LVS-NAT模式集群构建

Posted 笃信守真

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LVS-NAT模式集群构建相关的知识,希望对你有一定的参考价值。

实验示意图:

\'LVS-NAT模式集群构建_LVS-NAT\'

如上图,其中D为负载均衡器,RS1和RS2均为两台服务器

一、配置D负载均衡器:

  • 内网网卡配置

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth1
DEVICE=eth1
HWADDR=00:0C:29:17:90:36
TYPE=Ethernet
UUID=d10ecf55-8f3f-4e55-b8ed-b3a3f02efa55
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=100.100.100.11
NETMASK=255.255.255.0
  • 外网网卡配置

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:17:90:2C
TYPE=Ethernet
UUID=43d227b6-7108-46e8-bf78-aa170c65334b
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=200.200.200.11
NETMASK=255.255.255.0
  • 关闭NetworkManager服务及开机自启动

[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon:                            [  OK  ]
[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon:                            [  OK  ]
[root@localhost ~]# chkconfig NetworkManager off
  • 安装ipvsadm命令行管理工具

[root@localhost ~]# mount -t iso9660 /dev/cdrom /mnt/cdrom/
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@localhost ~]# yum -y install ipvsadm
  • 开启路由转发并刷新内核配置

[root@localhost ~]# vi /etc/sysctl.conf 
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
  • 添加防火墙规则

添加防火墙记录,当源地址是 内网网段 并且出口网卡为 eth0 的时候进行 SNAT 转换,转换源地址为外网卡地址

[root@localhost ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ]
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -t nat -A POSTROUTING -s 100.100.100.0/24 -o eth0 -j SNAT --to-source 200.200.200.11
# 删除iptables规则
[root@localhost ~]# iptables -t nat -D POSTROUTING -s 100.100.100.0/24 -o eth0 -j SNAT --to-source 200.200.200.11

# 查看记录是否保存成功
[root@localhost ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        
SNAT       all  --  100.100.100.0/24     anywhere            to:200.200.200.11
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
# 保存iptables规则
[root@localhost ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@localhost ~]# chkconfig iptables on
  • 配置ipvs集群

# 添加ipvsadm TCP集群
[root@localhost ~]# ipvsadm -A -t 200.200.200.11:80 -s rr

# 添加ipvsadm节点
[root@localhost ~]# ipvsadm -a -t 200.200.200.11:80 -r 100.100.100.12:80 -m
[root@localhost ~]# ipvsadm -a -t 200.200.200.11:80 -r 100.100.100.13:8080 -m

# 查看连接的地址和端口列表
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
 -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  200.200.200.11:80 rr
 -> 100.100.100.12:80            Masq    1      0          0        
 -> 100.100.100.13:8080          Masq    1      0          0
# 保存ipvsadm配置
[root@localhost ~]# service ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm:      [  OK  ]
# 配置ipvsadm开启自启
[root@localhost ~]# chkconfig ipvsadm on

 

二、配置真实服务器RS1

  • 网卡IP配置

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:E2:0C:14
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=100.100.100.12
NETMASK=255.255.255.0
  • 关闭NetworkManager服务及开启自启动:

[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon:                            [  OK  ]
[root@localhost ~]# chkconfig NetworkManager off
  • 添加网关

[root@localhost ~]# echo "GATEWAY=100.100.100.11" >> /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# service network restart
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Device eth0 does not seem to be present, delaying initialization.
                                                          [FAILED]
[root@localhost ~]# shutdown -h now
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
100.100.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         100.100.100.11  0.0.0.0         UG    0      0        0 eth0

[root@localhost ~]# echo "111111111111111" >> /var/www/html/index.html
[root@localhost ~]# service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd: httpd: Could not reliably determine the server\'s fully qualified domain name, using localhost.localdomain for ServerName
                                                          [  OK  ]
[root@localhost ~]# chkconfig httpd on
[root@localhost ~]# curl localhost
111111111111111

 

三、配置服务器RS2

  • 网卡IP配置

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
HDADDR=00:0c:29:a7:7a:ad
IPADDR=100.100.100.13
NETMASK=255.255.255.0
  • 关闭NetworkManager服务及开启自启动:

[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon:                            [  OK  ]
[root@localhost ~]# chkconfig NetworkManager off
  • 添加网关

[root@localhost ~]# echo "GATEWAY=100.100.100.11" >> /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# service network restart
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Device eth0 does not seem to be present, delaying initialization.
                                                          [FAILED]
[root@localhost ~]# shutdown -h now
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
100.100.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         100.100.100.11  0.0.0.0         UG    0      0        0 eth0

[root@localhost ~]# echo "222222222222" >> /var/www/html/index.html
[root@localhost ~]# service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd: httpd: Could not reliably determine the server\'s fully qualified domain name, using localhost.localdomain for ServerName
                                                          [  OK  ]
[root@localhost ~]# chkconfig httpd on
[root@localhost ~]#curl localhost:8080
222222222222

 

四、查看负载调度器D状态

[root@localhost ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
 -> RemoteAddress:Port
TCP  200.200.200.11:80                  43      153       68    13472     6741
 -> 100.100.100.12:80                  21       76       33     6488     3114
 -> 100.100.100.13:8080                22       77       35     6984     3627
[root@localhost ~]#

从InPkts和OutPkts的数量不为0可知,负载调度器NAT转换已起作用。

 

 

 

以上是关于LVS-NAT模式集群构建的主要内容,如果未能解决你的问题,请参考以下文章

LVS负载均衡!LVS-NAT模式部署!

CentOS7上部署LVS负载均衡群集之LVS-NAT(地址转换模式)

企业——LVS-NAT模式负载均衡构建配置

负载均衡集群之——LVS-NAT的部署

#构建LVS负载均衡群集之地址转换模式(LVS-NAT)

3-1 LVS-NAT集群