LVS的DR模式和NET模式的基础案例

1. NAT模式案例

1.1 主机规划

主机	角色	系统	网络	IP
client	client	redhat 9.7	仅主机	192.168.197.100/24
lvs	lvs	redhat 9.7	仅主机 NAT	192.168.197.200/24 VIP 192.168.122.8/24 DIP
nginx	rs1	redhat 9.7	NAT	192.168.122.7/24
nginx	rs2	redhat 9.7	NAT	192.168.122.17/24

1.2 环境准备

克隆四台虚拟机，需要注意根据主机规划方案来设置网络类型。

1.2.1 配置客户端

1、设置主机名

hostnamectl set-hostname client && bash

2、修改IP地址

nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.197.100/24 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up enp1s0

3、关闭selinux

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config

4、关闭防火墙

systemctl disable --now firewalld.service 

1.2.2 配置LVS

2. 修改NAT模式的IP地址

1、设置主机名

hostnamectl set-hostname lvs && bash

2、修改IP地址

# 1. 修改仅主机模式的IP地址
nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.197.200/24 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160


# 2. 修改NAT模式的IP地址
# 如何查看连接名字？使用nmcli device status 查看,CONNECTION字段就是连接id,如果展示的是`???`意味着操作系统不支持展示连接名字
nmcli c mod "Wired connection 1" connection.id ens224
nmcli c m ens224 ipv4.method manual ipv4.addr 192.168.72.8/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens224 

3、关闭selinux

[rsetenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config

4、关闭防火墙

systemctl disable --now firewalld.service 

1.2.3 配置RS2

1、修改主机名

hostnamectl set-hostname rs2 && bash

2、修改IP地址

nmcli c m ens160 ipv4.method manual ipv4.addr 192.168.122.17/24 ipv4.gateway 192.168.122.8 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160 

3、关闭selinux

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config

4、关闭防火墙

systemctl disable --now firewalld.service 

1.3 搭建RS1服务

1、安装nginx

dnf install nginx -y

2、修改欢迎页

echo "$(hostname) $(hostname -I)" > /usr/share/nginx/html/index.html

3、启动nginx

systemctl start nginx

4、运行测试

[root@rs1 ~]# curl localhost
rs1 192.168.122.7 
[root@rs1 ~]# curl localhost
rs1 192.168.122.7 

1.4 搭建RS2

1、安装nginx

dnf install nginx -y

2、修改欢迎页

echo "$(hostname) $(hostname -I)" > /usr/share/nginx/html/index.html

3、启动nginx

systemctl start nginx

4、访问测试

[root@rs2 ~]# curl localhost
rs2 192.168.72.17 
[root@rs2 ~]# curl localhost
rs2 192.168.72.17

1.5 搭建LVS

1、安装ipvsadm

dnf install ipvsadm -y

2、保存配置

ipvsadm-save -n > /etc/sysconfig/ipvsadm
# 或者执行
ipvsadm -S > /etc/sysconfig/ipvsadm

3、启动服务

[root@lvs ~]# systemctl start ipvsadm
[root@lvs ~]# systemctl status ipvsadm
● ipvsadm.service - Initialise the Linux Virtual Server
     Loaded: loaded (/usr/lib/systemd/system/ipvsadm.service; enabled; preset: disabled)
     Active: active (exited) since Sat 2026-01-17 09:57:54 CST; 58min ago
   Main PID: 1002 (code=exited, status=0/SUCCESS)
        CPU: 45ms

Jan 17 09:57:54 lvs systemd[1]: Starting Initialise the Linux Virtual Server...
Jan 17 09:57:54 lvs systemd[1]: Finished Initialise the Linux Virtual Server.

