LVS集群-IP-TUN模式总结

不点 阅读:242 2022-03-19 13:15:24 评论:0
本文章主要介绍了LVS集群-IP-TUN模式,具有不错的的参考价值,希望对您有所帮助,如解说有误或未考虑完全的地方,请您留言指出,谢谢!

LVS集群-IP-TUN模式

工作原理:

LVS-IPTUN
(理解IP版的LVS-DR模式)
1: Client --> Firewalld 源IP:CIP                目标IP:VIP
2: Firwalld --> Director 源IP:CIP               目标IP:VIP
3: Director --> RealServer 新源IP:DIP 源IP:CIP                   目标IP:VIP 新目标IP:RIP
4: RealServer --> Client 源IP:VIP                                         目标IP:CIP

 

部署开始

简易拓扑图:

 

 

 一、DIRCTOR配置

1、 DIRctor固化IP地址

[root@dirctor ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=288e688f-dd28-46f7-9ce2-debee7c1ce34
DEVICE=ens33
ONBOOT=yes
IPADDR=10.27.17.90
NETMASK=255.255.255.0
GATEWAY=10.27.17.1
DNS1=61.139.2.69

[root@dirctor network-scripts]# cp ifcfg-ens33 ifcfg-ens33:1

[root@dirctor network-scripts]# vim ifcfg-ens33:1

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33:1
UUID=288e688f-dd28-46f7-9ce2-debee7c1ce34
DEVICE=ens33:1
ONBOOT=yes
IPADDR=10.27.17.91
NETMASK=255.255.255.0
GATEWAY=10.27.17.1
DNS1=61.139.2.69

[root@dirctor network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.27.17.90 netmask 255.255.255.0 broadcast 10.27.17.255
inet6 fe80::9351:8416:9faa:76e9 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:66:21:ee txqueuelen 1000 (Ethernet)
RX packets 109969 bytes 9794715 (9.3 MiB)
RX errors 0 dropped 450 overruns 0 frame 0
TX packets 2639 bytes 367818 (359.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens33:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.27.17.91 netmask 255.255.255.0 broadcast 10.27.17.255
ether 00:0c:29:66:21:ee txqueuelen 1000 (Ethernet)

2、DIRCTOR安装ipvsadm

[root@dirctor ~]# yum install ipvsadm  

[root@dirctor ~]# systemclt enable ipvsadm

3、配置LVS-DR规则

[root@dirctor network-scripts]# ipvsadm -A -t 10.27.17.91:80 -s rr
[root@dirctor network-scripts]# ipvsadm -a -t 10.27.17.91:80 -r 10.27.17.92 -i
[root@dirctor network-scripts]# ipvsadm -a -t 10.27.17.91:80 -r 10.27.17.93 -i

 

[root@dirctor network-scripts]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.27.17.91:80 rr
-> 10.27.17.92:80 Tunnel 1 0 0
-> 10.27.17.93:80 Tunnel 1 0 0

二、releaserver进行配置(realserver1 和realserver2)

1、IP固化

[root@realserver1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

# Generated by dracut initrd
NAME="ens33"
DEVICE="ens33"
ONBOOT=yes
NETBOOT=yes
UUID="70ac0f65-cc23-49a4-89f0-48fc5baaeb97"
IPV6INIT=yes
BOOTPROTO=none
TYPE=Ethernet
IPADDR=10.27.17.92
NETMASK=255.255.255.0
GATEWAY=10.27.17.1

2、加载并配置IPIP模块  tunl0

[root@realserver1 network-scripts]# modprobe ipip
[root@realserver1 network-scripts]# ifconfig -a
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.27.17.92 netmask 255.255.255.0 broadcast 10.27.17.255
inet6 fe80::20c:29ff:feaa:52a8 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:aa:52:a8 txqueuelen 1000 (Ethernet)
RX packets 61591 bytes 5561858 (5.3 MiB)
RX errors 0 dropped 482 overruns 0 frame 0
TX packets 3059 bytes 320244 (312.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 42 bytes 9136 (8.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 9136 (8.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 10.27.17.91 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)

tunl0: flags=128<NOARP> mtu 1480
tunnel txqueuelen 1000 (IPIP Tunnel)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@realserver1 network-scripts]# vim ifcfg-tunl0

DEVICE=tunl0
IPADDR=10.27.17.91
NETMASK=255.255.255.255
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
ONBOOT=yes
NAME=tunl0

3、安装并启动httpd

[root@realserver1 ~]#  yum -y install httpd

[root@realserver1 ~]# echo  10.27.17.92 > /var/www/html/index.html

[root@realserver1 ~]# systemctl restart httpd

4、关闭ARP转发

[root@realserver1 ~]# vim /etc/sysctl.conf              #最后添加。

net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

[root@realserver1 network-scripts]# sysctl -p

net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

realserver2 同上操

5、测试


标签:linux
声明

1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。

我的关注

搜索
排行榜
关注我们