LVS DR,TUN,NAT model (DR model test build)

Posted by nootropil on Thu, 20 Jan 2022 07:48:07 +0100

LVS DR,TUN,NAT model (DR model test build)

LVS linux virtual server features load balancing and has
NAT bridging mode
DR direct routing mode
TUN tunnel mode
CIP client IP
VIP unique entrance IP
DIP distribution IP
RIP real IP

NAT bridging mode

Using target address translation, CIP requests VIP, changes VIP to DIP, and transfers to RIP
Advantages: it solves the problem of load balancing
Disadvantages: asymmetric D-NAT, inconsistent download and upload speeds, bandwidth bottleneck and computing power consumption

DR direct routing mode

Advantages: Based on layer 2, mac address spoofing is fast and low cost
Features: Hidden VIP, hidden externally, visible internally

TUN tunnel technology

For example, VPN, over the wall, wraps a layer of data packets based on the source data packets, which is lower than DR and faster than NAT

DR direct routing mode experiment manual

Virtual machine preparation

Software preparation:

  1. VMware15.5. Virtual machine software;
  2. CentOs8, mirroring;
  3. finalShell, remote connection tool

step

1. Install virtual machine image

2. Click copy image and name it node01, node02, node03 and node04 respectively

Step: right click the tab = = > Manage = = > clone

3.4 virtual machines are powered on respectively and connected with remote tools

1. View the virtual machine IP and link with the remote tool

ifconfig



Note: be sure to log in with root administrator privileges

2. Turn off the virtual machine firewall

systemctl stop firewalld.service

Note: if the firewall is not closed, the request will not be received in the following steps and will be blocked by the firewall

3. Start configuration

IP address record:

  1. node01: 192.168.247.134
  2. node02: 192.168.247.135
  3. node03: 192.168.247.136
  4. node04: 192.168.247.137
node01 operation, setting VIP
ifconfig  ens33:8 192.168.247.100/24

Explanation: set another ip192 of ens33 network card 168.247.100, subnet mask 255.255.255.0
The name of ens33 network card in the command is: 8. The number is written casually, which is equivalent to the meaning of subprocess and subroutine/ 24 = = "subnet mask, the first three segments are three, consisting of eight binary ones and one 0, 1111-1111.1111-1111.1111-1111.0, 3 * 8 = 24, abbreviated as 24, 16, and the last two bits are 0255.255.0.0

node2,node3 operation

Modify kernel

echo 1  >  /proc/sys/net/ipv4/conf/ens33/arp_ignore 
echo 1  >  /proc/sys/net/ipv4/conf/all/arp_ignore 
echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce 
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

Command interpretation: echo redirection. linux system is based on files and uses redirection commands to modify kernel parameters

hide VIP Method: hidden from the outside and visible from the inside: kernel parameter:target mac The address is full F,Switch triggered broadcast
/proc/sys/net/ipv4/conf/*IF*/
arp_ignore: Define received ARP Response level at request;
  0: Respond as long as the locally configured has a corresponding address;  
  1: Only on the requested target(MAC)Address configuration request
          Respond only when it reaches the interface;
arp_announce: Define the notification level when announcing your address to the outside;
  0: Announce any address on any local interface to the outside;
  1: Attempting to announce only the address matching its network to the target network;
  2: Announce only to the network matching the address on the local interface;

Set hidden vip:

ifconfig  lo:3  192.168.247.100  netmask 255.255.255.255

lo loopback network card, equivalent to 127.0.0.1 address in window
Note at this time: if the lo loopback interface is set, the subnet mask must be 255.255.255.255, not / 24 (255.255.255.0). Otherwise, it will enter the dead cycle, the data packet will never be sent out, and the remote connection will be disconnected directly

Install httpd

yum install httpd -y
service httpd start
vi   /var/www/html/index.html
 Write in file		from 192.168.247.13X

Command interpretation:
yum install httpd -y install httpd, a static server for Apache
service httpd start starts the httpd command. The default port is 80
vi /var/www/html/index.html create index,html file. Default HTML address of httpd server

Web page verification, the browser opens 192.168.247.135 and you can see
from 192.168.247.135

node01 settings
yum install ipvsadm 
ipvsadm -A  -t  192.168.227.100:80  -s rr
ipvsadm -a  -t 192.168.227.100:80  -r  192.168.227.135 -g -w 1
ipvsadm -a  -t 192.168.227.100:80  -r  192.168.227.136 -g -w 1
ipvsadm -ln

Install ipvs client using yum install ipvsadm
-A set the entrance IP(VIP) to 192.168.227.100:80
-t protocol is tcp protocol
-s load mode
rr polling mode

Four static: 
rr:Cycle
wrr:
dh:
sh:
Dynamic scheduling method:
lc: Minimum connection
wlc: Weighted least connection
sed: Minimum expected delay
nq: never 
queueLBLC: Local based minimum connection
DH: 
LBLCR: Local based minimal connectivity with replication

At this point, the configuration is ready for verification
Visit 192.168.227.100 to see load crazy F5

conclusion

node01: 
		netstat -natp   The conclusion is invisible socket connect
node02~node03:
		netstat -natp   Conclusion see a lot of socket connect
node01:
		ipvsadm -lnc    View peeping log book
		TCP 00:57  FIN_WAIT    192.168.150.1:51587 192.168.150.100:80 192.168.150.12:80
		FIN_WAIT:  Connected and peeped into all the packages
		SYN_RECV:  Basically lvs It's all recorded and proved lvs It's okay. There must be something wrong with the back network layer

Topics: Java

Hot Topics

©2025 Programmer Think