LVS集群-IP-TUN模式
LVS集群-IP-TUN模式
工作原理:
LVS-IPTUN
(理解IP版的LVS-DR模式)
1: Client --> Firewalld 源IP:CIP 目标IP:VIP
2: Firwalld --> Director 源IP:CIP 目标IP:VIP
3: Director --> RealServer 新源IP:DIP 源IP:CIP 目标IP:VIP 新目标IP:RIP
4: RealServer --> Client 源IP:VIP 目标IP:CIP
部署开始
简易拓扑图:
一、DIRCTOR配置
1、 DIRctor固化IP地址
[root@dirctor ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=288e688f-dd28-46f7-9ce2-debee7c1ce34
DEVICE=ens33
ONBOOT=yes
IPADDR=10.27.17.90
NETMASK=255.255.255.0
GATEWAY=10.27.17.1
DNS1=61.139.2.69
[root@dirctor network-scripts]# cp ifcfg-ens33 ifcfg-ens33:1
[root@dirctor network-scripts]# vim ifcfg-ens33:1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33:1
UUID=288e688f-dd28-46f7-9ce2-debee7c1ce34
DEVICE=ens33:1
ONBOOT=yes
IPADDR=10.27.17.91
NETMASK=255.255.255.0
GATEWAY=10.27.17.1
DNS1=61.139.2.69
[root@dirctor network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.27.17.90 netmask 255.255.255.0 broadcast 10.27.17.255
inet6 fe80::9351:8416:9faa:76e9 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:66:21:ee txqueuelen 1000 (Ethernet)
RX packets 109969 bytes 9794715 (9.3 MiB)
RX errors 0 dropped 450 overruns 0 frame 0
TX packets 2639 bytes 367818 (359.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.27.17.91 netmask 255.255.255.0 broadcast 10.27.17.255
ether 00:0c:29:66:21:ee txqueuelen 1000 (Ethernet)
2、DIRCTOR安装ipvsadm
[root@dirctor ~]# yum install ipvsadm
[root@dirctor ~]# systemclt enable ipvsadm
3、配置LVS-DR规则
[root@dirctor network-scripts]# ipvsadm -A -t 10.27.17.91:80 -s rr
[root@dirctor network-scripts]# ipvsadm -a -t 10.27.17.91:80 -r 10.27.17.92 -i
[root@dirctor network-scripts]# ipvsadm -a -t 10.27.17.91:80 -r 10.27.17.93 -i
[root@dirctor network-scripts]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.27.17.91:80 rr
-> 10.27.17.92:80 Tunnel 1 0 0
-> 10.27.17.93:80 Tunnel 1 0 0
二、releaserver进行配置(realserver1 和realserver2)
1、IP固化
[root@realserver1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
# Generated by dracut initrd
NAME="ens33"
DEVICE="ens33"
ONBOOT=yes
NETBOOT=yes
UUID="70ac0f65-cc23-49a4-89f0-48fc5baaeb97"
IPV6INIT=yes
BOOTPROTO=none
TYPE=Ethernet
IPADDR=10.27.17.92
NETMASK=255.255.255.0
GATEWAY=10.27.17.1
2、加载并配置IPIP模块 tunl0
[root@realserver1 network-scripts]# modprobe ipip
[root@realserver1 network-scripts]# ifconfig -a
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.27.17.92 netmask 255.255.255.0 broadcast 10.27.17.255
inet6 fe80::20c:29ff:feaa:52a8 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:aa:52:a8 txqueuelen 1000 (Ethernet)
RX packets 61591 bytes 5561858 (5.3 MiB)
RX errors 0 dropped 482 overruns 0 frame 0
TX packets 3059 bytes 320244 (312.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 42 bytes 9136 (8.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 9136 (8.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 10.27.17.91 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
tunl0: flags=128<NOARP> mtu 1480
tunnel txqueuelen 1000 (IPIP Tunnel)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@realserver1 network-scripts]# vim ifcfg-tunl0
DEVICE=tunl0
IPADDR=10.27.17.91
NETMASK=255.255.255.255
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
ONBOOT=yes
NAME=tunl0
3、安装并启动httpd
[root@realserver1 ~]# yum -y install httpd
[root@realserver1 ~]# echo 10.27.17.92 > /var/www/html/index.html
[root@realserver1 ~]# systemctl restart httpd
4、关闭ARP转发
[root@realserver1 ~]# vim /etc/sysctl.conf #最后添加。
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@realserver1 network-scripts]# sysctl -p
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
realserver2 同上操
5、测试