1.LVS-NAT模型:
LVS无论NAT及DR模式,均要求LVS server和real server在同一个网段内,NAT需要把lvs server当作各个realserver的默认网关,
DR模式采用修改mac地址直接从数据链路层转发、要求必须在同一个物理网段内
2. LVS-NAT模型的特性:
RS应该使用私有地址,RS的网关必须指向DIP
DIP和RIP必须在同一个网段内,
请求和响应报文都需要经过Director Server,高负载场景中,Director Server易成为性能瓶颈
支持端口映射
RS可以使用任意操作系统
缺陷:对Director Server压力会比较大,请求和响应都需经过director server
3.iptables之四表五链(我们得知道数据包的流向):
filter表——过滤数据包
Nat表——用于网络地址转换(IP、端口)
Mangle表——修改数据包的服务类型、TTL、并且可以配置路由实现QOS
Raw表——决定数据包是否被状态跟踪机制处理
INPUT链——进来的数据包应用此规则链中的策略
OUTPUT链——外出的数据包应用此规则链中的策略
FORWARD链——转发数据包时应用此规则链中的策略
PREROUTING链——对数据包作路由选择前应用此链中的规则(所有的数据包进来的时侯都先由这个链处理)
POSTROUTING链——对数据包作路由选择后应用此链中的规则(所有的数据
包出来的时侯都先由这个链处理)
4.lvs-nat模式配置:
NAT工作路径源路经返回,只需要指定网关即可。
server1依旧是调度器只是算法不同而已:在server1添加两块网卡内网:172.25.84.4
外网:172.25.254.100
server2:172.25.84.2网关:172.25.84.4
server3:172.25.84.3网关:172.25.84.4
server1作为调度器:
[root@server1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e3:2e:2b brd ff:ff:ff:ff:ff:ff
inet 172.25.84.4/16 brd 172.25.255.255 scope global eth0
inet6 fe80::5054:ff:fee3:2e2b/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:d2:fc:8c brd ff:ff:ff:ff:ff:ff
inet 172.25.254.100/24 scope global eth1
inet6 fe80::5054:ff:fed2:fc8c/64 scope link
valid_lft forever preferred_lft forever
新添加的网卡需要ip link set up eth1
server2依旧作为后端服务器:
[root@server2 html]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:8e:f6:ab brd ff:ff:ff:ff:ff:ff
inet 172.25.84.2/16 brd 172.25.255.255 scope global eth0
inet6 fe80::5054:ff:fe8e:f6ab/64 scope link
valid_lft forever preferred_lft forever
[root@server2 html]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.25.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 172.25.84.4 0.0.0.0 UG 0 0 0 eth0
[root@server2 html]# cat /var/www/html/index.html
www.westos.org
[root@server2 html]# /etc/init.d/httpd status
httpd (pid 2104) is running...
server3同样作为后端服务器:
[root@server3 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:49:69:f9 brd ff:ff:ff:ff:ff:ff
inet 172.25.84.3/16 brd 172.25.255.255 scope global eth0
inet6 fe80::5054:ff:fe49:69f9/64 scope link
valid_lft forever preferred_lft forever
[root@server3 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.25.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 172.25.84.4 0.0.0.0 UG 0 0 0 eth0
[root@server3 ~]# cat /var/www/html/index.html
bbs.westos.org
[root@server3 ~]# /etc/init.d/httpd status 打开阿帕其
httpd (pid 1471) is running...
在server1添加ipvsadm策略:
必须打开ipvsadm服务:/etc/init.d/ipvsadm start
[root@server1 network-scripts]# ipvsadm -C
[root@server1 network-scripts]# ipvsadm -A -t 172.25.254.100:80 -s wrr
[root@server1 network-scripts]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.84.2 -m -w 1
//-m表示nat模式,-w设置权重,wrr加权轮叫调度算法
[root@server1 network-scripts]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.84.3 -m -w 1
[root@server1 network-scripts]# ipvsadm -ln
在server1开启路由机制:
[root@server1 ~]# vim /etc/sysctl.conf 编辑配置文件
[root@server1 ~]# sysctl -p 刷新已经开启路由机制
在server1加载NAT模块开启服务:
[root@server1 ~]# modprobe iptable_nat
注:如果不加载此模块,也可以在第一次访问时成功,但是会在再次访问时出现延迟过长,或访问超
时现象
[root@server1 ~]# /etc/init.d/ipvsadm start 开启服务
在真机进行测试:
[root@foundation84 Desktop]# curl 172.25.254.100 会发生轮询
bbs.westos.org
[root@foundation84 Desktop]# curl 172.25.254.100
www.westos.org
[root@foundation84 Desktop]# curl 172.25.254.100
bbs.westos.org
[root@foundation84 Desktop]# curl 172.25.254.100
www.westos.org
在真机添加解析:
[root@foundation84 Desktop]# vim /etc/hosts
在网页测试每刷新一次网页会发生轮询:
当后端服务器server2的httpd关闭:
[root@server2 ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
在真机测试:
[root@foundation84 Desktop]# curl 172.25.254.100
bbs.westos.org
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 Desktop]# curl 172.25.254.100
bbs.westos.org
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
当后端服务器server3的httpd关闭:
[root@server3 ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
在真机测试会报错,server1不会出来顶替工作:
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
