LVS（Linux virual server）

一、NAT模式环境设定

1.VS主机中

root@vsnode \~\]# vmset.sh eth0 172.25.254.100 vsnode \[root@vsnode \~\]# vmset.sh eth1 192.168.0.100 vsnode noroute ### **2.RS1** 设定网络 \[root@RS1 \~\]# vmset.sh eth0 192.168.0.20 RS1 noroute \[root@RS1 \~\]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100 \[root@RS1 \~\]# nmcli connection reload \[root@RS1 \~\]# nmcli connection up eth0 \[root@RS1 \~\]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 设定访问业务真实数据 \[root@RS1 \~\]# dnf install httpd -y \[root@RS1 \~\]# systemctl enable --now httpd \[root@RS1 \~\]# echo RS1 - 192.168.0.20 \> /var/www/html/index.html ### **3.RS2** #设定网络 \[root@RS1 \~\]# vmset.sh eth0 192.168.0.30 RS1 noroute \[root@RS1 \~\]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100 \[root@RS1 \~\]# nmcli connection reload \[root@RS1 \~\]# nmcli connection up eth0 \[root@RS1 \~\]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 设定访问业务真实数据 \[root@RS1 \~\]# dnf install httpd -y \[root@RS1 \~\]# systemctl enable --now httpd \[root@RS1 \~\]# echo RS2 - 192.168.0.30 \> /var/www/html/index.html ### **4.在vs主机中测试环境** \[root@vsnode \~\]# curl 192.168.0.20 RS1 - 192.168.0.20 \[root@vsnode \~\]# curl 192.168.0.30 RS2 - 192.168.0.30  ## 二、DR模式实验过程  ### 环境设定方式 #### 1.在路由器中 \[root@router \~\]# systemctl disable --now ipvsadm.service Removed "/etc/systemd/system/multi-user.target.wants/ipvsadm.service". \[root@router \~\]# ipvsadm -C \[root@router \~\]# vmset.sh eth0 172.25.254.100 vsnode \[root@router \~\]# vmset.sh eth1 192.168.0.100 vsnode noroute、 设定内核路由功能 \[root@router \~\]# echo net.ipv4.ip_forward=1 \>\> /etc/sysctl.conf \[root@router \~\]# sysctl -p net.ipv4.ip_forward = 1 数据转发策略 \[root@router \~\]# iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.0.100 \[root@vsnode \~\]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 172.25.254.100 #### 2.vsnode 调度器 \[root@vsnode \~\]# vmset.sh eth0 192.168.0.50 vsnode norouter \[root@vsnode \~\]# vim /etc/NetworkManager/system-connections/eth0.nmconnection \[connection

id=eth0

type=ethernet

interface-name=eth0

ipv4

method=manual

address1==192.168.0.50/24,192.168.0.100

root@vsnode \~\]# cd /etc/NetworkManager/system-connections/ \[root@vsnode system-connections\]# cp -p eth0.nmconnection lo.nmconnection \[root@vsnode system-connections\]# vim lo.nmconnection \[connection

id=lo

type=loopback

interface-name=lo

ipv4

method=manual

address1==127.0.0.1/8

address2=192.168.0.200/32

root@RS1 system-connections\]# nmcli connection reload \[root@RS1 system-connections\]# nmcli connection up eth0 连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/7） \[root@RS1 system-connections\]# nmcli connection up lo 连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/8） #### 3.检测 \[root@vsnode system-connections\]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0  #### 4.客户端 \[root@client \~\]# vmset.sh eth0 172.25.254.99 client norouter 连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/4） 2: eth0: \ mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:e5:75:af brd ff:ff:ff:ff:ff:ff altname enp3s0 altname ens160 inet 172.25.254.99/24 brd 172.25.254.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fee5:75af/64 scope link tentative noprefixroute valid_lft forever preferred_lft forever client \[root@client \~\]# vim /etc/NetworkManager/system-connections/eth0.nmconnection \[connection

id=eth0

type=ethernet

interface-name=eth0

ipv4

method=manual

address1=172.25.254.99/24,172.25.254.100

dns=8.8.8.8;

root@client \~\]# nmcli connection reload \[root@client \~\]# nmcli connection up eth0 连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/5） \[root@client \~\]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.25.254.100 0.0.0.0 UG 100 0 0 eth0 172.25.254.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 #### 检测 \[root@client \~\]# ping 192.168.0.200 PING 192.168.0.200 (192.168.0.200) 56(84) 比特的数据。 64 比特，来自 192.168.0.200: icmp_seq=1 ttl=128 时间=1.08 毫秒 #### 5.RS1 \[root@RS1 \~\]# vmset.sh eth0 192.168.0.10 RS1 noroute \[root@RS1 \~\]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100 \[root@RS1 \~\]# nmcli connection reload \[root@RS1 \~\]# nmcli connection up eth0 \[root@RS1 \~\]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 在lo上设定vip \[root@RS1 \~\]# cd /etc/NetworkManager/system-connections/ \[root@RS1 system-connections\]# cp -p eth0.nmconnection lo.nmconnection \[root@RS1 system-connections\]# vim lo.nmconnection \[connection

