一·fullnat模式
fullnat原理图:
fullnat原理:
1 client主机(cip)将请求发往前端的负载均衡器(vip),请求报文源地址是CIP,目标地址为VIP。负载均衡器收到报文后,发现请求的是在规则里面存在的地址,那么它将客户端请求报文的源MAC地址改为自己DIP的MAC地址,目标MAC改为了RIP的MAC地址,并将此包发送给RS。
2 RS发现请求报文中的目的MAC是自己,就会将次报文接收下来,处理完请求报文后,将响应报文通过lo接口送给eth0网卡直接发送给client主机(cip)。
fullnat模式的优缺点:
FULLNAT一个最大的问题是:RealServer无法获得用户IP;为了解决这个问题我们提出了TOA的概念,主要原理是:将clientaddress放到了TCP Option里面带给后端RealServer,RealServer上通过toa内核模块hack了getname函数,给用户态返回TCP Option中的client ip。
二·fullnat模式实验
在做实验之前需要将server1的大小改为2048
实验需要的安装包:
asciidoc-8.4.5-4.1.el6.noarch.rpm
kernel-2.6.32-220.23.1.el6.src.rpm
newt-devel-0.52.11-3.el6.x86_64.rpm
slang-devel-2.2.1-1.el6.x86_64.rpm
Lvs-fullnat-synproxy.tar.gz
在server1中:
[root@server1 ~]# ls
asciidoc-8.4.5-4.1.el6.noarch.rpm newt-devel-0.52.11-3.el6.x86_64.rpm
kernel-2.6.32-220.23.1.el6.src.rpm slang-devel-2.2.1-1.el6.x86_64.rpm
Lvs-fullnat-synproxy.tar.gz
[root@server1 ~]# yum install -y rpm-build
[root@server1 ~]# rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm
[root@server1 ~]# cd rpmbuild/
[root@server1 rpmbuild]# ls
[root@server1 rpmbuild]# cd SPECS/
[root@server1 SPECS]# ls
[root@server1 SPECS]# rpmbuild -bp kernel.spec ##域解释环境
[root@server1 SPECS]# yum install redhat-rpm-config patchutils xmlto asciidoc elfutils-libelf-devel binutils-devel newt-devel python-devel hmaccalc perl-ExtUtils-Embed -y
[root@server1 ~]# yum install newt-devel-0.52.11-3.el6.x86_64.rpm
[root@server1 ~]# yum install slang-devel-2.2.1-1.el6.x86_64.rpm
[root@server1 ~]# yum install asciidoc-8.4.5-4.1.el6.noarch.rpm
[root@server1 ~]# cd rpmbuild/
[root@server1 rpmbuild]# cd SPECS/
[root@server1 SPECS]# rpmbuild -bp kernel.spec ##会卡住需要再连接一个server1输入以下命令:
[root@server1 ~]# yum provides */rngd
[root@server1 ~]# yum install rng-tools-2-13.el6_2.x86_64 -y
[root@server1 ~]# rngd -r /dev/urandom 在原来的server1中输入以下命令:
[root@server1 ~]# tar zxf Lvs-fullnat-synproxy.tar.gz
[root@server1 ~]# cd rpmbuild/
[root@server1 rpmbuild]# cd BUILD
[root@server1 BUILD]# cd kernel-2.6.32-220.23.1.el6/
[root@server1 kernel-2.6.32-220.23.1.el6]# cd linux-2.6.32-220.23.1.el6.x86_64/
[root@server1 linux-2.6.32-220.23.1.el6.x86_64]# cp /root/lvs-fullnat-synproxy/lvs-2.6.32-220.23.1.el6.patch .
[root@server1 linux-2.6.32-220.23.1.el6.x86_64]# ll lvs-2.6.32-220.23.1.el6.patch .
