lvs-dr模式
lvs-dr 模式配置
环境 | IP | 服务 |
centos8 |
eth0 NAT DIP 192.168.248.202/24 lo VIP 192.168.248.240/32 |
DR |
centos8 |
eth0 NAT 192.168.248.200/24 lo VIP 192.168.248.240/32 |
RS1 httpd |
centos8 |
eth0 NAT 192.168.248.201/24 lo VIP 192.168.248.240/32 |
RS2 httpd |
centos8 |
192.168.248.129 |
Client |
配置RS,两台RS都需要配置
#临时生效,修改内核参数,关闭通过与应答 [root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce [root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce [root@RS1 ~]# ifconfig lo:1 192.168.248.240/32 [root@RS1 ~]# route add -host 192.168.248.240 dev lo #RS2 临时生效 [root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce [root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce [root@RS2 ~]# ifconfig lo:1 192.168.248.240/32 [root@RS2 ~]# route add -host 192.168.248.240 dev lo #RS1 [root@RS1 ~]# yum -y install httpd [root@RS1 ~]# echo RS1 > /var/www/html/index.html [root@RS1 ~]# systemctl start httpd #RS2 [root@RS2 ~]# yum -y install httpd [root@RS2 ~]# echo RS2 > /var/www/html/index.html [root@RS2 ~]# systemctl start httpd
DR的配置
[root@DR ~] ifconfig lo:1 192.168.248.240/32 #配置路由信息 [root@DR ~]# route add -host 192.168.248.240 dev lo [root@DR ~]# yum -y install ipvsadm #添加规则 [root@DR ~]# ipvsadm -At 192.168.248.240:80 -s wrr [root@DR ~]# ipvsadm -at 192.168.248.240:80 -r 192.168.248.200 -g [root@DR ~]# ipvsadm -at 192.168.248.240:80 -r 192.168.248.201 -g
Client上测试访问
[root@Client ~]# for i in `seq 5`;do curl 192.168.248.240;done RS1 RS2 RS1 RS2 RS1
实现HTTPS负载均衡集群
#RS上安装mod_ssl [root@RS1 ~]# yum -y install mod_ssl [root@RS2 ~]# yum -y install mod_ssl #这里就不做证书,使用默认的证书,重启服务查看443是否启动 [root@RS1 ~]# systemctl restart httpd [root@RS2 ~]# systemctl restart httpd #443端口已经起来 [root@RS1 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 128 *:443
DR上配置规则
[root@DR ~]# ipvsadm -At 192.168.248.240:443 -s wrr [root@DR ~]# ipvsadm -at 192.168.248.240:443 -r 192.168.248.200 -g [root@DR ~]# ipvsadm -at 192.168.248.240:443 -r 192.168.248.201 -g
Client上访问
[root@Client ~]# for i in `seq 5`;do curl -k https://192.168.248.240;curl http://192.168.248.240 ;done RS2 RS2 RS1 RS1 RS2 RS2 RS1 RS1 RS2 RS2
添加防火墙标签
[root@DR ~]# iptables -t mangle -A PREROUTING -d 192.168.248.240 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 999 [root@DR ~]# ipvsadm -C [root@DR ~]# ipvsadm -Af 999 -s wrr [root@DR ~]# ipvsadm -af 999 -r 192.168.248.200 -g [root@DR ~]# ipvsadm -af 999 -r 192.168.248.201 -g
访问测试
[root@Client ~]# for i in `seq 5`;do curl -k https://192.168.248.240;curl http://192.168.248.240 ;done RS2 RS1 RS2 RS1 RS2 RS1 RS2 RS1 RS2 RS1