First, the experimental environment
System: CentOS7.6
Host: five (VM)
Client 1 station: 172.16.236.134/24 (NAT card), gateway point to 172.16.236.185/24 (routing servers)
Routing server table 1: 172.16.236.185/24 (NAT), 192.168.214.17 / 16 (host only), additional binding IP (10.0.0.200/8)
LVS Server 1 Taiwan: VIP (10.0.0.100/32, lo binding on the card), DIP (192.168.214.27/16, hosts only), the gateway point to 192.168.214.17/16 (routing servers)
RS1 server 1 Taiwan: VIP (10.0.0.100/32, lo binding on the card), RIP (192.168.214.37/16, hosts only), the gateway point to 192.168.214.17/16 (routing servers)
RS2 Server 1 Taiwan: VIP (10.0.0.100/32, lo binding on the card), RIP (192.168.214.47/16, hosts only), the gateway point to 192.168.214.17/16 (routing servers)
Package: ipvsadm, httpd, mod_ssl (CD yum source)
Second, the relevant test
1, cross-network segment LVS DR model
(1) according to network planning, each configured IP hosts
Client server: eth0: 172.16.236.134/24, gateway 172.16.236.185
Router server: eth0: 172.16.236.185/24,eth1: 192.168.214.17/16, with a gateway without
LVS server: eth0: 192.168.214.27/16, gateway 192.168.214.17
RS1 server: eth0: 192.168.214.37/16, gateway 192.168.214.17
RS2 server: eth0: 192.168.214.47/16, gateway 192.168.214.17
(2) open network forwarding function on the routing server
[root@centos7-17 ~]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 [root@centos7-17 ~]# sysctl -p net.ipv4.ip_forward = 1
(3) is mounted on a package ipvsadm server LVS
[root@centos7-27 ~]# yum install -y ipvsadm
(4) arranged on the LVS LVS server, here implemented with a script, the script follows
[root@centos7-27 ~]# vim lvs_dr_vs.sh #!/bin/bash VIP = " 10.0.0.100 " #VIP iface = ' LO:. 1 ' #VIP binding interfaces mask = ' 255.255.255.255 ' #VIP subnet mask Port = ' 80 ' # port RS1 = ' 192.168.214.37 ' # IP server RSl RS2 = ' 192.168.214.47 ' # IP server RS2 Scheduler = ' WRR ' # Scheduling Algorithm type = ' -g ' #LVS type, -m is nat mode, -g to dr mode, - I is the mode tun case $1 in start) ifconfig $iface $vip netmask $mask #broadcast $vip up iptables -F ipvsadm -A -t ${vip}:${port} -s $scheduler ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1 ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1 ;; stop) ipvsadm -C ifconfig $iface down ;; *) echo "Usage $(basename $0) start|stop" exit 1 ;; esac
#!/bin/bash vip='10.0.0.100' iface='lo:1' mask='255.255.255.255' port='80' rs1='192.168.214.37' rs2='192.168.214.47' scheduler='wrr' type='-g' case $1 in start) ifconfig $iface $vip netmask $mask #broadcast $vip up iptables -F ipvsadm -A -t ${vip}:${port} -s $scheduler ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1 ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1 ;; stop) ipvsadm -C ifconfig $iface down ;; *) echo "Usage $(basename $0) start|stop" exit 1 ;; esac
(5) service httpd server configuration R1, and configure the VIP binding and the relevant kernel parameters, configure RIP (192.168.214.37), remember the gateway point to 192.168.214.27
[root@centos7-37 ~]# yum install -y httpd [root@centos7-37 ~]# echo 192.168.214.37 RS1 > /var/www/html/index.html [root@centos7-37 ~]# systemctl start httpd # Configure VIP binding and the relevant kernel parameters, configuration script as follows [root@centos7-37 ~]# vim lvs_dr_rs.sh #!/bin/bash vip = ' 1000100 ' mask = ' destination of 255.255.255.255 ' dev = ' : en: logo: 1 ' case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev $vip netmask $mask #broadcast $vip up #route add -host $vip dev $dev ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; *) echo "Usage:$(basename $0) start|stop" exit 1 ;; esac [root@centos7-37 ~]# bash lvs_dr_rs.sh start
