LVS-DR:实现VIP和RIP不在同一个网络中的集群
目录
LVS-DR:实现VIP和RIP不在同一个网络中集群
环境说明:
client和router的eth1在一个内网中,clinet的网关指向172.25.16.100
DR,RS-1,RS-2三台服务器分别配置了对应的本地静态地址DIP和RIP,且在一个内网中。网关都指向router上的eth0
这里使用了三个公网IP:客户端IP,VIP和eth0.1的IP,eth0上的公网IP可以省略,但是要添加一条主机路由:route add -host VIP dev eth0
1. router上配置ip转发,并测试
[root@router ~]# sysctl -p
net.ipv4.ip_forward = 1
#测试client和rs1,rs2能否互通
[root@client ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ba:e5:07 brd ff:ff:ff:ff:ff:ff
inet 172.25.16.10/16 brd 172.25.255.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::b181:319:54a:2d3c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@client ~]# ping 192.168.32.135
PING 192.168.32.135 (192.168.32.135) 56(84) bytes of data.
64 bytes from 192.168.32.135: icmp_seq=1 ttl=63 time=0.613 ms
64 bytes from 192.168.32.135: icmp_seq=2 ttl=63 time=0.632 ms
64 bytes from 192.168.32.135: icmp_seq=3 ttl=63 time=0.669 ms
^C
--- 192.168.32.135 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.613/0.638/0.669/0.023 ms
[root@client ~]# ping 192.168.32.140
PING 192.168.32.140 (192.168.32.140) 56(84) bytes of data.
64 bytes from 192.168.32.140: icmp_seq=1 ttl=63 time=0.615 ms
64 bytes from 192.168.32.140: icmp_seq=2 ttl=63 time=0.565 ms
64 bytes from 192.168.32.140: icmp_seq=3 ttl=63 time=0.442 ms
^C
--- 192.168.32.140 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.442/0.540/0.615/0.077 ms
#ttl值为63,确实经过了一个路由
[root@rs-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:26:1e:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.32.135/24 brd 192.168.32.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe26:1efc/64 scope link
valid_lft forever preferred_lft forever
[root@rs-1 ~]# ping 172.25.16.10
PING 172.25.16.10 (172.25.16.10) 56(84) bytes of data.
64 bytes from 172.25.16.10: icmp_seq=1 ttl=63 time=0.484 ms
64 bytes from 172.25.16.10: icmp_seq=2 ttl=63 time=0.534 ms
^C
--- 172.25.16.10 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.484/0.509/0.534/0.025 ms
[root@rs-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:89:35:d0 brd ff:ff:ff:ff:ff:ff
inet 192.168.32.140/24 brd 192.168.32.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::3fac:e9cd:2f45:12ec/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rs-2 ~]# ping 172.25.16.10
PING 172.25.16.10 (172.25.16.10) 56(84) bytes of data.
64 bytes from 172.25.16.10: icmp_seq=1 ttl=63 time=0.401 ms
64 bytes from 172.25.16.10: icmp_seq=2 ttl=63 time=0.354 ms
64 bytes from 172.25.16.10: icmp_seq=3 ttl=63 time=0.683 ms
64 bytes from 172.25.16.10: icmp_seq=4 ttl=63 time=0.499 ms
^C
--- 172.25.16.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.354/0.484/0.683/0.127 ms
2. DR上配置VIP和转发规则
#配置VIP,也可以配在环回口上
[root@dr ~]# ip addr add 192.168.64.100/32 dev ens33
[root@dr ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:d7:d9:41 brd ff:ff:ff:ff:ff:ff
inet 192.168.32.130/24 brd 192.168.32.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.64.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fed7:d941/64 scope link
valid_lft forever preferred_lft forever
[root@dr ~]# route add -host 192.168.64.100/32 dev ens33
[root@dr ~]# yum -y install ipvsadm
#dr模式不支持端口映射,所以直接写IP
[root@dr ~]# ipvsadm -A -t 192.168.64.100:80 -s rr
[root@dr ~]# ipvsadm -a -t 192.168.64.100:80 -r 192.168.32.135 -g
[root@dr ~]# ipvsadm -a -t 192.168.64.100:80 -r 192.168.32.140 -g
[root@dr ~]# ipvsadm -Sn
-A -t 192.168.64.100:80 -s rr
-a -t 192.168.64.100:80 -r 192.168.32.135:80 -g -w 1
-a -t 192.168.64.100:80 -r 192.168.32.140:80 -g -w 1
3. RS上配置arp内核参数和VIP
[root@rs-1 ~]# vim /etc/sysctl.conf
[root@rs-1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@rs-2 ~]# vim /etc/sysctl.conf
[root@rs-2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@rs-1 ~]# ip addr add 192.168.64.100/32 dev lo
[root@rs-1 ~]# route add -host 192.168.64.100/32 dev lo
[root@rs-2 ~]# ip addr add 192.168.64.100/32 dev lo
[root@rs-2 ~]# route add -host 192.168.64.100/32 dev lo
4. 配置HTTP访问
[root@RS-1 ~]# yum -y install httpd
[root@RS-1 ~]# echo 'this is RS-1' > /var/www/html/index.html
[root@RS-1 ~]# systemctl start httpd
[root@rs-1 ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@RS-2 ~]# yum -y install httpd
[root@rs-2 ~]# echo 'this is RS-2' > /var/www/html/index.html
[root@RS-2 ~]# systemctl start httpd
[root@rs-2 ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
5. 客户端访问测试
[root@client ~]# for i in $(seq 10);do curl 192.168.64.100:80;done
this is RS-1
this is RS-2
this is RS-1
this is RS-2
this is RS-1
this is RS-2
this is RS-1
this is RS-2
this is RS-1
this is RS-2
