LVS-FULLNAT模式负载均衡构建配置

过程

Client->VS->RS->client

1. Packet IN 时，目标 ip 更换为 realserver ip，源 ip 更换为 内网 local ip；
2. Packet OUT 时，目标 ip 更换为 client ip，源 ip 更换为 vip；

实验环境

iptables和selinux关闭
redhat6.5
VS：server4 172.25.35.54 VIP:172.25.69.54
RS：server2 172.25.35.52 网关：172.25.35.54
RS：server3 172.25.35.53 网关：172.25.35.54

VS:

[root@server4 ~]# yum install -y rpm-build  //解压软件
[root@server4 ~]# rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm  //安装源码包
[root@server4 ~]# cd rpmbuild/
[root@server4 rpmbuild]# ls
SOURCES  SPECS
[root@server4 rpmbuild]# cd SPECS/
[root@server4 SPECS]# ls
kernel.spec
[root@server4 SPECS]# rpmbuild -bp kernel.spec  //预编译环境，有报错
[root@server4 SPECS]# yum install redhat-rpm-config kernel.spec patchutils xmlto asciidoc elfutils-libelf-devel binutils-devel kernel.spec newt-devel python-devel perl-ExtUtils-Embed hmaccalc -y   //解决依赖性
[root@server4 ~]# yum install slang-devel-2.2.1-1.el6.x86_64.rpm newt-devel-0.52.11-3.el6.x86_64.rpm asciidoc-8.4.5-4.1.el6.noarch.rpm -y
[root@server4 ~]# cd rpmbuild/
[root@server4 rpmbuild]# ls
BUILD  BUILDROOT  RPMS  SOURCES  SPECS  SRPMS
[root@server4 rpmbuild]# cd SPECS/
[root@server4 SPECS]# ls
kernel.spec
[root@server4 SPECS]# rpmbuild -bp kernel.spec   
//在这里会卡住，需要产生随机数，再打开一个终端：
[root@server4 ~]# yum provides */rngd   //查找需要下载的安装包
[root@server4 ~]# yum install rng-tools -y  
[root@server4 ~]# rngd -r /dev/urandom  //生成随机数，便不会卡了
[root@server4 ~]# tar xf Lvs-fullnat-synproxy.tar.gz
[root@server4 ~]# cd rpmbuild/BUILD/kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64/
[root@server4 linux-2.6.32-220.23.1.el6.x86_64]# cp /root/lvs-fullnat-synproxy/lvs-2.6.32-220.23.1.el6.patch .   //复制补丁到当前
[root@server4 linux-2.6.32-220.23.1.el6.x86_64]# patch -p1 RemoteAddress:Port           Forward Weight ActiveConn InActConn
[root@server4 linux-2.6.32-220.23.1.el6.x86_64]# make  //二进制编译
[root@server4 linux-2.6.32-220.23.1.el6.x86_64]# make modules_install  //生成模块
[root@server4 linux-2.6.32-220.23.1.el6.x86_64]# make install  //生成引导向
[root@server4 linux-2.6.32-220.23.1.el6.x86_64]# cd /boot/grub
[root@server4 grub]# vim grub.conf
default=0   //添加内容
[root@server4 grub]# reboot
[root@server4 ~]# uname -r  //查看内核版本
2.6.32
[root@server4 ~]# cd lvs-fullnat-synproxy/
[root@server4 lvs-fullnat-synproxy]# ls
lvs-2.6.32-220.23.1.el6.patch  README
lvs-tools.tar.gz               toa-2.6.32-220.23.1.el6.patch
[root@server4 lvs-fullnat-synproxy]# tar zxf lvs-tools.tar.gz 
[root@server4 lvs-fullnat-synproxy]# ls
lvs-2.6.32-220.23.1.el6.patch  toa-2.6.32-220.23.1.el6.patch
lvs-tools.tar.gz               tools
README
[root@server4 lvs-fullnat-synproxy]# cd tools
[root@server4 tools]# cd keepalived/
[root@server4 keepalived]# ./configure --with-kernel-dir="/lib/modules/`uname -r`/build"
[root@server4 keepalived]# make  //编译
[root@server4 keepalived]# make install
[root@server4 keepalived]# ./configure --with-kernel-dir="/lib/modules/`uname -r`/build"
[root@server4 keepalived]# cd ..
[root@server4 tools]# cd ipvsadm/
[root@server4 ipvsadm]# make
[root@server4 ipvsadm]# make install
[root@server4 ipvsadm]# ipvsadm --help
 --fullnat      -b                   fullnat mode
[root@server4 ipvsadm]# ipvsadm -C
[root@server4 ~]# ipvsadm -A -t 172.25.69.54:80 -s rr
[root@server4 ~]# ipvsadm -a -t 172.25.69.54:80 -r 172.25.35.52:80 -b  //-b 为FULLNAT模式
[root@server4 ~]# ipvsadm -a -t 172.25.69.54:80 -r 172.25.35.53:80 -b
[root@server4 ~]# ipvsadm -P -t 172.25.69.54:80 -z 127.0.0.1:80
[root@server4 ~]# ipvsadm -G -t 172.25.69.54:80
[root@server4 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4194304)  //size变成了2^22
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.69.54:80 wrr
  -> 172.25.35.52:80              FullNat 1      0          0         
  -> 172.25.35.53:80              FullNat 1      0          0         
[root@server4 ~]# ipvsadm -lnc  //没有连接信息
IPVS connection entries
pro expire state       source             virtual            destination

RS：

server2：
[root@server2 ~]# route add default gw 172.25.35.54  
//添加VS的和本机在同网段的ip作为网关
[root@server2 ~]# /etc/init.d/httpd start

server3：
[root@server3 ~]# route add default gw 172.25.35.54
[root@server3 ~]# /etc/init.d/httpd start

客户端测试：

测试时无法显示，但是会产生访问数据，可以检测配置是否正确

[root@foundation35 ~]# curl 172.25.69.54
^C

RS：

[root@server4 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4194304)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.69.54:80 wrr
  -> 172.25.35.52:80              FullNat 1      0          2         
  -> 172.25.35.53:80              FullNat 1      0          1 
[root@server4 ~]# ipvsadm -lnc //客户端访问后，查看到有连接信息，表示已配置好
IPVS connection entries
pro expire state       source             virtual            destination
TCP 00:50  AC192334    172.25.69.1:52602  172.25.69.54:80    127.0.0.1:5014
TCP 00:50  AC192335    172.25.69.1:52600  172.25.69.54:80    127.0.0.1:5013
TCP 00:50  AC192334    172.25.69.1:52598  172.25.69.54:80    127.0.0.1:5012