Virtual service persistent connection
Topology:
650) this. width = 650; "title =" image 1.png "src =" http://www.bkjia.com/uploads/allimg/131228/041HK594-0.png "alt =" 224949966.png"/>
The vip address of the front-end virtual server is 192.168.0000100, the rip of the backend node1 is 192.168.000010, And the vip is 192.168.0000100.
The rip of node2 is 192.168.20.20, And the vip is 192.168.20.100.
Working principle:
The front-end virtual server receives a request and encapsulates the request into a data frame. The target mac address of the frame is the mac address of the real server at the rear, the target IP address is vip, and the original IP address is the Client IP address, the original mac address is the mac address of the client. The backend server receives a data frame and disassembles the frame into a data packet. It finds that the destination IP address is its own vip address, and the original IP address is the IP address of the client, then, the server directly sends the request results to the client and does not forward them to the virtual server.
1: client-based persistent connection PCC
Rules on the Virtual Server:
Ipvsadm-E-t192.168.20.100: 0-srr-p.
[Root @ localhost ~] # Ipvsadm-a-t192.168.20.100: 0-r192.168.20.10-g
[Root @ localhost ~] # Ipvsadm-a-t192.168.20.100: 0-r192.168.20.20-g
Port 0 represents all ports. The default value of-p is 360 seconds. Within 360 seconds, the same client keeps accessing Node 1 or node 2. If client 1 has been accessing Node 1, the client will have been accessing Node 2 for more than 360 seconds and will be renewed for 120 seconds. The client-based high-performance connection is a little bit. The client keeps accessing the same web server, and the connection does not jump. It keeps requesting the same node to ensure data consistency and integrity.
2: Port-based connection to PPC
Rules on the Virtual Server:
[Root @ localhost ~] # Ipvsadm-A-t192.168.20.100: 80-srr-p60
[Root @ localhost ~] # Ipvsadm-A-t192.168.20.100: 22-srr-p60
[Root @ localhost ~] # Ipvsadm-a-t192.168.20.100: 22-r192.168.20.10: 22-g
[Root @ localhost ~] # Ipvsadm-a-t192.168.20.100: 80-r192.168.20.20: 80-g
Root @ localhost ~] # Ipvsadm-l
IPVirtualServerversion1.2.1 (size = 4096)
ProtLocalAddress: PortSchedulerFlags
-> RemoteAddress: PortForwardWeightActiveConnInActConn
Tcp192.168.0000100: httprrpersistent60
-> 192.168.20.20: httpRoute100
Tcp192.168.0000100: sshrrpersistent60
-> 192.168.20.10: sshRoute100
When you access http: // 192.168.20.100, the request is forwarded to port 80 on the web server of Node 2 and the page content on the second node is accessed.
When accessing ssh: 192.168.255.100, the request is forwarded to port 25 on node 1 and remotely logged on to the first node.
3: firewall-based highly persistent connection to http Services
Rules on the firewall:
[Root @ localhost ~] # Iptables-tmangle-APREROUTING-d192.168.20.100-ptcp -- dport80-jMARK -- set-mark10
[Root @ localhost ~] # Iptables-tmangle-APREROUTING-d192.168.20.100-ptcp -- dport443-jMARK -- set-mark10
[Root @ localhost ~] # Iptables-tmangle-L
ChainPREROUTING (policyACCEPT)
Targetprotoptsourcedestination
MARKtcp -- anywhere192.168.20.100tcpdpt: httpMARKxset0xa/0 xffffffff
MARKtcp -- anywhere192.168.20.100tcpdpt: httpsMARKxset0xa/0 xfffffff
Rules on the Virtual Server:
[Root @ localhost ~] # Ipvsadm-A-f10-p60-srr
[Root @ localhost ~] #
[Root @ localhost ~] #
[Root @ localhost ~] # Ipvsadm-a-f10-r192.168.20.10-g
[Root @ localhost ~] # Ipvsadm-a-f10-r192.168.20.20-g
[Root @ localhost ~] # Ipvsadm-l
IPVirtualServerversion1.2.1 (size = 4096)
ProtLocalAddress: PortSchedulerFlags
-> RemoteAddress: PortForwardWeightActiveConnInActConn
FWM10rrpersistent60
-> 192.168.20.20: 0Route100
-> 192.168.20.10: 0Route100
650) this. width = 650; "title =" image 2.png "src =" http://www.bkjia.com/uploads/allimg/131228/041HH3H-1.png "alt =" 225006201.png"/>
Open a browser to access http: // 192.168.20.100
Page Content of node 1apache server appears
Access https: // 192.168.20.100/
The content displayed at the backend is the page content of Node 1.
View virtual service matching rules iplvsadm-l
650) this. width = 650; "title =" image 3.png "src =" http://www.bkjia.com/uploads/allimg/131228/041HJ096-2.png "alt =" 225017945.png"/>
4: firewall-based persistent connection to the ftp service
Firewall Rules:
[Root @ localhost ~] # Iptables-tmangle-APREROUTING-d192.168.20.100-ptcp -- dport21-jMARK -- set-mark20
[Root @ localhost ~] # Iptables-tmangle-APREROUTING-d192.168.20.100-ptcp-mmultiport -- dport10000: 10002-jMARK -- set-mark20
[Root @ localhost ~] # Iptables-tmangle-L-n -- line-number
ChainPREROUTING (policyACCEPT) numtargetprotoptsourcedestination
1MARKtcp -- 0.0.0.0/0192.168.20.100tcpdpt: 21MARKxset0x14/0 xffffffff
2MARKtcp -- 0.0.0.0/0192.168.20.100multiportdports10000: 10002MARKxset0x14/0 xffffffff
Virtual service rules:
[Root @ localhost ~] # Ipvsadm-A-f20-srr-p1800
[Root @ localhost ~] # Ipvsadm-a-f20-r192.168.20.10-g
[Root @ localhost ~] # Ipvsadm-a-f20-r192.168.20.20-g
[Root @ localhost ~] #
[Root @ localhost ~] # Ipvsadm-l
IPVirtualServerversion1.2.1 (size = 4096)
ProtLocalAddress: PortSchedulerFlags
-> RemoteAddress: PortForwardWeightActiveConnInActConn
FWM20rrpersistent1800
-> 192.168.20.20: 0Route100
-> 192.168.20.10: 0Route100
View matching of virtual service rules
[Root @ localhost ~] # Ipvsadm-l
IPVirtualServerversion1.2.1 (size = 4096)
ProtLocalAddress: PortSchedulerFlags
-> RemoteAddress: PortForwardWeightActiveConnInActConn
FWM20rrpersistent1800
-> 192.168.20.20: 0Route115
-> 192.168.20.10: 0Route100
When client 1 accesses ftp: // 192.168.20.100, the requested result is the content on the node 1 ftp server, and node 2 is accessed within 1800 seconds.
When client 2 accesses ftp: // 192.168.20.100, the requested result is the content on the node 1 ftp server, and node 1 is accessed within 1800 seconds.
This article is from "My blog" blog, please be sure to keep this source http://7615912.blog.51cto.com/7605912/1304675