NAT模式
环境设置
网络配置
LVS主机
#自制脚本设置网络与域名[root@vsnode ~]# vmset.sh eth0 172.25.254.100 vsnode#开启内核路由功能[root@vsnode ~]# sysctl -a | grep ip_forwardnet.ipv4.ip_forward=0net.ipv4.ip_forward_update_priority=1net.ipv4.ip_forward_use_pmtu=0[root@vsnode ~]# echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf[root@vsnode ~]# sysctl -pnet.ipv4.ip_forward=1RS1
[root@RS1 ~]# vmset.sh eth0 192.168.0.10 RS1[root@RS1 ~]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100[root@RS1 ~]# nmcli connection reload[root@RS1 ~]# nmcli connection up eth0RS2
[root@RS2 ~]# vmset.sh eth0 192.168.0.20 RS2[root@RS2 ~]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100[root@RS2 ~]# nmcli connection reload[root@RS2 ~]# nmcli connection up eth0RS部署业务
[root@RS1 ~]# dnf install httpd -y[root@RS1 ~]# echo RS1 - 192.168.0.10 > /var/www/html/index.html[root@RS1 ~]# systemctl enable --now httpd#测试[root@RS1 ~]# curl 192.168.0.10RS1 -192.168.0.10[root@RS2 ~]# dnf install httpd -y[root@RS2 ~]# echo RS2 - 192.168.0.20 > /var/www/html/index.html[root@RS2 ~]# systemctl enable --now httpd#测试[root@RS2 ~]# curl 192.168.0.20RS2 -192.168.0.20部署LVS
安装LVS
[root@vsnode ~]# dnf install ipvsadm -y添加规则
[root@vsnode ~]# ipvsadm -A -t 172.25.254.100:80 -s rr[root@vsnode ~]# ipvsadm -E -t 172.25.254.100:80 -s wrr#-m 是nat模式[root@vsnode ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.10:80 -m -w 1[root@vsnode ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.20:80 -m -w 1[root@vsnode ~]# for i in {1..10};do curl 172.25.254.100;doneRS2 -192.168.0.20 RS1 -192.168.0.10 RS2 -192.168.0.20 RS1 -192.168.0.10 RS2 -192.168.0.20 RS1 -192.168.0.10 RS2 -192.168.0.20 RS1 -192.168.0.10 RS2 -192.168.0.20 RS1 -192.168.0.10[root@vsnode ~]# ipvsadm -e -t 172.25.254.100:80 -r 192.168.0.10:80 -m -w 2[root@vsnode ~]# for i in {1..10};do curl 172.25.254.100;doneRS2 -192.168.0.20 RS1 -192.168.0.10 RS1 -192.168.0.10 RS2 -192.168.0.20 RS1 -192.168.0.10 RS1 -192.168.0.10 RS2 -192.168.0.20 RS1 -192.168.0.10 RS1 -192.168.0.10 RS2 -192.168.0.20规则持久化
将规则保存在自定义的文件中
[root@vsnode ~]# ipvsadm-save -n > /mnt/ipvs.rule[root@vsnode ~]# cat /mnt/ipvs.rule-A -t172.25.254.100:80 -s wrr -a -t172.25.254.100:80 -r192.168.0.10:80 -m -w2-a -t172.25.254.100:80 -r192.168.0.20:80 -m -w1[root@vsnode ~]# ipvsadm -C #清空规则[root@vsnode ~]# ipvsadm-restore < /mnt/ipvs.rule #从文件中重载规则#可以再开启一个shell使用watch命令来监控更直观查看效果[root@vsnode ~]# watch -n1 "ipvsadm -Ln"利用守护进程进行规则持久化
要想规则重启后还要存在不手动导入,就需要将规则保存在/etc/sysconfig/ipvsadm
[root@vsnode ~]# ipvsadm-save -n > /etc/sysconfig/ipvsadm[root@vsnode ~]# ipvsadm -C[root@vsnode ~]# systemctl enable --now ipvsadm#开启守护进程后重启后会根据/etc/sysconfig/ipvsadm的规则自动导入DR模式
环境设置与部署
#在路由器中[root@router ~]# systemctl disable --now ipvsadm.serviceRemoved"/etc/systemd/system/multi-user.target.wants/ipvsadm.service".[root@router ~]# ipvsadm -C#在路由器中[root@router ~]# vmset.sh eth0 172.25.254.100 vsnode[root@router ~]# vmset.sh eth1 192.168.0.100 vsnode noroute、#设定内核路由功能[root@router ~]# echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf[root@router ~]# sysctl -pnet.ipv4.ip_forward=1#数据转发策略[root@router ~]# iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.0.100[root@vsnode ~]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 172.25.254.100#vsnode 调度器 [root@vsnode ~]# vmset.sh eth0 192.168.0.200 vsnode noroute [root@vsnode ~]# vim /etc/NetworkManager/system-connections/eth0.nmconnection [connection] id=eth0 type=ethernet interface-name=eth0 [ipv4] method=manual address1=192.168.0.200/24,192.168.0.100 address2=192.168.0.50/24 #检测 root@vsnode system-connections]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 [root@vsnode system-connections]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:41:e5:8b brd ff:ff:ff:ff:ff:ff altname enp3s0 altname ens160 inet 192.168.0.200/24 brd 192.168.