在这里插入图片描述

1 实验环境：

一台：客户端 eth0:仅主机 192.168.10.8/24 GW:192.168.10.18
一台：ROUTER
eth0 :NAT 192.168.100.18/24
eth1: 仅主机 192.168.10.18/24
启用 IP_FORWARD
一台：LVS
eth0:NAT:DIP:192.168.100.48/24 GW:192.168.100.18
两台RS：
RS1：eth0:NAT:192.168.100.28/24 GW:192.168.100.18
RS2：eth0:NAT:192.168.100.38/24 GW:192.168.100.18

2 环境配置

所有主机禁用iptables和SELinux

2.1 internet主机环境

[root@internet ~]# hostname -I
192.168.10.8 
[root@internet ~]# ping 192.168.10.18 -c1
PING 192.168.10.18 (192.168.10.18) 56(84) bytes of data.
64 bytes from 192.168.10.18: icmp_seq=1 ttl=64 time=0.364 ms--- 192.168.10.18 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.364/0.364/0.364/0.000 ms

2.2 router主机环境

[root@router ~]#echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf 
[root@router ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@router network-scripts]#pwd
/etc/sysconfig/network-scripts
[root@router network-scripts]#cat ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.100.18
PREFIX=24
ONBOOT=yes
[root@router network-scripts]#cat ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=192.168.10.18
PREFIX=24
ONBOOT=yes

2.3 RS1主机环境

[root@rs1 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.100.28
PREFIX=24
GATEWAY=192.168.100.18
ONBOOT=yes
[root@rs1 ~]# route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.18  0.0.0.0         UG    100    0        0 eth0
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0

DR模型中各主机上均需要配置VIP，解决地址冲突的方式有三种：
(1) 在前端网关做静态绑定
(2) 在各RS使用arptables
(3) 在各RS修改内核参数，来限制arp响应和通告的级别
限制响应级别：arp_ignore
0：默认值，表示可使用本地任意接口上配置的任意地址进行响应
1：仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时，才给予响应
限制通告级别：arp_announce
0：默认值，把本机所有接口的所有信息向每个接口的网络进行通告
1：尽量避免将接口信息向非直接连接网络进行通告
2：必须避免将接口信息向非本网络进行通告
解决冲突：

[root@rs1 ~]#echo 1 >   /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]#echo 2 >   /proc/sys/net/ipv4/conf/all/arp_announce 
[root@rs1 ~]#echo 1 >   /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]#echo 2 >   /proc/sys/net/ipv4/conf/lo/arp_announce

给回环网卡绑定VIP

[root@rs1 ~]#ifconfig lo:1 192.168.100.88/32

[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.100.88/0 scope global lo:1valid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:50:56:31:25:f8 brd ff:ff:ff:ff:ff:ffinet 192.168.100.28/24 brd 192.168.100.255 scope global noprefixroute eth0valid_lft forever preferred_lft foreverinet6 fe80::426d:cb05:9dd9:4a7d/64 scope link noprefixroute valid_lft forever preferred_lft forever

安装httpd方便验证

[root@rs1 ~]#yum -y install httpd
[root@rs1 ~]#systemctl enable --now httpd 
[root@rs1 ~]#hostname -I > /var/www/html/index.html

2.3 RS1主机环境

[root@rs2 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.100.38
PREFIX=24
GATEWAY=192.168.100.18
ONBOOT=yes
[root@rs2 ~]# route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.18  0.0.0.0         UG    100    0        0 eth0
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0

解决冲突：

[root@rs2 ~]#echo 1 >   /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]#echo 2 >   /proc/sys/net/ipv4/conf/all/arp_announce 
[root@rs2 ~]#echo 1 >   /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]#echo 2 >   /proc/sys/net/ipv4/conf/lo/arp_announce

给回环网卡绑定VIP

[root@rs2 ~]#ifconfig lo:1 192.168.100.88/32

[root@rs2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.100.88/0 scope global lo:1valid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:50:56:37:1d:82 brd ff:ff:ff:ff:ff:ffinet 192.168.100.38/24 brd 192.168.100.255 scope global noprefixroute eth0valid_lft forever preferred_lft foreverinet6 fe80::991:8f93:2834:ffdb/64 scope link noprefixroute valid_lft forever preferred_lft forever

安装httpd方便验证

[root@rs2 ~]#yum -y install httpd
[root@rs2 ~]#systemctl enable --now httpd 
[root@rs2 ~]#hostname -I > /var/www/html/index.html

2.5 LVS主机的配置

安装ipvsadm

[root@lvs ~]#dnf -y install ipvsadm

在LVS上添加VIP

[root@lvs ~]#ifconfig lo:1 192.168.100.88/32
[root@lvs ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.100.88/0 scope global lo:1valid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:50:56:28:0b:96 brd ff:ff:ff:ff:ff:ffinet 192.168.100.48/24 brd 192.168.100.255 scope global noprefixroute eth0valid_lft forever preferred_lft foreverinet6 fe80::e9a7:4bf4:23c5:2e73/64 scope link noprefixroute valid_lft forever preferred_lft forever

