DR模式-----单网段
通过改写请求报文的MAC地址,将请求发送到真实服务器,而真实服务器将响应直接返回给客户。同TUN技术一样,DR技术可极大地 提高集群系统的伸缩性。这种方法没有IP隧道的开销,对集群中的真实服务器也没有必须支持IP隧道协议的要求,但是要求调度器与真实服务器都有一块网卡连 在同一物理网段上。
注意:所有主机的防火墙和 Selinux都关闭
# 关闭防火墙
systemctl disable --now firewalld
# 临时关闭selinux
setenforce 0
# 永久关闭selinux
sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config配置路由主机
路由 Router 我们使用一台 Redhat 9.5 虚拟机来实现,它需要有两块网卡。一块为仅主机模式,一块为 NAT 模式。
修改主机名
[root@localhost ~]# hostnamectl hostname router
[root@localhost ~]# hostnamectl hostname
router
配置仅主机网卡
#修改网卡连接名称
[root@localhost ~]# nmcli c show
NAME UUID TYPE DEVICE
ens160 e5cd0010-7a84-3798-88d9-772e68c36b11 ethernet ens160
Wired connection 1 37e2cb80-5b11-38f6-9a4b-d203bb8dd375 ethernet ens224
lo e7a33e53-baac-4d4e-b834-7b39ac000efd loopback lo
[root@localhost ~]# nmcli c modify 'Wired connection 1' connection.id ens224
[root@localhost ~]# nmcli c show
NAME UUID TYPE DEVICE
ens160 e5cd0010-7a84-3798-88d9-772e68c36b11 ethernet ens160
ens224 37e2cb80-5b11-38f6-9a4b-d203bb8dd375 ethernet ens224
lo e7a33e53-baac-4d4e-b834-7b39ac000efd loopback lo
[root@localhost ~]# nmcli c modify ens224 ipv4.method manual ipv4.addresses 1
92.168.19.200/24 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens224
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@localhost ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:91:1e:51 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.250.198/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
valid_lft 1372sec preferred_lft 1372sec
inet6 fe80::20c:29ff:fe91:1e51/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:91:1e:5b brd ff:ff:ff:ff:ff:ff
altname enp19s0
inet 192.168.19.200/24 brd 192.168.19.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::a59a:f187:d02:1786/64 scope link noprefixroute
valid_lft forever preferred_lft forever
配置NAT网卡
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.200/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
[root@router ~]# nmcli d show ens160
GENERAL.DEVICE: ens160
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:91:1E:51
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens160
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Acti>
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.25.250.200/24
IP4.GATEWAY: 172.25.250.2
IP4.ROUTE[1]: dst = 172.25.250.0/24, nh = 0.0.0.0,>
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 172.25.250.2, >
IP4.DNS[1]: 223.5.5.5
IP6.ADDRESS[1]: fe80::20c:29ff:fe91:1e51/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024配置RS真实服务器
修改主机名
root@localhost ~]# hostnamectl hostname rs1修改IP地址
[root@localhost ~]# nmcli c m ens160 ipv4.method manual ipv4.addresses 172.25.250.7/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
[root@rs1 ~]# nmcli d show ens160
GENERAL.DEVICE: ens160
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:4A:6F:D6
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens160
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Acti>
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.25.250.7/24
IP4.GATEWAY: 172.25.250.2
IP4.ROUTE[1]: dst = 172.25.250.0/24, nh = 0.0.0.0,>
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 172.25.250.2, >
IP4.DNS[1]: 223.5.5.5
IP6.ADDRESS[1]: fe80::20c:29ff:fe4a:6fd6/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024安装配置nginx
[root@rs1 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@rs1 ~]# dnf -y install nginx
[root@rs1 ~]# echo $(hostname) $(hostname -I) > /usr/share/nginx/html/index.html
[root@rs1 ~]# systemctl start nginx
[root@rs1 ~]# curl localhost
rs1 172.25.250.7
修改网关地址
[root@rs1 ~]# nmcli c modify ens160 ipv4.gateway 172.25.250.200
[root@rs1 ~]# nmcli d show ens160
GENERAL.DEVICE: ens160
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:4A:6F:D6
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens160
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Acti>
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.25.250.7/24
IP4.GATEWAY: 172.25.250.2
IP4.ROUTE[1]: dst = 172.25.250.0/24, nh = 0.0.0.0,>
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 172.25.250.2, >
IP4.DNS[1]: 223.5.5.5
IP6.ADDRESS[1]: fe80::20c:29ff:fe4a:6fd6/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024克隆rs1,克隆完成之后先启动克隆机,然后修改主机名和ip地址
注意:rs1关机之后要启动服务不然客户机失败
修改主机名
[root@rs1 ~]# hostnamectl hostname rs2修改IP地址
[root@rs1 ~]# nmcli c modify ens160 ipv4.addresses 172.25.250.17/24
[root@rs1 ~]# nmcli c up ens160
修改nginx首页
[root@rs2 ~]# echo $(hostname) $(hostname -I) > /usr/share/nginx/html/index.html 启动nginx服务
[root@rs2 ~]# systemctl start nginx
[root@rs2 ~]# curl localhost
rs2 172.25.250.17配置LVS
修改主机名
[root@localhost ~]# hostnamectl hostname lvs修改IP地址
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.8/24 ipv4.gateway 172.25.250.200 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
