LVS的NAT、DR模型实现

标签：10.0 LVS DR 192.168 TCP NAT 80 root eth0
1、LVS-NAT模式实现
环境：

共四台主机
一台： internet client：192.168.10.6/24   GW:无 仅主机

一台：lvs  
eth1 仅主机 192.168.10.100/16
eth0 NAT 10.0.0.8/24

两台RS：
RS1: 10.0.0.7/24 GW：10.0.0.8 NAT
RS2: 10.0.0.17/24 GW：10.0.0.8 NAT

#client网卡配置：
[root@internet ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.10.6
PREFIX=24
ONBOOT=yes

#lvs网卡配置：
[root@lvs network-scripts]#cat ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.8
PREFIX=24
ONBOOT=yes

[root@lvs network-scripts]#cat ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=192.168.10.100
PREFIX=24
ONBOOT=yes

#后端RS1网卡配置：
[root@rs1 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.7
PREFIX=24
GATEWAY=10.0.0.8
ONBOOT=yes

#后端RS2网卡配置
[root@rs2 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.8
ONBOOT=yes

#配置RS1的网站，实际生产环境应该配置RS1和RS2网页一样，这里实验方便观察所以配置不一样。
[root@rs1 ~]#curl 10.0.0.7
10.0.0.7 RS1

#配置RS2的网站
[root@rs2 ~]#curl 10.0.0.17
10.0.0.17 RS2

#修改内核参数，开启流量转发
[root@lvs-server ~]#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1

#使生效
[root@lvs-server ~]#sysctl -p
net.ipv4.ip_forward = 1

#配置LVS集群及添加RS服务器
[root@lvs-server ~]#ipvsadm -A -t 192.168.10.100:80 -s wrr 
[root@lvs-server ~]#ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.7:80 -m
[root@lvs-server ~]#ipvsadm -a -t 192.168.10.100:80 -r 10.0.0.17:80 -m

#查看lvs规则
[root@lvs-server ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.100:80 wrr
  -> 10.0.0.7:80                 Masq    1      1          0         
  -> 10.0.0.17:80                 Masq    1      0          0   
[root@internet ~]#while :;do curl 192.168.10.100;sleep 0.5;done
rs1.magedu.org
rs2.magedu.org
rs1.magedu.org
rs2.magedu.org
rs1.magedu.org
rs2.magedu.org
[root@lvs-server ~]#ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts OutPkts InBytes OutBytes
  -> RemoteAddress:Port
TCP  192.168.10.100:80                  67      405      255    32436    30092
  -> 10.0.0.7:80                        34      203      128    16244    15072
  -> 10.0.0.17:80                       33      202      127    16192    15020
[root@lvs-server ~]#cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port Forward Weight ActiveConn InActConn
 TCP C0A80A64:0050 wrr  
  -> 0A000011:0050     Masq    1      0          98        
  -> 0A000007:0050     Masq    1      0          97  
  
[root@lvs-server ~]#ipvsadm -Lnc
IPVS connection entries
pro expire state       source             virtual           destination
TCP 01:55 TIME_WAIT   192.168.10.6:43486 192.168.10.100:80  10.0.0.17:80
TCP 00:19 TIME_WAIT   192.168.10.6:43476 192.168.10.100:80  10.0.0.7:80
TCP 01:58 TIME_WAIT   192.168.10.6:43500 192.168.10.100:80  10.0.0.7:80
TCP 01:58 TIME_WAIT   192.168.10.6:43498 192.168.10.100:80  10.0.0.17:80
TCP 01:59 TIME_WAIT   192.168.10.6:43502 192.168.10.100:80  10.0.0.17:80
TCP 01:57 TIME_WAIT   192.168.10.6:43494 192.168.10.100:80  10.0.0.17:80
TCP 01:57 TIME_WAIT   192.168.10.6:43496 192.168.10.100:80  10.0.0.7:80
TCP 01:56 TIME_WAIT   192.168.10.6:43490 192.168.10.100:80  10.0.0.17:80
TCP 00:20 TIME_WAIT   192.168.10.6:43480 192.168.10.100:80  10.0.0.7:80
TCP 01:56 TIME_WAIT   192.168.10.6:43492 192.168.10.100:80  10.0.0.7:80
TCP 01:55 TIME_WAIT   192.168.10.6:43488 192.168.10.100:80  10.0.0.7:80
TCP 00:20 TIME_WAIT   192.168.10.6:43478 192.168.10.100:80  10.0.0.17:80
TCP 01:59 TIME_WAIT   192.168.10.6:43504 192.168.10.100:80  10.0.0.7:80
TCP 01:54 TIME_WAIT   192.168.10.6:43484 192.168.10.100:80  10.0.0.7:80
TCP 01:54 TIME_WAIT   192.168.10.6:43482 192.168.10.100:80  10.0.0.17:80

[root@lvs-server ~]#cat /proc/net/ip_vs_conn
Pro FromIP   FPrt ToIP     TPrt DestIP   DPrt State       Expires PEName PEData
TCP C0A80A06 A9DE C0A80A64 0050 0A000011 0050 TIME_WAIT        72
TCP C0A80A06 A9EC C0A80A64 0050 0A000007 0050 TIME_WAIT        76
TCP C0A80A06 AA64 C0A80A64 0050 0A000007 0050 TIME_WAIT       106
TCP C0A80A06 AA0C C0A80A64 0050 0A000007 0050 TIME_WAIT        84
TCP C0A80A06 AA3A C0A80A64 0050 0A000011 0050 TIME_WAIT        95
TCP C0A80A06 AA86 C0A80A64 0050 0A000011 0050 TIME_WAIT       115
TCP C0A80A06 AA78 C0A80A64 0050 0A000007 0050 TIME_WAIT       111
TCP C0A80A06 AA06 C0A80A64 0050 0A000011 0050 TIME_WAIT        82
TCP C0A80A06 AA44 C0A80A64 0050 0A000007 0050 TIME_WAIT        98
TCP C0A80A06 AA2C C0A80A64 0050 0A000007 0050 TIME_WAIT        92