4、查看规则

[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

5、添加规则

[root@lvs ~]# ipvsadm -A -t 192.168.72.8:80 -s rr

[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.72.8:80 rr

6、添加真实主机

[root@lvs ~]# ipvsadm -A -t 192.168.10.200:80 -s rr
[root@lvs ~]# ipvsadm -a -t 192.168.10.200:80 -r 192.168.72.7:80 -m
[root@lvs ~]# ipvsadm -a -t 192.168.10.200:80 -r 192.168.72.17:80 -m
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.200:80 rr
  -> 192.168.72.7:80              Masq    1      0          0         
  -> 192.168.72.17:80             Masq    1      0          0         

7、运行测试

[root@lvs ~]# curl 192.168.72.8
rs2 192.168.72.17 
[root@lvs ~]# curl 192.168.72.8
rs1 192.168.72.7 
[root@lvs ~]# curl 192.168.72.8
rs2 192.168.72.17 
[root@lvs ~]# curl 192.168.72.8
rs1 192.168.72.7 
[root@lvs ~]# curl 192.168.72.8
rs2 192.168.72.17 
[root@lvs ~]# curl 192.168.72.8
rs1 192.168.72.7 
[root@lvs ~]# curl 192.168.72.8
rs2 192.168.72.17 
[root@lvs ~]# curl 192.168.72.8
rs1 192.168.72.7 
[root@lvs ~]# curl 192.168.72.8
rs2 192.168.72.17 

如果是配置加权轮询，则配置如下：

# 清理规则
[root@lvs ~]# ipvsadm -C

# 增加规则
[root@lvs ~]# ipvsadm -A -t 192.168.10.200:80 -s wrr
# 增加集群节点
[root@lvs ~]# ipvsadm -a -t 192.168.10.200:80 -r 192.168.72.7:80 -m -w 5
[root@lvs ~]# ipvsadm -a -t 192.168.10.200:80 -r 192.168.72.17:80 -m -w 2

# 查看规则
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.200:80 wrr
  -> 192.168.72.7:80              Masq    5      0          0         
  -> 192.168.72.17:80             Masq    2      0          0         

1.6 测试

我们在client端测试

[root@client ~]# curl 192.168.10.200
curl: (7) Failed to connect to 192.168.10.200 port 80: Connection refused
[root@client ~]# curl 192.168.10.200
curl: (7) Failed to connect to 192.168.10.200 port 80: Connection refused

可以发现，访问是被拒绝的。

解决办法是：修改 lvs 服务器中 /etc/sysctl.conf 文件，在这个文件中添加转发功能。

[root@lvs ~]# vim /etc/sysctl.conf

文件内容如下：

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1

修改保存后，执行如下的命令来让配置生效：

[root@lvs ~]# sysctl -p
net.ipv4.ip_forward = 1

然后再测试：

[root@client ~]# curl 192.168.10.200
rs2 192.168.72.17 
[root@client ~]# curl 192.168.72.8
rs1 192.168.72.7 
[root@client ~]# curl 192.168.72.8
rs2 192.168.72.17 
[root@client ~]# curl 192.168.72.8
rs1 192.168.72.7 
[root@client ~]# curl 192.168.72.8
rs2 192.168.72.17 
[root@client ~]# curl 192.168.72.8
rs1 192.168.72.7 
[root@client ~]# curl 192.168.72.8
rs2 192.168.72.17 
[root@client ~]# curl 192.168.72.8
rs1 192.168.72.7 
[root@client ~]# curl 192.168.72.8
rs2 192.168.72.17 

2. DR单网段案例

DR 模式的工作原理

核心原理： lvs服务器通过修改网络数据链路层的目的mac地址将客户端的请求流量引导到后面的RS，RS 直接将请求相应给客户端，而不经过lvs服务器。
具体命令：

ipvsadm -A -t 192.168.122.100:80 -s rr
ipvsadm -a -t 192.168.122.100:80 -r 192.168.122.7 -g
ipvsadm -a -t 192.168.122.100:80 -r 192.168.122.17 -g 

为了达到上面的目的，我们需要满足下面的要求

1. LVS 服务器、RS1、RS2可以接受目的ip是vip的包。
2. 在满足1.的条件下不会出现arp冲突。

为了满足上面的条件，我们在真实的机器上做了下面的配置

对于1. 的条件，在lvs、RS1和RS2上的lo虚拟回环网卡上添加vip：192.168.122.100。

具体命令：

ip add 192.168.122.100/32 dev lo

为了避免vrp冲突，在RS1和RS2上修改该内核参数，作用是防止arp冲突。

具体命令：

echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore

这两行命令的作用是为了让rs1和rs2忽略局域网内的arp洪泛，隐藏自己lo上的vip，让arp获得的结果是lvs的mac，从而将请求报文传递给lvs处理

另外，在实验中我们还需要修改下面的内核参数

echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce 
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

这两行的目的是为了让RS1和RS2以自己的真实物理网卡相应客户端的请求，对于响应报文源ip是什么有一个逻辑，就是请求报文的目的ip是什么，响应报文的源ip就是什么? 如果以这种逻辑发送响应报文，因为目的ip不是本网段的，rs会使用arp协议获得router的mac地址，当报文到了router时，router发现vip对应的mac是rs的，就会更新自己的arp 数据表，当client端再次访问服务时，就只有一台固定的rs在处理服务，lvs就没有作用了。这叫做vip抢占

2.1 主机规划

主机	角色	系统	网络	IP
client	client	redhat 9.7	仅主机	192.168.197.100/24
router	router	redhat 9.7	仅主机 和 NAT	ens160 192.168.197.200/24 ens224 192.168.122.200/24
lvs	lvs	redhat 9.7	NAT	VIP 192.168.122.100/32 DIP 192.168.122.8/24
nginx	rs1	redhat 9.7	NAT	VIP 192.168.122.100/32 RIP 192.168.122.7/24
nginx	rs2	redhat 9.7	NAT	VIP 192.168.122.100/32 RIP 192.168.122.17/24

2.2 环境准备

2.2.1 配置client

首先设置好主机名、IP地址、关闭selinux和防火墙。

然后将网关设置为 路由器的 IP 地址：

[root@client ~]# nmcli c m enp1s0 ipv4.gateway 192.168.197.200
[root@client ~]# nmcli c up enp1s0

查看是否设置成功

[root@client ~]# nmcli device show enp1s0 | grep IP4.GA
IP4.GATEWAY:                            192.168.197.200

2.2.2 配置router

1、设置主机名

2、配置两个网卡的IP地址

3、关闭selinux

4、关闭防火墙

2.2.3 配置LVS

1、设置主机名

2、配置IP地址

[root@lvs ~]# nmcli con up enp1s0 
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/4）
[root@lvs ~]# nmcli d show enp1s0 
GENERAL.DEVICE:                         enp1s0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         52:54:00:D4:0C:13
GENERAL.MTU:                            1500
GENERAL.STATE:                          100（已连接）
GENERAL.CONNECTION:                     enp1s0
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/4
WIRED-PROPERTIES.CARRIER:               开
IP4.ADDRESS[1]:                         192.168.122.8/24
IP4.GATEWAY:                            192.168.122.200
IP4.ROUTE[1]:                           dst = 192.168.122.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192.168.122.200, mt = 100
IP4.DNS[1]:                             192.168.122.7
IP4.DNS[2]:                             192.168.122.1
IP6.ADDRESS[1]:                         fe80::5054:ff:fed4:c13/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024

3、关闭selinux

4、关闭防火墙

2.2.5 配置RS1

1、设置主机名

2、配置IP地址

[root@rs1 ~]# nmcli c m ens160 ipv4.gateway 192.168.72.200
[root@rs1 ~]# nmcli c up ens160 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@rs1 ~]# nmcli d show ens160
GENERAL.DEVICE:                         ens160
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:D7:3E:38
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ens160
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/4
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.72.7/24
IP4.GATEWAY:                            192.168.72.200
IP4.ROUTE[1]:                           dst = 192.168.72.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192.168.72.200, mt = 100
IP4.DNS[1]:                             223.5.5.5
IP4.DNS[2]:                             8.8.8.8
IP6.ADDRESS[1]:                         fe80::20c:29ff:fed7:3e38/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024

3、关闭selinux

4、关闭防火墙

2.2.6 配置RS2

1、设置主机名

2、配置IP地址

[root@rs2 ~]# nmcli c m ens160 ipv4.gateway 192.168.72.200
[root@rs2 ~]# nmcli c up ens160 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@rs2 ~]# nmcli d show ens160 
GENERAL.DEVICE:                         ens160
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:FB:BF:21
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ens160
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/4
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.72.17/24
IP4.GATEWAY:                            192.168.72.200
IP4.ROUTE[1]:                           dst = 192.168.72.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192.168.72.200, mt = 100
IP4.DNS[1]:                             223.5.5.5
IP4.DNS[2]:                             8.8.8.8
IP6.ADDRESS[1]:                         fe80::20c:29ff:fefb:bf21/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024

3、关闭selinux

4、关闭防火墙

2.3 功能实现

2.3.1 配置RS1

由于我们在前一个项目中已经把 nginx 服务器的环境搭建完成，此处我们只需要为 RS1 服务器配置 VIP 即可。

1、在lo网卡上添加VIP

[root@rs1 ~]# ip addr add 192.168.72.100/32 dev lo
[root@rs1 ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.72.100/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

2、然后添加一个路由

[root@rs1 ~]# route add -host 192.168.72.100 dev lo
[root@rs1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.72.200  0.0.0.0         UG    100    0        0 ens160
192.168.72.0    0.0.0.0         255.255.【无标题】255.0   U     100    0        0 ens160
192.168.72.100  0.0.0.0         255.255.255.255 UH    0      0        0 lo

3、修改内核参数

不是永久修改，重启后会失效。

echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce 
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

2.3.2 配置RS2

由于我们在前一个项目中已经把 nginx 服务器的环境搭建完成，此处我们只需要为 RS2 服务器配置 VIP 即可。

1、在 lo 网卡配置 VIP

[root@rs2 ~]# ip addr add 192.168.122.100/32 dev lo
[root@rs2 ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.122.100/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

2、为 lo 网卡配置路由

[root@rs2 ~]# route add -host 192.168.122.100 dev lo
[root@rs2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.122.200  0.0.0.0         UG    100    0        0 enp1s0
192.168.122.0    0.0.0.0         255.255.255.0   U     100    0        0 enp1s0
192.168.122.100  0.0.0.0         255.255.255.255 UH    0      0        0 lo

告诉linux内核，192.168.122.100 是我lo网卡上的合法ip

3、修改内核参数

[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore 

[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce 
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

2.3.3 配置LVS

1、在lvs的lo网卡上配置VIP

[root@lvs ~]# ip addr add 192.168.122.100/32 dev lo
[root@lvs ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.122.100/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

2、安装ipvsadm

[root@lvs ~]# dnf install ipvsadm -y

Dependencies resolved.
=====================================================================================================================================
 Package                       Architecture                 Version                            Repository                       Size
=====================================================================================================================================
Installing:
 ipvsadm                       x86_64                       1.31-6.el9                         AppStream                        54 k

Transaction Summary
=====================================================================================================================================
Install  1 Package

Total size: 54 k
Installed size: 89 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                             1/1 
  Installing       : ipvsadm-1.31-6.el9.x86_64                                                                                   1/1 
  Running scriptlet: ipvsadm-1.31-6.el9.x86_64                                                                                   1/1 
  Verifying        : ipvsadm-1.31-6.el9.x86_64                                                                                   1/1 
Installed products updated.

Installed:
  ipvsadm-1.31-6.el9.x86_64                                                                                                          

Complete!

3、初始化配置文件

[root@lvs ~]# ipvsadm-save -n > /etc/sysconfig/ipvsadm

4、启动ipvsadm

[root@lvs ~]# systemctl start ipvsadm.service

5、添加规则

ipvsadm -A -t 192.168.122.100:80 -s wrr
ipvsadm -a -t 192.168.122.100:80 -r 192.168.122.7:80 -g -w 3
ipvsadm -a -t 192.168.122.100:80 -r 192.168.122.17:80 -g -w 1
ipvsadm -Ln

2.3.4 配置Router

1、在路由服务器中配置转发功能

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 
sysctl -p

2.4 功能测试

我们在客户端进行测试：

[root@client ~]# curl 192.168.122.100
rs2 192.168.122.17 
[root@client ~]# curl 192.168.122.100
rs1 192.168.122.7 
[root@client ~]# curl 192.168.122.100
rs2 192.168.122.17 
[root@client ~]# curl 192.168.122.100
rs1 192.168.122.7 
[root@client ~]# curl 192.168.122.100
rs2 192.168.122.17 
[root@client ~]# curl 192.168.122.100
rs1 192.168.122.7 
[root@client ~]# curl 192.168.122.100
rs2 192.168.122.17 
[root@client ~]# curl 192.168.122.100
rs1 192.168.122.7 
[root@client ~]# curl 192.168.122.100
rs2 192.168.122.17 
[root@client ~]# curl 192.168.122.100
rs1 192.168.122.7