LVS-DR模式不同网段实现
说明:DIP与RIP和VIP不同网段
拓扑:
环境说明:
1、client网关指向Router,跨网段访问lvs-VIP,需要指定正确网关和路由,如果client和Route之间还有其他路由或防火墙设备,网关设置直连路由IP
2、虚拟机模拟路由器,Router需要开启路由转发ip_forward
3、实验环境模拟路由器直连client和lvs架构,Router可以不配置网关,虚拟路由器需配置不同于DIP、RIP网段的"IP2:1"(见图),并需要有到VIP网段的路由,且路由出口为IP2所在网卡,如果绑定再lo网卡,路由出不去
4、lvs必须有网关:10.0.0.x;如果不配置网关,不接收 “源CIP--目VIP”的数据包,因为数据包到达时,发现CIP和自己不在同网段,假设自己返回响应则需要通过网关发出数据包,但是没有网关,响应返回不了,干脆不接受
5、lvs,rs,都需要配置VIP,VIP一般配置在lo上,VIP在lo上子网掩码一般是32位,如果在ensX端口,32位可以,24位也可以,会自动生成路由,但是lo上24位掩码不会自动生成路由,影响访问
6、避免arp广播VIP冲突,关闭rs内核参数,忽略arp广播对VIP的查询,忽略自己对自己VIP的arp广播宣告,
7、RS的GW可以是IP2,也可以是“IP2:1”(见图)
8、由于lvs调度请求时,源目IP不变"CIP-VIP",没有新的IP封装,调度给后端RIP时,依赖MAC地址转发,所以lvs调度器和RS需要在一个物理网络
9、lvs-DR模式,请求经过lvs,响应不经过lvs,RS的网关不指向lvs,而是“出口路由”
10、tcp握手有5次
各主机路由情况:
[root@client ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.43.122 0.0.0.0 UG 100 0 0 ens33 192.168.43.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@router ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 102 0 0 ens33 172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33 192.168.43.0 0.0.0.0 255.255.255.0 U 101 0 0 ens37 [root@lvs ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.122 0.0.0.0 UG 100 0 0 ens33 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@rs1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.122 0.0.0.0 UG 100 0 0 ens33 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@rs2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.122 0.0.0.0 UG 100 0 0 ens33 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
示例:基于轮询算法、DR模式配置验证
【注意】示例中添加VIP的方法是临时添加,永久添加需要写入配置文件,或者使用nmcli命令添加VIP
1、client配置:
[root@client ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:25:c5:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.43.121/24 brd 192.168.43.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 2408:840c:d63f:6afb:250:56ff:fe25:c56f/64 scope global mngtmpaddr dynamic
valid_lft 3292sec preferred_lft 3292sec
inet6 fe80::250:56ff:fe25:c56f/64 scope link
valid_lft forever preferred_lft forever
2、Router配置:
[root@router ~]# grep -i ip_forward /etc/sysctl.conf
net.ipv4.ip_forward=1
[root@router ~]#ip a a 172.16.0.200/24 dev ens33
[root@router ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:29:49:d5 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.122/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 172.16.0.200/24 scope global ens33
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:dd:76:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.43.122/24 brd 192.168.43.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 2408:840c:d63f:6afb:20c:29ff:fedd:765c/64 scope global mngtmpaddr dynamic
valid_lft 3248sec preferred_lft 3248sec
inet6 fe80::20c:29ff:fedd:765c/64 scope link
valid_lft forever preferred_lft forever
3、lvs配置:
[root@lvs ~]# ip a a 172.16.0.100/32 dev lo:1
[root@lvs ~]# ipvsadm -A -t 172.16.0.100:80 -s rr
[root@lvs ~]# ipvsadm -a -t 172.16.0.100:80 -r 10.0.0.123 -g
[root@lvs ~]# ipvsadm -a -t 172.16.0.100:80 -r 10.0.0.124 -g
[root@lvs ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.100:80 rr
-> 10.0.0.123:80 Route 1 0 0
-> 10.0.0.124:80 Route 1 0 0
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:31:8a:01 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.125/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
4、RS配置:
[root@rs1 ~]# ip a a 172.16.0.100/32 dev lo:1
[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:24:31:9e brd ff:ff:ff:ff:ff:ff
inet 10.0.0.123/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs1 ~]# systemctl start httpd
[root@rs2 ~]# ip a a 172.16.0.100/32 dev lo:1
[root@rs2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:3e:3c:3e brd ff:ff:ff:ff:ff:ff
inet 10.0.0.124/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs2 ~]# systemctl start httpd
5、验证:
[root@client ~]# curl 172.16.0.100 httpd on RS1
MAC地址:
C-MAC: 00:50:56:29:49:d5
R-IP1-MAC: 00:0c:29:dd:76:5c
R-IP2-MAC: 00:50:56:29:49:d5
LVS-MAC: 00:50:56:31:8a:01
RS1-MAC: 00:50:56:24:31:9e
RS2-MAC: 00:50:56:3e:3c:3e
Wireshark抓包VMNET8:CIP和VIP保持不变,VS重新封装源目MAC转发给RS,RS响应报文不经过VS:
标签:00,LVS,0.0,DR2,forever,lft,ff,root From: https://www.cnblogs.com/cnblogsfc/p/14231334.html