LVS-DR模式单网段和多网段案例实现

1 实验环境：

• 一台：客户端 eth0:仅主机 192.168.10.8/24 GW:192.168.10.18
• 一台：ROUTER
  eth0 :NAT 192.168.100.18/24
  eth1: 仅主机 192.168.10.18/24
  启用 IP_FORWARD
• 一台：LVS
  eth0:NAT:DIP:192.168.100.48/24 GW:192.168.100.18
• 两台RS：
  RS1：eth0:NAT:192.168.100.28/24 GW:192.168.100.18
  RS2：eth0:NAT:192.168.100.38/24 GW:192.168.100.18

2 环境配置

• 所有主机禁用iptables和SELinux

2.1 internet主机环境

[root@internet ~]# hostname -I
192.168.10.8 
[root@internet ~]# ping 192.168.10.18 -c1
PING 192.168.10.18 (192.168.10.18) 56(84) bytes of data.
64 bytes from 192.168.10.18: icmp_seq=1 ttl=64 time=0.364 ms

--- 192.168.10.18 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.364/0.364/0.364/0.000 ms
1
2
3
4
5
6
7
8
9

2.2 router主机环境

[root@router ~]#echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf 
[root@router ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@router network-scripts]#pwd
/etc/sysconfig/network-scripts
[root@router network-scripts]#cat ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.100.18
PREFIX=24
ONBOOT=yes
[root@router network-scripts]#cat ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=192.168.10.18
PREFIX=24
ONBOOT=yes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

2.3 RS1主机环境

[root@rs1 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.100.28
PREFIX=24
GATEWAY=192.168.100.18
ONBOOT=yes
[root@rs1 ~]# route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.18  0.0.0.0         UG    100    0        0 eth0
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0
1
2
3
4
5
6
7
8
9
10
11
12
13

• DR模型中各主机上均需要配置VIP，解决地址冲突的方式有三种：
  (1) 在前端网关做静态绑定
  (2) 在各RS使用arptables
  (3) 在各RS修改内核参数，来限制arp响应和通告的级别
• 限制响应级别：arp_ignore
  0：默认值，表示可使用本地任意接口上配置的任意地址进行响应
  1：仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时，才给予响应
• 限制通告级别：arp_announce
  0：默认值，把本机所有接口的所有信息向每个接口的网络进行通告
  1：尽量避免将接口信息向非直接连接网络进行通告
  2：必须避免将接口信息向非本网络进行通告
• 解决冲突：

[root@rs1 ~]#echo 1 >   /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]#echo 2 >   /proc/sys/net/ipv4/conf/all/arp_announce 
[root@rs1 ~]#echo 1 >   /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]#echo 2 >   /proc/sys/net/ipv4/conf/lo/arp_announce 
1
2
3
4

• 给回环网卡绑定VIP

[root@rs1 ~]#ifconfig lo:1 192.168.100.88/32
1

[root@rs1 ~]# ip a
1: lo: ,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.100.88/0 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: ,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:56:31:25:f8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.28/24 brd 192.168.100.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::426d:cb05:9dd9:4a7d/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

• 安装httpd方便验证

[root@rs1 ~]#yum -y install httpd
[root@rs1 ~]#systemctl enable --now httpd 
[root@rs1 ~]#hostname -I > /var/www/html/index.html
1
2
3

2.3 RS1主机环境

[root@rs2 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.100.38
PREFIX=24
GATEWAY=192.168.100.18
ONBOOT=yes
[root@rs2 ~]# route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.18  0.0.0.0         UG    100    0        0 eth0
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0
1
2
3
4
5
6
7
8
9
10
11
12
13

• 解决冲突：

[root@rs2 ~]#echo 1 >   /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]#echo 2 >   /proc/sys/net/ipv4/conf/all/arp_announce 
[root@rs2 ~]#echo 1 >   /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]#echo 2 >   /proc/sys/net/ipv4/conf/lo/arp_announce 
1
2
3
4

• 给回环网卡绑定VIP

[root@rs2 ~]#ifconfig lo:1 192.168.100.88/32
1

[root@rs2 ~]# ip a
1: lo: ,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.100.88/0 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: ,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:56:37:1d:82 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.38/24 brd 192.168.100.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::991:8f93:2834:ffdb/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

• 安装httpd方便验证

[root@rs2 ~]#yum -y install httpd
[root@rs2 ~]#systemctl enable --now httpd 
[root@rs2 ~]#hostname -I > /var/www/html/index.html
1
2
3

