LVS-DR cluster

1. LVS-DR data packet flow analysis

1. Principle analysis

In order to facilitate the principle analysis, the client and the cluster machine are placed in the agreed network, and the route of the data packet is 1-2-3-4.

2. Four steps

1.client向目标VIP发出请求，Director（负载均衡器）接收。
IP包头及数据帧头信息
source ip:192.168.52.100
source MAC:00:18:82:3c:e8:96
dst ip:192.168.52.115
dst MAC:00:0c:29:6a:8d:5d
dst port:80
2.Dircetor根据负载均衡算法选择RealServer_1，不修改也不封装IP报文，而是将数据帧的MAC地址改为RealServer_1的MAC地址，然后在局域网上发送。
IP包头及数据帧头信息
source ip:192.168.52.100
source MAC:00:0c:29:6a:8d:5d
dst ip:192.168.52.115
dst MAC:00:0c:29:b1:97:82
dst port:80
3.RealServer_1收到这个帧，解封装后发现目标IP与本机匹配（RealServer事先绑定了VIP），于是处理这个报文。随后重新封装报文，发送到局域网。
IP包头及数据帧头信息
source ip:192.168.52.115
source MAC:00:0c:29:b1:97:82
dst ip:192.168.52.110
dst MAC:00:18:82:3c:e8:96
dst port:80
4.Client将收到回复报文。Client认为得到正常的服务，而不会知道是哪一台服务器处理的
注意：如果跨网段，则报文通过路由器经由Internet返回给用户。

2. ARP problem in LVS-DR

1.对节点服务器进行处理，使其不响应针对VIP的ARP请求
使用虚接口lo:0承载VIP地址
设置内核参数arp_ignore=1:系统只响应目的IP为本地lP的ARP请求

2.RealServer返回报文(源IP是VIP)经路由器转发,重新封装报文时,需要先获取路由器的MAC地址。
发送ARP请求时，Linux默认使用IP包的源P地址(即VIP)作为ARP请求包中的源IP地址，而不使用发送接口的IP地址。
  如：ens33接口

3. After the router receives the ARP request, it will update the ARP table entry. The
original VIP corresponding to the Director's MAC address will be updated to the VIP corresponding to the MAC address of the RealServer.

4. Problem: The
router forwards the new request message to RealServer according to the ARP table entry, causing the Director's VIP to become invalid.
Solution: Process
the node server and set the kernel parameter arp_announce=2: The system does not use the source address of the IP packet to set the source address of the ARP request, but selects the IP address of the sending interface.
Supplement: When the arp_announce parameter is configured as 2, when which network card initiates an arp request, the source IP address will select the IP address of this network card itself.

Three. LVS-DR configuration process

一台调度服务器192.168.100.1
一台NFS服务器192.168.100.130
两台节点服务器
原本192.168.100.110 虚拟192.168.100.210
原本192.168.100.120 虚拟192.168.100.210
一台客户机

1. Install the necessary tools

1.在调度器服务器上安装ipvsadm管理工具
#要先添加一个网络适配器，成为两个网卡
#安装ipvsadm管理工具
 yum install ipvsadm -y

2.在两台web节点服务器上的操作
#安装httpd服务
 yum install httpd -y

3.在共享存储服务器上的操作

#使用rpm查询是否有nfs-utils和rpcbind软件包
[]rpm -q nfs-utils
nfs-utils-1.3.0-0.48.el7.x86_64
[] rpm -q rpcbind 
rpcbind-0.2.0-42.el7.x86_64

2. Shared storage configuration

#编辑共享目录配置文件
 mkdir -p /opt/accp
 mkdir -p /opt/kgc
[root@localhost ~]# vim /etc/exports
 /opt/accp 192.168.10.110/24(ro)
/opt/kgc 192.168.100.120/24(ro)

systemctl start nfs.service
systemctl start rpcbind.service

3. Configure the web1 node server

showmount -e 192.168.100.130

[root@localhost ~]# mount 192.168.100.130:/opt/kgc /var/www/html/

[root@localhost ~]# cd /var/www/html/
[root@localhost html]# echo "this is kgc web" > index.html
[root@localhost html]# ls
index.html
[root@localhost ]# cd /opt/kgc/
[root@localhost accp]# cat index.html 
this is kgc web

vi aa.sh
#!/bin/bash
# DRjiedian
ifconfig lo:0 192.168.100.210 broadcast 192.168.100.210netmask       255.255.255.255 up		
#添加虚拟网口
route add -host 192.168.100.210dev lo:0		#给lo:0添加路由
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
##系统只响应目的IP为本地真实IP的ARP请求
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
##系统不使用IP包的源地址来设置ARP请求的源地址，而选择发送真实接口的IP地址
sysctl -p &> /dev/null

ifconfig	#查看虚拟网口配置情况

3. Configure the web2 node server

[root@localhost ~]# showmount -e 192.168.100.130

[root@localhost ~]# mount 192.168.100.130:/opt/accp /var/www/html/

[root@localhost ~]# cd /var/www/html/
[root@localhost html]# echo "this is accp web" > index.html
[root@localhost html]# cat index.html
this is accp web

vi bb.sh
#!/bin/bash
 # DRjiedian
ifconfig lo:0 192.168.100.210 broadcast 192.168.100.210 netmask 255.255.255.255   up		
#添加虚拟网口
route add -host 192.168.100.210 dev lo:0		#给lo:0添加路由
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore   #系统只响应目的IP为本地真实IP的ARP请求
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce   #系统不使用IP包的源地址来设置ARP请求的源地址
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p &> /dev/null

ifconfig	#查看虚拟网口配置情况

4. Configure the LVS dispatch server

加载LVS内核模块
modprobe ip_vs
cat /proc/net/ip_vs

[root@localhost opt]# vim nat.sh
#!/bin/bash
#清除内核虚拟服务器表中的所有记录
ifconfig ens33:0 192.168.100.210 broadcast 192.168.100.210 netmask     255.255.255.255 up	
route add -host 192.168.100.210 dev ens33:0	#给ens33:0添加路由
ipvsadm -C          					
#添加新的虚拟服务器
ipvsadm -A -t 192.168.100.210:80 -s rr         
ipvsadm -a -t 192.168.100.210:80 -r 192.168.100.110:80 -g
ipvsadm -a -t 192.168.100.210:80 -r 192.168.100.120:80 -g
ipvsadm -Ln		#查看节点状态，调度信息

ifconfig		#查看虚拟网口配置情况

5. Test

The first time the client accesses the virtual address

The guest visits the virtual address for the second time