id=lo

type=loopback

interface-name=lo

ethernet

ipv4

address1=127.0.0.1/8

address2=192.168.0.200/32

method=manual

root@RS1 system-connections\]# nmcli connection reload \[root@RS1 system-connections\]# nmcli connection up lo 连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/6） \[root@RS1 system-connections\]# ip a 1: lo: \ mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.168.0.200/32 scope global lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever arp禁止响应 \[root@rs1 \~\]# echo 1 \> /proc/sys/net/ipv4/conf/all/arp_ignore \[root@rs1 \~\]# echo 1 \> /proc/sys/net/ipv4/conf/lo/arp_ignore \[root@rs1 \~\]# echo 2 \> /proc/sys/net/ipv4/conf/lo/arp_announce \[root@rs1 \~\]# echo 2 \> /proc/sys/net/ipv4/conf/all/arp_announce #### 6.RS2 \[root@RS2 \~\]# vmset.sh eth0 192.168.0.20 RS2 noroute \[root@RS2 \~\]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100 \[root@RS2 \~\]# nmcli connection reload \[root@RS2 \~\]# nmcli connection up eth0 \[root@RS2 \~\]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 在lo上设定vip \[root@RS2 \~\]# cd /etc/NetworkManager/system-connections/ \[root@RS2 system-connections\]# cp -p eth0.nmconnection lo.nmconnection \[root@RS2 system-connections\]# vim lo.nmconnection \[connection

id=lo

type=loopback

interface-name=lo

ethernet

ipv4

address1=127.0.0.1/8

address2=192.168.0.200/32

method=manual

root@RS2 system-connections\]# nmcli connection reload \[root@RS2 system-connections\]# nmcli connection up lo 连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/6） \[root@RS2 system-connections\]# ip a 1: lo: \ mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.168.0.200/32 scope global lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever arp禁止响应 \[root@rs2 \~\]# echo 1 \> /proc/sys/net/ipv4/conf/all/arp_ignore \[root@rs2 \~\]# echo 1 \> /proc/sys/net/ipv4/conf/lo/arp_ignore \[root@rs2 \~\]# echo 2 \> /proc/sys/net/ipv4/conf/lo/arp_announce \[root@rs2 \~\]# echo 2 \> /proc/sys/net/ipv4/conf/all/arp_announce ## 三、利用火墙标记解决轮询错误 ### 1.在rs主机中同时开始http和https两种协议 #### 在RS1和RS2中开启https \[root@RS1+RS2 \~\]# dnf install mod_ssl -y \[root@RS1+RS2 \~\]# systemctl restart httpd \[root@RS1+RS2 \~\]# systemctl restart httpd #### 2.在vsnode中添加https的轮询策略 root@vsnode boot\]# ip\^Cadm -A -t 192.168.0.200:80 -s rr \[root@vsnode boot\]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.20 -g \[root@vsnode boot\]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.30 -g \[root@vsnode boot\]# ipvsadm -A -t 192.168.0.200:443 -s rr \[root@vsnode boot\]# ipvsadm -a -t 192.168.0.200:443 -r 192.168.0.30:443 -g \[root@vsnode boot\]# ipvsadm -a -t 192.168.0.200:443 -r 192.168.0.20:443 -g \[root@vsnode boot\]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -\> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.0.200:80 rr -\> 192.168.0.30:80 Route 1 0 0 -\> 192.168.0.20:80 Route 1 0 0 TCP 192.168.0.200:443 rr -\> 192.168.0.30:443 Route 1 0 0 -\> 192.168.0.20:443 #### 3.轮询错误展示 \[root@client \~\]# curl 192.168.0.200;curl -k https://192.168.0.200 RS2 - 192.168.0.20 RS2 - 192.168.0.20 当上述设定完成后http和https是独立的service，轮询会出现重复问题 解决方案：使用火墙标记访问vip的80和443的所有数据包，设定标记为6666，然后对此标记进行负载 \[root@vsnode boot\]# iptables -t mangle -A PREROUTING -d 192.168.0.200 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 6666 \[root@vsnode boot\]# ipvsadm -A -f 6666 -s rr \[root@vsnode boot\]# ipvsadm -a -f 6666 -r 192.168.0.30 -g \[root@vsnode boot\]# ipvsadm -a -f 6666 -r 192.168.0.20 -g #测试：在客户端 \[root@client \~\]# curl 192.168.0.200;curl -k https://192.168.0.200 RS2 - 192.168.0.20 RS1 - 192.168.0.30  ## 四、利用持久连接实现会话粘滞 ### 1.设定ipvs调度策略 \[root@vsnode \~\]# ipvsadm -A -f 6666 -s rr -p 1 \[root@vsnode \~\]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -\> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 6666 rr persistent 1 -\> 192.168.0.20:0 Route 1 0 0 -\> 192.168.0.30:0 ### 2.测试： \[root@client \~\]# curl 192.168.0.200 RS1 - 192.168.0.20 \[root@client \~\]# curl 192.168.0.200 RS1 - 192.168.0.20 ### 3.观察 \[root@vsnode \~\]# watch -n 1 ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination TCP 01:56 FIN_WAIT 172.25.254.99:42420 192.168.0.200:80 192.168.0.20:80 IP 00:57 ASSURED 172.25.254.99:0 0.0.26.10:0 192.168.0.20:0 TCP 01:54 FIN_WAIT 172.25.254.99:46216 192.168.0.200:80 192.168.0.20:80 TCP 01:55 FIN_WAIT 172.25.254.99:46222 192.168.0.200:80 192.168.0.30:80