Linux Virtual Server
LVS-NAT模式案例
环境:
1台:internet client:192.168.10.6/24 GW:无 仅主机
1台:LVS
eth0:10.0.0.8/24
eth1:192.168.10.100/24
2台RS:
RS1:10.0.0.7/24 GW:10.0.0.8 NAT
RS2:10.0.0.17/24 GW:10.0.0.8 NAT
![image](uploading...)
![image](https://img2022.cnblogs.com/blog/2413448/202203/2413448-20220318011416099-628393881.png)
1.internet client:192.168.10.6/24配置:
# 修改ETH1网卡信息
[root@Internet-132 network-scripts]# cat ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.10.6
NETMASK=255.255.255.0
[root@Internet-132 network-scripts]# systemctl restart network //重启网卡服务
2.LVS上配置:
# 修改ETH0、ETH1网卡信息
# ETH0:
[root@NET-lvs-133 network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.8
NETMASK=255.255.255.0
ETH1:
[root@NET-lvs-133 network-scripts]# cat ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.10.100
NETMASK=255.255.255.0
[root@NET-lvs-133 network-scripts]# yum -y install ipvsadm //安装ipvsadm命令
[root@NET-lvs-133 network-scripts]# systemctl restart network //重启网卡服务
[root@NET-lvs-133 network-scripts]# ipvsadm -A -t 192.168.10.100:80 -s rr //添加tcp协议集群服务的ip 192.168.10.100:80 端口为80:指定轮询算法为rr
[root@NET-lvs-133 network-scripts]# ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.7 -m //添加集服务器的ip 在机上RS的ip 在写上LVS的工作模式为-m(nat模式)
[root@NET-lvs-133 network-scripts]# ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.17 -m
[root@NET-lvs-133 network-scripts]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.100:80 rr
-> 10.0.0.7:80 Masq 1 0 0
-> 10.0.0.17:80 Masq 1 0 0
[root@NET-lvs-133 ~]# cat /usr/lib/systemd/system/ipvsadm.service
[Unit]
Description=Initialise the Linux Virtual Server
After=syslog.target network.target
[Service]
Type=oneshot
ExecStart=/bin/bash -c "exec /sbin/ipvsadm-restore < /etc/sysconfig/ipvsadm" //文件加载的位置
ExecStop=/bin/bash -c "exec /sbin/ipvsadm-save -n > /etc/sysconfig/ipvsadm" //文件写入的位置
ExecStop=/sbin/ipvsadm -C
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
[root@NET-lvs-133 ~]# /sbin/ipvsadm-save -n > /etc/sysconfig/ipvsadm //写入文件
[root@NET-lvs-133 ~]# systemctl enable ipvsadm.service
[root@NET-lvs-133 ~]# reboot
[root@NET-lvs-133 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.100:80 wrr
-> 10.0.0.7:80 Masq 1 0 0
-> 10.0.0.17:80 Masq 5 0 0
[root@NET-lvs-133 ~]# vim /etc/sysconfig/ipvsadm //文件最终保存 会写入到这个文件中
-A -t 192.168.10.100:80 -s rr //算法默认为wlc,修改为rr模式
-a -t 192.168.10.100:80 -r 10.0.0.7:80 -m -w 1
-a -t 192.168.10.100:80 -r 10.0.0.17:80 -m -w 5
[root@NET-lvs-133 ~]# ipvsadm -Ln //验证
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.100:80 rr //已修改成rr模式
-> 10.0.0.7:80 Masq 1 0 0
-> 10.0.0.17:80 Masq 5 0 0
3.两台RS配置:
# RS1
# 修改RS1 ETH0网卡
[root@NET-Rs2-135 network-scripts]# cat ifcfg-eth0
[root@NET-Rs1-134 network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.7
NETMASK=255.255.255.0
GATEWAY=10.0.0.8
[root@NET-Rs2-135 network-scripts]# yum -y install httpd;hostname -I > /var/www/html/index.html;systemctl enable --now httpd //yum安装web服务
[root@NET-Rs2-135 ~]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1109,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1272,fd=13))
LISTEN 0 128 [::]:80 [::]:* users:(("httpd",pid=1559,fd=4))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1109,fd=4))
LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=1272,fd=14))
# 为了区分两台RS,修改了一下web的index.html文件
[root@NET-Rs1-134 network-scripts]# cat /var/www/html/index.html
rs1 10.10.2.134 192.168.2.134 172.16.2.134 //在头部加入rs1 字样 好区分
# RS2
# 修改RS2 ETH0网卡
[root@NET-Rs2-135 network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.17
NETMASK=255.255.255.0
GATEWAY=10.0.0.8
[root@NET-Rs2-135 network-scripts]# yum -y install httpd;hostname -I > /var/www/html/index.html;systemctl enable --now httpd //与上一台同样操作
[root@NET-Rs1-134 network-scripts]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1108,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1259,fd=13))
LISTEN 0 128 [::]:80 [::]:* users:(("httpd",pid=1375,fd=4),("httpd",pid=1374,fd=4),("httpd",pid=1373,fd=4),("httpd",pid=1371,fd=4),("httpd",pid=1370,fd=4),("httpd",pid=1107,fd=4))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1108,fd=4))
LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=1259,fd=14))
[root@NET-Rs2-135 network-scripts]# cat /var/www/html/index.html
rs2 10.10.2.135 192.168.2.135 172.16.2.135
4.测试:
# 在LVS服务主机中分别测试两台RS的web服务是否正常
# 测试RS1
[root@NET-lvs-133 network-scripts]# curl 10.0.0.7:80
rs1 10.10.2.134 192.168.2.134 172.16.2.134
# 测试RS2
[root@NET-lvs-133 network-scripts]# curl 10.0.0.17:80
rs2 10.10.2.135 192.168.2.135 172.16.2.135
# 需要启用ip_forward
[root@NET-lvs-133 network-scripts]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1 //添加参数
