lvs的nat模型实战
定义基于哪一种协议进行lvs 调度
添修改 删除集群
增加一个新的规则
ipvsadm -A|E -t|u|f (服务器地址) -s -p
-t 是tcp协议的端口
-u 是 udp 协议的端口
-f 是firewall MARK
-s scheduler 是调度算法
ipvsadm -D -t|u|f service-address
添加删除 RS
RS的增删改查
ipvsadm -a|e -t|i|f service-address -r server-address [-g|i|m] [-w weight]
lvs 类型
-g:gateway,dr类型默认
-i:ipip,tun 类型
-m:masquerade,nat 类型
ipvsadm -ln 查看集群服务
route -n 查看网关
案例:
加入一个服务
/sbin/ipvsadm -A -t 192.168.59.126:80 -s rr
lvs --rate速率信息显示详情
--rate选项是显示速率信息
1. CPS (current connection rate) 每秒连接数
2. InPPS (current in packet rate) 每秒的入包个数
3. OutPPS (current out packet rate) 每秒的出包个数
4. InBPS (current in byte rate) 每秒入流量(字节)
5. OutBPS (current out byte rate) 每秒入流量(字节)
步骤总结
实验环境介绍
centos7.3 虚拟机 wmware nat网络模式和主机共享ip 不是桥接模式
首先我们给第一台服务器设置双网卡,然后网络配置如下
ifcfg-ens33这时调度机的DIP
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.10
然后是ifcfg-ens36这是调度机的VIP
DEVICE=ens36
BOOTPROTO=none
PREFIX=16
ONBOOT=yes
IPADDR=192.168.59.129
重启网卡
service network restart
然后我们看网络是否生效
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.10 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::23bb:fa8d:5cdb:88d1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:63:56:e3 txqueuelen 1000 (Ethernet)
RX packets 8191 bytes 736090 (718.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8253 bytes 1280778 (1.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.59.129 netmask 255.255.0.0 broadcast 192.168.255.255
inet6 fe80::20c:29ff:fe63:56ed prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:63:56:ed txqueuelen 1000 (Ethernet)
RX packets 1310 bytes 121447 (118.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 710 bytes 124940 (122.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 111 bytes 10657 (10.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 111 bytes 10657 (10.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]#
生效后我们需要给负载机安装nginx
yum install nginx
service nginx start
然后我们需要设置负载机的ip 和 网关,注意nat模式下网管是lvs的dip,lvs的网卡配置文件
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.13
GATEWAY=192.168.100.10
重启网卡
service network restart
最后我们需要设置调度机的ipvs,我们实用ipvsadm
添加集群服务:
/sbin/ipvsadm -A -t 192.168.59.129:80 -s rr
添加真实服务器:
ipvsadm -a -t 192.168.59.129:80 -r 192.168.100.13:80 -m -w 1
查看建立的结果:
[root@localhost network-scripts]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.59.129:80 rr
-> 192.168.100.13:80 Masq 1 0 0
查看TCP信号发送情况
[root@localhost network-scripts]# ipvsadm -lnc
查看流量包的发送情况:
[root@localhost network-scripts]# ipvsadm -l --rate
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port CPS InPPS OutPPS InBPS OutBPS
-> RemoteAddress:Port
TCP localhost.localdomain:http 0 0 0 0 0
-> 192.168.100.13:http 0 0 0 0 0
通过浏览器访问
http://192.168.59.129/
成功抵达负载机
nat缺点:
注意lvs缺点,就是需要处理响应报文,负载可能过高,同时注意关闭掉f防火墙,selinux 还有 打开ip_forward
结束谢谢!!!