关注我的个人博客:www.yaoxinlei.com

姚鑫磊的博客园

翻过一座山,山后一片海。

LVS实战案例:NAT模式案例

Linux Virtual Server

LVS-NAT模式案例

环境:

  • 共4台主机
1台:internet client:192.168.10.6/24 GW:无  仅主机
1台:LVS
eth0:10.0.0.8/24
eth1:192.168.10.100/24
2台RS:
RS1:10.0.0.7/24	GW:10.0.0.8	NAT
RS2:10.0.0.17/24	GW:10.0.0.8	NAT
![image](uploading...)

image

1.internet client:192.168.10.6/24配置:

# 修改ETH1网卡信息
[root@Internet-132 network-scripts]# cat ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.10.6
NETMASK=255.255.255.0

[root@Internet-132 network-scripts]# systemctl restart network   //重启网卡服务

2.LVS上配置:

# 修改ETH0、ETH1网卡信息
# ETH0:
[root@NET-lvs-133 network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.8
NETMASK=255.255.255.0

ETH1:
[root@NET-lvs-133 network-scripts]# cat ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.10.100
NETMASK=255.255.255.0

[root@NET-lvs-133 network-scripts]# yum -y install ipvsadm  //安装ipvsadm命令

[root@NET-lvs-133 network-scripts]# systemctl restart network   //重启网卡服务

[root@NET-lvs-133 network-scripts]# ipvsadm -A -t 192.168.10.100:80 -s rr   //添加tcp协议集群服务的ip 192.168.10.100:80  端口为80:指定轮询算法为rr

[root@NET-lvs-133 network-scripts]# ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.7 -m   //添加集服务器的ip 在机上RS的ip  在写上LVS的工作模式为-m(nat模式)

[root@NET-lvs-133 network-scripts]# ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.17 -m

[root@NET-lvs-133 network-scripts]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.100:80 rr
  -> 10.0.0.7:80                  Masq    1      0          0         
  -> 10.0.0.17:80                 Masq    1      0          0         

[root@NET-lvs-133 ~]# cat /usr/lib/systemd/system/ipvsadm.service
[Unit]
Description=Initialise the Linux Virtual Server
After=syslog.target network.target

[Service]
Type=oneshot
ExecStart=/bin/bash -c "exec /sbin/ipvsadm-restore < /etc/sysconfig/ipvsadm"  //文件加载的位置
ExecStop=/bin/bash -c "exec /sbin/ipvsadm-save -n > /etc/sysconfig/ipvsadm"  //文件写入的位置
ExecStop=/sbin/ipvsadm -C
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

[root@NET-lvs-133 ~]# /sbin/ipvsadm-save -n > /etc/sysconfig/ipvsadm   //写入文件 
[root@NET-lvs-133 ~]# systemctl enable ipvsadm.service 
[root@NET-lvs-133 ~]# reboot 
[root@NET-lvs-133 ~]# ipvsadm -Ln   
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.100:80 wrr
  -> 10.0.0.7:80                  Masq    1      0          0         
  -> 10.0.0.17:80                 Masq    5      0          0         

[root@NET-lvs-133 ~]# vim /etc/sysconfig/ipvsadm  //文件最终保存  会写入到这个文件中
-A -t 192.168.10.100:80 -s rr   //算法默认为wlc,修改为rr模式
-a -t 192.168.10.100:80 -r 10.0.0.7:80 -m -w 1
-a -t 192.168.10.100:80 -r 10.0.0.17:80 -m -w 5

[root@NET-lvs-133 ~]# ipvsadm -Ln   //验证
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.100:80 rr  //已修改成rr模式
  -> 10.0.0.7:80                  Masq    1      0          0         
  -> 10.0.0.17:80                 Masq    5      0          0

3.两台RS配置:

# RS1
# 修改RS1 ETH0网卡
[root@NET-Rs2-135 network-scripts]# cat ifcfg-eth0
[root@NET-Rs1-134 network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.7
NETMASK=255.255.255.0
GATEWAY=10.0.0.8

[root@NET-Rs2-135 network-scripts]# yum -y install httpd;hostname -I > /var/www/html/index.html;systemctl enable --now httpd   //yum安装web服务

