实验 详解LVS-NAT部署实战

目录

  • 一 案例环境
  • 二 环境规划
  • 三 实验步骤

一 案例环境

LVS调度器作为Web服务器池的网关,LVS两块网卡,分别连接内外网,使用轮询(rr)调度算法
(此次实验只搭建了web服务器1,2)

二 环境规划

1 调度器
对外公网:20.0.0.11 (NAT)
私有网络:192.168.100.11 (VM1)
业务端口号:80
路由转发功能

2 Web1
私有网络:192.168.100.12 (VM1)
网关:192.168.100.11

3 Web2
私有网络:192.168.100.13 (VM1)
网关:192.168.100.11

4 存储服务器
私有网络:192.168.100.14 (VM1)
网关:192.168.100.11

三 实验步骤

调度器

##添加一张网卡##
[root@localhost ~]# nmcli connection
NAME                UUID                                  TYPE            DEVICE 
Wired connection 1  bfc27410-ab83-37ce-a52b-ed5c4e6d0f92  802-3-ethernet  ens37  
ens33               7f14cbe3-135f-456e-a81e-d552a9c0e172  802-3-ethernet  ens33 
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens37
[root@localhost network-scripts]# vi ifcfg-ens37
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens37
UUID=bfc27410-ab83-37ce-a52b-ed5c4e6d0f92
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.100.11
NETMASK=255.255.255.0
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# vi ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=7f14cbe3-135f-456e-a81e-d552a9c0e172
DEVICE=ens33
ONBOOT=yes
IPADDR=20.0.0.11
NETMASK=255.255.255.0
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
20.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens37
[root@localhost ~]# yum -y install ipvsadm
[root@localhost ~]# ipvsadm -v
ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)
[root@localhost ~]# modprobe ip_vs
[root@localhost ~]# cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port Forward Weight ActiveConn InActConn
 
##创建虚拟服务器(注意:NAT模式要两张网卡,调度器的地址时外网口地址)## 
[root@localhost ~]# ipvsadm -A -t 20.0.0.11:80 -s rr

##添加服务器节点##
[root@localhost ~]# ipvsadm -a -t 20.0.0.11:80 -r 192.168.100.12:80 -m
[root@localhost ~]# ipvsadm -a -t 20.0.0.11:80 -r 192.168.100.13:80 -m

##保存LVS策略##
[root@localhost ~]# ipvsadm-save > /opt/ipvsadm    
[root@localhost ~]# cat /opt/ipvsadm 
-A -t localhost.localdomain:http -s rr
-a -t localhost.localdomain:http -r 192.168.100.12:http -m -w 1
-a -t localhost.localdomain:http -r 192.168.100.13:http -m -w 1

##开启调度服务器路由转发功能##
[root@localhost ~]# vi /etc/sysctl.conf 
......
net.ipv4.ip_forward = 1
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1

说明:
● ipvsadm -A -t 20.0.0.11:80 -s rr
-A:表示添加虚拟服务器
-t:用来指定VIP地址及TCP端口
-s:用来指定负载调度算法——rr(轮询算法),wrr(加权算法),lc(最少轮询),wlc(加权最少轮询)
● ipvsadm -a -t 20.0.0.11:80 -r 192.168.100.12:80 -m
-a:表示添加真实服务器
-t:用来指定VIP地址及TCP端口
-r:用来指定RIP地址及TCP端口
-m:表示使用NAT群集模式(“-g”是DR模式,“-i”是TUN模式)
-m参数后面还可以跟-w的参数,这里没有做的“-w”用来设置权重(权重为0时表示暂停节点)
-d:表示从服务器池中删除某一个节点,执行删除操作时必须指定目标对象,包括节点地址,虚拟地址。
-D:表示删除整个虚拟服务器,使用选项-D时,指定虚拟IP地址即可,无需指定节点
● ipvsadm -L:表示查看节点状态,加个“-n”将以数字形式显示地址,端口信息

存储服务器

##配置IP地址和网关##
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=c97c89fa-33b2-4d71-af32-0fade6d5ecf3
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.14
NETMASK=255.255.255.0
GATEWAY=192.168.100.11
[root@localhost ~]# systemctl restart network
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.11  0.0.0.0         UG    100    0        0 ens33
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens33


[root@localhost ~]# rpm -q nfs-utils    ##如果没有装,yum -y install nfs-utils
nfs-utils-1.3.0-0.48.el7.x86_64
[root@localhost ~]# rpm -q rpcbind    ##如果没有装,yum -y install rpcbind
rpcbind-0.2.0-42.el7.x86_64
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# vi /etc/exports
......
/opt/51xit      192.168.100.0/24(rw,sync)
/opt/52xit      192.168.100.0/24(rw,sync)
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# echo "this is www.51xit.top" >/opt/51xit/index.html
[root@localhost ~]# echo "this is www.52xit.top" >/opt/52xit/index.html

Web1

##配置IP地址和网关##
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=eeab821b-e659-4875-a833-d83ba79824c5
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.12
NETMASK=255.255.255.0
GATEWAY=192.168.100.11
[root@localhost ~]# systemctl restart network
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.11  0.0.0.0         UG    100    0        0 ens33
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens33


[root@localhost ~]# yum -y install nfs-utils    ##必须要装nfs-untils否则mount不识别nfs格式,系统最小化安装需要装
[root@localhost ~]# showmount -e 192.168.100.14    ##如果还没发布,请到存储服务器发布下,exportfs -rv
Export list for 192.168.100.14:
/opt/52xit   192.168.100.0/24
/opt/51xit   192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.14:/opt/51xit /var/www/html/
[root@localhost ~]# vi /etc/fstab     ##设置开机自动挂载
......
192.168.100.14:/opt/51xit/ /var/www/html/       nfs     defaults,_netdev 0 0
[root@localhost ~]# mount -a    ##测试格式
[root@localhost ~]# init 6
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd

登录192.168.100.12测试网站是否正常

Web2

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=7df84afb-6c7f-4b38-92f6-621966d3edcd
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.13
NETMASK=255.255.255.0
GATEWAY=192.168.100.11
[root@localhost ~]# systemctl restart network
[root@localhost ~]# yum -y install nfs-utils
[root@localhost ~]# showmount -e 192.168.100.14
Export list for 192.168.100.14:
/opt/52xit   192.168.100.0/24
/opt/51xit   192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.14:/opt/52xit /var/www/html/
[root@localhost ~]# ll /var/www/html/
total 4
-rw-r--r--. 1 root root 22 Sep 21 12:10 index.html
[root@localhost ~]# vi /etc/fstab
......
192.168.100.14:/opt/52xit/ /var/www/html/       nfs     defaults,_netdev 0 0
[root@localhost ~]# mount -a
[root@localhost ~]# init 6
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd

登录192.168.100.13测试网站是否正常

登录20.0.0.11 测试轮询是否正常

你可能感兴趣的:(实验)