1. NAT mode Schematic
NAT (Network Address Translation) network address translation mode
when a user request arrives Director Server, this time the requested data packet will be first-strand PREROUTING kernel space. At this point the packet source IP CIP, the target for the VIP IP
PREROUTING examination revealed certain IP packets are native, the data packet sent to the INPUT chain
IPVS packet than the requested service is a cluster service, if the target IP address of the packet is modified back-end server IP, and then send the packet to the POSTROUTING chain. At this point the packet source IP CIP, the target for the IP RIP
POSTROUTING chain by routing the packet to the Real Server
Real Server than to find the target for their IP, start building a response message back to the Director Server. At this point the packet source IP RIP, destination IP is CIP
Director Server before responding to the client, then we will modify the source IP address for their own VIP address, and then respond to the client. At this time, the source IP packets as VIP, destination IP is CIP
Characteristics 2. LVS-NAT model
RS should use private address, RS gateway must point DIP
DIP and RIP must be in the same network segment
Request and response packets need to go through Director Server, high-load scenarios, Director Server is easy to become a performance bottleneck
Support port mapping
RS can use any operating system
Defects: The Director Server will be relatively large pressure, requests and responses are subject to director server
3. Configure NAT mode LVS
1. Add a card eth1 on server1, coupled to the external network card ip, activate the card
Which, 172.25.254.1 as network addresses, to communicate with the real server
172.25.8.110 as the external address of the client request received
[root@server1 ~]# ip addr add 172.25.8.110/24 dev eth1
[root@server1 ~]# ip link set up eth1
[root@server1 ~]# ip addr show
2. Add ipvsadm strategy server1
[root@server1 ~]# ipvsadm -A -t 172.25.8.110:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.8.110:80 -r 172.25.254.2:80 -m
[root@server1 ~]# ipvsadm -a -t 172.25.8.110:80 -r 172.25.254.3:80 -m
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP server1:http rr
-> server2:http Masq 1 0 0
-> server3:http Masq 1 0 0
[root@server1 ~]#
3. Turn on the routing mechanism in server1
[root@server1 ~]# sysctl -a |grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_use_pmtu = 0
[root@server1 ~]# vim /etc/sysctl.conf
[root@server1 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@server1 ~]#
4. Turn NAT service on server1 load module
[root@server1 ~]# modprobe iptable_nat
[root@server1 ~]#
5.server2, server3 as a back-end server, you need to install the httpd service, the gateway to the scheduler set of internal ip
[root@server2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.25.254.1 0.0.0.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
172.25.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@server2 ~]# cat /var/www/html/index.html
i am server2
[root@server2 ~]#
[root@server3 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.25.254.1 0.0.0.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
172.25.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@server3 ~]# cat /var/www/html/index.html
i am server3
[root@server3 ~]#
Real test:
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server3
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server2
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server3
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server2
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server3
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server2
[kiosk@foundation8 ~]$