1、部署LVS-NAT
![图片[1]-LVS 实战案例-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2022/11/image-228.png)
共四台主机
一台:internet client:192.168.2.10/24
一台:lvs
eth0 192.168.1.31/24
eth1 192.168.2.31/24
两台RS:
web1: 192.168.1.32/24 GW:192.168.1.31
web2: 192.168.1.33/24 GW:192.168.1.31
# 配置过程
[root@client ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.2.10"
PREFIX="24"
[root@lvs ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.1.31"
PREFIX="24"
[root@lvs ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR="192.168.2.31"
PREFIX="24"
[root@web1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.1.32"
PREFIX="24"
GATEWAY="192.168.1.31"
[root@web2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.1.33"
PREFIX="24"
GATEWAY="192.168.1.31"[root@web1 ~]# curl 192.168.1.32
192.168.1.32 web1
[root@web2 ~]# curl 192.168.1.33
192.168.1.33 web2
[root@lvs ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@lvs ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@lvs ~]# yum install -y ipvsadm
[root@lvs ~]# ipvsadm -A -t 192.168.2.31:80 -s wrr
[root@lvs ~]# ipvsadm -a -t 192.168.2.31:80 -r 192.168.1.32:80 -m
[root@lvs ~]# ipvsadm -a -t 192.168.2.31:80 -r 192.168.1.33:80 -m
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.2.31:80 wrr
-> 192.168.1.32:80 Masq 1 0 0
-> 192.168.1.33:80 Masq 1 0 0
[root@client ~]# while :;do curl 192.168.2.31;sleep 0.5;done
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
[root@lvs ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.2.31:80 16 126 84 16987 13493
-> 192.168.1.32:80 8 48 33 3037 3561
-> 192.168.1.33:80 8 78 51 13950 9932
[root@lvs ~]# cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP C0A8021F:0050 wrr
-> C0A80121:0050 Masq 1 0 0
-> C0A80120:0050 Masq 1 0 0 .
[root@lvs ~]# ipvsadm -Lnc
IPVS connection entries
pro expire state source virtual destination
TCP 01:57 TIME_WAIT 192.168.2.10:46522 192.168.2.31:80 192.168.1.32:80
TCP 01:57 TIME_WAIT 192.168.2.10:46524 192.168.2.31:80 192.168.1.33:80
TCP 01:55 TIME_WAIT 192.168.2.10:46516 192.168.2.31:80 192.168.1.33:80
TCP 01:59 TIME_WAIT 192.168.2.10:46532 192.168.2.31:80 192.168.1.33:80
TCP 01:56 TIME_WAIT 192.168.2.10:46518 192.168.2.31:80 192.168.1.32:80
TCP 01:59 TIME_WAIT 192.168.2.10:46530 192.168.2.31:80 192.168.1.32:80
TCP 01:56 TIME_WAIT 192.168.2.10:46520 192.168.2.31:80 192.168.1.33:80
TCP 01:58 TIME_WAIT 192.168.2.10:46526 192.168.2.31:80 192.168.1.32:80
TCP 01:58 TIME_WAIT 192.168.2.10:46528 192.168.2.31:80 192.168.1.33:80
[root@lvs ~]# cat /proc/net/ip_vs_conn
Pro FromIP FPrt ToIP TPrt DestIP DPrt State Expires PEName PEData
TCP C0A8020A B5E6 C0A8021F 0050 C0A80120 0050 TIME_WAIT 114
TCP C0A8020A B5D8 C0A8021F 0050 C0A80121 0050 TIME_WAIT 110
TCP C0A8020A B5FC C0A8021F 0050 C0A80121 0050 TIME_WAIT 120
TCP C0A8020A B5F6 C0A8021F 0050 C0A80120 0050 TIME_WAIT 118
TCP C0A8020A B5F4 C0A8021F 0050 C0A80121 0050 TIME_WAIT 118
TCP C0A8020A B5C8 C0A8021F 0050 C0A80121 0050 TIME_WAIT 106
TCP C0A8020A B5F0 C0A8021F 0050 C0A80121 0050 TIME_WAIT 117
2、部署LVS-DR
![图片[2]-LVS 实战案例-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2022/11/image-229.png)
共五台主机
一台:internet client:192.168.2.10/24
一台router:
eth0 192.168.1.31/24
eth1 192.168.2.31/24
两台RS:
web1: 192.168.1.32/24 GW:192.168.1.31
web2: 192.168.1.33/24 GW:192.168.1.31
一台LVS:
lvs:192.168.1.34/24 GW:192.168.1.312.1、LVS的网络配置
# 所有主机禁用iptables和SELinux
# internet主机环境
[root@client ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.2.10"
PREFIX="24"
GATEWAY="192.168.2.31"
# 路由器的网络配置
[root@router ~]# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
[root@router ~]# sysctl -p
[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.1.31"
PREFIX="24"
[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR="192.168.2.31"
PREFIX="24"
# web1的网络配置
[root@web1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.1.32"
PREFIX="24"
GATEWAY="192.168.1.31"
[root@web1 ~]# curl 192.168.1.32
192.168.1.32 web1
# web2的网络配置
[root@web2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.1.33"
PREFIX="24"
GATEWAY="192.168.1.31"
[root@web2 ~]# curl 192.168.1.33
192.168.1.33 web22.2、后端RS的IPVS配置
# web1的IPVS配置
[root@web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@web1 ~]# ifconfig lo:1 192.168.1.35/32