[root@NET-Rs2-135 ~]# ss -lntp
State      Recv-Q Send-Q                                                 Local Address:Port                                                                Peer Address:Port              
LISTEN     0      128                                                                *:22                                                                             *:*                   users:(("sshd",pid=1109,fd=3))
LISTEN     0      100                                                        127.0.0.1:25                                                                             *:*                   users:(("master",pid=1272,fd=13))
LISTEN     0      128                                                             [::]:80                                                                          [::]:*                   users:(("httpd",pid=1559,fd=4))
LISTEN     0      128                                                             [::]:22                                                                          [::]:*                   users:(("sshd",pid=1109,fd=4))
LISTEN     0      100                                                            [::1]:25                                                                          [::]:*                   users:(("master",pid=1272,fd=14))

# 为了区分两台RS,修改了一下web的index.html文件
[root@NET-Rs1-134 network-scripts]# cat /var/www/html/index.html 
rs1 10.10.2.134 192.168.2.134 172.16.2.134     //在头部加入rs1 字样 好区分


# RS2
# 修改RS2 ETH0网卡
[root@NET-Rs2-135 network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.17
NETMASK=255.255.255.0
GATEWAY=10.0.0.8

[root@NET-Rs2-135 network-scripts]# yum -y install httpd;hostname -I > /var/www/html/index.html;systemctl enable --now httpd  //与上一台同样操作

[root@NET-Rs1-134 network-scripts]# ss -lntp
State      Recv-Q Send-Q                                                 Local Address:Port                                                                Peer Address:Port              
LISTEN     0      128                                                                *:22                                                                             *:*                   users:(("sshd",pid=1108,fd=3))
LISTEN     0      100                                                        127.0.0.1:25                                                                             *:*                   users:(("master",pid=1259,fd=13))
LISTEN     0      128                                                             [::]:80                                                                          [::]:*                   users:(("httpd",pid=1375,fd=4),("httpd",pid=1374,fd=4),("httpd",pid=1373,fd=4),("httpd",pid=1371,fd=4),("httpd",pid=1370,fd=4),("httpd",pid=1107,fd=4))
LISTEN     0      128                                                             [::]:22                                                                          [::]:*                   users:(("sshd",pid=1108,fd=4))
LISTEN     0      100                                                            [::1]:25                                                                          [::]:*                   users:(("master",pid=1259,fd=14))

[root@NET-Rs2-135 network-scripts]#  cat /var/www/html/index.html 
rs2 10.10.2.135 192.168.2.135 172.16.2.135

4.测试:

# 在LVS服务主机中分别测试两台RS的web服务是否正常
# 测试RS1
[root@NET-lvs-133 network-scripts]# curl 10.0.0.7:80
rs1 10.10.2.134 192.168.2.134 172.16.2.134 

# 测试RS2
[root@NET-lvs-133 network-scripts]# curl 10.0.0.17:80
rs2 10.10.2.135 192.168.2.135 172.16.2.135 

# 需要启用ip_forward  
[root@NET-lvs-133 network-scripts]# cat /etc/sysctl.conf 
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1   //添加参数

[root@NET-lvs-133 network-scripts]# sysctl -p   //加载参数
net.ipv4.ip_forward = 1

# 使用internet client测试VIP   能否访问两台RS服务
[root@Internet-132 ~]# curl 192.168.10.100   
rs1 10.10.2.134 192.168.2.134 172.16.2.134   //显示访问RS1
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135   //显示访问RS2

# 在LVS 主机上抓取ETH0流量包
[root@NET-lvs-133 network-scripts]# tcpdump -i eth0 -nn port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:27:43.030163 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [S], seq 1303448505, win 29200, options [mss 1460,sackOK,TS val 2632751 ecr 0,nop,wscale 7], length 0
14:27:43.030579 IP 10.0.0.7.80 > 192.168.10.6.39104: Flags [S.], seq 2237309274, ack 1303448506, win 28960, options [mss 1460,sackOK,TS val 2643199 ecr 2632751,nop,wscale 7], length 0
14:27:43.030826 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 2632752 ecr 2643199], length 0
14:27:43.030975 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [P.], seq 1:79, ack 1, win 229, options [nop,nop,TS val 2632752 ecr 2643199], length 78: HTTP: GET / HTTP/1.1
14:27:43.031121 IP 10.0.0.7.80 > 192.168.10.6.39104: Flags [.], ack 79, win 227, options [nop,nop,TS val 2643200 ecr 2632752], length 0
14:27:43.032237 IP 10.0.0.7.80 > 192.168.10.6.39104: Flags [P.], seq 1:286, ack 79, win 227, options [nop,nop,TS val 2643201 ecr 2632752], length 285: HTTP: HTTP/1.1 200 OK
14:27:43.032368 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [.], ack 286, win 237, options [nop,nop,TS val 2632753 ecr 2643201], length 0
14:27:43.032533 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [F.], seq 79, ack 286, win 237, options [nop,nop,TS val 2632753 ecr 2643201], length 0
14:27:43.032645 IP 10.0.0.7.80 > 192.168.10.6.39104: Flags [F.], seq 286, ack 80, win 227, options [nop,nop,TS val 2643201 ecr 2632753], length 0
14:27:43.032768 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [.], ack 287, win 237, options [nop,nop,TS val 2632754 ecr 2643201], length 0

