云原生(LVS NAT模式集群实验)

匀泪2026-02-08 10:35

NAT模式环境设定

vmset.sh脚本编写

复制代码 
[root@node ~]# vim /bin/vmset.sh
#!/bin/bash
[ "$#" -lt "3" ] && {
  echo "error!!"
  exit
}
CONNECTION=`nmcli connection show | awk "/$1/"'{print $1}'|grep $1`
[ "$?" -ne "0" ] && {
  echo "$1" is in used !!
  nmcli connection delete  $CONNECTION
}
[ "$4" = "noroute" ] && {
cat >>  /etc/NetworkManager/system-connections/$1.nmconnection <<EOF
[connection]
id=$1
type=ethernet
interface-name=$1


[ipv4]
method=manual
address1=$2/24
EOF
}||{
cat >>  /etc/NetworkManager/system-connections/$1.nmconnection <<EOF
[connection]
id=$1
type=ethernet
interface-name=$1


[ipv4]
method=manual
address1=$2/24,192.168.181.123
dns=8.8.8.8;
EOF
}

chmod 600 /etc/NetworkManager/system-connections/$1.nmconnection
nmcli connection reload
nmcli connection up $1
hostnamectl hostname $3

cat > /etc/hosts<< EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
$2     $3
EOF

ip a s $1
hostname
[root@node ~]# chmod  +x /bin/vmset.sh

VS主机配置

复制代码 
[root@vsnode yxs]# vmset.sh eth0 172.25.254.100 vsnode
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/4)
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:ee:1b:c5 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 172.25.254.100/24 brd 172.25.254.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feee:1bc5/64 scope link tentative noprefixroute 
       valid_lft forever preferred_lft forever
vsnode
[root@vsnode yxs]# vmset.sh eth1 192.168.0.100 vsnode noroute
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/5)
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:ee:1b:cf brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    altname ens224
    inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::2368:18eb:c683:fc47/64 scope link tentative noprefixroute 
       valid_lft forever preferred_lft forever
vsnode

检查配置

复制代码 
[root@vsnode yxs]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:ee:1b:c5 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 172.25.254.100/24 brd 172.25.254.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feee:1bc5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:ee:1b:cf brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    altname ens224
    inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::2368:18eb:c683:fc47/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

RS1配置

复制代码 
[root@redhat yxs]# vmset.sh eth0 192.168.0.10 RS1 noroute
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:d5:22:da brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 172.25.254.100/24 brd 172.25.254.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fed5:22da/64 scope link tentative noprefixroute 
       valid_lft forever preferred_lft forever
RS1
[root@redhat yxs]# vmset.sh eth0 192.168.0.10 RS1 noroute
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/8)
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:d5:22:da brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 192.168.0.10/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::4deb:3eed:cdbf:2fc8/64 scope link tentative noprefixroute 
       valid_lft forever preferred_lft forever
RS1

#设定访问业务真实数据
[root@RS1 yxs]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100
[root@RS1 yxs]#  nmcli connection reload
[root@RS1 yxs]#  nmcli connection up eth0
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/9)
[root@RS1 yxs]# route  -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    100    0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@RS1 yxs]# dnf install httpd -y
[root@RS1 yxs]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS1 yxs]# echo RS1 - 192.168.0.10 > /var/www/html/index.html

RS2配置

复制代码 
[root@RS2 yxs]# vmset.sh eth0 192.168.0.20 RS2 noroute
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/8)
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:3a:be:ad brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 192.168.0.20/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ce51:18e8:3ae6:e47e/64 scope link tentative noprefixroute 
       valid_lft forever preferred_lft forever
RS2
[root@RS2 yxs]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100
[root@RS2 yxs]# nmcli connection reload
[root@RS2 yxs]# nmcli connection up eth0
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/9)
[root@RS2 yxs]#  route  -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.100   0.0.0.0         UG    100    0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0

#设定访问业务真实数据
[root@RS2 yxs]# dnf install httpd -y
[root@RS2 yxs]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS2 yxs]# echo RS2 - 192.168.0.20 > /var/www/html/index.html

在vs主机中测试环境

复制代码 
[yxs@vsnode ~]$ curl  192.168.0.10
RS1 - 192.168.0.10
[yxs@vsnode ~]$ curl  192.168.0.20
RS2 - 192.168.0.20

NAT模式实现

vs设置

复制代码 
#1,开启内核路由功能
[root@vsnode ~]# echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
[root@vsnode ~]# sysctl  -p
net.ipv4.ip_forward = 1

#2.编写策略
[root@vsnode ~]# ipvsadm -C
[root@vsnode ~]# ipvsadm -A -t 172.25.254.100:80 -s wrr
[root@vsnode ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.10:80 -m  -w 1
[root@vsnode ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.20:80 -m  -w 1
[root@vsnode ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 wrr
  -> 192.168.0.10:80              Masq    1      0          0         
  -> 192.168.0.20:80              Masq    1      0          0         

