LVS NAT模式实战案例
概论
LVS介绍以及NTA模式介绍可以看我的这篇博客:
LVS实战案例
主机IP地址划分
此实验用到四台服务器具体角色如下:
| 序号 | 角色名 | IP | 网关 | 备注 |
|---|---|---|---|---|
| 1 | 客户端 | 192.168.10.100/24 | 模拟客户端访问后端服务器 | |
| 2 | LVS服务器 | 192.168.10.201/24 | ||
| 10.10.0.100/24 | ||||
| 3 | WEB服务器1 | 10.10.0.105/24 | 10.10.0.100 | 后端WEB服务器 |
| 4 | WEB服务器2 | 10.10.0.106/24 | 10.10.0.100 | 后端WEB服务器 |
拓扑图:
配置过程
LVS 服务器加载 模块
for i in $(ls /lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i; done
ls /lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*" >> /etc/modulesx
lsmod | grep ip_vs
配置LVS服务器
# 创建一个集群
ipvsadm -A -t 192.168.10.201:80 -s wrr
# 集群中添加后端服务器地址
ipvsadm -a -t 192.168.10.201:80 -r 10.10.0.105:80 -m -w 1
ipvsadm -a -t 192.168.10.201:80 -r 10.10.0.106:80 -m -w 1
检查配置
root@ops103:~# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.201:80 wrr
-> 10.10.0.105:80 Masq 1 0 0
-> 10.10.0.106:80 Masq 1 0 0
备份恢复指令
# 恢复
ipvsadm-restore < /etc/ipvsadm.rules
# 备份
exec /sbin/ipvsadm -S -n > /etc/ipvsadm.rules
验证
客户端验证
root@ops102:~# for i in $(seq 10);do curl 192.168.10.201;done
this is WEB1 10.10.0.105 page
this is WEB2 10.10.0.106 page
this is WEB1 10.10.0.105 page
this is WEB2 10.10.0.106 page
this is WEB1 10.10.0.105 page
this is WEB2 10.10.0.106 page
this is WEB1 10.10.0.105 page
this is WEB2 10.10.0.106 page
this is WEB1 10.10.0.105 page
this is WEB2 10.10.0.106 page
查看LVS状态
root@ops103:~# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.10.201:80 17 104 52 8064 6140
-> 10.10.0.105:80 8 62 28 5316 3194
-> 10.10.0.106:80 9 42 24 2748 2946
root@ops103:~# cat /proc/net/ip
ip6_flowlabel ip_mr_cache ip_tables_names ip_vs ip_vs_conn_sync
ip6_mr_cache ip_mr_vif ip_tables_targets ip_vs_app ip_vs_stats
ip6_mr_vif ip_tables_matches ipv6_route ip_vs_conn ip_vs_stats_percpu
root@ops103:~# cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP C0A80AC9:0050 wrr
-> 0A0A006A:0050 Masq 1 0 5
-> 0A0A0069:0050 Masq 1 0 5
root@ops103:~# ipvsadm -Lnc
IPVS connection entries
pro expire state source virtual destination
TCP 01:46 TIME_WAIT 192.168.10.100:29542 192.168.10.201:80 10.10.0.105:80
TCP 01:46 TIME_WAIT 192.168.10.100:29528 192.168.10.201:80 10.10.0.106:80
TCP 01:46 TIME_WAIT 192.168.10.100:29540 192.168.10.201:80 10.10.0.106:80
TCP 01:46 TIME_WAIT 192.168.10.100:29538 192.168.10.201:80 10.10.0.105:80
TCP 01:46 TIME_WAIT 192.168.10.100:29544 192.168.10.201:80 10.10.0.106:80
TCP 01:46 TIME_WAIT 192.168.10.100:29536 192.168.10.201:80 10.10.0.106:80
TCP 01:46 TIME_WAIT 192.168.10.100:29534 192.168.10.201:80 10.10.0.105:80
TCP 01:46 TIME_WAIT 192.168.10.100:29532 192.168.10.201:80 10.10.0.106:80
TCP 01:46 TIME_WAIT 192.168.10.100:29526 192.168.10.201:80 10.10.0.105:80
TCP 01:46 TIME_WAIT 192.168.10.100:29530 192.168.10.201:80 10.10.0.105:80
root@ops103:~# cat /proc/net/ip_vs_conn
Pro FromIP FPrt ToIP TPrt DestIP DPrt State Expires PEName PEData
TCP C0A80A64 7366 C0A80AC9 0050 0A0A0069 0050 TIME_WAIT 88
TCP C0A80A64 7358 C0A80AC9 0050 0A0A006A 0050 TIME_WAIT 88
TCP C0A80A64 7364 C0A80AC9 0050 0A0A006A 0050 TIME_WAIT 88
TCP C0A80A64 7362 C0A80AC9 0050 0A0A0069 0050 TIME_WAIT 88
TCP C0A80A64 7368 C0A80AC9 0050 0A0A006A 0050 TIME_WAIT 88
TCP C0A80A64 7360 C0A80AC9 0050 0A0A006A 0050 TIME_WAIT 88
TCP C0A80A64 735E C0A80AC9 0050 0A0A0069 0050 TIME_WAIT 88
TCP C0A80A64 735C C0A80AC9 0050 0A0A006A 0050 TIME_WAIT 88
TCP C0A80A64 7356 C0A80AC9 0050 0A0A0069 0050 TIME_WAIT 88
TCP C0A80A64 735A C0A80AC9 0050 0A0A0069 0050 TIME_WAIT 88