LVS集群-IP-TUN模式

LVS集群-IP-TUN模式

工作原理:

LVS-IPTUN
(理解IP版的LVS-DR模式)
1: Client --> Firewalld 源IP:CIP                目标IP:VIP
2: Firwalld --> Director 源IP:CIP               目标IP:VIP
3: Director --> RealServer 新源IP:DIP 源IP:CIP                   目标IP:VIP 新目标IP:RIP
4: RealServer --> Client 源IP:VIP                                         目标IP:CIP

 

部署开始

简易拓扑图:

 

 

 

 

 

 一、DIRCTOR配置

 

1、 DIRctor固化IP地址

 

[root@dirctor ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

 

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=288e688f-dd28-46f7-9ce2-debee7c1ce34
DEVICE=ens33
ONBOOT=yes
IPADDR=10.27.17.90
NETMASK=255.255.255.0
GATEWAY=10.27.17.1
DNS1=61.139.2.69

 

[root@dirctor network-scripts]# cp ifcfg-ens33 ifcfg-ens33:1

 

[root@dirctor network-scripts]# vim ifcfg-ens33:1

 

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33:1
UUID=288e688f-dd28-46f7-9ce2-debee7c1ce34
DEVICE=ens33:1
ONBOOT=yes
IPADDR=10.27.17.91
NETMASK=255.255.255.0
GATEWAY=10.27.17.1
DNS1=61.139.2.69

 

[root@dirctor network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.27.17.90 netmask 255.255.255.0 broadcast 10.27.17.255
inet6 fe80::9351:8416:9faa:76e9 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:66:21:ee txqueuelen 1000 (Ethernet)
RX packets 109969 bytes 9794715 (9.3 MiB)
RX errors 0 dropped 450 overruns 0 frame 0
TX packets 2639 bytes 367818 (359.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

 

ens33:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.27.17.91 netmask 255.255.255.0 broadcast 10.27.17.255
ether 00:0c:29:66:21:ee txqueuelen 1000 (Ethernet)

 

2、DIRCTOR安装ipvsadm

 

[root@dirctor ~]# yum install ipvsadm  

 

[root@dirctor ~]# systemclt enable ipvsadm

 

3、配置LVS-DR规则

 

[root@dirctor network-scripts]# ipvsadm -A -t 10.27.17.91:80 -s rr
[root@dirctor network-scripts]# ipvsadm -a -t 10.27.17.91:80 -r 10.27.17.92 -i
[root@dirctor network-scripts]# ipvsadm -a -t 10.27.17.91:80 -r 10.27.17.93 -i

 

 

 

[root@dirctor network-scripts]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.27.17.91:80 rr
-> 10.27.17.92:80 Tunnel 1 0 0
-> 10.27.17.93:80 Tunnel 1 0 0

 

二、releaserver进行配置(realserver1 和realserver2)

1、IP固化

[root@realserver1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

# Generated by dracut initrd
NAME="ens33"
DEVICE="ens33"
ONBOOT=yes
NETBOOT=yes
UUID="70ac0f65-cc23-49a4-89f0-48fc5baaeb97"
IPV6INIT=yes
BOOTPROTO=none
TYPE=Ethernet
IPADDR=10.27.17.92
NETMASK=255.255.255.0
GATEWAY=10.27.17.1

2、加载并配置IPIP模块  tunl0

[root@realserver1 network-scripts]# modprobe ipip
[root@realserver1 network-scripts]# ifconfig -a
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.27.17.92 netmask 255.255.255.0 broadcast 10.27.17.255
inet6 fe80::20c:29ff:feaa:52a8 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:aa:52:a8 txqueuelen 1000 (Ethernet)
RX packets 61591 bytes 5561858 (5.3 MiB)
RX errors 0 dropped 482 overruns 0 frame 0
TX packets 3059 bytes 320244 (312.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 42 bytes 9136 (8.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 9136 (8.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 10.27.17.91 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)

tunl0: flags=128<NOARP> mtu 1480
tunnel txqueuelen 1000 (IPIP Tunnel)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

 

[root@realserver1 network-scripts]# vim ifcfg-tunl0

DEVICE=tunl0
IPADDR=10.27.17.91
NETMASK=255.255.255.255
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
ONBOOT=yes
NAME=tunl0

3、安装并启动httpd

[root@realserver1 ~]#  yum -y install httpd

[root@realserver1 ~]# echo  10.27.17.92 > /var/www/html/index.html

[root@realserver1 ~]# systemctl restart httpd

4、关闭ARP转发

[root@realserver1 ~]# vim /etc/sysctl.conf              #最后添加。

net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

[root@realserver1 network-scripts]# sysctl -p

net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

 

 

realserver2 同上操

 

5、测试

 

 

 

posted @ 2019-09-27 16:44  科子  阅读(333)  评论(0编辑  收藏  举报