LVS-DR模型-实战

LVS-学习目录

1、DR架构规划图

2、环境准备

2.1、主机规划

主机名  网口信息
route   LAN: 192.168.87.132    WAN: 192.168.10.12
LVS     LAN:192.168.87.131    VIP:192.168.87.200
rs-01   LAN: 192.168.87.129    lo:0192.168.87.200
rs-02   LAN 192.168.87.130      lo:0192.168.87.200

2.2、Linux route服务器配置

使用linux服务器充当route的功能

2.2.1、配置WAN的IP地址

]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
...
BOOTPROTO=static
IPADDR=192.168.10.12
PREFIX=24
GATEWAY=192.168.10.2 # 出口的网关
DNS1=192.168.10.2

2.2.2、配置LAN的IP地址【rs同网段】

]# cat /etc/sysconfig/network-scripts/ifcfg-ens36
...
BOOTPROTO=static
IPADDR=192.168.87.132
PREFIX=24
GATEWAY=192.168.87.2

2.2.3、启用 FORWARD转发功能

echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
sysctl -p

2.3、Linux LVS服务器配置

2.3.1、配置LAN的IP地址

]# cat /etc/sysconfig/network-scripts/ifcfg-ens36 
...
BOOTPROTO=static
IPADDR=192.168.87.131
PREFIX=24
GATEWAY=192.168.87.132 # 网关是路由器的IP地址

2.3.2、增加vip【ens36:1】

cp /etc/sysconfig/network-scripts/ifcfg-ens36 /etc/sysconfig/network-scripts/ifcfg-ens36:1
]# vi /etc/sysconfig/network-scripts/ifcfg-ens36:1...
BOOTPROTO=static
NAME=ens36:1
DEVICE=ens36:1
ONBOOT=yes
IPADDR=192.168.87.200
PREFIX=24

2.3.3、启用 FORWARD转发功能

echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
sysctl -p

2.4、rs-01、rs-02服务器配置

2.4.1、rs-01 IP地址配置

rs-01~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 
...
BOOTPROTO=static
IPADDR=192.168.87.129
NETMASK=255.255.255.0
GATEWAY=192.168.87.132 # 指向路由器IP地址

2.4.2、rs-02 IP地址配置

rs-02 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 
...
BOOTPROTO=static
IPADDR=192.168.87.130
PREFIX=24
GATEWAY=192.168.87.132

2.4.3、rs-01、rs-02配置【ifcfg-lo:0】

cat >/etc/sysconfig/network-scripts/ifcfg-lo:0<<'EOF'
DEVICE=lo:0
IPADDR=192.168.87.200
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback
EOF
systemctl restart network

2.4.4、禁止本机的ARP请求【rs-01、rs-02配置】

# 配置 arp ,不对外宣告本机 VIP 地址,也不响应其他节点发起 ARP 请求 本机的VIP
# 【临时设置,重启将会失效】
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce


# 【重启后也生效的配置方法】
cat >> /etc/sysctl.conf << 'EOF'
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
EOF
sysctl -p

2.5、rs-01、rs-02都安装上httpd服务

2.5.1、安装httpd

yum install httpd -y

2.5.2、写入访问的首页

rs-01 ~]# echo "rs-01" >/var/www/html/index.html
rs-02 ~]# echo "rs-02" >/var/www/html/index.html

2.5.3、启动httpd服务

systemctl start httpd

2.5.4、测试访问

]# curl 192.168.87.129
rs-01

]# curl 192.168.87.130 rs-02

3、DR模型的配置

3.1、创建集群

ipvsadm -C
ipvsadm -A -t 192.168.87.200:80 -s rr

# 192.168.87.200:80 指的是VIP

3.2、增加rs-01、rs-02到集群并且设置为DR模型

ipvsadm -a -t 192.168.87.200:80 -r 192.168.87.129:80 -g
ipvsadm -a -t 192.168.87.200:80 -r 192.168.87.130:80 -g

3.3、查看集群状态信息

]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.87.200:80 rr
  -> 192.168.87.129:80            Route   1      0          0         
  -> 192.168.87.130:80            Route   1      0          0 

4、Client测试访问【配置网关地址的方式】

4.1、修改网关IP为路由器IP地址

]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 
.. IPADDR=192.168.10.4 PREFIX=24 GATEWAY=192.168.10.12 DNS1=192.168.10.2
systemctl restart network

4.2、访问vip地址

~]# curl 192.168.87.200:80
rs-02

~]# curl 192.168.87.200:80
rs-01

5、Client测试访问【直接访问路由IP地址方式】

5.1、Client网关删除掉

5.1.1、删除GATEWAY

]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 
BOOTPROTO=static
IPADDR=192.168.10.4
PREFIX=24
DNS1=192.168.10.2

# 已经没有GATEWAY字段

5.1.2、重启网口访问测试

systemctl restart network

]# curl 192.168.87.200:80
curl: (7) Failed to connect to 192.168.87.200: Network is unreachable

5.2、路由器服务上配置SNAT、DNAT

5.2.1、配置DNAT【入站】

# 访问路由器地址192.168.10.12 转发给VIP 192.168.87.200
iptables -t nat -A PREROUTING -d 192.168.10.12 -j DNAT --to 192.168.87.200

# 路由器地址端口80 转发给 VIP的端口80 iptables -t nat -A PREROUTING -d 192.168.10.12 -ptcp --dport 80 -j DNAT --to 192.168.87.200:80

5.2.2、配置SNAT【出站】

# 出站,将网段为192.168.10.0 转发给 路由器192.168.10.12 出去
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to 192.168.10.12

5.3、访问路由器IP地址测试

~]# curl 192.168.10.12
rs-01

~]# curl 192.168.10.12
rs-02

6、持久化ipvsadm配置规则

6.1、保存配置规则

ipvsadm-save > /etc/sysconfig/ipvsadm

6.2、systemctl加载或删除规则

systemctl start ipvsadm
systemctl stop ipvsadm
posted @ 2023-05-05 10:09  小粉优化大师  阅读(18)  评论(0编辑  收藏  举报