linux LVS的DR模式实现

架构图:
image

环境:

一台:客户端 eth0:仅主机 192.168.10.6/24 GW:192.168.10.200

一台:ROUTER
eth0 :NAT  10.0.0.200/24
eth1: 仅主机 192.168.10.200/24
启用 IP_FORWARD

一台:LVS
eth0:NAT:DIP:10.0.0.8/24 GW:10.0.0.200

两台RS:
RS1:eth0:NAT:10.0.0.7/24   GW:10.0.0.200
RS2:eth0:NAT:10.0.0.17/24 GW:10.0.0.200

配置:
Router

[root@Router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.200
PREFIX=24

[root@Router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.10.200
PREFIX=24


#开启Router的ip_forward功能
[root@Router ~]# cat /etc/sysctl.d/99-sysctl.conf 
net.ipv4.ip_forward = 1

[root@Router ~]# sysctl -p
net.ipv4.ip_forward = 1

Client:

tom@Client:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#auto eth0
#iface eth0 inet dhcp


auto eth0
iface eth0 inet static
address 192.168.10.6
netmask 255.255.255.0
gateway 192.168.10.200


tom@Client:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.10.200  0.0.0.0         UG    0      0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0

LVS:

[root@LVS ~]# cat  /etc/sysconfig/network-scripts/ifcfg-ens160 
TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.8
PREFIX=24
GATEWAY=10.0.0.200
DNS1=180.76.76.76


[root@LVS ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0

#在LVS上添加VIP
ifconfig lo:1 10.0.0.100/32

#实现LVS 规则
[root@LVS ~]#dnf -y install ipvsadm
[root@LVS ~]#ipvsadm -A -t 10.0.0.100:80 -s rr
[root@LVS ~]#ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.7:80 -g 
[root@LVS ~]#ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.17:80 -g

[root@LVS ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.0.100:80 rr
  -> 10.0.0.7:80                  Route   1      0          0         
  -> 10.0.0.17:80                 Route   1      0          0 

RS1:

[root@RS1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.7
PREFIX=24
GATEWAY=10.0.0.200

[root@RS1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0

#设置RS1的VIP
[root@RS1 ~]# ifconfig lo:1 10.0.0.100/32

#RS1的IPVS配置
#关闭配置vip网卡的arp的两个内核参数 
#需要写入配置文件中才会重启生效
[root@RS1 ~]#echo 1 >  /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS1 ~]#echo 2 >  /proc/sys/net/ipv4/conf/all/arp_announce

[root@RS1 ~]#echo 1 >  /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS1 ~]#echo 2 >  /proc/sys/net/ipv4/conf/lo/arp_announce

#设置RS1的web服务
[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# systemctl enable --now httpd
[root@RS1 ~]# 10.0.0.17 rs1	 -I > /var/www/html/index.html
[root@RS1 ~]# curl 10.0.0.17
10.0.0.17 rs1

RS2:

[root@RS2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.200

[root@RS2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0

#设置RS2的VIP
[root@RS2 ~]# ifconfig lo:1 10.0.0.100/32

#RS2的IPVS配置
[root@RS2 ~]#echo 1 >  /proc/sys/net/ipv4/conf/all/arp_ignore #忽略请求
[root@RS2 ~]#echo 2 >  /proc/sys/net/ipv4/conf/all/arp_announce #对外宣传
[root@RS2 ~]#echo 1 >  /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS2 ~]#echo 2 >  /proc/sys/net/ipv4/conf/lo/arp_announce

#安装并启动web服务
[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# systemctl enable --now httpd
[root@RS2 ~]# 10.0.0.17 rs1	 -I > /var/www/html/index.html
[root@RS2 ~]# curl 10.0.0.7
10.0.0.7 rs2

测试:

tom@Client:~$ curl 10.0.0.100
10.0.0.7 rs1
tom@Client:~$ curl 10.0.0.100
10.0.0.7 rs1

说明:

DR模型中各主机上均需要配置VIP,解决地址冲突的方式有三种:

  • (1) 在前端网关做静态绑定

  • (2) 在各RS使用arptables

  • (3) 在各RS修改内核参数,来限制arp响应和通告的级别

限制响应级别:arp_ignore

  • 0:默认值,表示可使用本地任意接口上配置的任意地址进行响应

  • 1:仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时,才给予响应

限制通告级别:arp_announce

  • 0:默认值,把本机所有接口的所有信息向每个接口的网络进行通告

  • 1:尽量避免将接口信息向非直接连接网络进行通告

  • 2:必须避免将接口信息向非本网络进行通告

注意:
lvs的DR模式,不支持端口映射功能,DR模式只修改数据链路层,不会修改网络链层以上。

posted on 2022-10-27 10:35  背对背依靠  阅读(129)  评论(0编辑  收藏  举报