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet 192.168.0.50/24 brd 192.168.0.255 scope global secondary noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::e40:8975:6b9:fea8/64 scope link noprefixroute valid_lft forever preferred_lft forever#客户端[root@client ~]# vmset.sh eth0 172.25.254.99 client连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/4)2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdisc mq state UP group default qlen1000link/ether 00:0c:29:e5:75:af brd ff:ff:ff:ff:ff:ff altname enp3s0 altname ens160 inet172.25.254.99/24 brd172.25.254.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fee5:75af/64 scopelinktentative noprefixroute valid_lft forever preferred_lft forever client#检测[root@client ~]# ping 192.168.0.200PING192.168.0.200(192.168.0.200)56(84)比特的数据。64比特,来自192.168.0.200:icmp_seq=1ttl=128时间=1.08毫秒#RS1[root@RS1 ~]# vmset.sh eth0 192.168.0.10 RS1 noroute[root@RS1 ~]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100[root@RS1 ~]# nmcli connection reload[root@RS1 ~]# nmcli connection up eth0[root@RS1 ~]# route -nKernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0192.168.0.1000.0.0.0 UG10000eth0192.168.0.00.0.0.0255.255.255.0 U10000eth0#在lo上设定vip[root@RS1 ~]# cd /etc/NetworkManager/system-connections/[root@RS1 system-connections]# cp -p eth0.nmconnection lo.nmconnection[root@RS1 system-connections]# vim lo.nmconnection[connection]id=lotype=loopback interface-name=lo[ethernet][ipv4]address1=127.0.0.1/8address2=192.168.0.200/32method=manual[root@RS1 system-connections]# nmcli connection reload[root@RS1 system-connections]# nmcli connection up lo连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/6)[root@RS1 system-connections]# ip a1: lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdisc noqueue state UNKNOWN group default qlen1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet127.0.0.1/8 scopehostlo valid_lft forever preferred_lft forever inet192.168.0.200/32 scope global lo valid_lft forever preferred_lft forever inet6 ::1/128 scopehostvalid_lft forever preferred_lft forever#arp禁止响应[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce#RS2[root@RS2 ~]# vmset.sh eth0 192.168.0.20 RS2 noroute[root@RS2 ~]# nmcli connection modify eth0 ipv4.gateway 192.168.0.100[root@RS2 ~]# nmcli connection reload[root@RS2 ~]# nmcli connection up eth0[root@RS2 ~]# route -nKernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0192.168.0.1000.0.0.0 UG10000eth0192.168.0.00.0.0.0255.255.255.0 U10000eth0#在lo上设定vip[root@RS2 ~]# cd /etc/NetworkManager/system-connections/[root@RS2 system-connections]# cp -p eth0.nmconnection lo.nmconnection[root@RS2 system-connections]# vim lo.nmconnection[connection]id=lotype=loopback interface-name=lo[ethernet][ipv4]address1=127.0.0.1/8address2=192.168.0.200/32method=manual[root@RS2 system-connections]# nmcli connection reload[root@RS2 system-connections]# nmcli connection up lo连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/6)[root@RS2 system-connections]# ip a1: lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdisc noqueue state UNKNOWN group default qlen1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet127.0.0.1/8 scopehostlo valid_lft forever preferred_lft forever inet192.168.0.200/32 scope global lo valid_lft forever preferred_lft forever inet6 ::1/128 scopehostvalid_lft forever preferred_lft forever#arp禁止响应[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
