Linux環境下實現LVS-NAT模型和LVS-DR模型
防火牆關閉,RS1、RS2安裝httpd,新增index.html,路由器新增到達172.20.0.123的路由表
router,開啟路由轉發功能,vim /etc/sysctl.conf
因為需要保證訪問後VIP和CIP要原路返回,因此路由需要新增路由到客戶端的ip
LVS,注意LVS-NAT模式也需要開啟路由轉發,vim /etc/sysctl.conf中新增net.ipv4.ip_forward = 1
ipvsadm -A -t 172.20.0.123:80 -s rr
ipvsadm -Ln,查詢LVS列表,選項必須-Ln,不能-nL
ipvsadm -a -t 172.20.0.123:80 -r 192.168.32.7 -m
ipvsadm -a -t 172.20.0.123:80 -r 192.168.32.17 -m
完成後加閘道器route add -net 10.0.0.0/8 gw 192.168.32.200,LVS不加閘道器將排程失敗,閘道器是個擺設,本實驗中在192.168.32.0網段可以隨便加為閘道器
在RS上執行指令碼,配置vip,修改核心引數,常儲存依然更改/etc/sysctl.conf
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ipvsadm -A -t 10.0.0.100:80 -s wrr
ipvsadm -a -t 10.0.0.100:80 -r 192.168.32.7 -g -w 1
ipvsadm -a -t 10.0.0.100:80 -r 192.168.32.17 -g -w 1
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "Usage: $(basename $0) start|stop"
ifconfig $iface $vip netmask $mask #broadcast $vip up
ipvsadm -A -t ${vip}:${port} -s $scheduler
ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1
ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1
echo "Usage $(basename $0) start|stop“
給RS1、RS2安裝mod_ssl,有簡單的自簽名證書,形成https協議,重啟httpd服務後生成443埠
貼防火牆標籤,使得訪問10.0.0.100埠80和443的,都將貼上標籤10埠
iptables -t mangle -A PREROUTING -d 10.0.0.100 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 10
ipvsadm -a -f 10 -r 192.168.32.7 -g
ipvsadm -a -f 10 -r 192.168.32.17 -g
ipvsadm -E -f 10 -s rr -p,-p不指定時間預設360秒
在LVS伺服器輸入命令,curl http://192.168.32.17 &> /dev/null || ipvsadm -d -f 10 -r 192.168.32.17,當檢測到該RS伺服器down掉時會自動刪除指向該主機的lvs策略,使LVS不用再指向down掉的伺服器
此時應該做一個sorry sever,我們可以用LVS伺服器當sorry server,給lvs安裝httpd,開啟httpd服務,echo 'Sorry Server' > /var/www/html/index.thml
cp /usr/share/doc/ldirectord-3.9.6/ldirectord.cf /etc/ha.d/
vim /etc/ha.d/ldirectord-3.9.6/ldirectord.cf
設定好後systemctl start ldirectord.service