LVS

一、nat模式

1.角色

主机名	ip地址	功能
web01	192.168.2.101	rs
web02	192.168.2.102	realservee
nat	内网:192.168.2.103 外网:192.168.2.120	directorserver,ntp
dns	192.168.2.105	dns

2..web服务器

[root@web01 ~]# yum -y install nginx
​
[root@web01 ~]# echo "web===01" > /usr/share/nginx/html/index.html
[root@web01 ~]# nginx

[root@web02 ~]# yum -y install nginx
​
[root@web02 ~]# echo "web===02" > /usr/share/nginx/html/index.html
[root@web02 ~]# nginx

2.nat

配置两个网卡和两个ip地址，一个对内ip，一个对外ip

内网：192.168.2.103

外网：192.168.2.120

3.dns：192.168.2.105

[root@localhost ~]# yum -y install bind
​
[root@localhost ~]# vim /etc/named.conf
​
options {
        listen-on port 53 { 127.0.0.1;any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost;any;};
​
​
​
[root@localhost ~]# vim /etc/named.rfc1912.zones 
​
zone "haha" IN {
        type master;
        file "haha.zone";
        allow-update { none; };
};
​
​
​
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# ll
总用量 16
drwxrwx---. 2 named named    6 6月  11 22:40 data
drwxrwx---. 2 named named    6 6月  11 22:40 dynamic
-rw-r-----. 1 root  named 2253 4月   5 2018 named.ca
-rw-r-----. 1 root  named  152 12月 15 2009 named.empty
-rw-r-----. 1 root  named  152 6月  21 2007 named.localhost
-rw-r-----. 1 root  named  168 12月 15 2009 named.loopback
drwxrwx---. 2 named named    6 6月  11 22:40 slaves
[root@localhost named]# cp -p named.localhost haha.zone
​
[root@localhost named]# vim haha.zone
​
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
        AAAA    ::1
nat     A       192.168.2.103
ds      A       192.168.2.120
web01   A       192.168.2.101
web02   A       192.168.2.102
​
检查文件
​
[root@localhost named]# named-checkconf /etc/named.conf
[root@localhost named]# named-checkconf /etc/named.rfc1912.zones 
[root@localhost named]# named-checkzone haha.zone haha.zone
zone haha.zone/IN: loaded serial 0
OK
[root@localhost named]# systemctl start named
[root@localhost named]# systemctl enable named

4.客户端

将配置DNS服务的IP重定向到/etc/resolv中
​
[root@client ~]# echo "nameserver 192.168.2.105" > /etc/resolv
​
[root@client ~]# ping nat.haha
PING nat.haha (192.168.2.103) 56(84) bytes of data.
64 bytes from 192.168.2.103 (192.168.2.103): icmp_seq=1 ttl=64 time=0.216 ms
64 bytes from 192.168.2.103 (192.168.2.103): icmp_seq=2 ttl=64 time=0.624 ms
^C
--- nat.haha ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.216/0.420/0.624/0.204 ms
[root@client ~]# ping ds.haha
PING ds.haha (192.168.2.120) 56(84) bytes of data.
64 bytes from 192.168.2.120 (192.168.2.120): icmp_seq=1 ttl=64 time=0.445 ms
64 bytes from 192.168.2.120 (192.168.2.120): icmp_seq=2 ttl=64 time=0.408 ms
^C
--- ds.haha ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.408/0.426/0.445/0.027 ms

5.nat：设置时间同步服务器

[root@nat ~]# yum -y install ntpdate.x86_64 
​
[root@nat ~]# crontab -e
​
* 2 * * * /usr/sbin/ntpdate cn.ntp.org.cn
​
[root@nat ~]# systemctl start ntpdate.service 
[root@nat ~]# systemctl enable ntpdate.service 

6.dns：设置时间同步

[root@dns ~]# crontab -e
​
30 3 * * * /usr/sbin/ntpdate 192.168.2.103（时间服务器的地址）

7.web01

[root@web01 ~]# crontab -e
​
30 3 * * * /usr/sbin/ntpdate 192.168.2.103（时间服务器的地址）

8.web02

[root@web02 ~]# crontab -e
​
30 3 * * * /usr/sbin/ntpdate 192.168.2.103（时间服务器的地址）

9.nat

[root@nat ~]# yum -y install ipvsadm.x86_64 
​
# 添加规则
[root@nat ~]# #如果配置好规则，重启之后也就没有了
[root@nat ~]# ipvsadm -A -t 192.168.2.120:80 -s rr
[root@nat ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.2.120:80 rr
# 为realserver添加规则
[root@nat ~]# ipvsadm -a -t 192.168.2.120:80 -r 192.168.2.101 -m
[root@nat ~]# ipvsadm -a -t 192.168.2.120:80 -r 192.168.2.102 -m
[root@nat ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.2.120:80 rr
  -> 192.168.2.101:80             Masq    1      0          0         
  -> 192.168.2.102:80             Masq    1      0          0         

浏览器：192.2168.120（外网地址）

ip转发

# ip转发
[root@nat ~]# vim /etc/sysctl.conf
# 添加内容
net.ipv4.ip_forward=1
​
[root@nat ~]# sysctl -p
net.ipv4.ip_forward = 1

10.web01

临时修改网关
​
[root@web01 ~]# route del default
[root@web01 ~]# route add default gw 192.168.2.103（nat的内网地址(dip)）
# 这也要求了真实主机（rs.ip）和dip要在同一个网关，因为dip是要作为网关存在的