#3.测试
[root@vsnode ~]# for i in {1..10};do curl 172.25.254.100;done
RS2 - 192.168.0.20
RS1 - 192.168.0.10
RS2 - 192.168.0.20
RS1 - 192.168.0.10
RS2 - 192.168.0.20
RS1 - 192.168.0.10
RS2 - 192.168.0.20
RS1 - 192.168.0.10
RS2 - 192.168.0.20
RS1 - 192.168.0.10

#更改权重
[root@vsnode ~]# ipvsadm -e -t 172.25.254.100:80 -r 192.168.0.10:80 -m  -w 2
[root@vsnode ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 wrr
  -> 192.168.0.10:80              Masq    2      0          5         
  -> 192.168.0.20:80              Masq    1      0          5         
[root@vsnode ~]# for i in {1..10};do curl 172.25.254.100;done
RS2 - 192.168.0.20
RS1 - 192.168.0.10
RS1 - 192.168.0.10
RS2 - 192.168.0.20
RS1 - 192.168.0.10
RS1 - 192.168.0.10
RS2 - 192.168.0.20
RS1 - 192.168.0.10
RS1 - 192.168.0.10
RS2 - 192.168.0.20

规则持久化

实验过程可以用过打开另外一个shell的并执行监控命令的方式进行观察

复制代码 
[root@vsnode ~]# watch -n 1 ipvsadm -Ln

#利用自定义文件进行持久化
[root@vsnode ~]# ipvsadm-save -n
-A -t 172.25.254.100:80 -s wrr
-a -t 172.25.254.100:80 -r 192.168.0.10:80 -m -w 2
-a -t 172.25.254.100:80 -r 192.168.0.20:80 -m -w 1
[root@vsnode ~]# ipvsadm-save -n > /mnt/ipvs.rule

Every 1.0s: ipvsadm -Ln                                  vsnode: Sat Feb  7 14:30:07 2026

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 wrr
  -> 192.168.0.10:80              Masq    2      0          0
  -> 192.168.0.20:80              Masq    1      0          0


[root@vsnode ~]# ipvsadm -C
Every 1.0s: ipvsadm -Ln                                  vsnode: Sat Feb  7 14:31:25 2026

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn


[root@vsnode ~]# ipvsadm-restore < /mnt/ipvs.rule

Every 1.0s: ipvsadm -Ln                                  vsnode: Sat Feb  7 14:32:05 2026

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 wrr
  -> 192.168.0.10:80              Masq    2      0          0
  -> 192.168.0.20:80              Masq    1      0          0


#利用守护进程进行规则持久化
[root@vsnode ~]# ipvsadm-save -n > /etc/sysconfig/ipvsadm
[root@vsnode ~]# ipvsadm -C
[root@vsnode ~]# systemctl enable --now ipvsadm.service
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.

Every 1.0s: ipvsadm -Ln                                  vsnode: Sat Feb  7 14:33:01 2026

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.254.100:80 wrr
  -> 192.168.0.10:80              Masq    2      0          0
  -> 192.168.0.20:80              Masq    1      0          0
相关推荐
哈里谢顿1 天前
Kubernetes Operator核心概念、实现原理和实战开发
云原生
阿里云云原生1 天前
你的 OpenClaw 真的在受控运行吗?
云原生
阿里云云原生2 天前
5 分钟零代码改造,让 Go 应用自动获得全链路可观测能力
云原生·go
Shanyoufusu122 天前
RKE2 单节点集群安装 Rancher+ 私有镜像仓库搭建 完整教程
云原生
阿里云云原生2 天前
Dify 官方上架 Higress 插件,轻松接入 AI 网关访问模型服务
云原生
AI攻城狮2 天前
OpenClaw Session 管理完全指南:Context 压缩、重置与持久化
人工智能·云原生·aigc
YuMiao2 天前
gstatic连接问题导致Google Gemini / Studio页面乱码或图标缺失问题
服务器·网络协议
Sinclair5 天前
简单几步,安卓手机秒变服务器,安装 CMS 程序
android·服务器
阿里云云原生6 天前
阿里云获评 Agentic AI 开发平台领导者,函数计算 AgentRun 赢下关键分!
云原生
Rockbean6 天前
用40行代码搭建自己的无服务器OCR
服务器·python·deepseek
热门推荐
01GitHub 镜像站点02OpenClaw 使用和管理 MCP 完全指南03OpenClaw + 飞书(Feishu)环境搭建指南04Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services05OpenClaw优化飞书API 额度已耗尽问题06Window 10部署openclaw报错node.exe : npm error code 12807小黑课堂计算机二级WPSoffice题库软件下载安装教程(2026年3月最新版)08Clawdbot部署教程:解决‘gateway token missing’授权问题的完整步骤09网站改了域名,如何查找?10本地部署 OpenClaw + DeepSeek-R1 完全指南