2.5 LVS主机的配置

• 安装ipvsadm

[root@lvs ~]#dnf -y install ipvsadm
1

• 在LVS上添加VIP

[root@lvs ~]#ifconfig lo:1 192.168.100.88/32
[root@lvs ~]#ip a
1: lo: ,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.100.88/0 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: ,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:56:28:0b:96 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.48/24 brd 192.168.100.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::e9a7:4bf4:23c5:2e73/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

• 实现LVS 规则

root@lvs ~]#ipvsadm -A -t 192.168.100.88:80 -s rr
[root@lvs ~]#ipvsadm -a -t 192.168.100.88 -r 192.168.100.28:80 -g 
[root@lvs ~]#ipvsadm -a -t 192.168.100.88 -r 192.168.100.38:80 -g 
[root@lvs ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.88:80 rr
  -> 192.168.100.28:80            Route   1      0          0         
  -> 192.168.100.38:80            Route   1      0          0 
1
2
3
4
5
6
7
8
9
10

3 测试访问

[root@internet ~]# curl 192.168.100.88
192.168.100.28 
[root@internet ~]# curl 192.168.100.88
192.168.100.38 
[root@internet ~]# curl 192.168.100.88
192.168.100.28 
[root@internet ~]# curl 192.168.100.88
192.168.100.38 
[root@internet ~]# curl 192.168.100.88
192.168.100.28 
[root@internet ~]# curl 192.168.100.88
192.168.100.38 
1
2
3
4
5
6
7
8
9
10
11
12

4 LVS-DR模式多网段案例实现

4.1 主机环境配置

• internet主机的网络配置和单网段一样

[root@internet ~]#hostname -I
192.168.10.8
1
2

• router的网络配置在单网段基础上添加172.16.0.100/24的地址

[root@router ~]#ip addr add 172.16.0.100/24 dev eth0
[root@router ~]#ip a
1: lo: ,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: ,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:4f:0e:09 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.18/24 brd 192.168.100.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 172.16.0.8/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::e1d3:ec00:24bd:f6ed/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: ,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:4f:0e:13 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.18/24 brd 192.168.10.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::379e:9a2b:e54a:6119/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@router ~]# hostname -I
192.168.100.18 172.16.0.8 192.168.10.18 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

• LVS主机的配置在单网段基础上重启删除临时回环网卡vip192.168.100.88，同时也会初始化内核参数，运行脚本lvs_dr_vs.sh

[root@lvs ~]#bash lvs_dr_vs.sh start
The VS Server is Ready!
1
2

[root@lvs ~]# cat lvs_dr_vs.sh
#!/bin/bash
vip='172.16.0.100'
iface='lo:1'
mask='255.255.255.255'
port='80'
rs1='192.168.100.28'
rs2='192.168.100.38'
scheduler='wrr'
type='-g'
rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/null

case $1 in
start)
    ifconfig $iface $vip netmask $mask #broadcast $vip up
    iptables -F
 
    ipvsadm -A -t ${vip}:${port} -s $scheduler
    ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1
    ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1
    echo "The VS Server is Ready!"
    ;;
stop)
    ipvsadm -C
    ifconfig $iface down
    echo "The VS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

• RS主机的配置在单网段基础上 重启删除临时回环网卡vip192.168.100.88,在RS后端服务器运行的脚本lvs_dr_rs.sh ，使用以下脚本代替命令的输入

[root@rs1 ~]#cat lvs_dr_rs.sh 
#!/bin/bash
vip=172.16.0.100
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask 
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*) 
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

[root@rs1 ~]# bash lvs_dr_rs.sh start 
The RS Server is Ready!
[root@rs2 ~]# bash lvs_dr_rs.sh start 
The RS Server is Ready!
1
2
3
4

4.2 测试访问

[root@internet ~]# curl 172.16.0.100
rs2 192.168.100.38 
[root@internet ~]# curl 172.16.0.100
rs1 192.168.100.28 
[root@internet ~]# curl 172.16.0.100
rs2 192.168.100.38 
[root@internet ~]# curl 172.16.0.100
rs1 192.168.100.28 
[root@internet ~]# curl 172.16.0.100
rs2 192.168.100.38 
[root@internet ~]# curl 172.16.0.100
rs1 192.168.100.28 
[root@internet ~]# curl 172.16.0.100
rs2 192.168.100.38 
1
2
3
4
5
6
7
8
9
10
11
12
13
14