[root@web1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.1.34/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:10:56:fe brd ff:ff:ff:ff:ff:ff
inet 192.168.1.32/24 brd 192.168.1.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe10:56fe/64 scope link
valid_lft forever preferred_lft forever
# web2的IPVS配置
[root@web2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@web2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@web2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@web2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@web2 ~]# ifconfig lo:1 192.168.1.35/32
[root@web2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.1.34/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:13:ae:b7 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.33/24 brd 192.168.1.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe13:aeb7/64 scope link
valid_lft forever preferred_lft forever2.3、LVS主机的配置
# 在LVS上添加VIP
[root@lvs ~]# ifconfig lo:1 192.168.1.35/32
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.1.35/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:9f:00:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.34/24 brd 192.168.1.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe9f:3a/64 scope link
valid_lft forever preferred_lft forever
#实现LVS 规则
[root@lvs ~]# yum install -y ipvsadm
[root@lvs ~]# ipvsadm -A -t 192.168.1.35:80 -s rr
[root@lvs ~]# ipvsadm -a -t 192.168.1.35:80 -r 192.168.1.32:80 -g
[root@lvs ~]# ipvsadm -a -t 192.168.1.35:80 -r 192.168.1.33:80 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.35:80 rr
-> 192.168.1.32:80 Route 1 0 16
-> 192.168.1.33:80 Route 1 0 16 # 测试
[root@client ~]# while :;do curl 192.168.1.35;sleep 0.5;done
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
3、部署LVS-TUNNEL
![图片[3]-LVS 实战案例-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2022/11/image-230.png)
# LVS服务器配置
# 开启tunnel网卡并配置VIP
[root@lvs ~]# ifconfig tunl0 192.168.1.35 netmask 255.255.255.255 up
# 自动加载ipip模块
[root@lvs ~]# lsmod |grep ipip
ipip 13465 0
tunnel4 13252 1 ipip
ip_tunnel 25163 1 ipip
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:9f:00:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.34/24 brd 192.168.1.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe9f:3a/64 scope link
valid_lft forever preferred_lft forever
3: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 192.168.1.35/32 scope global tunl0
valid_lft forever preferred_lft forever
[root@lvs ~]# yum install -y ipvsadm
[root@lvs ~]# ipvsadm -A -t 192.168.1.35:80 -s rr
[root@lvs ~]# ipvsadm -a -t 192.168.1.35:80 -r 192.168.1.32:80 -i
[root@lvs ~]# ipvsadm -a -t 192.168.1.35:80 -r 192.168.1.33:80 -i
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.35:80 rr
-> 192.168.1.32:80 Tunnel 1 0 0
-> 192.168.1.33:80 Tunnel 1 0 0 # RS服务器配置
# 开启tunnel网卡并配置VIP
[root@web1 ~]# ifconfig tunl0 192.168.1.35 netmask 255.255.255.255 up
[root@web2 ~]# ifconfig tunl0 192.168.1.35 netmask 255.255.255.255 up
# 修改内核参数
[root@web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
[root@web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce
[root@web2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@web2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@web2 ~]# echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
[root@web2 ~]# echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce# 以下参数用来控制系统是否开启对数据包源地址的校验。0标示不开启地址校验;1表开启严格的反向路径校验。对每一个进行的数据包,校验其反向路径是否是最佳路径。如果反向路径不是最佳路径,则直接丢弃该数据包;2标示开启松散的反向路径校验,对每个进行的数据包,校验其源地址是否可以到达,即反向路径是否可以ping通,如反向路径不通,则直接丢弃该数据包。
# 默认值为1
[root@web1 ~]# cat /proc/sys/net/ipv4/conf/all/rp_filter
1
[root@web1 ~]# echo 0 > /proc/sys/net/ipv4/conf/tunl0/rp_filter
[root@web1 ~]# echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
[root@web2 ~]# echo 0 > /proc/sys/net/ipv4/conf/tunl0/rp_filter
[root@web2 ~]# echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter[root@web1 ~]# curl 192.168.1.32
192.168.1.32 web1
[root@web2 ~]# curl 192.168.1.33
192.168.1.33 web2
[root@client ~]# while :;do curl 192.168.1.35;sleep 0.5;done
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
192.168.1.33 web2
192.168.1.32 web1
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
