lvs+keepalive笔记nat模式

最近在整理用于测试的站点，最近在也仔细阅读秋香的书；受益良多。虽然nat模式在实际应用可能不多，
但是本着学习LVS的想法，开始了。以我的小站为例！具体记录下：

1、安装lvs+keepalve (略）安装方法见：http://myhat.blog.51cto.com/391263/616571
2、nat模式下，ADSL动态IP侦测脚本(略)（仅针对测试环境，真实环境估计没人用ADSL。呵）,具体脚本见：
http://myhat.blog.51cto.com/391263/616468
3、lvs_real脚本
4、keepalived.conf配置文件

拓补：
[互联网]----[ADSL]----[Lvs_Keepalive_Nat]----[lvs1] [lvs2]

lvs_keepalive_nat 角色：nat,lvs,keepalive,iptables

当时，在这里做了端口映射,lvs_keepalive_nat 死不成功！查看keepalive权威指南后，发现因为
keepalive的构架里有关于iptables的内容，而如果我们再使用了iptables的话，会造成lvs_keepalive_nat不能用！

# iptables -L -t nat                       #只有一条nat，没有端口映射相关。
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.10.0/24      anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

==============================================================
3、lvs_real脚本
因为是动态IP，客户端也必须要侦测VIP的地址，因为他们会随时变动！因为客户端方的VIP地址，
使用的还是上次的VIP地址，为此，需要让客户不定期的去更新VIP的地址！
操作方法：让客户端定期的去执行lvs_real check，以便更新VIP的地址。
# cat /sbin/lvs_real
#!/bin/bash
#description:start realserver
vip=`ping postfixlinux.3322.org -c 1 | grep from | cut -d ":" -f 1 | cut -d " " -f 4`
now_ip=`ifconfig lo:0 | grep addr | awk -F ":" '{print $2}' | cut -d " " -f 1`

source /etc/rc.d/init.d/functions

case $1 in

start)
        echo "Start Realserver"
        /sbin/ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
        echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
        echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
;;

stop)
        echo "Stop Realserver"
        /sbin/ifconfig lo:0 down
        echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
        echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
;;

check)
        echo "Check Vip address"
        if [ "$vip" != "$now_ip" ];then
         /sbin/ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
         echo "Vip address is update!"
        else
        echo "You VIP address is OK!"
        fi

;;

*)
        echo "Usage: $0 (start | stop | check)"
exit 1
esac

4、keepalived.conf配置文件
[root@fw01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     [email protected]
   }
   notification_email_from [email protected]
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.10.38
    }
}
#这个IP是经常性的变动的！因为是ADSL自动攻取的。
virtual_server 183.39.113.73 8080 {
    delay_loop 6
    lb_algo wlc
    lb_kind NAT
    nat_mask 255.255.255.0
virtual_server  8080 {
    protocol TCP

    real_server 192.168.10.6 80 {
        weight 100
        TCP_CHECK {
                connect_timeout 3
                nb_get_retry 3
                delay_before_retry 3
                connect_port 80
                }
    }

    real_server 192.168.10.17 80 {
        weight 50
        TCP_CHECK {
                connect_timeout 3
                nb_get_retry 3
                delay_before_retry 3
                connect_port 80
                }
}


查看具体的分配情况！
# ipvsadm -lnc
IPVS connection entries
pro expire state source virtual destination
TCP 00:42 TIME_WAIT 1.202.220.2:30100 183.39.113.73:8080 192.168.10.17:80
TCP 14:57 ESTABLISHED 119.137.96.120:1952 183.39.113.73:8080 192.168.10.6:80
TCP 00:44 TIME_WAIT 1.202.220.2:30735 183.39.113.73:8080 192.168.10.6:80

因为是单个主机，所以VRRP的部分，基本没改！