First word: masquerade indicates the meaning of makeup disguise... Nat
Test Machine: VM1 VM2 vm3 three virtual machine VM1 has a dual Nic, a connection to the Internet a host-only connection to the Intranet, the network structure of the LVS--NAT environment is deployed
Both VM2 and vm3 are in the host-only network.
Lab physical structure:
Lab diagram and address Distribution Description: the IP address of clinet is CIP. In this experiment, the VIP address of 192.168.0.101vm1 is 192.168.0.10vm1, and the dip of 192.168.100.10 VM2 is an RS1 machine. The IP address of 192.168.100.7 gateway must be 192.168.100.10, the IP address of the rs2 host pointing to dipvm3 is 192.168.100.7. The gateway must be 192.168.100.10, pointing to the dip to complete the NAT model cluster configuration: Step 1 configure Dr first: configure the direcory machine as a cluster service machine that can schedule RS1 and rs2. 2. Complete ipvsadm command management and configure ipvs. Check that the kernel supports ipvs. [[email protected] ~] # Cat/boot/config-2.6.32-358.el6.x86_64 | grep-I "vs" Install ipvsadm Yum install ipvsadm 3: ipvsadm command complete 1 implement management cluster service: ipvsadm-a-t 192.168.0.10: 80-s RR 2 implements Management Cluster RealServer:
Ipvsadm-a-t 192.168.0.10: 80-r 192.168.100.7-m
Ipvsadm-a-t 192.168.0.10: 80-r 192.168.100.9-m
Step 2
Configure RS1 and rs2 take RS1 as an example. 1. Network correctness route add default GW 192.168.100.10. If not, use this command to modify the gateway or setup for network settings. 2. Prepare a web server (such as httpd) and prepare a test PAGE result test: Because the implementation method of the scheduler is RR Round Robin, the scheduling method is: WRR for testing (of course, you can also use the clinet browser for testing, but pay attention to firewall and 360) # ipvsadm-e-t 192.168.0.10: 80-s WRR # ipvsadm-e-t 192.168.0.10: 80-r 192.168.100.7-m-W 3 check whether the configuration is correct: [[email protected] ~] # Ipvsadm-l
IP Virtual Server version 1.2.1 (size = 4096)
Prot localaddress: Port sched1_flags
-> Remoteaddress: port forward weight activeconn inactconn
TCP 192.168.0.10: HTTP WRR
-> 192.168.100.7: HTTP masq 3 0 0
-> The result of 192.168.100.9: HTTP masq 1 0 0 is: RS1: rs2 is set to by weight in rww: after the test is completed, save Vim/etc/sysconfig/ipvsadm-config and modify the configuration: by default, the configuration is not saved to/etc/sysconfig/ipvsadm # ipvsadm-save #/etc/init. d/ipvsadm restart view to save the configuration # Analysis Principle of CAT/etc/sysconfig/ipvsadm principle: Nat LVS principle: Same as Nat, through one-to-multiple method, modify the three-tier Address Source Address and the destination address to forward the data packet correctly. The four steps are shown in the following figure: the SIP dip can be illustrated separately, it is easy to understand that I use a complete IP packet for analyzer process: Process 1 client ---> VIP sip = CIP 192.168.0.101 dip = VIP 192.168.0.10 process 2: Because the packet passes through the directory scheduler, at the kernel level, ipvs controls data packets. Because the defined rules are met and the mode is Nat, therefore, change the layer-3 address directory of the data packet --> RS1 sip = CIP 192.168.0.101 dip = rip 192.168.100.7 to reach the RS1 server and find that it is acceptable, so the returned data process is 3: RS1 --> directory sip = rip 192.168.100.7 dip = CIP 192.168.0.101 after directory process 4: Directory --> clinet sip = dip 192.168.0.10 dip = CIP 192.168.0.101 attach the capture packet tcpdump result: process 1 use the ipvsadm command attachment: attached the command usage of ipvsadm: ipvsadm usage Introduction MAN ipvsadm function 1 Manage cluster services add-a-t | u | f service-Address [-s scheduler]-T: IP: Port-u: IP: Port-F: In the service-address cluster of the TCP protocol: mark Number-S indicated by service-address in FWM firewall: Method of scheduler, the default value is wlc modify-e Delete-D-T | u | f service-address # define SADM-a-t 172.16.100.1: 80-s RR 2 adds RealServer-a-t | u | f service-address-r server-Address [-G | I | M] [-W weight] [-x upper] [-y lower] service-address: the preceding cluster service-r specifies the rip of the RealServer. In the NAT model, IP addresses can be used: port ing [-G | I | M] indicates LVS type-G: DR (default)-I: Tun-M: nat-W specify serverless weight change-e Delete-D-T | u | f service-address-r server-address # ipvsadm-a-t 172.16.100.1: 80-r 192.168.10.8-M # ipvsadm-a-t 172.16.100.1: 80-r 192.168.10.9-M 3 view-L | -- list-N number format, unreverse IP address and port -- stats display statistics -- rate: Rate -- timeout display tcp upd tcpfin protocol timeout length in current ipvs (this is the default) -- daemon: Process status and multicast port -- sort: sort the list.-C: Clear ipvs rules to display ipvs connection status, delete all cluster services 4 save rules-s # ipvsadm-S>/path/to/File Load the first rule # ipvsadm-r </path/to/File
LVS-Nat model experiment and Principle Analysis
