LVS / NAT principles and characteristics: https://blog.csdn.net/qq_35887546/article/details/104425264
1. experimental preparation
The experiment requires three virtual machines and physical machines:
Virtual machine name | effect | IP |
---|---|---|
server1 | DS | 172.25.63.1 (within the network), 172.25.254.100 (extranet) |
server2 | RS1 | 172.25.63.2 |
server3 | RS2 | 172.25.63.3 |
VIP is: 172.25.254.100
Testing Services: Http ports: 80
physical machines to clients
server2 and server3 install apache, publish written documents released under the directory / var / www / html by default
2. Configure DS
server1 configured lvsadm
Prior to first remove the policy TUN mode to add, and add the DR mode tunnel:
[root@server1 ~]# ipvsadm -C
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
Before the experiment ldirectord and keepalived stop service:
[root@server1 ~]# systemctl stop keepalived
[root@server1 ~]# systemctl stop ldirectord
VIP tunnel interface and delete the previously set:
[root@server1 ~]# modprobe -r ipip
[root@server1 ~]# ip addr del 172.25.63.100/32 dev eth0
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:1b:f6:56 brd ff:ff:ff:ff:ff:ff
inet 172.25.63.1/24 brd 172.25.63.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe1b:f656/64 scope link
valid_lft forever preferred_lft forever
2. Add the card for the DS
Add card, the new card is added to the external network ip: 172.25.254.100, and activate the card
set ip:
[root@server1 ~]# ip addr add 172.25.63.100/24 dev eth1
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:1b:f6:56 brd ff:ff:ff:ff:ff:ff
inet 172.25.63.1/24 brd 172.25.63.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe1b:f656/64 scope link
valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 52:54:00:5a:47:c7 brd ff:ff:ff:ff:ff:ff
inet 172.25.63.100/24 scope global eth1
valid_lft forever preferred_lft forever
Activate the card:
[root@server1 ~]# ip link set up eth1
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:1b:f6:56 brd ff:ff:ff:ff:ff:ff
inet 172.25.63.1/24 brd 172.25.63.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe1b:f656/64 scope link
valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:5a:47:c7 brd ff:ff:ff:ff:ff:ff
inet 172.25.63.100/24 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe5a:47c7/64 scope link
valid_lft forever preferred_lft forever
3. Add the NAT mode policies for DS
In server1:
NAT mode -m
[root@server1 ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.63.2 -m
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.63.3 -m
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP server1:http rr
-> server2:http Masq 1 0 0
-> server3:http Masq 1 0 0
4. DS turned routing mechanism
in server1:
Permanently open:
[root@server1 ~]# vim /etc/sysctl.conf
填入:
net.ipv4.ip_forward = 1
[root@server1 ~]# sysctl -p #使更改生效
net.ipv4.ip_forward = 1
Temporary open:
sysctl -a | grep ip_forward
sysctl -w net.ipv4.ip_forward=1
sysctl -p
5. Load nat module DS
in server1:
[root@server1 ~]# modprobe iptable_nat
Note: If you do not load this module will be successful at the first visit, but will appear again when the access delay is too long, or visit timeouts
6. Configuration RS
In server2 and server3:
Delete server2 and server3 the tun module (to server 2 for example, server3 operation is the same):
[root@server2 ~]# modprobe -r ipip
[root@server2 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:fb:99:44 brd ff:ff:ff:ff:ff:ff
inet 172.25.63.2/24 brd 172.25.63.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fefb:9944/64 scope link
valid_lft forever preferred_lft forever
Add the Gateway to the card 172.25.63.1
(to server 2 for example, server3 is the same operation):
permanently added:
[root@server2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@server2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
IPADDR=172.25.63.2
PREFIX=24
GATEWAY=172.25.63.1
[root@server2 ~]# systemctl restart network #重启网络
[root@server2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.25.63.1 0.0.0.0 UG 0 0 0 eth0 #表示添加成功
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
172.25.63.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Temporarily add
route add default gw 172.25.63.1 #删除网关:route del default gw 172.25.8.1
7. Test
Client:
[root@foundation63 ~]# curl 172.25.254.100
server3
[root@foundation63 ~]# curl 172.25.254.100
server2
[root@foundation63 ~]# curl 172.25.254.100
server3
[root@foundation63 ~]# curl 172.25.254.100
server2
[root@foundation63 ~]# curl 172.25.254.100
server3
Nat represents a successful model