(6) R2 server configuration httpd service, and configure the VIP binding and the relevant kernel parameters, configure RIP (192.168.214.37), remember the gateway point to 192.168.214.27
[root@centos7-47 ~]# yum install -y httpd [root@centos7-47 ~]# systemctl start httpd [root@centos7-47 ~]# echo 192.168.214.47 RS2 > /var/www/html/index.html # Configure VIP binding on the relevant kernel parameters, and script as R1 [root@centos7-47 ~]# bash lvs_dr_rs.sh start
#!/bin/bash vip = ' 1000100 ' mask = ' destination of 255.255.255.255 ' dev = ' : en: logo: 1 ' case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev $vip netmask $mask #broadcast $vip up #route add -host $vip dev $dev ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; *) echo "Usage:$(basename $0) start|stop" exit 1 ;; esac
(7) the startup configuration script on the server LVS
[root@centos7-27 ~]# bash lvs_dr_vs.sh start [root@centos7-27 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.100:80 wrr -> 192.168.214.37:80 Route 1 0 0 -> 192.168.214.47:80 Route 1 0 0
(8) were tested on the client
[centos7 the root @ ~] # the while to true ; do curl 10.0 . 0.100 ; SLEEP . 1 ; DONE
# see success 192.168 . 214.37 RSl 192.168 . 214.47 RS2 192.168 . 214.37 RSl 192.168 . 214.47 RS2 192.168 . 214.37 RSl 192.168 . 214.47 RS2
...
2, the FWM LVS achieve multi-service binding
When the http service to use both 80 and 443, with the DR mode will be a bit tedious, this time with FWM (FireWall Mark) is a good choice.
(1) only the server LVS can be modified slightly, by the above configuration server or other
LVS marking on the host
iptables -t mangle -A PREROUTING -d $vip -p $proto –m multiport --dports $port1,$port2,... -j MARK --set-mark NUMBER
In host-based tag definitions LVS cluster services
ipvsadm -A -f NUMBER [options]
[root@centos7-27 ~]# bash lvs_dr_vs.sh stop [root@centos7-27 ~]# ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn [root @ centos7 - 27 ~] # ifconfig LO: 1 10.0 . 0.100 Netmask 255.255 . 255.255 # Bind VIP # Marking [root@centos7-27 ~]# iptables -t mangle -A PREROUTING -d 10.0.0.100 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 10 # Configure cluster [root@centos7-27 ~]# ipvsadm -A -f 10 -s rr [root@centos7-27 ~]# ipvsadm -a -f 10 -r 192.168.214.37 -g [root@centos7-27 ~]# ipvsadm -a -f 10 -r 192.168.214.47 -g [root@centos7-27 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 10 rr -> 192.168.214.37:0 Route 1 0 0 -> 192.168.214.47:0 Route 1 0 0
(2) is mounted on two modules mod_ssl server RS, to achieve access https
[root@centos7-37 ~]# yum install -y mod_ssl [root@centos7-37 ~]# systemctl restart httpd [root@centos7-47 ~]# yum install -y mod_ssl [root@centos7-47 ~]# systemctl restart httpd
(3) scheduling of the test ports 80 and 443 on the client
[root @ centos7 ~] # the while to true ; do curl 10.0 . 0.100 ; curl -k HTTPS: // 10.0.0.100; SLEEP 1; DONE # can see success, and regardless of the port were unified 192.168 . 214.47 RS2 192.168 . 214.37 RS1 192.168 . 214.47 RS2 192.168 . 214.37 RS1 192.168 . 214.47 RS2 192.168 . 214.37 RS1 192.168 . 214.47 RS2 192.168 . 214.37 RS1 192.168.214.47 RS2 192.168.214.37 RS1