DR模式集群。 实际中都应该是互联网的IP,这里模拟现象。由web 直接回包给client。
会出现的问题
1、群集地址 (web回包IP与client请求不同)需要建立vip。
2、路由器ARP请求(需要关闭web1、web2部分arp响应)。
3、lvs关闭ICMP响应 (ICMP重定向问题),pc和路由器都有路由优化功能。死找一个web。
开始配置 NFS就不做了 前一篇文档有。
chkconfig NetworkManager off
chkconfig iptables off
cat /etc/sysconfig/selinux #例行公事四台都要这样。
配置IP web1 web2 lvs 都需要指定网关1.1
ip a #以下为web1的输出
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5b:d8:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.4/24 brd 192.168.1.255 scope global eth0
inet6 fe80::20c:29ff:fe5b:d833/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5b:d8:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.2.4/24 brd 192.168.2.255 scope global eth1
inet6 fe80::20c:29ff:fe5b:d83d/64 scope link
valid_lft forever preferred_lft forever
配置lvs
yum -y install ipvsadm
modprobe ip_vs #启用ip_vs
配置虚拟IP地址(vip)
cd /etc/sysconfig/network-scripts/
network-scripts]# cp ifcfg-eth0 ifcfg-eth0:0
network-scripts]# vim ifcfg-eth0:0
ip a #lvs1的输出
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:3b:69:41 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.254/24 brd 192.168.1.255 scope global secondary eth0:0
inet6 fe80::20c:29ff:fe3b:6941/64 scope link
valid_lft forever preferred_lft forever
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0 #关闭路由转发、关闭linux内核的重定向参数响应
sysctl -p
service ipvsadm stop
ipvsadm -A -t 192.168.1.254:80 -s rr
ipvsadm -a -t 192.168.1.254:80 -r 192.168.1.4:80 -g -w 1
ipvsadm -a -t 192.168.1.254:80 -r 192.168.1.3:80 -g -w 1
chkconfig ipvsadm on
service ipvsadm save
service ipvsadm start #配置负载分配策略
web1和web2 使用虚接口lo:0来承载IP ,此地址仅用作发送web响应数据包的源地址。添加路由记录表,将访问vip的数据限制在本地。
cd /etc/sysconfig/network-scripts/
network-scripts]# cp ifcfg-eth0 ifcfg-lo:0
network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.254
NETMASK=255.255.255.255 #web1 、web2配置相同
#子网掩码必须四个255
route add -host 192.168.1.254 dev lo:0 #代表去1.254走lo:0卡 就在本地
cat /etc/rc.local #添加路由记录,写入文件,开机自动运行。
vim /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
sysctl -p #调整/proc arp响应参数
echo 123 > /var/www/html/index.html
service httpd start # 建立网页测试文件
web2 与web1 配置相同。
iptables -t nat -A PREROUTING -d 200.0.0.1 -p tcp --dport 80 -j DNAT --to 192.168.1.254:80
service iptables save
chkconfig iptables on #路由器设置防火墙规则
#开启路由转发
systc -p
如果用client 访问200.0.0.1