8.13-LVS的nat模式+DR模式

LVS

一、nat模式

1.角色

主机名	ip地址	功能
web01	192.168.2.101	rs
web02	192.168.2.102	realservee
nat	内网:192.168.2.103 外网:192.168.2.120	directorserver,ntp
dns	192.168.2.105	dns

2..web服务器

[root@web01 ~]# yum -y install nginx

[root@web01 ~]# echo "web===01" > /usr/share/nginx/html/index.html
[root@web01 ~]# nginx

[root@web02 ~]# yum -y install nginx

[root@web02 ~]# echo "web===02" > /usr/share/nginx/html/index.html
[root@web02 ~]# nginx

2.nat

配置两个网卡和两个ip地址，一个对内ip，一个对外ip

内网：192.168.2.103

外网：192.168.2.120

3.dns：192.168.2.105

[root@localhost ~]# yum -y install bind

[root@localhost ~]# vim /etc/named.conf

options {listen-on port 53 { 127.0.0.1;any; };listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { localhost;any;};



[root@localhost ~]# vim /etc/named.rfc1912.zones 

zone "haha" IN {type master;file "haha.zone";allow-update { none; };
};



[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# ll
总用量 16
drwxrwx---. 2 named named    6 6月  11 22:40 data
drwxrwx---. 2 named named    6 6月  11 22:40 dynamic
-rw-r-----. 1 root  named 2253 4月   5 2018 named.ca
-rw-r-----. 1 root  named  152 12月 15 2009 named.empty
-rw-r-----. 1 root  named  152 6月  21 2007 named.localhost
-rw-r-----. 1 root  named  168 12月 15 2009 named.loopback
drwxrwx---. 2 named named    6 6月  11 22:40 slaves
[root@localhost named]# cp -p named.localhost haha.zone

[root@localhost named]# vim haha.zone

$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      @A       127.0.0.1AAAA    ::1
nat     A       192.168.2.103
ds      A       192.168.2.120
web01   A       192.168.2.101
web02   A       192.168.2.102

检查文件

[root@localhost named]# named-checkconf /etc/named.conf
[root@localhost named]# named-checkconf /etc/named.rfc1912.zones 
[root@localhost named]# named-checkzone haha.zone haha.zone
zone haha.zone/IN: loaded serial 0
OK
[root@localhost named]# systemctl start named
[root@localhost named]# systemctl enable named

4.客户端

将配置DNS服务的IP重定向到/etc/resolv中

[root@client ~]# echo "nameserver 192.168.2.105" > /etc/resolv

[root@client ~]# ping nat.haha
PING nat.haha (192.168.2.103) 56(84) bytes of data.
64 bytes from 192.168.2.103 (192.168.2.103): icmp_seq=1 ttl=64 time=0.216 ms
64 bytes from 192.168.2.103 (192.168.2.103): icmp_seq=2 ttl=64 time=0.624 ms
^C
--- nat.haha ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.216/0.420/0.624/0.204 ms
[root@client ~]# ping ds.haha
PING ds.haha (192.168.2.120) 56(84) bytes of data.
64 bytes from 192.168.2.120 (192.168.2.120): icmp_seq=1 ttl=64 time=0.445 ms
64 bytes from 192.168.2.120 (192.168.2.120): icmp_seq=2 ttl=64 time=0.408 ms
^C
--- ds.haha ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.408/0.426/0.445/0.027 ms

5.nat：设置时间同步服务器

[root@nat ~]# yum -y install ntpdate.x86_64 

[root@nat ~]# crontab -e

* 2 * * * /usr/sbin/ntpdate cn.ntp.org.cn

[root@nat ~]# systemctl start ntpdate.service 
[root@nat ~]# systemctl enable ntpdate.service

6.dns：设置时间同步

[root@dns ~]# crontab -e

30 3 * * * /usr/sbin/ntpdate 192.168.2.103（时间服务器的地址）

7.web01

[root@web01 ~]# crontab -e

30 3 * * * /usr/sbin/ntpdate 192.168.2.103（时间服务器的地址）

8.web02

[root@web02 ~]# crontab -e

30 3 * * * /usr/sbin/ntpdate 192.168.2.103（时间服务器的地址）

9.nat

[root@nat ~]# yum -y install ipvsadm.x86_64 

# 添加规则
[root@nat ~]# #如果配置好规则，重启之后也就没有了
[root@nat ~]# ipvsadm -A -t 192.168.2.120:80 -s rr
[root@nat ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.2.120:80 rr
# 为realserver添加规则
[root@nat ~]# ipvsadm -a -t 192.168.2.120:80 -r 192.168.2.101 -m
[root@nat ~]# ipvsadm -a -t 192.168.2.120:80 -r 192.168.2.102 -m
[root@nat ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.2.120:80 rr-> 192.168.2.101:80             Masq    1      0          0         -> 192.168.2.102:80             Masq    1      0          0

浏览器：192.2168.120（外网地址）

ip转发

# ip转发
[root@nat ~]# vim /etc/sysctl.conf
# 添加内容
net.ipv4.ip_forward=1

[root@nat ~]# sysctl -p
net.ipv4.ip_forward = 1

10.web01

临时修改网关

[root@web01 ~]# route del default
[root@web01 ~]# route add default gw 192.168.2.103（nat的内网地址(dip)）
# 这也要求了真实主机（rs.ip）和dip要在同一个网关，因为dip是要作为网关存在的

