Linux-LVS-DR模式多网段
实验环境
客户端:centos7 IP:192.168.10.6/24 GW:192.168.10.200
路由器:centos7 eth0:10.0.0.200/24
eth0:172.16.0.200/24
eth1:192.168.10.200/24
LVS: centos7 lo:VIP:172.16.0.100/32 GW:10.0.0.200
eth0:DIP:10.0.0.8/24
RS1: centos7 lo:VIP:172.16.0.100/32 GW:10.0.0.200
eth0:RIP1:10.0.0.7/24
RS2: centos7 lo:VIP:172.16.0.100/32 GW:10.0.0.200
eth0:RIP1:10.0.0.17/24
1、搭建网络环境
客户端
[root@client-internet ~]#hostname -I 192.168.10.6 [root@client-internet ~]#ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.6 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::250:56ff:fe3a:a4ce prefixlen 64 scopeid 0x20<link> ether 00:50:56:3a:a4:ce txqueuelen 1000 (Ethernet) RX packets 148 bytes 13546 (13.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 128 bytes 14113 (13.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 12 bytes 1108 (1.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 12 bytes 1108 (1.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@client-internet ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.10.200 0.0.0.0 UG 100 0 0 eth0 192.168.10.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
路由器 router-server
[root@router-server ~]#ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:29:7b:de brd ff:ff:ff:ff:ff:ff inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet 172.16.0.200/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe29:7bde/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:19:52:37 brd ff:ff:ff:ff:ff:ff inet 192.168.10.200/24 brd 192.168.10.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe19:5237/64 scope link valid_lft forever preferred_lft forever [root@router-server ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.10.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
路由网络配置,开启路由转发
[root@router-server ~]#echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
LVS服务器 lvs-server
[root@lvs-server ~]#ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 172.16.0.100/0 scope global lo:1 valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:3e:5b:25 brd ff:ff:ff:ff:ff:ff inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe3e:5b25/64 scope link valid_lft forever preferred_lft forever [root@lvs-server ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
RS1服务器:rs1-server
[root@rs1-server ~]#ip ad 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 172.16.0.100/0 scope global lo:1 valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:3a:ac:a0 brd ff:ff:ff:ff:ff:ff inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe3a:aca0/64 scope link valid_lft forever preferred_lft forever [root@rs1-server ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
RS2服务器:rs2-server
[root@rs2-server ~]#ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 172.16.0.100/0 scope global lo:1 valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:2f:49:fb brd ff:ff:ff:ff:ff:ff inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe2f:49fb/64 scope link valid_lft forever preferred_lft forever [root@rs2-server ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
添加 lo:VIP:172.16.0.100/32命令
[root@rs2-server ~]#ifconfig lo:1 172.16.0.100/32
2、lvs DR模式配置
限制响应级别:arp_ignore 0:默认值,表示可使用本地任意接口上配置的任意地址进行响应 1:仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时,才给予响应 限制通告级别:arp_announce 0:默认值,把本机所有接口的所有信息向每个接口的网络进行通告 1:尽量避免将接口信息向非直接连接网络进行通告 2:必须避免将接口信息向非本网络进行通告 配置要点 1. Director 服务器采用双IP桥接网络,一个是VIP,一个DIP 2. Web服务器采用和DIP相同的网段和Director连接 3. 每个Web服务器配置VIP 4. 每个web服务器可以出外网
RS1的ipvs 配置
[root@rs1-server ~]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@rs1-server ~]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@rs1-server ~]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce [root@rs1-server ~]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
RS2的ipvs配置
[root@rs2-server ~]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@rs2-server ~]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce [root@rs2-server ~]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@rs2-server ~]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
LVS主机的配置
安装工具
[root@lvs-server ~]#yum -y install ipvsadm
lvs配置
[root@lvs-server ~]#ipvsadm -A -t 172.16.0.100:80 -s wrr #指定算法 wrr 加权轮询 Illegal 'real-server' option with the 'add-service' command [root@lvs-server ~]#ipvsadm -a -t 172.16.0.100:80 -r 10.0.0.7 -g -w 1 #DR模式,权重1 [root@lvs-server ~]#ipvsadm -a -t 172.16.0.100:80 -r 10.0.0.17 -g -w 1 #DR模式,权重1
客户端测试
[root@client-internet ~]#curl 172.16.0.100 10.0.0.17 [root@client-internet ~]#curl 172.16.0.100 10.0.0.7 [root@client-internet ~]#curl 172.16.0.100 10.0.0.17 [root@client-internet ~]#curl 172.16.0.100 10.0.0.7 [root@client-internet ~]#curl 172.16.0.100 10.0.0.17 [root@client-internet ~]#curl 172.16.0.100 10.0.0.7
