LVS-nat模式
本质是多目标IP的DNAT,通过将请求报文中的目标地址和目标端口修改为某挑出的RS的RIP和 PORT实现转发
原理
1.客户端发送访问请求,请求数据包中含有请求来源(cip),访问目标地址(VIP)访问目标端口 (9000port)
2.VS服务器接收到访问请求做DNAT把请求数据包中的目的地由VIP换成RS的RIP和相应端口
3.RS1相应请求,发送响应数据包,包中的相应保温为数据来源(RIP1)响应目标(CIP)相应端口 (9000port)
4.VS服务器接收到响应数据包,改变包中的数据来源(RIP1-->VIP),响应目标端口(9000-->80)
5.VS服务器把修改过报文的响应数据包回传给客户端
6.lvs的NAT模式接收和返回客户端数据包时都要经过lvs的调度机,所以lvs的调度机容易阻塞
| 主机 | IP | 模式 |
|---|---|---|
| LVS(网卡1) | 172.25.254.100 | nat |
| LVS(网卡2) | 192.168.0.100 | 仅主机 |
| Real Server1 | 192.168.0.10 | 仅主机 |
| Real Server2 | 192.168.0.11 | 仅主机 |
| 客户端 | 172.25.254.110 | nat |
Real Server 主机
rs1:192.168.0.10(仅主机)
开启路由转发
[root@localhost ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
[root@localhost ~]# echo net.ipv4.ip_forward=1 >/etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1安装httpd
[root@localhost ~]# dnf install httpd
[root@localhost ~]# systemctl enable --now httpd
[root@localhost ~]# echo rs1 - 192.168.0.10 >/var/www/html/index.html
[root@localhost ~]# curl 192.168.0.10
rs1 - 192.168.0.10检测主机网关和防火墙
rs2:192.168.0.11(仅主机)
开启路由转发
[root@localhost ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
[root@localhost ~]# echo net.ipv4.ip_forward=1 >/etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1安装httpd
[root@localhost ~]# dnf install httpd
[root@localhost ~]# systemctl enable --now httpd
[root@localhost ~]# echo rs2 - 192.168.0.11 >/var/www/html/index.html
[root@localhost ~]# curl 192.168.0.11
rs2 - 192.168.0.11检测主机网关和防火墙
LVS调度服务器
网卡1:172.25.254.100
网卡2:192.168.0.100
主机中检测
[root@localhost ~]# curl 192.168.0.10
rs1 - 192.168.0.10
[root@localhost ~]# curl 192.168.0.11
rs2 - 192.168.0.11开启路由转发模式
[root@localhost ~]# echo net.ipv4.ip_forward=1 >/etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1安装ipvsadm
[root@localhost ~]# dnf install ipvsadm建立ipvsadm集群
[root@localhost ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@localhost ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.10:80 -m
[root@localhost ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.11:80 -m
[root@localhost ~]# ipvsadm-save
-A -t localhost.wan.org:http -s rr
-a -t localhost.wan.org:http -r 192.168.0.10:http -g -w 1
-a -t localhost.wan.org:http -r 192.168.0.11:http -g -w 1
-A -t 172.25.254.202:http -s rr
[root@localhost ~]# ipvsadm-save > /etc/ipvsadm
[root@localhost ~]# systemctl enable --now ipvsadm
客户端测试
client 172.25.254.110
LVS-DR模式
Direct Routing,直接路由,LVS默认模式,应用最广泛,通过为请求报文重新封装一个MAC首部进行 转发,源MAC是DIP所在的接口的MAC,目标MAC是某挑选出的RS的RIP所在接口的MAC地址;源 IP/PORT,以及目标IP/PORT均保持不变
原理
1.客户端发送数据帧给vs调度主机帧中内容为客户端IP+客户端的MAC+VIP+VIP的MAC 2.VS调度主机接收到数据帧后把帧中的VIP的MAC该为RS1的MAC,此时帧中的数据为客户端IP+客户端 的MAC+VIP+RS1的MAC
3.RS1得到2中的数据包做出响应回传数据包,数据包中的内容为VIP+RS1的MAC+客户端IP+客户端IP的 MAC
| 主机 | IP | 模式 |
|---|---|---|
| Router(网卡1) | 172.25.254.100 | nat |
| Router(网卡2) | 192.168.0.100 | 仅主机 |
| Real Server1 | 192.168.0.10 | 仅主机 |
| Real Server2 | 192.168.0.11 | 仅主机 |
| DR-lvs | 192.168.0.200 | 仅主机 |
| 客户端 | 172.25.254.110 | nat |
设置回环
rs1:192.168.0.10
[root@localhost ~]# cd /etc/NetworkManager/system-connections/
[root@localhost system-connections]# ls
ens160.nmconnection lo.nmconnection
[root@localhost system-connections]# vim lo.nmconnection [connection]
id=lo
type=loopback
