LVS NAT模式部署

环境：

三台主机： • 分发器，可以叫调度器（简写为dir） • 内网：192.168.0.220，外网：172.16.22.220

• rs1 • 内网：192.168.0.221，设置网关为192.168.0.220

• rs2 • 内网：192.168.0.222，设置网关为192.168.0.220

开启远程ssh反向连接

目的是为了远程管理rs1,rs2

dr操作：

vim /etc/ssh/sshd_config

#取消注释

 GatewayPorts yes

service sshd restart

rs1,rs2操作：

ssh -ngfNTR 1122:192.168.0.221:22 root@172.16.22.220 -o ServerAliveInterval=300

ssh -ngfNTR 1222:192.168.0.222:22 root@172.16.22.220 -o ServerAliveInterval=300

[root@test221 ~]# w
 20:38:21 up 11 days, 18 min,  1 user,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/1    gateway          12:07    5.00s  0.05s  0.05s -bash
[root@test221 ~]# netstat -antp | grep sshd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      27731/sshd          
tcp        0      0 192.168.0.221:22        192.168.0.220:60408     ESTABLISHED 32072/sshd: root@pt 
tcp6       0      0 :::22                   :::*                    LISTEN      27731/sshd   

[root@test222 ~]# w
 20:37:34 up 9 days, 23:42,  1 user,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/2    gateway          12:18    6.00s  0.02s  0.02s -bash
[root@test222 ~]# netstat -antp | grep sshd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1113/sshd           
tcp        0      0 192.168.0.222:22        192.168.0.220:52484     ESTABLISHED 32179/sshd: root@pt 
tcp6       0      0 :::22                   :::*                    LISTEN      1113/sshd     

开启防火墙nat转发

dr:

[root@test220 ~]# firewall-cmd --permanent --direct --passthrough ipv4 -t nat POSTROUTING -o eth0 -j MASQUERADE -s 192.168.0.0/24

[root@test220 ~]# firewall-cmd --reload 

启动网卡间核心转发功能

[root@test220 ~]# sysctl -w net.ipv4.ip_forward=1

net.ipv4.ip_forward = 1

[root@test220 ~]# cat /proc/sys/net/ipv4/ip_forward  #验证是否打开

1

安装ipvsadm组件

yum install -y ipvsadm

wlc算法：

#创建脚本，内容如下：

[root@test220 ~]# cat /usr/local/sbin/lvs_nat.sh

#!/bin/bash
#director 服务器上开启路由转发功能，可省略
echo 1 > /proc/sys/net/ipv4/ip_forward
#关闭icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
#注意区分网卡名字
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
#director 设置nat防火墙，使用iptables时有效，使用firewall-cmd使用上面的#firewall-cmd脚本
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
#director设置ipvsadm
IPVSADM='/usr/sbin/ipvsadm'
$IPVSADM -C
$IPVSADM -A -t 172.16.22.220:80 -s wlc -p 3
$IPVSADM -a -t 172.16.22.220:80 -r 192.168.0.221:80 -m -w 1
$IPVSADM -a -t 172.16.22.220:80 -r 192.168.0.222:80 -m -w 1
$IPVSADM -L -n

#测试 使用curl -I http://172.16.22.220测试

~ Aiker$ curl -I 172.16.22.220
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Mar 2018 14:38:29 GMT
Content-Type: text/html
Content-Length: 1326
Last-Modified: Wed, 26 Apr 2017 08:03:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "59005462-52e"
Accept-Ranges: bytes

~ Aiker$ curl -I 172.16.22.220
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 27 Mar 2018 14:38:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.34
location: forum.php

rr算法

定义ipvsadm负载均衡集群规则，并查看 此处定义DIP是以-s指定为rr算法进行轮询调度，-m指定模式为lvs-nat，配置命令如下：

[root@test220 ~]# /usr/sbin/ipvsadm -C
[root@test220 ~]# /usr/sbin/ipvsadm -A -t 172.16.22.220:80 -s rr
[root@test220 ~]# /usr/sbin/ipvsadm -a -t 172.16.22.220:80 -r 192.168.0.221:80 -m
[root@test220 ~]# /usr/sbin/ipvsadm -a -t 172.16.22.220:80 -r 192.168.0.222:80 -m

测试

~ Aiker$ curl -I 172.16.22.220
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Mar 2018 14:38:26 GMT
Content-Type: text/html
Content-Length: 1326
Last-Modified: Wed, 26 Apr 2017 08:03:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "59005462-52e"
Accept-Ranges: bytes

~ Aiker$ curl -I 172.16.22.220
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 27 Mar 2018 14:38:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.34
location: forum.php

wrr算法

[root@test220 ~]# cat !$
cat /usr/local/sbin/lvs_nat_wrr.sh
IPVSADM='/usr/sbin/ipvsadm'
$IPVSADM -C
$IPVSADM -A -t 172.16.22.220:80 -s wrr
$IPVSADM -a -t 172.16.22.220:80 -r 192.168.0.221:80 -m -w 1
$IPVSADM -a -t 172.16.22.220:80 -r 192.168.0.222:80 -m -w 3
$IPVSADM -L -n

测试

~ Aiker$ curl -I 172.16.22.220
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Mar 2018 13:34:47 GMT
Content-Type: text/html
Content-Length: 1326
Last-Modified: Wed, 26 Apr 2017 08:03:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "59005462-52e"
Accept-Ranges: bytes

~ Aiker$ curl -I 172.16.22.220
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Mar 2018 13:34:48 GMT
Content-Type: text/html
Content-Length: 1326
Last-Modified: Wed, 26 Apr 2017 08:03:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "59005462-52e"
Accept-Ranges: bytes

~ Aiker$ curl -I 172.16.22.220
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Mar 2018 13:34:50 GMT
Content-Type: text/html
Content-Length: 1326
Last-Modified: Wed, 26 Apr 2017 08:03:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "59005462-52e"
Accept-Ranges: bytes

~ Aiker$ curl -I 172.16.22.220
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 28 Mar 2018 13:34:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.34
location: forum.php

~ Aiker$ curl -I 172.16.22.220
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Mar 2018 13:35:04 GMT
Content-Type: text/html
Content-Length: 1326
Last-Modified: Wed, 26 Apr 2017 08:03:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "59005462-52e"
Accept-Ranges: bytes