Linux学习-LVS之NAT模型部署
Posted 丢爸
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux学习-LVS之NAT模型部署相关的知识,希望对你有一定的参考价值。
以下实例通过Vmware下Centos7系统上部署
环境准备
- 准备3台centos7虚拟机
- Director Server:VIP:192.168.88.101,DIP:172.16.1.3
- Real Server1(web服务器):RIP1:172.16.1.2 网关(指向Director Server):172.16.1.3
- Real Server2(web服务器):RIP2:172.16.1.4 网关(指向Director Server):172.16.1.3
基本配置(网络)
#--------Director配置
[root@ds ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:d3:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.88.101/24 brd 192.168.88.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::a03d:1c5b:d3d8:111c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:d3:d7 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.3/24 brd 172.16.1.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::7586:86b3:e6bd:c477/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#---------RS1网络配置
[root@rs1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.2 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::2792:a1c1:4941:9616 prefixlen 64 scopeid 0x20<link>
inet6 fe80::b28c:edf9:5114:7241 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f6:fc:bd txqueuelen 1000 (Ethernet)
RX packets 322 bytes 53537 (52.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 376 bytes 39955 (39.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#查看网关配置
[root@rs1 ~]# ip route
default via 172.16.1.3 dev ens33 proto static metric 100
172.16.1.0/24 dev ens33 proto kernel scope link src 172.16.1.2 metric 100
#--------RS2网络配置
[root@rs2 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.4 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::2792:a1c1:4941:9616 prefixlen 64 scopeid 0x20<link>
inet6 fe80::8a17:99a0:3797:98ee prefixlen 64 scopeid 0x20<link>
inet6 fe80::b28c:edf9:5114:7241 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:90:1b:3e txqueuelen 1000 (Ethernet)
RX packets 297 bytes 48616 (47.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 358 bytes 34366 (33.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#查看网关配置
[root@rs2 ~]# ip route list
default via 172.16.1.3 dev ens33 proto static metric 100
172.16.1.0/24 dev ens33 proto kernel scope link src 172.16.1.4 metric 100
在DS安装ipvsadm
[root@ds ~]# yum install -y ipvsadm
#设置网络转发
[root@ds ~]# cat /proc/sys/net/ipv4/ip_forward
1
#如网络转发没打开,则手动配置,并通过sysctl -p 使之生效
[root@ds ~]# cat /etc/sysctl.d/ip_net.conf
net.ipv4.ip_forward = 1
#配置ipvs规则
#添加集群
[root@ds ~]# ipvsadm -A -t 192.168.88.101:80 -s rr
[root@ds ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.88.101:80 rr
#添加RS主机
[root@ds ~]# ipvsadm -a -t 192.168.88.101:80 -r 172.16.1.2 -m
[root@ds ~]# ipvsadm -a -t 192.168.88.101:80 -r 172.16.1.4 -m
[root@ds ~]# ipvsadm -l -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.88.101:80 rr
-> 172.16.1.2:80 Masq 1 0 0
-> 172.16.1.4:80 Masq 1 0 0
配置RS1,RS2为web服务器
#在RS1和RS2两台服务器上安装nginx或httpd
#httpd编译安装--https://blog.csdn.net/xuwenpeng/article/details/115679566
#通过yum install -y httpd安装即可
#nginx编译安装--https://blog.csdn.net/xuwenpeng/article/details/116557439
#通过yum install -y nginx安装即可
#安装完成后启动nginx或httpd服务,实现以nginx为例
#在RS1,RS2启动nginx服务
[root@rs1 ~]# /usr/local/nginx/sbin/nginx
[root@rs2 ~]# /usr/local/nginx/sbin/nginx
#修改RS1和RS2主页
[root@rs1 ~]# cat /usr/local/nginx/html/index.html
<h1>RS1 Server</h1>
[root@rs2 ~]# cat /usr/local/nginx/html/index.html
<h1>RS2 Server</h2>
#在DS上测试RS1和RS2Web服务
[root@ds ~]# curl 172.16.1.2
<h1>RS1 Server</h1>
[root@ds ~]# curl 172.16.1.4
<h1>RS2 Server</h2>
ipvsadm命令
#-n|--numeric:基于数字格式显示地址和端口
#-c|--connection:显示ipvs连接
#--stats:输出统计数据
#--rate:速率
#--exact:显示精确值不做单位换算
[root@ds ~]# ipvsadm -L -c
IPVS connection entries
pro expire state source virtual destination
TCP 01:57 TIME_WAIT localhost:60532 localhost:http 172.16.1.2:webcache
TCP 01:55 TIME_WAIT localhost:60530 localhost:http 172.16.1.2:webcache
[root@ds ~]# ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.88.101:80 18 150 106 16117 12586
-> 172.16.1.2:8080 8 56 40 3600 4192
-> 172.16.1.4:8080 2 14 10 900 104
[root@ds ~]# ipvsadm -L -n --rate
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port CPS InPPS OutPPS InBPS OutBPS
-> RemoteAddress:Port
TCP 192.168.88.101:80 0 0 0 0 0
-> 172.16.1.2:8080 0 0 0 0 0
-> 172.16.1.4:8080 0 0 0 0
#保存ipvs规则至本地磁盘
[root@ds ~]# ipvsadm -S >/etc/sysconfig/ipvsadm
#清空ipvsadm规则
[root@ds ~]# ipvsadm -C
[root@ds ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
#载入ipvs规则
[root@ds ~]# ipvsadm -R < /etc/sysconfig/ipvsadm
[root@ds ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 127.0.0.1:80 rr
-> 172.16.1.2:80 Masq 1 0 0
-> 172.16.1.4:80 Masq 1 0 0
#删除指定的RS
[root@ds ~]# ipvsadm -d -t 192.168.88.101:80 -r 172.16.1.2
[root@ds ~]# ipvsadm -d -t 192.168.88.101:80 -r 172.16.1.4
[root@ds ~]# ipvsadm -l -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.88.101:80 rr
#修改调度算法,修改成dh后,同一主机访问时,会定位至同一后端server响应
[root@ds ~]# ipvsadm -E -t 192.168.88.101:80 -s dh
[root@ds ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.88.101:80 dh
-> 172.16.1.2:8080 Masq 1 0 0
-> 172.16.1.4:8080 Masq 1 0 0
以上是关于Linux学习-LVS之NAT模型部署的主要内容,如果未能解决你的问题,请参考以下文章