq 5`;do curl -k https://192.168.248.240;curl http://192.168.248.240 ;done
RS2
RS1
RS2
RS1
RS2
RS1
RS2
RS1
RS2
RS1

 

posted @ 2021-05-07 23:37  第七爻  阅读(78)  评论(0编辑  收藏  举报