One, the LVS load balanced NAT working mode (work on the network layer) 650) this.width=650; "Src=" https://s4.51cto.com/oss/201711/05/ 7233965d67479310bf3811804d0715af.png "title=" 1.png "alt=" 7233965d67479310bf3811804d0715af.png "/>
Work flow
(a). When a user requests to reach the director Server, the requested data message is first to the prerouting chain of the kernel space. At this time the source IP of the message is CIP, the target IP is VIP
(b). prerouting Check that the destination IP of the packet is native and the packet is sent to the input chain
(c). Ipvs is the Cluster service than the service requested by the packet, if the destination IP address of the packet is modified to be the back-end server IP, then the packet is sent to the postrouting chain. At this time the source IP of the message is CIP, the destination IP is RIP
(d). Postrouting chain through routing, data packets sent to real Server
(e). Real server is the target for its own IP, and the start of the build response message is sent back to director server. At this point the source IP of the message is RIP, the target IP is CIP
(f). Director server modifies the source IP address to its own VIP address before responding to the client, and then responds to the client. At this time the source IP of the message is VIP, the target IP is CIP
Environment Preparation:
Server |
Ip |
Clients (client) |
172.16.111.13 (Analog public network address) |
Virtual Services (VS)
|
172.16.111.123 (Analog public network address) 192.168.111.200 (Intranet) |
Back-end Request processing server (RS1)
|
192.168.111.101 (Gateway Point vs) |
Back-end Request processing server (RS2)
|
192.168.111.102 (Gateway Point vs)
|
3. Experimental steps:
(1) iptables -f && setenforce 0 Clear firewall policy, close selinux yum install ipvsadm -y // Install LVS management software on director (2) Configure LVS policy on director ipvsadm -A -t 172.16.111.123:80 -s wrr //opens a 80-port-based virtual service, and the scheduling algorithm is wrr ipvsadm -a -t 172.16.111.123:80 -r 192.168.111.101 -m -w 1 ipvsadm -a -t 172.16.111.123:80 -r 192.168.111.102 -m -w 1 //Configuring the Web service backend real server to nat mode of operation, Weights for 1 vim /etc/sysctl.conf Modify netipv4.ip.forward=1 // Turn on route forwarding (3) Configure Configure Gateway on real server to point to 192.168.111.2000
Disadvantages : the NAT operation mode of LVS, whether the request packet or the response packet will pass through the director Server, and the response packet will usually carry a large amount of data, so it brings a lot of traffic pressure
Two, LVS load Balancing Dr operation mode (work on the data Link layer)
650) this.width=650; "src=" Https://s3.51cto.com/oss/201711/06/9d7c81bec5ccf6a8d1f17348acbd9965.png "title=" 2.png " alt= "9d7c81bec5ccf6a8d1f17348acbd9965.png"/>
1. Work Flow
(a) When a user requests to arrive at the director Server, the requested data message is first to the prerouting chain of the kernel space. At this time the source IP of the message is CIP, the target IP is VIP
(b) prerouting check that the destination IP of the packet is native and the packet is sent to the input chain
(c) Ipvs than whether the service requested by the packet is a Cluster service, if the source MAC address in the request message is modified to the MAC address of the dip, the destination MAC address is modified to the MAC address of the RIP, and then the packet is sent to the postrouting chain. The source IP and destination IP are not modified at this time, only the MAC address of the source MAC address is modified and the MAC address of the destination MAC address is RIP.
(d) Because DS and RS are in the same network, they are transmitted over two layers. The postrouting chain checks the MAC address of the target MAC address as RIP, and the packet will be sent to realserver at this time.
(e) Rs discovers that the MAC address of the request message is its own MAC address and receives the message. After processing is completed, the response message is routed through the LO interface to the eth0 NIC and then outward. At this point the source IP address is VIP, the target IP is CIP
(f) The response message is eventually delivered to the client
2. Environment Preparation
Server |
IP Address |
Note |
Lvs-server |
vip:172.17.253.100 Dip:192.168.163.101 |
Turn on the routing feature (VIP bridge, dip only host) |
Rs01 |
rip:192.168.163.102 |
Gateway points to dip (host only) |
Rs02 |
rip:192.168.163.103 |
Gateway points to dip (host only)
|
3. Experimental steps
Lvs-server configuration: 1, ipvsadm -a -t 172.17.253.100:80 -s wrr# open a virtual service based on 80 port, scheduling mode is WRR2 , ipvsadm -a -t 1172.17.253.100:80 -r 192.168.163.102:80 -m-w 1# Configure Web Service backend real server for NAT weight 13, ipvsadm -a -t 172.17.253.100:80 - r 192.168.163.103:80-m -w 1# Configure Web Service backend real server to NAT mode weight 14, modify kernel configuration, Turn on routing forwarding #vim /etc/sysctl.conf modify net.ipv4.ip_forward=1 #sysctl -p make it effective 5, real Server Configuration configuration Gateway point to 192.168.163.1016, realserver configuration ifconfiglo:0 $vip broadcast $vip netmask 255.255.255.255 up# Configure the VIP to the local loopback network card lo, and only broadcast itself routeadd -host $VIP lo:0# Configure the local loopback NIC routing echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore#1 answer only the destination IP address is the ARP query request that visited the local address of the network interface echo "2" >/proc/sys/ net/ipv4/conf/lo/arp_announce#2 use the most appropriate local address for the query target. This mode ignores the source address of this IP packet and attempts to select a local address that can communicate with that address. echo "1" >/ proc/sys/net/ipv4/conf/all/aRp_ignoreecho "2" >/proc/sys/net/ipv4/conf/all/arp_announce# turn off ARP reply 1: Response 2 is only given when the requested destination IP is configured on the interface of the local host receiving the request message: You must avoid advertising the interface information to a non-network
Cons: vs and Rs must be in the same physical network segment
Three,LVs load Balanced Dr operation mode
650) this.width=650; "src=" Https://s5.51cto.com/oss/201711/06/3618803af269bb32a1d2f9af827065cf.png "title=" 3.png " alt= "3618803af269bb32a1d2f9af827065cf.png"/>
1. Work Flow
(a). The client sends the request to the front-end load balancer, the request source address is CIP, the destination address is VIP.
(b). After the load balancer receives the message, it discovers that the request is the address that exists in the rule, then it will encapsulate a layer of IP message in the header of the client request packet, change the source address to dip, change the destination address to rip, and send this packets to Rs.
(3). When the RS receives the request message, it first opens the first layer of encapsulation, and then discovers that the target address of the IP header is the VIP on its lo interface, so it processes the request message and sends the response message to the ETH0 network card via the LO interface to the client directly. Note: VIPs that need to set the Lo interface cannot appear on the network
Implementation of load balancing based on LNMP e-commerce website