11.web02

[root@web02 ~]# route del default
[root@web02 ~]# route add default gw 192.168.2.103（nat的内网地址(dip)）

12.脚本

# ds脚本
#!/bin/bash#配置网卡
echo TYPE="Ethernet" >> /etc/sysconfig/network
scripts/ifcfg-ens36echo BOOTPROTO="none" >> /etc/sysconfig/network
scripts/ifcfg-ens36read -p "router name:" router_nameecho NAME='"$rount_name"' >> /etc/sysconfig/network
scripts/ifcfg-ens36uuidkey=$( uuidgen )
echo UUID='"$uuidkey"' >> /etc/sysconfig/network
scripts/ifcfg-ens36 >> /etc/sysconfig/network
scripts/ifcfg-ens36echo DEVICE='"$rount_name"' >> /etc/sysconfig/network
scripts/ifcfg-ens36echo ONBOOT="yes" >> /etc/sysconfig/network-scripts/ifcfg
ens36echo IPADDR=192.168.10.100 >> /etc/sysconfig/network
scripts/ifcfg-ens36systemctl restart network#安装ipvsadmyum list installed|grep ipvsadmif[ $? -ne 0 ];thenyum -y install ipvsadmfi#配置规则
read -p "vip:" vipread -p "port:" portread -p "rule:" sipvsadm -A -t $vip:$port -s $s# ip forwardecho "net.ipv4.ip_forward=1" >/etc/sysctl.confsysctl -p

 # rs脚本
#!/bin/bashread -p "dip:" dip# 设置网关
route del defaultroute add defualt gw $dip

二、DR模式

1.性能更优，贿赂不在经过ds

2.ds和rs为了保证用户响应，都要求配置统一的vip

3.1由于rs是直接响应client，网关不能设置为ds的dip

4.对rs的vip进行抑制，让ds的vip接收请求，rs的vip不接受请求

1.在ds的ens33上挂一个vip 192.168.2.121

[root@ds ~]# ifconfig ens33:0 192.168.2.121 broadcast 192.168.2.121 netmask 255.255.255.255 up
[root@ds ~]# route add -host 192.168.2.121 dev ens33:0

# 192.168.2.106 dip
# 192.168.2.121 vip 在rs上的vip和这个vip相同

2.设置规范

# 安装ipvsadm
yum -y install ipvsadm

# 清空规则
ipvsadm -C

# 设置规则
ipvsadm -A -t 192.168.2.121:80 -s rr

ipvsadm -a -t 192.168.2.121:80 -r 192.168.2.101 -g
ipvsadm -a -t 192.168.2.121:80 -r 192.168.2.102 -g

#rs不再需要指定端口，dr不支持端口映射，vip上是80端口，最终就是80端口

3.web01：绑定vip

[root@web01 ~]# ##在lo上绑定一个vip 192.168.2.121
[root@web01 ~]# ifconfig lo:0 192.168.2.121 broadcast 192.168.2.121 netmask 255.255.255.255 up
[root@web01 ~]# #配置主机路由
[root@web01 ~]# route add -host 192.168.2.121 dev lo:0
# 抑制rs的vip接受请求
[root@web01 ~]# vim arp.sh
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@web01 ~]# source arp.sh


#生成脚本，对web02使用
[root@web01 ~]# vim arp.sh
ifconfig lo:0 192.168.2.121 broadcast 192.168.2.121 netmask 255.255.255.255 up
route add -host 192.168.2.121 dev lo:0
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

[root@web01 ~]# source arp.sh

4.web02：绑定vip

[root@web01 ~]# vim arp.sh
ifconfig lo:0 192.168.2.121 broadcast 192.168.2.121 netmask 255.255.255.255 up
route add -host 192.168.2.121 dev lo:0
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

[root@web01 ~]# source arp.sh

5.浏览器访问：192.168.2.121

6.在ds上查看数据

[root@ds ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes-> RemoteAddress:Port
TCP  192.168.2.121:80                    2       71        0    19680        0-> 192.168.2.101:80                    1        4        0      173        0-> 192.168.2.102:80                    1       67        0    19507        0

7.DR模式脚本

ds脚本

#!/bin/bash#在ens33上挂载一个ip地址
read -p "vip:" vipread -p "mac:" macread -p "num" numifconfig $mac:$num $vip broadcast $vip netmask 
255.255.255.255# 主机路由
route add -host $vip dev $mac:$num
#安装ipvsadmyum list installed|grep ipvsadmif [ $? -ne 0 ] ; thenyum -y install ipvsadmfi#配置规则（不需要设置ip_forword）
ipvsadm -Cread -p "rule:" ruleread -p "port:" portipvsadm -A -t $vip:$port -s $ruleread -p "rip1:" rip1ipvsadm -a -t $vip:$port -r $rip1 -gread -p "rip2:" rip2ipvsadm -a -t $vip:$port -r $rip2 -g

rs脚本

#!/bin/bash#在ens33上挂载一个ip地址
read -p "vip:" vipread -p "mac:" macread -p "num" numifconfig $mac:$num $vip broadcast $vip netmask 
255.255.255.255# 主机路由
route add -host $vip dev $mac:$numecho 1 > /proc/sys/net/ipv4/conf/lo/arp_ignoreecho 2 > /proc/sys/net/ipv4/conf/lo/arp_announceecho 1 > /proc/sys/net/ipv4/conf/all/arp_ignoreecho 2 > /proc/sys/net/ipv4/conf/all/arp_announce