[root@lvs ~]# nmcli d show ens160
GENERAL.DEVICE: ens160
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:02:B0:3A
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens160
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Acti>
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.25.250.8/24
IP4.GATEWAY: 172.25.250.200
IP4.ROUTE[1]: dst = 172.25.250.0/24, nh = 0.0.0.0,>
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 172.25.250.200>
IP4.DNS[1]: 223.5.5.5
IP6.ADDRESS[1]: fe80::20c:29ff:fe02:b03a/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024
安装ipvsadm
[root@lvs ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@lvs ~]# dnf -y install ipvsadm
#初始化文件
[root@lvs ~]# ipvsadm-save -n > /etc/sysconfig/ipvsadm配置VIP
[root@lvs ~]# ip addr add 172.25.250.100/32 dev lo
[root@lvs ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.250.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever给RS真实服务器增加VIP
rs1
[root@rs1 ~]# ip addr add 172.25.250.100 dev lo
[root@rs1 ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.250.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft foreverrs2
[root@rs2 ~]# ip addr add 172.25.250.100 dev lo
[root@rs2 ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.250.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever在RS真实服务器上增加内核参数
rs1
[root@rs1 ~]# vim /etc/sysctl.conf
[root@rs1 ~]# cat /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
[root@rs1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
rs2
[root@rs2 ~]# vim /etc/sysctl.conf
[root@rs2 ~]# cat /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
[root@rs2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
配置LVS规则
#启动服务
[root@lvs ~]# systemctl start ipvsadm
#配置规则
[root@lvs ~]# ipvsadm -A -t 172.25.250.100:80 -s wrr
[root@lvs ~]# ipvsadm -a -t 172.25.250.100:80 -r 172.25.250.7:80 -g -w 3
[root@lvs ~]# ipvsadm -a -t 172.25.250.100:80 -r 172.25.250.17:80 -g -w 1
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.250.100:80 wrr
-> 172.25.250.7:80 Route 3 0 0
-> 172.25.250.17:80 Route 1 0 0 测试
[root@client ~]# while true; do curl 172.25.250.100; done;
rs1 172.25.250.7
rs1 172.25.250.7
rs1 172.25.250.7
rs2 172.25.250.17
rs1 172.25.250.7
rs1 172.25.250.7
rs1 172.25.250.7
rs2 172.25.250.17
rs1 172.25.250.7
rs1 172.25.250.7
rs1 172.25.250.7
rs2 172.25.250.17多网段(改变VIP)
| 主机 | 角色 | 系统 | 网络 | IP |
| client | client | redhat9.5 | 仅主机 | 192.168.19.100/24 |
| router | router | redhat9.5 | 仅主机和NAT | NAT:ens224:172.25.250.201/24 ens160:172.16.0.200/24 仅主机:ens160:192.168.19.200/24 |
| lvs | lvs | redhat9.5 | NAT | VIP 172.16.0.100/32 DIP 172.25.250.8/24 |
| nginx | rs1 | redhat9.5 | NAT | VIP 172.16.0.100/32 DIP 172.25.250.7/24 |
| nginx | rs2 | redhat9.5 | NAT | VIP 172.16.0.100/32 DIP 172.25.250.17/24 |
多网段在单网段的基础上搭建起来的
配置router主机
[root@router ~]# nmcli c modify ens160 +ipv4.addresses 172.25.250.201/24
[root@router ~]# nmcli c up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
修改LVS的VIP
#先删除原来的VIP
[root@lvs ~]# ip addr del 172.25.250.100/32 dev lo
#增加新VIP
[root@lvs ~]# ip addr add 172.16.0.100/32 dev lo
[root@lvs ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
修改RS主机的VIP
rs1
[root@rs1 ~]# ip addr del 172.25.250.100/32 dev lo
[root@rs1 ~]# ip addr add 172.16.0.100/32 dev lo
[root@rs1 ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 172.16.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft foreverrs2
[root@rs2 ~]# ip addr del 172.25.250.100/32 dev lo
[root@rs2 ~]# ip addr add 172.16.0.100/32 dev lo
[root@rs2 ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever修改LVS规则
#清空规则
[root@lvs ~]# ipvsadm -C
#添加规则
[root@lvs ~]# ipvsadm -A -t 172.16.0.100:80 -s wrr
[root@lvs ~]# ipvsadm -a -t 172.16.0.100:80 -r 172.25.250.7:80 -g -w 3
[root@lvs ~]# ipvsadm -a -t 172.16.0.100:80 -r 172.25.250.17:80 -g -w 1
#查看规则
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.100:80 wrr
-> 172.25.250.7:80 Route 3 0 0
-> 172.25.250.17:80 Route 1 0 0
#重启服务后,查看规则写入进去没有
[root@lvs ~]# systemctl stop ipvsadm
[root@lvs ~]# systemctl start ipvsadm
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.100:80 wrr
-> 172.25.250.7:80 Route 3 0 0
-> 172.25.250.17:80 Route 1 0 0
测试
[root@client ~]# while true; do curl 172.16.0.100; done;
rs1 172.25.250.7
rs1 172.25.250.7
rs1 172.25.250.7
rs2 172.25.250.17
rs1 172.25.250.7
rs1 172.25.250.7
rs1 172.25.250.7
rs2 172.25.250.17
rs1 172.25.250.7
rs1 172.25.250.7
rs1 172.25.250.7
rs2 172.25.250.17
总结
路由配置
两块网卡,一块仅主机,一块NAT模式。
在路由服务中,由于我们使用的是一个虚拟机充当的路由器,它本身不具备转发功能,因此我们需要它给配置核心参数,让其具有转发功能。
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
NAT模式的IP地址会作为LVS 和 RS 服务器的网关地址。
LVS
配置配置一个VIP,这个VIP 是用于客户端访问的,也是我们配置LVS规则的虚拟主机的IP地址。
LVS的网关地址指向的是路由的IP
RS
RS 也叫 RealServer 真实服务器。
需要配置VIP,因为客户端请求的数据会通过 VIP 和 CIP 来直接响应给客户端,进而数据响应时无须经过LVS
所有RS服务器的网关也是路由器的IP地址。