11.web02

[root@web02 ~]# route del default
[root@web02 ~]# route add default gw 192.168.2.103（nat的内网地址(dip)）

12.脚本

# ds脚本
#!/bin/bash
 #配置网卡
echo TYPE="Ethernet" >> /etc/sysconfig/network
scripts/ifcfg-ens36
 echo BOOTPROTO="none" >> /etc/sysconfig/network
scripts/ifcfg-ens36
 read -p "router name:" router_name
 echo NAME='"$rount_name"' >> /etc/sysconfig/network
scripts/ifcfg-ens36
 uuidkey=$( uuidgen )
echo UUID='"$uuidkey"' >> /etc/sysconfig/network
scripts/ifcfg-ens36 >> /etc/sysconfig/network
scripts/ifcfg-ens36
 echo DEVICE='"$rount_name"' >> /etc/sysconfig/network
scripts/ifcfg-ens36
 echo ONBOOT="yes" >> /etc/sysconfig/network-scripts/ifcfg
ens36
 echo IPADDR=192.168.10.100 >> /etc/sysconfig/network
scripts/ifcfg-ens36
 systemctl restart network
 #安装ipvsadm
 yum list installed|grep ipvsadm
 if[ $? -ne 0 ];then
 yum -y install ipvsadm
 fi
 #配置规则
read -p "vip:" vip
 read -p "port:" port
 read -p "rule:" s
 ipvsadm -A -t $vip:$port -s $s
 # ip forward
 echo "net.ipv4.ip_forward=1" >/etc/sysctl.conf
 sysctl -p

 # rs脚本
#!/bin/bash
 read -p "dip:" dip
 # 设置网关
route del default
 route add defualt gw $dip

二、DR模式

1.性能更优，贿赂不在经过ds

2.ds和rs为了保证用户响应，都要求配置统一的vip

3.1由于rs是直接响应client，网关不能设置为ds的dip

4.对rs的vip进行抑制，让ds的vip接收请求，rs的vip不接受请求

1.在ds的ens33上挂一个vip 192.168.2.121

[root@ds ~]# ifconfig ens33:0 192.168.2.121 broadcast 192.168.2.121 netmask 255.255.255.255 up
[root@ds ~]# route add -host 192.168.2.121 dev ens33:0
​
# 192.168.2.106 dip
# 192.168.2.121 vip 在rs上的vip和这个vip相同

2.设置规范

# 安装ipvsadm
yum -y install ipvsadm
​
# 清空规则
ipvsadm -C
​
# 设置规则
ipvsadm -A -t 192.168.2.121:80 -s rr
​
ipvsadm -a -t 192.168.2.121:80 -r 192.168.2.101 -g
ipvsadm -a -t 192.168.2.121:80 -r 192.168.2.102 -g
​
#rs不再需要指定端口，dr不支持端口映射，vip上是80端口，最终就是80端口

3.web01：绑定vip

[root@web01 ~]# ##在lo上绑定一个vip 192.168.2.121
[root@web01 ~]# ifconfig lo:0 192.168.2.121 broadcast 192.168.2.121 netmask 255.255.255.255 up
[root@web01 ~]# #配置主机路由
[root@web01 ~]# route add -host 192.168.2.121 dev lo:0
# 抑制rs的vip接受请求
[root@web01 ~]# vim arp.sh
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@web01 ~]# source arp.sh
​
​
#生成脚本，对web02使用
[root@web01 ~]# vim arp.sh
ifconfig lo:0 192.168.2.121 broadcast 192.168.2.121 netmask 255.255.255.255 up
route add -host 192.168.2.121 dev lo:0
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
​
[root@web01 ~]# source arp.sh

4.web02：绑定vip

[root@web01 ~]# vim arp.sh
ifconfig lo:0 192.168.2.121 broadcast 192.168.2.121 netmask 255.255.255.255 up
route add -host 192.168.2.121 dev lo:0
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
​
[root@web01 ~]# source arp.sh

5.浏览器访问：192.168.2.121

6.在ds上查看数据

[root@ds ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  192.168.2.121:80                    2       71        0    19680        0
  -> 192.168.2.101:80                    1        4        0      173        0
  -> 192.168.2.102:80                    1       67        0    19507        0
​

7.DR模式脚本

ds脚本

#!/bin/bash
 #在ens33上挂载一个ip地址
read -p "vip:" vip
 read -p "mac:" mac
 read -p "num" num
 ifconfig $mac:$num $vip broadcast $vip netmask 
255.255.255.255
 # 主机路由
route add -host $vip dev $mac:$num
#安装ipvsadm
 yum list installed|grep ipvsadm
 if [ $? -ne 0 ] ; then
 yum -y install ipvsadm
 fi
 #配置规则（不需要设置ip_forword）
ipvsadm -C
 read -p "rule:" rule
 read -p "port:" port
 ipvsadm -A -t $vip:$port -s $rule
 read -p "rip1:" rip1
 ipvsadm -a -t $vip:$port -r $rip1 -g
 read -p "rip2:" rip2
 ipvsadm -a -t $vip:$port -r $rip2 -g

rs脚本

#!/bin/bash
 #在ens33上挂载一个ip地址
read -p "vip:" vip
 read -p "mac:" mac
 read -p "num" num
 ifconfig $mac:$num $vip broadcast $vip netmask 
255.255.255.255
 # 主机路由
route add -host $vip dev $mac:$num
 echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
 echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
 echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
 echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce