Simple implementation of NAT&DR model for LVS

Lvs:linux Virtual Server

A free software project initiated by Dr. Zhangwensong, whose official site is www.linuxvirtualserver.org.

Now LVS is already part of the Linux standard kernel, Prior to the Linux2.4 kernel, the LVS had to be recompiled to support the LVS function module, but since the Linux2.4 kernel, the various functions of LVS have been built-in, without any patching of the kernel, and the functions provided by LVS can be used directly.

LVS is a software implementation scheme for LB clusters, similar to Haproxy,nginx,ats (Apache traffice server), Perbal, etc.

Hardware Implementation method: F5 Company's big-IP (middle-high-end 60w+ one), Citrix Netscaler,a10 Company's A10 and so on.

Composition of LVS: Ipvs/ipvsadm

　　Ipvs: A program that works on the input chain in the kernel space NetFilter to enable request forwarding based on a user-defined cluster

　　ipvsadm: A command-line tool for user space to manage the Cluster service and real server on the Cluster service

　　　　ipvsadm command usage: because of the many options for this command, it can be summed up in two categories,

① Management Cluster Service:

ipvsadm-a| E-t|u|f Service-address [-S scheduler] [-p [Timeout]]   /*-A: Add-   E: Modify   -t:tcp-   u : UDP   -f:firewall Mark    service-address:        -t,tcp,vip:port        -u,udp,vip:port        -f,fwm,mark    -S Scheduler: Scheduling method, default is  WLC*/-d-t|u|f service-address//   -D: Delete

② manage the RS on the cluster:

Ipvsadm-a|e-t|u|f service-address-r server-address [-g|i|m] [-w weight]/*-a                : add-    E: Modify    -R server-address:rs address, rip[:p ort]    -g:gateway,dr (default)    -i:ipip,tun    -m:masquerade,nat */     

③ View

ipvsadm-l| l [Options] /* -                n,--Numeric: Digital format display IP and port    --exact: Exact value    -C,--connection: Show Ipvs connection    --stats: Statistics    -- Rate: Speed * /

④ Save and Reload

// Save:ipvsadm-s >/path/to/some_rule_fileipvsadm-save >/path/to/some_rule_file/ / Reload:ipvsadm-r </path/to/Some_rule_fileipvsadm-restore </path/to/some_rule_file

⑤ Empty

// Purge rule ipvsadm-C// Empty counter ipvsadm-z [-t|u|f service-address]

Lvs-nat Model Implementation

Director: Dual NIC

Extranet Address:192.168.1.102 (VIP)

Intranet Address:172.18.100.6 (DIP)

RS1: Load httpd do test

Intranet Address:172.18.100.11

RS2: Load httpd do test

Intranet Address:172.18.100.12

Deployment:

(1) Shut down the firewall, Selinux; Rs1,rs2 Install httpd and write a test page to open the service and make sure the service is available.

(2) Director shuts down the firewall, Selinux, clears the iptables rule, and turns on the kernel Ipv4_forward function.

echo 1 >>/proc/sys/net/ipv4/ip_forward

(3) Installing the IPVSADM command-line tool

Yum-y Install Ipvsadm

(4) Set cluster rules

Ipvsadm-a-T 192.168.1.102:80--a-t 192.168.1.102:80-r 172.18.100.11-m-W 1-a-t 192.168.1.102:80-r 172.18.100.12-m-W 1

(5) View the specified rules

Ipvsadm-ln

(6) Start another host to start testing, the effect is as follows:

Summarize:

Lvs-nat Design Essentials:

(1) VIP and RIP must be on the same IP network, RIP Gateway to point to dip

(2) Support port mapping

Disadvantages of Lvs-nat:

In the Lvs/nat cluster system, the request and response data packets need to pass the Load scheduler (director), when the number of real servers (Realserver) between 10 and 20, the load Scheduler (director) will become a new bottleneck of the entire cluster system.

LVS-DR Model Implementation

Director:

eno16777736:192.168.1.102(dip) Set Dip Purpose: If you use tools such as keepalived for HA or load Balance, dip is required for health checks.

eno16777736:0:192.168.1.100(VIP)

RS1:192.168.1.103

RS2:192.168.1.104

Deployment:

(1) Shut down the firewall, Selinux; Rs1,rs2 Install httpd and write a test page to open the service and make sure the service is available.

(2) Set VIP on Director:

Ifconfig eno16777736:0 192.168.1.100 netmask 255.255.255.255-host 192.168.1.100 Dev eno16777736:0/*LVS/DR, The netmask of the director's VIP does not have to be set to 255.255.255.255, and does not need to go to the route add-host $VIP Dev eth0:0director vip is to be as normal as the IP address of the external notice, Don't be so special. */

(3) Set rules on Director:

Ipvsadm-a-T 192.168.1.100:80--a-t 192.168.1.100:80-r 192.168.1.103-g-W 1-a-t 192.168.1.100:80-r 192.168.1.104-g-W 2

(4) RS1 and RS2 settings: mainly to adjust the kernel parameters and the physical interface Lo address binding, through the script implementation:

#!/bin/bash#Vip=$2 Case"$"Instart)Echo1 >/proc/sys/net/ipv4/conf/all/Arp_ignoreEcho1 >/proc/sys/net/ipv4/conf/lo/Arp_ignoreEcho2 >/proc/sys/net/ipv4/conf/all/arp_announceEcho2 >/proc/sys/net/ipv4/conf/lo/arp_announce ifconfig Lo: 0$VIPNetmask 255.255.255.255 Broadcast$VIPRoute Add-host$VIPDev lo:0;; stop)Echo0 >/proc/sys/net/ipv4/conf/all/Arp_ignoreEcho0 >/proc/sys/net/ipv4/conf/lo/Arp_ignoreEcho0 >/proc/sys/net/ipv4/conf/all/arp_announceEcho0 >/proc/sys/net/ipv4/conf/lo/arp_announce Route del$VIP    ;; *)    Echo"Tips:$0{start|stop}"    ;; Esac

(5) with another host to access the VIP, you can see the effect of

Summarize:

　　Core points

(1) The dispatcher and the actual server have a NIC attached to the same physical network segment.

(2) Rip and dip are generally on the same network (because forwarding is implemented at the data link layer, the Mac must be guaranteed to not change), and the Rip Gateway cannot point to the dip, but the two may not be on the same network as the VIP.

(3) Each RS must first set the kernel parameters, and then set the physical interface lo VIP and routing.

(4) port mapping not supported

(5) The director's Ip_forward does not need to turn on forwarding because the Director and RS are on the same network.

(6) The director's VIP is typically set on the alias of the NIC, such as eth0:0 or eno16777736:0

　　

Simple implementation of NAT&DR model for LVS