知识储备:防止RSviparp解析到的解决方法:

    1.VIP: MAC(DVIP)(MACDRvip进行绑定)

    2.arptables(定义规则):

    3.kernel parameter(内核参数):

        arp_ignore: 定义接收到ARP请求时的响应级别;

            0:只要本地配置的有相应地址,就给予响应;

            1:仅在请求的目标地址配置在请求到达的接口上的时候,才给予响应;

        arp_announce:定义将自己地址向外通告时的通告级别;

            0:将本地任何接口上的任何地址向外通告;

            1:试图仅向目标网络通告与其网络匹配的地址;

            2:仅向与本地接口上地址匹配的网络进行通告;

规划:

Director:

    eth0,DIP:202.207.178.6

    eth0:0,VIP:202.207.178.4

RS1:

    eth0,RIP:202.207.178.7

    lo:0,VIP:202.207.178.4

RS2:

    eth0,RIP:202.207.178.8

    lo:0,VIP:202.207.178.4

做法:(注意:RS1RS2上的网卡别名地址必须在配置好arp_ignorearp_announce之后才可配置,为避免影响,应关闭防火墙和SELinux

1.按上述IP地址规划在相应的网卡上配置相应的IP地址

2.Director配置网卡别名上的地址

# ifconfig eth0:0 202.207.178.4/24

3.配置RS1RS2arp的请求响应,以及其对应VIP

RS1:

# sysctl -w net.ipv4.conf.eth0.arp_announce=2

# sysctl -w net.ipv4.conf.all.arp_announce=2

# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore

# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

#ifconfig lo:0 202.207.178.4 broadcast 202.207.178.4 netmask 255.255.255.255

RS2:

# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce

# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore

# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

# ifconfig lo:0 202.207.178.4 broadcast 202.207.178.4 netmask 255.255.255.255

4.为了使响应报文的源地址为VIP,添加一条路由

RS1:

# route add -host 202.207.178.4 dev lo:0

RS2:

# route add -host 202.207.178.4 dev lo:0

Director:

# route add -host 202.207.178.4 dev eth0:0

5.Director上定义规则

# ipvsadm -A -t 202.207.178.4:80 -s wlc

# ipvsadm -a -t 202.207.178.4:80 -r 202.207.178.7 -g -w 2

# ipvsadm -a -t 202.207.178.4:80 -r 202.207.178.8 -g -w 1

现在即可访问测试了!


                                      欢迎批评指正!