LVS achieve --LVS / NAT mode to achieve

Language 2020-02-21 19:14:11 views: null

LVS / NAT principles and characteristics: https://blog.csdn.net/qq_35887546/article/details/104425264

1. experimental preparation

The experiment requires three virtual machines and physical machines:

Virtual machine name effect IP
server1 DS 172.25.63.1 (within the network), 172.25.254.100 (extranet)
server2 RS1 172.25.63.2
server3 RS2 172.25.63.3

VIP is: 172.25.254.100
Testing Services: Http ports: 80
physical machines to clients

server2 and server3 install apache, publish written documents released under the directory / var / www / html by default

2. Configure DS

server1 configured lvsadm

Prior to first remove the policy TUN mode to add, and add the DR mode tunnel:

[root@server1 ~]# ipvsadm -C
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

Before the experiment ldirectord and keepalived stop service:

[root@server1 ~]# systemctl stop keepalived
[root@server1 ~]# systemctl stop ldirectord

VIP tunnel interface and delete the previously set:

[root@server1 ~]# modprobe -r ipip
[root@server1 ~]# ip addr del 172.25.63.100/32 dev eth0
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:1b:f6:56 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.1/24 brd 172.25.63.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe1b:f656/64 scope link 
       valid_lft forever preferred_lft forever

2. Add the card for the DS

Add card, the new card is added to the external network ip: 172.25.254.100, and activate the card
Here Insert Picture Descriptionset ip:

[root@server1 ~]# ip addr add 172.25.63.100/24 dev eth1
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:1b:f6:56 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.1/24 brd 172.25.63.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe1b:f656/64 scope link 
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 52:54:00:5a:47:c7 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.100/24 scope global eth1
       valid_lft forever preferred_lft forever

Activate the card:

[root@server1 ~]# ip link set up eth1
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:1b:f6:56 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.1/24 brd 172.25.63.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe1b:f656/64 scope link 
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:5a:47:c7 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.100/24 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe5a:47c7/64 scope link 
       valid_lft forever preferred_lft forever

3. Add the NAT mode policies for DS

In server1:

NAT mode -m

[root@server1 ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.63.2 -m
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.63.3 -m
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  server1:http rr
  -> server2:http                 Masq    1      0          0         
  -> server3:http                 Masq    1      0          0

4. DS turned routing mechanism
in server1:

Permanently open:

[root@server1 ~]# vim /etc/sysctl.conf 
填入:
net.ipv4.ip_forward = 1
[root@server1 ~]# sysctl -p				#使更改生效
net.ipv4.ip_forward = 1

Temporary open:

sysctl   -a |   grep   ip_forward

sysctl   -w  net.ipv4.ip_forward=1

sysctl   -p

5. Load nat module DS
in server1:

[root@server1 ~]# modprobe iptable_nat

Note: If you do not load this module will be successful at the first visit, but will appear again when the access delay is too long, or visit timeouts

6. Configuration RS

In server2 and server3:

Delete server2 and server3 the tun module (to server 2 for example, server3 operation is the same):

[root@server2 ~]# modprobe -r ipip
[root@server2 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:fb:99:44 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.2/24 brd 172.25.63.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fefb:9944/64 scope link 
       valid_lft forever preferred_lft forever

Add the Gateway to the card 172.25.63.1(to server 2 for example, server3 is the same operation):
permanently added:

[root@server2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 
[root@server2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
IPADDR=172.25.63.2
PREFIX=24
GATEWAY=172.25.63.1
[root@server2 ~]# systemctl restart network				#重启网络
[root@server2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.25.63.1     0.0.0.0         UG    0      0        0 eth0				#表示添加成功
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
172.25.63.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

Temporarily add

route   add   default  gw   172.25.63.1          #删除网关:route   del   default  gw   172.25.8.1

7. Test

Client:

[root@foundation63 ~]# curl 172.25.254.100
server3
[root@foundation63 ~]# curl 172.25.254.100
server2
[root@foundation63 ~]# curl 172.25.254.100
server3
[root@foundation63 ~]# curl 172.25.254.100
server2
[root@foundation63 ~]# curl 172.25.254.100
server3

Nat represents a successful model

CL82
Published 101 original articles · won praise 65 · views 3122
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_35887546/article/details/104430967
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com