LVS-DR模式同网段实现
说明:DIP、VIP、RIP同网段
拓扑:
环境说明:
1、client网关指向Router,跨网段访问lvs-VIP,需要指定正确网关和路由,如果client和Route之间还有其他路由或防火墙设备,网关设置直连路由IP
2、虚拟机模拟路由器,Router需要开启路由转发ip_forward
3、实验环境模拟路由器直连client和lvs架构,Router可以不配置网关
4、lvs必须有网关:10.0.0.x;如果不配置网关,不接收 “源CIP--目VIP”的数据包,因为数据包到达时,发现CIP和自己不在同网段,假设自己返回响应则需要通过网关发出数据包,但是没有网关,响应返回不了,干脆不接受
5、lvs,rs,都需要配置VIP,VIP一般配置在lo上,VIP在lo上子网掩码一般是32位,如果在ensX端口,32位可以,24位也可以,会自动生成路由,但是lo上24位掩码不会自动生成路由,影响访问
6、避免arp广播VIP冲突,关闭rs内核参数,忽略arp广播对VIP的查询,忽略自己对自己VIP的arp广播宣告
7、由于lvs调度请求时,源目IP不变"CIP-VIP",没有新的IP封装,调度给后端RIP时,依赖MAC地址转发,所以lvs调度器和RS需要在一个物理网络
8、lvs-DR模式,请求经过lvs,响应不经过lvs,RS的网关不指向lvs,而是“出口路由”
9、tcp握手有5次
各主机路由情况:
[root@client ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.43.122 0.0.0.0 UG 100 0 0 ens33 192.168.43.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@router ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 192.168.43.0 0.0.0.0 255.255.255.0 U 101 0 0 ens37 [root@lvs ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.101 0.0.0.0 UG 100 0 0 ens33 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@rs1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.122 0.0.0.0 UG 100 0 0 ens33 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@rs2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.122 0.0.0.0 UG 100 0 0 ens33 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
示例:基于轮询算法、DR模式配置验证
【注意】示例中添加VIP的方法是临时添加,永久添加需要写入配置文件,或者使用nmcli命令添加VIP
1、client配置:
[root@client ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:25:c5:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.43.121/24 brd 192.168.43.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 2408:840c:931f:6abb:250:56ff:fe25:c56f/64 scope global mngtmpaddr dynamic
valid_lft 3270sec preferred_lft 3270sec
inet6 fe80::250:56ff:fe25:c56f/64 scope link
valid_lft forever preferred_lft forever
2、Router配置:
[root@router ~]# grep -i ip_forward /etc/sysctl.conf #永久有效
net.ipv4.ip_forward=1
[root@router ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:29:49:d5 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.122/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:dd:76:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.43.122/24 brd 192.168.43.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 2408:840c:931f:6abb:20c:29ff:fedd:765c/64 scope global mngtmpaddr dynamic
valid_lft 3232sec preferred_lft 3232sec
inet6 fe80::20c:29ff:fedd:765c/64 scope link
valid_lft forever preferred_lft forever
3、lvs配置:
[root@lvs ~]# ip a a 10.0.0.100/32 dev lo:1 #临时有效
[root@lvs ~]# ipvsadm -A -t 10.0.0.100:80 -s rr #添加VIP,和调度算法
[root@lvs ~]# ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.123:80 -g #添加RS映射
[root@lvs ~]# ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.124:8080 -g #lvs-DR模式不支持端口映射
[root@lvs ~]# ipvsadm -ln
[root@lvs ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 rr
-> 10.0.0.123:80 Route 1 0 0
-> 10.0.0.124:80 Route 1 0 0 #lvs-DR模式不支持端口映射
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:31:8a:01 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.125/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
4、RS配置:
[root@rs1 ~]# ip a a 10.0.0.100/32 dev lo:1 #临时有效
[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:24:31:9e brd ff:ff:ff:ff:ff:ff
inet 10.0.0.123/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore #关闭arp应答
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore #关闭arp应答
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce #关闭arp广播宣告
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce #关闭arp广播宣告
[root@rs2 ~]# ip a a 10.0.0.100/32 dev lo:1 #临时有效
[root@rs2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:3e:3c:3e brd ff:ff:ff:ff:ff:ff
inet 10.0.0.124/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore #关闭arp应答
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore #关闭arp应答
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce #关闭arp广播宣告
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce #关闭arp广播宣告
5、验证:
[root@client ~]# curl 10.0.0.100
MAC地址:
C-MAC: 00:50:56:29:49:d5
R-IP1-MAC: 00:0c:29:dd:76:5c
R-IP2-MAC: 00:50:56:29:49:d5
LVS-MAC: 00:50:56:31:8a:01
RS1-MAC: 00:50:56:24:31:9e
RS2-MAC: 00:50:56:3e:3c:3e
Wireshark抓包VMNET8:CIP和VIP保持不变,VS重新封装源目MAC转发给RS,RS响应报文不经过VS:
标签:10.0,00,LVS,DR1,0.0,forever,lft,ff From: https://www.cnblogs.com/cnblogsfc/p/14208961.html