[root@server1 linux-2.6.32-220.23.1.el6.x86_64]# patch -p1 < lvs-2.6.32-220.23.1.el6.patch ##打补丁
[root@server1 linux-2.6.32-220.23.1.el6.x86_64]# uname -r ##查看名字
[root@server1 linux-2.6.32-220.23.1.el6.x86_64]# vim Makefile ##改名字(以便实验)
EXTRAVERSION = -431.e16.x86_64 ##添加内容
[root@server1 linux-2.6.32-220.23.1.el6.x86_64]# make ##编译
[root@server1 linux-2.6.32-220.23.1.el6.x86_64]# make modules_install
[root@server1 linux-2.6.32-220.23.1.el6.x86_64]# make install
编译完成后执行以下命令:
[root@server1 linux-2.6.32-220.23.1.el6.x86_64]# cd /boot/
[root@server1 boot]# ls
[root@server1 boot]# cd grub/
[root@server1 grub]# vim grub.conf ##修改内容
[root@server1 grub]# reboot ##重启
重启之后查看名字和大小都有更改:
[root@server1 ~]# uname -r
2.6.32-431.el6.x86_64
[root@server1 ~]# rpm -e ipvsadm
[root@server1 ~]# cd lvs-fullnat-synproxy/
[root@server1 lvs-fullnat-synproxy]# tar zxf lvs-tools.tar.gz ##解压
[root@server1 lvs-fullnat-synproxy]# ls
[root@server1 lvs-fullnat-synproxy]# cd tools/
[root@server1 tools]# ls
[root@server1 tools]# cd keepalived/
[root@server1 keepalived]# ls
[root@server1 keepalived]# uname -r
2.6.32-431.el6.x86_64
[root@server1 keepalived]# cd /lib
[root@server1 lib]# cd modules/
[root@server1 lib]# yum remove ipvsadm ##删除
[root@server1 modules]# ls
2.6.32-431.el6.x86_64
[root@server1 modules]# cd 2.6.32-431.el6.x86_64
[root@server1 2.6.32]# ll
[root@server1 2.6.32]# cd
[root@server1 ~]# cd lvs-fullnat-synproxy/
[root@server1 lvs-fullnat-synproxy]# ls
[root@server1 tools]# ls
[root@server1 tools]# cd keepalived/
[root@server1 keepalived]# ls
编译三部曲:
[root@server1 keepalived]# ./configure --with-kernel-dir="/lib/modules/`uname -r`/build"
[root@server1 keepalived]# yum install -y popt-devel
[root@server1 keepalived]# ./configure --with-kernel-dir="/lib/modules/`uname -r`/build"
[root@server1 keepalived]# make
[root@server1 keepalived]# make install需要在另一个目录下再次编译:
[root@server1 keepalived]# cd /usr/local/
[root@server1 local]# ls
[root@server1 local]# cd etc/
[root@server1 etc]# ls
[root@server1 etc]# cd ..
[root@server1 local]# cd bin/
[root@server1 bin]# ls
[root@server1 bin]# cd ..
[root@server1 local]# cd sbin/
[root@server1 sbin]# ls
[root@server1 sbin]# pwd
/usr/local/sbin
[root@server1 sbin]# cd
[root@server1 ~]# cd lvs-fullnat-synproxy/
[root@server1 lvs-fullnat-synproxy]# ls
[root@server1 lvs-fullnat-synproxy]# cd tools/
[root@server1 tools]# ls
[root@server1 tools]# cd ipvsadm/
[root@server1 ipvsadm]# ls
[root@server1 ipvsadm]# make
[root@server1 ipvsadm]# make install
[root@server1 ipvsadm]# cd
[root@server1 ~]# ipvsadm -l ##查看添加策略以及真机测试
[root@server1 ~]# ip addr add 172.25.254.1/24 dev eth3 ##添加一个网卡(不在一个网段的ip)
[root@server1 ~]# ip link set up eth3 ##开启
[root@server1 ~]# ip addr
[root@server1 ~]# /etc/init.d/ipvsadm start
[root@server1 ~]# ipvsadm -A -t 172.25.254.1:80 -s rr ##算法
[root@server1 ~]# ipvsadm -a -t 172.25.254.1:80 -r 172.25.71.2:80 -b ##为FULLNAT模式
[root@server1 ~]# ipvsadm -a -t 172.25.254.1:80 -r 172.25.71.3:80 -b
[root@server1 ~]# ipvsadm -P -t 172.25.254.1:80 -z 127.0.0.1:80
[root@server1 ~]# ipvsadm -G -t 172.25.254.1:80
[root@server1 ~]# ipvsadm -ln
[root@server1 ~]# ipvsadm -lnc
在server2和server3中需要添加网关(是server1本机ip)
物理机测试:
