client:192.168.4.10/24
proxy:192.168.4.5/24
VIP: 192.168.4.15/24
web1:192.168.4.100/24
VIP:192.168.4.15/24
web2:192.168.4.200/24
VIP:192.168.4.15/24
Key essentials:
1. In the DR mode backend server must pretend to IP scheduler.
2. Modify kernel parameters prohibit arp request and response vip Foreign declaration.
3.VIP must be set up secondary, DIP must be configured on the primary interface.
4. Each rear RealServer configuration needs lo VIP in the local loop.
First, the scheduler is configured to VIP
cd /etc/sysconfig/network-scripts/
cp ifcfg-eth0 ifcfg-eth0: 0 // copy eth0 to eth0: 0
vim ifcfg-eth0: 0 // modify
TYPE = Ethernet // card type Ethernet card
BOOTPROTO = none // protocol type (none)
NAME = eth0: 0 // name card
DEVICE = eth0: 0 // LAN equipment
ONBOOT = yes // automatically connect
IPADDR = 192.168.4.15 // VIP address
PREFIX = 24 // subnet mask
Main point
1: eth0 NIC name can not be otherwise conflict with the network card eth0
2: Device name can not be otherwise conflict with eth0 eth0 NIC
3: IP address is set to VIP
4: Remove the UUID device unique identifier
nmcli connection up eth0 // reactivate eth0 VIP card to view the new configuration
RealServer into the rear end of the copy of the local loop configuration files and configure VIP
cd /etc/sysconfig/network-scripts/
cp ifcfg-lo ifcfg-lo:0
vim ifcfg-lo:0
DEVICE = lo: 0 // device name
IPADDR = 192.168.4.15 // IP address configuration of the VIP
NETMASK // = 255.255.255.255 subnet mask
NETWORK = 192.168.4.15 // network bits
# If you're having problems with gated A Martian 127.0.0.0/8 Making,
# the this to something you CAN Change the else (255.255.255.255, for Example)
BROADCAST = 192.168.4.15 // host bits
ONBOOT = yes // automatically connect
nAME = lo: 0 // name card
In addition a VIP realserver also need to disguise this file past scp
scp "/etc/sysconfig/network-scripts/ifcfg-lo:0" [email protected]:/etc/sysconfig/network-scripts/
Note that here we repeat the emergence of IP in a network so if you reboot the network management then there will be IP address conflicts, so here you need to modify the kernel does not respond to a request for disclosure of arp
In the / etc / sysctl added parameter in .conf
NET .ipv4 .conf .all .arp_ignore = 1 // all of the cards are ignored arp broadcast, the default value of 0 Responses arp broadcast
NET .ipv4 .conf .lo .arp_ignore = 1 // local loopback lo ignored arp broadcast
NET .ipv4 .conf .lo .arp_announce = 2 // local loop is not the external declaration
NET .ipv4 .conf .all .arp_announce = 2 // External declaration card is not all
sysctl -p make the configuration files take effect immediately
systemctl restart network // restart card
RealServer you can see two VIP configured to success
Empty lvs before adding new rules for this experiment
[root @ proxy network-scripts] # ipvsadm -C // Clear previous experiments
[root @ proxy network-scripts] # ipvsadm -Ln // view the current rule
IP Virtual Server Version 1.2.1 (size = 4096)
Prot LocalAddress: Scheduler Flags port
-> RemoteAddress: port Forward weight activeconn InActConn
[root @ Network-Proxy scripts] # 192.168.4.15:80 the ipvsadm -A -t -s wrr // create a virtual host 192.168.4.15 port 80 wRR algorithm
[ root @ proxy network-scripts] # -t 192.168.4.15:80 -r 192.168.4.100:80 -w 2 // add realserver 192.168.4.100 to 4.15 weight -a 2 the ipvsadm
[the root @ Network Proxy-scripts] # the ipvsadm - -R & lt 192.168.4.200:80 192.168.4.15:80 -w -t A. 1
[the root @ Network Proxy-scripts] # 0L the ipvsadm
the Try the ipvsadm `-H 'or' the ipvsadm --help 'for More Information.
[Proxy the root @ network-scripts] # ipvsadm -Ln // view the current rule
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.4.15:80 wrr
-> 192.168.4.100:80 Route 2 0 0
-> 192.168.4.200:80 Route 1 0 0
[root@proxy network-scripts]# ipvsadm --save //保存
-A -t proxy:http -s wrr
-a -t proxy:http -r 192.168.4.100:http -g -w 2
-a -t proxy:http -r 192.168.4.200:http -g -w 1
[root@proxy network-scripts]#
