现在环境目前只有一台服务器
2.现在迁移如下(lvs 采用的是NAT的方式)
3.IP说明:
Nginx:192.168.0.106 192.168.0.108 Lvs: 192.168.0.109 公网Ip:124.205.3.181 192.168.0.110 公网Ip:124.205.3.179 Keepalived: VIP:124.205.3.180 #解析地址 192.168.0.21 #内网上网
4. LVS NAT 的原理
1)客户端请求数据,目标IP为VIP
2)请求数据到达LB服务器,LB根据调度算法将目的地址修改为RIP地址及对应端口(此RIP地址是根据调度算法得出的。)并在连接HASH表中记录下这个连接。
3)数据包从LB服务器到达RS服务器webserver,然后webserver进行响应。Webserver的网关必须是LB,然后将数据返回给LB服务器。
4)收到RS的返回后的数据,根据连接HASH表修改源地址VIP&目标地址CIP,及对应端口80.然后数据就从LB出发到达客户端。
5)客户端收到的就只能看到VIP\DIP信息。
5.keepalived 主配置文件 192.168.0.109
192.168.0.109 master
!Configuration File for keepalived
global_defs{
notification_email{
liuhx@xinfushe.com
}
notification_email_fromAlexandre.Cassen@firewall.loc
smtp_server 192.168.0.109
smtp_connect_timeout 30
router_id LVS_01
}
vrrp_instanceVI_1 {
state MASTER
interface eth1
virtual_router_id 199
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1098
}
virtual_ipaddress {
124.205.3.180/29 dev eth1 label eth1:2
}
}
vrrp_instanceVI_2 {
state MASTER
interface eth0
virtual_router_id 198
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1098
}
virtual_ipaddress {
192.168.0.21/22 dev eth0 label eth0:1
}
}
virtual_server124.205.3.180 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.248
persistence_timeout 0
protocol TCP
real_server 192.168.0.106 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.0.108 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server124.205.3.180 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.248
persistence_timeout 0
protocol TCP
real_server 192.168.0.106 443 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 443
}
}
real_server 192.168.0.108 443 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 443
}
}
}6.keepalived 备用 192.168.0.110 配置文件
!Configuration File for keepalived
global_defs{
notification_email{
liuhx@xinfushe.com
}
notification_email_fromAlexandre.Cassen@firewall.loc
smtp_server 192.168.0.109
smtp_connect_timeout 30
router_id LVS_02
}
vrrp_instanceVI_1 {
state BACKUP
interface eth1
virtual_router_id 199
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1098
}
virtual_ipaddress {
124.205.3.180/29 dev eth1 label eth1:2
}
}
vrrp_instanceVI_2 {
state BACKUP
interface eth0
virtual_router_id 198
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1098
}
virtual_ipaddress {
192.168.0.21/22 dev eth0 label eth0:1
}
}
#ipvsadm-A -t 10.0.1.31:80 -s rr -p 300
virtual_server124.205.3.180 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.248
persistence_timeout 50
protocol TCP
#ipvsadm-a -t 10.0.1.31:80 -r 10.0.1.6:80 -g
real_server 192.168.0.106 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.0.108 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server124.205.3.180 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.248
persistence_timeout 0
protocol TCP
real_server 192.168.0.106 443 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 443
}
}
real_server 192.168.0.108 443 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 443
}
}
}7.网卡地址信息
[root@nat11~]# ifconfig eth0:flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.109 netmask 255.255.252.0 broadcast 192.168.3.255 inet6 fe80::20c:29ff:fe0e:71a1 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:0e:71:a1 txqueuelen 1000 (Ethernet) RX packets 10285665 bytes 6037023442 (5.6 GiB) RX errors 0 dropped 12270 overruns 0 frame 0 TX packets 6762099 bytes 2555517373 (2.3 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0:1:flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.21 netmask 255.255.252.0 broadcast 0.0.0.0 ether 00:0c:29:0e:71:a1 txqueuelen 1000 (Ethernet) eth1:flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 124.205.3.181 netmask 255.255.255.248 broadcast 124.205.3.183 inet6 fe80::20c:29ff:fe0e:71ab prefixlen 64 scopeid 0x20<link> ether 00:0c:29:0e:71:ab txqueuelen 1000 (Ethernet) RX packets 5132918 bytes 2202414181 (2.0 GiB) RX errors 0 dropped 2 overruns 0 frame 0 TX packets 5378351 bytes 5416028620 (5.0 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1:2:flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 124.205.3.180 netmask 255.255.255.248 broadcast 0.0.0.0 ether 00:0c:29:0e:71:ab txqueuelen 1000 (Ethernet) lo:flags=73<UP,LOOPBACK,RUNNING> mtu65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 98 bytes 8360 (8.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 98 bytes 8360 (8.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@nat11~]#
8.说明:
NAT上面可以看出 网关nginx得指向lvs服务器,lvs得开启转发的功能
keepalivedVRRP协议允许网段(两台lvs都得做)
iptables -A INPUT -p 112 -d 224.0.0.0/32 -j ACCEPT
lvs开启内核转发:(两台lvs都得做)
echo 1 /proc/sys/net/ipv4/ip_forward
备注:LVS 443 80 都得开启,因为是https
防火墙允许
网关得指向lvs
lvs开启内核转发
