lvs-dr: direct routing (direct routing) LVS default type
1. Implementation:
The request message is forwarded by re-encapsulating a MAC header. The source MAC is the MAC of the interface where the DRP is located, and the destination MAC is the MAC address of the interface where the RIP of the selected RS is located. ; The IP header will not change (the source IP is CIP, and the destination IP is always VIP);
(1) Make sure that the front-end router will send the request message with the destination IP as VIP to the Director;
solution:
1. Statically bind the VIP and Director's MAC address on the router; (Director cannot do load balancing)
2. Disable RS Respond to the ARP request of the VIP, prohibit the VIP of the RS from advertising (can be implemented in the following two ways)
(a) Modify arptables;
(b) Modify the kernel parameters of each RS, and bind the VIP to lo (local loopback interface) The
parameters to be modified are: arp_ignore and arp_announce
(2) RS RIP can use private address or public network address;
(3) RS and Director must be in the same physical network, RS gateway must not be able to Point to DIP
(4) The request message must be scheduled by the Director, but the response message must not pass through the Director;
(5) Port mapping is not supported;
(6) Each RS can use most of the OS;
lvs-dr (director rotating) model process:
VIP needs to be configured on each host (Director, RS); therefore, to solve the problem of address conflict, the goal is to make the VIP on each RS invisible, only for receiving the target address as VIP packets can also be used as the source address of response packets.
In order to achieve this goal, there are three solutions:
(1) Static binding on the front-end gateway interface, requiring routing management authority
(2) Using arptables on each RS, adding rules, refusing to advertise their own VIPs and Responds to requests for arp geocoding.
(3) Modify kernel parameters on each RS to limit arp responses and notifications.
Limit response level:
arp_ignore: Controls whether the system should return an arp response when receiving an external arp request.
Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:
0: (default): reply for any local target IP address, configured on any interface
uses the addresses configured on all local interfaces to respond
1: reply only if the target IP address is local address configured on the incoming
interface The response is only given when the interface is on. 2: reply only if the target IP
address is local address configured on the incoming interface and both with the sender's IP address are part from the same subnet on this interface
The source IP of the request must be on the same network segment as the receiving network card.
3: do not reply for local addresses configured with scope host, only resolutions for global and link addresses are replied
if the scope of the local address corresponding to the IP address requested by the ARP request packet is the host (host), then it is not Respond to ARP response packets, if the scope is global (global) or link (link), then respond to ARP response packets.
4-7 – reserved
reserved bit
8: do not reply for all local addresses .The max value from conf/{all,interface}/arp_ignore is used when ARP request is received on the {interface}
all networks do not respond to
limit advertisement level : arp_announce
0: (default) Use any local address, configured on any interface
By default, announce all local interface information to all interfaces
1:Try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2.
尽量避免向非本网络通告
2:Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce. The max value from conf/{all,interface}/arp_announce is used.
总是避免
忽略IP数据包的源IP地址,选择该发送网卡上最合适的本地地址作为arp请求的源IP地址。
Design points:
1. Each host can have one interface, but it needs to be in the same physical network.
2. The gateway of RIP cannot point to DIP. Usually, RIP and DIP should be in the same network, but they may not be in the same network as VIP.
3. If the setting is based on the kernel parameters, each RS needs to set the kernel parameters first, and then set the VIP and routing.
Topology: