运维实例-----LVS之NAT、TUN工作模式
程序员文章站
2024-03-22 17:28:52
...
一、NAT工作模式
实验环境:
server1:添加两个网卡
eth0:172.25.68.1/24 (VIP:外网IP)
eth3:192.168.68.1/24(DIP:内网IP)
两台RS(realserver):
Server2:192.168.68.2/24(网关必须指向Director的DIP)
Server3:192.168.68.3/24(网关必须执行Director的DIP)
物理机:
172.25.68.250
【1.】配置server1
- 添加两个网卡并配置ip
- 添加地址为172.25.68.1:80的虚拟服务,指定算法为轮循
[aaa@qq.com ~]# ipvsadm -A -t 172.25.68.1:80 -s rr
- 添加RS,指定工作模式为NAT并保存设置
[aaa@qq.com ~]# ipvsadm -a -t 172.25.68.1:80 -r 192.168.68.2:80 -m
[aaa@qq.com ~]# ipvsadm -a -t 172.25.68.1:80 -r 192.168.68.3:80 -m
[aaa@qq.com ~]# /etc/init.d/ipvsadm save
- 永久开启路由
[aaa@qq.com ~]# sysctl -w net.ipv4.ip_forward=1
[aaa@qq.com ~]# sysctl -p ##这样为临时开启
[aaa@qq.com ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[aaa@qq.com ~]# sysctl -p ##永久开启
- 加载NAT模块
[aaa@qq.com ~]# modprobe iptable_nat
【2.】配置RS(server2)
[aaa@qq.com ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="static"
NBOOT="yes"
IPADDR=192.168.68.2
PREFIX=24
GATEWAY=192.168.68.1 ##网关为server1的ip
[aaa@qq.com ~]# /etc/init.d/httpd start ##开启http服务
【3.】配置RS(server3)
[aaa@qq.com ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="static"
NBOOT="yes"
IPADDR=192.168.68.3
PREFIX=24
GATEWAY=192.168.68.1 ##网关为server1的ip
[aaa@qq.com ~]# /etc/init.d/httpd start ##开启http服务
【4.】测试
二、TUN工作模式
实验环境:
server1:添加两个网卡
eth0:172.25.68.1/24
两台RS(realserver):
Server2:172.25.68.2/24
Server3:172.25.68.3/24
物理机:
172.25.68.250
【1.】配置server1
- 配置好ip后开启隧道模式,添加隧道ip并开启ip
[aaa@qq.com ~]# modprobe ipip
[aaa@qq.com ~]# ip addr add 172.25.68.100/24 dev tunl0
[aaa@qq.com ~]# ip link set up dev tunl0
- 添加路由172.25.68.100并开启路由
[aaa@qq.com ~]# route add -host 172.25.0.100 dev tunl0
[aaa@qq.com ~]# sysctl -w net.ipv4.ip_forward=1
[aaa@qq.com ~]# sysctl -p
-
添加172.25.68.100:80的虚拟服务,算法为轮循
[aaa@qq.com ~]# ipvsadm -A -t 172.25.68.100:80 -s rr
-
添加RS,指定工作模式为TUN
-
[aaa@qq.com ~]# ipvsadm -a -t 172.25.68.100:80 -r 172.25.68.2:80 -i [aaa@qq.com ~]# ipvsadm -a -t 172.25.68.100:80 -r 172.25.68.3:80 -i
【2.】配置server2
- 开启隧道模式,添加ip并启用
[aaa@qq.com ~]# modprobe ipip
[aaa@qq.com ~]# ip addr add 172.25.68.100/24 dev tunl0
[aaa@qq.com ~]# ip link set up dev tunl0
- 添加路由172.25.68.100
[aaa@qq.com ~]# route add -host 172.25.68.100 dev tunl0
- 禁止反向过滤并开启路由
[aaa@qq.com ~]# sysctl -a | grep rp_filter
[aaa@qq.com ~]# sysctl -w net.ipv4.conf.tunl0.rp_filter=0
[aaa@qq.com ~]# sysctl -w net.ipv4.ip_forward=1
[aaa@qq.com ~]# sysctl -p
- 开启arp地址解析策略和http服务
[aaa@qq.com ~]# arptables -A IN -d 172.25.68.100 -j DROP ##拒绝客户端访问realserver的虚拟ip,只要输入进来直接DROP掉
[aaa@qq.com ~]# arptables -A OUT -s 172.25.68.100 -j mangle --mangle-ip-s 172.25.68.2 ##由于tcp三次握手,出去时仍要以vip地址形式才会握手,而真正将数据传输给客户端的就是realserver,mangle参数就是这个功能
[aaa@qq.com ~]# /etc/init.d/arptables_jf save
[aaa@qq.com ~]# /etc/init.d/arptables_jf restart
[aaa@qq.com ~]# /etc/init.d/httpd start
【3.】配置server3----同server2配置原理相同
【4.】测试