实现LVS 规则

root@lvs ~]#ipvsadm -A -t 192.168.100.88:80 -s rr
[root@lvs ~]#ipvsadm -a -t 192.168.100.88 -r 192.168.100.28:80 -g 
[root@lvs ~]#ipvsadm -a -t 192.168.100.88 -r 192.168.100.38:80 -g 
[root@lvs ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.88:80 rr-> 192.168.100.28:80            Route   1      0          0         -> 192.168.100.38:80            Route   1      0          0

3 测试访问

[root@internet ~]# curl 192.168.100.88
192.168.100.28 
[root@internet ~]# curl 192.168.100.88
192.168.100.38 
[root@internet ~]# curl 192.168.100.88
192.168.100.28 
[root@internet ~]# curl 192.168.100.88
192.168.100.38 
[root@internet ~]# curl 192.168.100.88
192.168.100.28 
[root@internet ~]# curl 192.168.100.88
192.168.100.38

4 LVS-DR模式多网段案例实现

在这里插入图片描述

4.1 主机环境配置

internet主机的网络配置和单网段一样

[root@internet ~]#hostname -I
192.168.10.8

router的网络配置在单网段基础上添加172.16.0.100/24的地址

[root@router ~]#ip addr add 172.16.0.100/24 dev eth0
[root@router ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:4f:0e:09 brd ff:ff:ff:ff:ff:ffinet 192.168.100.18/24 brd 192.168.100.255 scope global noprefixroute eth0valid_lft forever preferred_lft foreverinet 172.16.0.8/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::e1d3:ec00:24bd:f6ed/64 scope link noprefixroute valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:4f:0e:13 brd ff:ff:ff:ff:ff:ffinet 192.168.10.18/24 brd 192.168.10.255 scope global noprefixroute eth1valid_lft forever preferred_lft foreverinet6 fe80::379e:9a2b:e54a:6119/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@router ~]# hostname -I
192.168.100.18 172.16.0.8 192.168.10.18

LVS主机的配置在单网段基础上重启删除临时回环网卡vip192.168.100.88，同时也会初始化内核参数，运行脚本lvs_dr_vs.sh

[root@lvs ~]#bash lvs_dr_vs.sh start
The VS Server is Ready!

[root@lvs ~]# cat lvs_dr_vs.sh
#!/bin/bash
vip='172.16.0.100'
iface='lo:1'
mask='255.255.255.255'
port='80'
rs1='192.168.100.28'
rs2='192.168.100.38'
scheduler='wrr'
type='-g'
rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/nullcase $1 in
start)ifconfig $iface $vip netmask $mask #broadcast $vip upiptables -Fipvsadm -A -t ${vip}:${port} -s $scheduleripvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1echo "The VS Server is Ready!";;
stop)ipvsadm -Cifconfig $iface downecho "The VS Server is Canceled!";;
*)echo "Usage: $(basename $0) start|stop"exit 1;;
esac

RS主机的配置在单网段基础上重启删除临时回环网卡vip192.168.100.88,在RS后端服务器运行的脚本lvs_dr_rs.sh ，使用以下脚本代替命令的输入

[root@rs1 ~]#cat lvs_dr_rs.sh 
#!/bin/bash
vip=172.16.0.100
mask='255.255.255.255'
dev=lo:1
case $1 in
start)echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignoreecho 1 > /proc/sys/net/ipv4/conf/lo/arp_ignoreecho 2 > /proc/sys/net/ipv4/conf/all/arp_announceecho 2 > /proc/sys/net/ipv4/conf/lo/arp_announceifconfig $dev $vip netmask $mask echo "The RS Server is Ready!";;
stop)ifconfig $dev downecho 0 > /proc/sys/net/ipv4/conf/all/arp_ignoreecho 0 > /proc/sys/net/ipv4/conf/lo/arp_ignoreecho 0 > /proc/sys/net/ipv4/conf/all/arp_announceecho 0 > /proc/sys/net/ipv4/conf/lo/arp_announceecho "The RS Server is Canceled!";;
*) echo "Usage: $(basename $0) start|stop"exit 1;;
esac

[root@rs1 ~]# bash lvs_dr_rs.sh start 
The RS Server is Ready!
[root@rs2 ~]# bash lvs_dr_rs.sh start 
The RS Server is Ready!

4.2 测试访问

[root@internet ~]# curl 172.16.0.100
rs2 192.168.100.38 
[root@internet ~]# curl 172.16.0.100
rs1 192.168.100.28 
[root@internet ~]# curl 172.16.0.100
rs2 192.168.100.38 
[root@internet ~]# curl 172.16.0.100
rs1 192.168.100.28 
[root@internet ~]# curl 172.16.0.100
rs2 192.168.100.38 
[root@internet ~]# curl 172.16.0.100
rs1 192.168.100.28 
[root@internet ~]# curl 172.16.0.100
rs2 192.168.100.38