#保存规则
[root@lvs-server ~]#ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@lvs-server ~]#systemctl enable --now ipvsadm.service 


2、LVS的跨网络DR实现
#环境准备：
5台主机
客户端client       vmnet1仅主机网络 eth0：192.169.33.160/24 GW：192.168.33.200
路由器router        vmnet1仅主机网络 eth1：192.169.33.200/24
			     vmnet8 NAT网络 eth0: 10.0.0.200/24  eth0:1: 192.168.0.200/24
负载调度器LVS      vip：lo 192.168.0.100/32  
			     DIP：eth0 NAT 10.0.0.150/24 GW:10.0.0.200
后端web服务器RS1   vip：lo 192.168.0.100/32  
			     DIP：eth0 NAT 10.0.0.160/24 GW:10.0.0.200
后端web服务器RS2   vip：lo 192.168.0.100/32  
			     DIP：eth0 NAT 10.0.0.170/24 GW:10.0.0.200
			     
#client：
[root@client ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.33.160
PREFIX=24
GATEWAY=192.168.33.200

[root@client ~]# systemctl restart network

#router:
[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.200
PREFIX=24

[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.33.200
PREFIX=24

[root@router ~]# systemctl restart network
#添加临时eth0网卡子接口eth0:1配置ip地址。
[root@router ~]# ip a add 192.168.0.200/24 dev eth0
#测试仅主机网络，和客户端正常通信
[root@router ~]# ping 192.168.33.160
PING 192.168.33.160 (192.168.33.160) 56(84) bytes of data.
64 bytes from 192.168.33.160: icmp_seq=1 ttl=64 time=0.490 ms
64 bytes from 192.168.33.160: icmp_seq=2 ttl=64 time=0.859 ms

#配置开启路由转发功能
[root@router ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@router ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@router ~]# cat /proc/sys/net/ipv4/ip_forward
1

#LVS：
#网络配置
[root@lvs ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
IPADDR=10.0.0.150
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@lvs ~]#nmcli c reload
[root@lvs ~]#nmcli c up eth0
[root@lvs ~]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@lvs ~]#ping 192.168.33.160
PING 192.168.33.160 (192.168.33.160) 56(84) bytes of data.
64 bytes from 192.168.33.160: icmp_seq=1 ttl=63 time=0.919 ms
64 bytes from 192.168.33.160: icmp_seq=2 ttl=63 time=4.51 ms

#配置vip
[root@lvs ~]#ifconfig  lo:1 192.168.0.100 netmask 255.255.255.255



#RS1：
#网络配置
[root@RS1 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
IPADDR=10.0.0.160
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@RS1 ~]#nmcli c reload
[root@RS1 ~]#nmcli c up eth0
[root@RS1 ~]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0

#web服务配置
[root@RS1 ~]#yum install -y httpd
[root@RS1 ~]#echo 10.0.0.160 >> /var/www/html/index.html
[root@RS1 ~]#systemctl restart httpd
[root@RS1 ~]#curl localhost
10.0.0.160

#IPVS配置
[root@RS1 ~]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS1 ~]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@RS1 ~]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS1 ~]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#配置vip
[root@RS1 ~]#ifconfig  lo:1 192.168.0.100 netmask 255.255.255.255


#RS2：
#网络配置
[root@RS2 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
IPADDR=10.0.0.170
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@RS2 ~]#nmcli c reload
[root@RS2 ~]#nmcli c up eth0

#web服务配置
[root@RS2 ~]#yum install -y httpd
[root@RS2 ~]#echo 10.0.0.170 >> /var/www/html/index.html
[root@RS2 ~]#systemctl restart httpd
[root@RS2 ~]#curl localhost
10.0.0.170

#IPVS配置
[root@RS2 ~]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS2 ~]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@RS2 ~]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS2 ~]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#配置vip
[root@RS2 ~]#ifconfig  lo:1 192.168.0.100 netmask 255.255.255.255

#LVS集群配置：
[root@lvs ~]#yum install -y ipvsadm-1.31-1.el8.x86_64.rpm
[root@lvs ~]#ipvsadm  -A -t 192.168.0.100:80 -s wrr
[root@lvs ~]#ipvsadm  -a -t 192.168.0.100:80 -r 10.0.0.160 -g -w 1
[root@lvs ~]#ipvsadm  -a -t 192.168.0.100:80 -r 10.0.0.170 -g -w 1

#测试client：
[root@client ~]# curl 192.168.0.100
10.0.0.170
[root@client ~]# curl 192.168.0.100
10.0.0.160
[root@client ~]# curl 192.168.0.100
10.0.0.170
[root@client ~]# curl 192.168.0.100
10.0.0.160
标签：10.0,LVS,DR,192.168,TCP,NAT,80,root,eth0
From： https://www.cnblogs.com/tanll/p/17748179.html
相关文章

赞助商

阅读排行