interface-name=lo
[ipv4]
address1=127.0.0.1/8
address2=192.168.0.254/32
dns=114.114.114.114;
method=manual
设定主机lo不对外响应
[root@localhost ~]# sysctl -a |grep arp
[root@localhost ~]# echo net.ipv4.conf.lo.arp_ignore = 1 >>/etc/sysctl.conf
[root@localhost ~]# echo net.ipv4.conf.lo.arp_announce = 2 >>/etc/sysctl.conf
[root@localhost ~]# echo net.ipv4.conf.all.arp_ignore = 1 >>/etc/sysctl.conf
[root@localhost ~]# echo net.ipv4.conf.all.arp_announce = 2 >> /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2rs2:192.168.0.11
[root@localhost ~]# cd /etc/NetworkManager/system-connections/
[root@localhost system-connections]# ls
ens160.nmconnection lo.nmconnection
[root@localhost system-connections]# vim lo.nmconnection
[connection]
id=lo
type=loopback
interface-name=lo
[ipv4]
address1=127.0.0.1/8
address2=192.168.0.254/32
dns=114.114.114.114;
method=manual
设定主机lo不对外响应
[root@localhost ~]# sysctl -a |grep arp
[root@localhost ~]# echo net.ipv4.conf.lo.arp_ignore = 1 >>/etc/sysctl.conf
[root@localhost ~]# echo net.ipv4.conf.lo.arp_announce = 2 >>/etc/sysctl.conf
[root@localhost ~]# echo net.ipv4.conf.all.arp_ignore = 1 >>/etc/sysctl.conf
[root@localhost ~]# echo net.ipv4.conf.all.arp_announce = 2 >> /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
router:
网卡1:172.25.254.100(不设置网关)
网卡2:192.168.0.100(不设置网关)
[root@localhost ~]# cd /etc/NetworkManager/system-connections/
[root@localhost system-connections]# vim ens160.nmconnection
[connection]
id=ens160
uuid=7b186c35-1990-39ca-b128-fa2365823c2e
type=ethernet
autoconnect-priority=-999
interface-name=ens160
timestamp=1752656653
[ipv4]
address1=172.25.254.100/24
method=manual
[root@localhost ~]# cd /etc/NetworkManager/system-connections/
[root@localhost system-connections]# vim ens192.nmconnection
[connection]
id=ens160
uuid=7b186c35-1990-39ca-b128-fa2365823c2e
type=ethernet
autoconnect-priority=-999
interface-name=ens160
timestamp=1731166971
[ipv4]
method=auto
address1=192.168.0.100/24
lvs-dr :192.168.0.200
[root@localhost system-connections]# vim ens160.nmconnection
[connection]
id=ens160
uuid=7b186c35-1990-39ca-b128-fa2365823c2e
type=ethernet
autoconnect-priority=-999
interface-name=ens160
timestamp=1731166971
[ipv4]
method=auto
address1=192.168.0.200/24,192.268.0.100
address2=192.168.0.254/24
dns=8.8.8.8建立ipvsadm集群
[root@localhost ~]# ipvsadm -A -t 192.168.0.254:80 -s rr
[root@localhost ~]# ipvsadm -a -t 192.168.0.254:80 -r 192.168.0.10:80 -g
[root@localhost ~]# ipvsadm -a -t 192.168.0.254:80 -r 192.168.0.11:80 -g
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.254:80 rr
-> 192.168.0.10:80 Route 1 0 0
-> 192.168.0.11:80 Route 1 0 0
客户端测试:172.25.254.110
LVS-TUN模式
转发方式:不修改请求报文的IP首部(源IP为CIP,目标IP为VIP),而在原IP报文之外再封装一个IP首部 (源IP是DIP,目标IP是RIP),将报文发往挑选出的目标RS;RS直接响应给客户端(源IP是VIP,目标IP 是CIP)
1.客户端发送请求数据包,包内有源IP+vip+dport
2.到达vs调度器后对客户端发送过来的数据包重新封装添加IP报文头,新添加的IP报文头中包含 TUNSRCIP(DIP)+TUNDESTIP(RSIP1)并发送到RS1
3.RS收到VS调度器发送过来的数据包做出响应,生成的响应报文中包含SRCIP(VIP)+DSTIP(CIP) +port,响应数据包通过网络直接回传给client
LVS-fullnet模式
通过同时修改请求报文的源IP地址和目标IP地址进行转发 CIP --> DIP VIP --> RIP
原理
1.VIP是公网地址,RIP和DIP是私网地址,且通常不在同一IP网络;因此,RIP的网关一般不会指向DIP
2.RS收到的请求报文源地址是DIP,因此,只需响应给DIP;但Director还要将其发往Client 3.请求和响应报文都经由Director
4.支持端口映射