Http://blog.chinaunix.net/uid-7411781-id-3436142.html
A public network address deployment LVS/DR mode online read a lot about LVS, in the selection of 2 modes lvs/dr and Lvs/nat, see a lot of people's view that the DR model must use multiple public address, both Dip,vip,rip must be in the same network segment At first my idea was the same, the only solution I knew was to add another router to the LVS cluster, a static NAT conversion with the router, and the back-end LVS cluster to use the DR model. However, it is cost-intensive to have a router specifically responsible for NAT conversion work, and the pressure is transferred to the front-end router, and in performance, speed relative to the simple Dr mode does not improve. Www.2cto.com Dr Mode performance is definitely better than NAT, the general Nat mode, Realserver can not exceed 10, and Dr Mode, hundreds of Taiwan Realserver is also the problem of the two days have been tangled in can use simple Dr Mode, and use a public address to achieve (both VIP for the public address, RIP and dip using the internal address of the private network). Refer to some of the documents in fact Dr. Zhangwensong has clearly indicated on the official network Dr Mode, can let VIP and Dip,rip in different network segments. Refer to http://zh.linuxvirtualserver.org/node/155 and in this site also has the DR Mode use different network segment introduction See http://www.austintek.com/LVS/LVS-HOWTO/ Howto/lvs-howto.lvs-dr.html here, I have consulted the above introduction under the affirmative reply of Dr. Zhangwensong, summed up the scene in the common network architecture in the real scene www.2cto.com this topology is a more common type, First analysis of the work of the LVS when the data packet is how the flow of 1. The client sends a service request with a source IP of 1.1.1.1, the target IP is 200.0.0.10 2. Packets are routed through the middle layer, and the table entries defined in the Director3.director query Ipvsadm are selected by the algorithm, and a realserver is chosen here because it is the DR model, The director only changes the target MAC address of the 2-tier portion of the data, and the realserver4.realserver that is forwarded to the private IP will receive the packet, processed, and the packet forwarded to the client
The key step, Realserver, is how to reply the packet back to the client? First, a special route is defined on the Realserver, and the packet with the target VIP is sent from the loopback port, so the source address is the VIP, and the source and destination address of the packet are unchanged. However, due to the limitation of the ARP broadcast and response mode, the outside world does not know that there is a VIP realserver, Realserver also do not know the VIP this network segment of the other host, so the packet is stuck in realserver here. The solution is to add a default route on the Realserver, do not know the packet is sent to the gateway to the upper private network address, so the router received the packet and then directly routed to the customer, in this topology diagram, the router link switch interface to have 2 addresses, one is the gateway address of the private network, One is the gateway address of the public network to achieve a single public network IP address LVS/DR mode said a lot of possible to see also dizzy, then a common topology map
In this picture, the Director pulls a leased line directly from the ISP (as far as the firewall between the ISP and the director is temporarily blocked) the packet is so flowing customers-the Internet-> director--> realserver-- > gateway--> Customer www.2cto.com topology is ever-changing, in accordance with the actual scenario to implement the next is the specific implementation method, the following experiments by the virtual machine to complete the first topology here 192 network segment Simulation public network, 10 network segment simulation private network
First introduced the experimental environment: The client is my host, director and 2 Realserver are virtual machines, they are connected with the virtual Switch VMnet8, wherein the customer both as a customer and as a gateway, so on the VMNET8 network card is also configured with 2 addresses (in order to avoid confusion, The experiment will finally be validated by a grab packet) director first configures address [[email protected] ~]# ifconfig eth0 10.0.0.10 netmask 255.255.255.0[[email protected] ~]# if Config eth0:1 192.168.92.100 netmask 255.255.255.0 Up then configure the Cluster service [[email protected] ~]# ipvsadm-a-t 192.168.92.100:80-s RR #创建一个http的集群服务, use the polling algorithm [[email protected] ~]# ipvsadm-a-t 192.168.92.100:80-r 10.0.0.1–g #添加一个realserver and use Dr Mode. Can see: Service VIP and Realserver RIP is not in a network segment [[email protected] ~]# ipvsadm-a-t 192.168.92.100:80-r 10.0.0.2–g # The same method adds a realserver to this director configuration to see the configuration of the next IP address www.2cto.com
View the configuration of the next Ipvsadm
See here is the route mode, and Realserver in different network segments first to limit ARP broadcast and response [[email protected] ~]# echo 2 >/proc/sys/net/ipv4/conf/all/arp_ Announce[[email protected] ~]# echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce[[email protected] ~]# echo 1 >/ Proc/sys/net/ipv4/conf/all/arp_ignore[[email protected] ~]# echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore then configure the address [ [Email protected] ~]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0[[email protected] ~]# ifconfig lo:1 192.168.92.100 Netm Ask 255.255.255.255 broadcast 192.168.92.100 #配置VIP必须不让realserver对外广播
Then configure the route [[email protected] ~]# route add-host 192.168.92.100 Dev lo:1 #请求是VIP的包 to lo:1 interface, so the source address or VIP, will not cause the source address to be changed from eth0 to Rip[[email protected] ~]# route add default GW 10.0.0.3 #添加默认路由, a gateway to the private network, in this experiment is my client and then start the Web service [email Protected] ~]# echo "Web1" >/var/www/html/index.html #创建网页文件, web1 marking. In the Realserver2 to mark the web2 www.2cto.com [[email protected] ~]# service httpd start #启动http服务至此realserver1配置完成, Realserver2 also in accordance with this configuration, address changes, Web files are different on the line to view the configuration of the IP address
The second Realserver network card information is provided here, after verifying that the data transfer to see the MAC address to use
View the next Routing table
OK configuration has been completed, on the client computer to open the browser verification (the browsing process with the capture tool grab VMNET8 card data) Multiple refreshes, found that each return content is not the same
Look at the number of connections to the Director and find the connection coming in.
Then grab the bag and look at the MAC address of the local host VMnet8 first.
This package is the local host sent to Director's package, the specific MAC address of each virtual machine and host can see the result of the IP address in the previous article www.2cto.com this package was sent to Realserver by the director, the source IP and destination IP were unchanged, Director changed the destination MAC address only
This package is realserver to local customers (see Source and destination MAC address can be verified), source address or VIP, destination address for native customers. The flow of data is verified by a grab packet. A public network IP implementation LVS/DR is feasible, the packet finally arrives at the customer, in the internal network walk is the private network gateway, is equivalent to in the company inside to spare a circle, but compared with the NAT mode, the DR mode efficiency is not comparable to the NAT, in the actual deployment LVs, You should also use Dr Mode as much as possible. Author Lustlost
A public network address deployment LVS/DR mode