# 抓取ETH1流量包
[root@NET-lvs-133 network-scripts]# tcpdump -i eth1 -nn port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
14:28:03.560256 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [S], seq 3372440983, win 29200, options [mss 1460,sackOK,TS val 2653281 ecr 0,nop,wscale 7], length 0
14:28:03.560634 IP 192.168.10.100.80 > 192.168.10.6.39106: Flags [S.], seq 932208910, ack 3372440984, win 28960, options [mss 1460,sackOK,TS val 2663679 ecr 2653281,nop,wscale 7], length 0
14:28:03.560826 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 2653282 ecr 2663679], length 0
14:28:03.560872 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [P.], seq 1:79, ack 1, win 229, options [nop,nop,TS val 2653282 ecr 2663679], length 78: HTTP: GET / HTTP/1.1
14:28:03.561003 IP 192.168.10.100.80 > 192.168.10.6.39106: Flags [.], ack 79, win 227, options [nop,nop,TS val 2663679 ecr 2653282], length 0
14:28:03.562294 IP 192.168.10.100.80 > 192.168.10.6.39106: Flags [P.], seq 1:286, ack 79, win 227, options [nop,nop,TS val 2663680 ecr 2653282], length 285: HTTP: HTTP/1.1 200 OK
14:28:03.562407 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [.], ack 286, win 237, options [nop,nop,TS val 2653283 ecr 2663680], length 0
14:28:03.562561 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [F.], seq 79, ack 286, win 237, options [nop,nop,TS val 2653283 ecr 2663680], length 0
14:28:03.562689 IP 192.168.10.100.80 > 192.168.10.6.39106: Flags [F.], seq 286, ack 80, win 227, options [nop,nop,TS val 2663681 ecr 2653283], length 0
14:28:03.562753 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [.], ack 287, win 237, options [nop,nop,TS val 2653284 ecr 2663681], length 0

5.加入权重

# 在LVS主机操作
[root@NET-lvs-133 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.100:80 rr
  -> 10.0.0.7:80                  Masq    1      0          0         
  -> 10.0.0.17:80                 Masq    1      0          0         

[root@NET-lvs-133 ~]# ipvsadm -E -t 192.168.10.100:80 -s wrr   //将算法修改为wrr

[root@NET-lvs-133 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.100:80 wrr
  -> 10.0.0.7:80                  Masq    1      0          0         
  -> 10.0.0.17:80                 Masq    1      0          0         

[root@NET-lvs-133 ~]# ipvsadm -e -t 192.168.10.100:80 -r 10.0.0.17 -m -w 5   //将权重修改为5

[root@NET-lvs-133 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.100:80 wrr
  -> 10.0.0.7:80                  Masq    1      0          0         
  -> 10.0.0.17:80                 Masq    5      0          0         

# 使用internet client:测试VIP  访问两台RS主机,测试LVS主机权重是否生效
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135 
[root@Internet-132 ~]# curl 192.168.10.100
rs1 10.10.2.134 192.168.2.134 172.16.2.134    
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135 
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135 
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135 
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135 
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135 
[root@Internet-132 ~]# curl 192.168.10.100
rs1 10.10.2.134 192.168.2.134 172.16.2.134
posted @   姚鑫磊  阅读(82)  评论(0编辑  收藏  举报
(评论功能已被禁用)
相关博文:
·  LVS实战案例:DR模式案例
·  Linux网卡绑定之bond模式
·  LVS的NAT、DR模型实现
·  LVS NAT模式实战案例
·  LVS之NAT、DR、TUNNEL实验
阅读排行:
· winform 绘制太阳,地球,月球 运作规律
· 超详细:普通电脑也行Windows部署deepseek R1训练数据并当服务器共享给他人
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· AI 智能体引爆开源社区「GitHub 热点速览」
· 写一个简单的SQL生成工具
区顶部
点击右上角即可分享
微信分享提示