[root@NET-lvs-133 network-scripts]# sysctl -p //加载参数
net.ipv4.ip_forward = 1
# 使用internet client测试VIP 能否访问两台RS服务
[root@Internet-132 ~]# curl 192.168.10.100
rs1 10.10.2.134 192.168.2.134 172.16.2.134 //显示访问RS1
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135 //显示访问RS2
# 在LVS 主机上抓取ETH0流量包
[root@NET-lvs-133 network-scripts]# tcpdump -i eth0 -nn port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:27:43.030163 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [S], seq 1303448505, win 29200, options [mss 1460,sackOK,TS val 2632751 ecr 0,nop,wscale 7], length 0
14:27:43.030579 IP 10.0.0.7.80 > 192.168.10.6.39104: Flags [S.], seq 2237309274, ack 1303448506, win 28960, options [mss 1460,sackOK,TS val 2643199 ecr 2632751,nop,wscale 7], length 0
14:27:43.030826 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 2632752 ecr 2643199], length 0
14:27:43.030975 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [P.], seq 1:79, ack 1, win 229, options [nop,nop,TS val 2632752 ecr 2643199], length 78: HTTP: GET / HTTP/1.1
14:27:43.031121 IP 10.0.0.7.80 > 192.168.10.6.39104: Flags [.], ack 79, win 227, options [nop,nop,TS val 2643200 ecr 2632752], length 0
14:27:43.032237 IP 10.0.0.7.80 > 192.168.10.6.39104: Flags [P.], seq 1:286, ack 79, win 227, options [nop,nop,TS val 2643201 ecr 2632752], length 285: HTTP: HTTP/1.1 200 OK
14:27:43.032368 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [.], ack 286, win 237, options [nop,nop,TS val 2632753 ecr 2643201], length 0
14:27:43.032533 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [F.], seq 79, ack 286, win 237, options [nop,nop,TS val 2632753 ecr 2643201], length 0
14:27:43.032645 IP 10.0.0.7.80 > 192.168.10.6.39104: Flags [F.], seq 286, ack 80, win 227, options [nop,nop,TS val 2643201 ecr 2632753], length 0
14:27:43.032768 IP 192.168.10.6.39104 > 10.0.0.7.80: Flags [.], ack 287, win 237, options [nop,nop,TS val 2632754 ecr 2643201], length 0
# 抓取ETH1流量包
[root@NET-lvs-133 network-scripts]# tcpdump -i eth1 -nn port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
14:28:03.560256 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [S], seq 3372440983, win 29200, options [mss 1460,sackOK,TS val 2653281 ecr 0,nop,wscale 7], length 0
14:28:03.560634 IP 192.168.10.100.80 > 192.168.10.6.39106: Flags [S.], seq 932208910, ack 3372440984, win 28960, options [mss 1460,sackOK,TS val 2663679 ecr 2653281,nop,wscale 7], length 0
14:28:03.560826 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 2653282 ecr 2663679], length 0
14:28:03.560872 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [P.], seq 1:79, ack 1, win 229, options [nop,nop,TS val 2653282 ecr 2663679], length 78: HTTP: GET / HTTP/1.1
14:28:03.561003 IP 192.168.10.100.80 > 192.168.10.6.39106: Flags [.], ack 79, win 227, options [nop,nop,TS val 2663679 ecr 2653282], length 0
14:28:03.562294 IP 192.168.10.100.80 > 192.168.10.6.39106: Flags [P.], seq 1:286, ack 79, win 227, options [nop,nop,TS val 2663680 ecr 2653282], length 285: HTTP: HTTP/1.1 200 OK
14:28:03.562407 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [.], ack 286, win 237, options [nop,nop,TS val 2653283 ecr 2663680], length 0
14:28:03.562561 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [F.], seq 79, ack 286, win 237, options [nop,nop,TS val 2653283 ecr 2663680], length 0
14:28:03.562689 IP 192.168.10.100.80 > 192.168.10.6.39106: Flags [F.], seq 286, ack 80, win 227, options [nop,nop,TS val 2663681 ecr 2653283], length 0
14:28:03.562753 IP 192.168.10.6.39106 > 192.168.10.100.80: Flags [.], ack 287, win 237, options [nop,nop,TS val 2653284 ecr 2663681], length 0
5.加入权重
# 在LVS主机操作
[root@NET-lvs-133 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.100:80 rr
-> 10.0.0.7:80 Masq 1 0 0
-> 10.0.0.17:80 Masq 1 0 0
[root@NET-lvs-133 ~]# ipvsadm -E -t 192.168.10.100:80 -s wrr //将算法修改为wrr
[root@NET-lvs-133 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.100:80 wrr
-> 10.0.0.7:80 Masq 1 0 0
-> 10.0.0.17:80 Masq 1 0 0
[root@NET-lvs-133 ~]# ipvsadm -e -t 192.168.10.100:80 -r 10.0.0.17 -m -w 5 //将权重修改为5
[root@NET-lvs-133 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.100:80 wrr
-> 10.0.0.7:80 Masq 1 0 0
-> 10.0.0.17:80 Masq 5 0 0
# 使用internet client:测试VIP 访问两台RS主机,测试LVS主机权重是否生效
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135
[root@Internet-132 ~]# curl 192.168.10.100
rs1 10.10.2.134 192.168.2.134 172.16.2.134
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135
[root@Internet-132 ~]# curl 192.168.10.100
rs2 10.10.2.135 192.168.2.135 172.16.2.135
[root@Internet-132 ~]# curl 192.168.10.100
rs1 10.10.2.134 192.168.2.134 172.16.2.134