LVS implementation -- LVS/NAT mode implementation

Posted by fcaserio on Fri, 21 Feb 2020 12:10:43 +0100

Principle and characteristics of LVS/NAT: https://blog.csdn.net/qq_35887546/article/details/104425264

1. Experiment preparation

This experiment needs three virtual machines and physical machines:

Virtual machine name	Effect	IP
server1	DS	172.25.63.1 (internal network), 172.25.254.100 (external network)
server2	RS1	172.25.63.2
server3	RS2	172.25.63.3

VIP: 172.25.254.100
Test service: Http port: 80
Physical machine is client

Install apache on server2 and server3, and write the publish file in the default publish directory / var/www/html

2. configure DS

Configure lvsadm in server1

First, delete the policy added in the previous TUN mode and the tunnel added in the DR mode:

[root@server1 ~]# ipvsadm -C
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

Stop the ldirectored and keepalived services of the previous experiment:

[root@server1 ~]# systemctl stop keepalived
[root@server1 ~]# systemctl stop ldirectord

Delete the previously set VIP and tunnel interfaces:

[root@server1 ~]# modprobe -r ipip
[root@server1 ~]# ip addr del 172.25.63.100/32 dev eth0
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:1b:f6:56 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.1/24 brd 172.25.63.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe1b:f656/64 scope link 
       valid_lft forever preferred_lft forever

2. Add network card for DS

Add a network card, add an external ip address of 172.25.254.100 to the new network card, and activate the network card
Set ip:

[root@server1 ~]# ip addr add 172.25.63.100/24 dev eth1
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:1b:f6:56 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.1/24 brd 172.25.63.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe1b:f656/64 scope link 
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 52:54:00:5a:47:c7 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.100/24 scope global eth1
       valid_lft forever preferred_lft forever

Activate network card:

[root@server1 ~]# ip link set up eth1
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:1b:f6:56 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.1/24 brd 172.25.63.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe1b:f656/64 scope link 
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:5a:47:c7 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.100/24 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe5a:47c7/64 scope link 
       valid_lft forever preferred_lft forever

3. Add NAT mode policy for DS

On server1:

NAT mode is - m

[root@server1 ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.63.2 -m
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.63.3 -m
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  server1:http rr
  -> server2:http                 Masq    1      0          0         
  -> server3:http                 Masq    1      0          0

4. Enable routing mechanism for DS
On server1:

Permanent opening:

[root@server1 ~]# vim /etc/sysctl.conf 
Fill:
net.ipv4.ip_forward = 1
[root@server1 ~]# sysctl -p				#Make changes effective
net.ipv4.ip_forward = 1

Temporary opening:

sysctl   -a |   grep   ip_forward

sysctl   -w  net.ipv4.ip_forward=1

sysctl   -p

5. Load nat module for DS
On server1:

[root@server1 ~]# modprobe iptable_nat

Note: if you do not load this module, you can also succeed in the first access, but the delay will be too long or the access timeout will occur when you access again

6. configure RS

In server2 and server3:

First delete the tun module in server2 and server3 (take server2 as an example, server3 also performs the same operation):

[root@server2 ~]# modprobe -r ipip
[root@server2 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:fb:99:44 brd ff:ff:ff:ff:ff:ff
    inet 172.25.63.2/24 brd 172.25.63.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fefb:9944/64 scope link 
       valid_lft forever preferred_lft forever

Add gateway 172.25.63.1 to the network card (take server 2 for example, server3 is also the same operation):
Permanently add:

[root@server2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 
[root@server2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
IPADDR=172.25.63.2
PREFIX=24
GATEWAY=172.25.63.1
[root@server2 ~]# systemctl restart network				#Restart network
[root@server2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.25.63.1     0.0.0.0         UG    0      0        0 eth0				#Indicates successful addition
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
172.25.63.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

Temporary addition

route   add   default  gw   172.25.63.1          #Delete gateway: route   del   default  gw   172.25.8.1

7. test

On the client:

[root@foundation63 ~]# curl 172.25.254.100
server3
[root@foundation63 ~]# curl 172.25.254.100
server2
[root@foundation63 ~]# curl 172.25.254.100
server3
[root@foundation63 ~]# curl 172.25.254.100
server2
[root@foundation63 ~]# curl 172.25.254.100
server3

Indicates successful implementation of nat mode

CL82

101 original articles published, 65 praised, 3106 visited

Private letter follow

Topics: network curl vim Apache

Programmer Think

LVS implementation -- LVS/NAT mode implementation

Hot Topics