Lvs-based persistent connections

Virtual service persistent connection

Topology:

650) this. width = 650; "title =" image 1.png "src =" http://www.bkjia.com/uploads/allimg/131228/041HK594-0.png "alt =" 224949966.png"/>

The vip address of the front-end virtual server is 192.168.0000100, the rip of the backend node1 is 192.168.000010, And the vip is 192.168.0000100.

The rip of node2 is 192.168.20.20, And the vip is 192.168.20.100.

Working principle:

The front-end virtual server receives a request and encapsulates the request into a data frame. The target mac address of the frame is the mac address of the real server at the rear, the target IP address is vip, and the original IP address is the Client IP address, the original mac address is the mac address of the client. The backend server receives a data frame and disassembles the frame into a data packet. It finds that the destination IP address is its own vip address, and the original IP address is the IP address of the client, then, the server directly sends the request results to the client and does not forward them to the virtual server.

1: client-based persistent connection PCC

Rules on the Virtual Server:

Ipvsadm-E-t192.168.20.100: 0-srr-p.

[Root @ localhost ~] # Ipvsadm-a-t192.168.20.100: 0-r192.168.20.10-g

[Root @ localhost ~] # Ipvsadm-a-t192.168.20.100: 0-r192.168.20.20-g

Port 0 represents all ports. The default value of-p is 360 seconds. Within 360 seconds, the same client keeps accessing Node 1 or node 2. If client 1 has been accessing Node 1, the client will have been accessing Node 2 for more than 360 seconds and will be renewed for 120 seconds. The client-based high-performance connection is a little bit. The client keeps accessing the same web server, and the connection does not jump. It keeps requesting the same node to ensure data consistency and integrity.

2: Port-based connection to PPC

Rules on the Virtual Server:

[Root @ localhost ~] # Ipvsadm-A-t192.168.20.100: 80-srr-p60

[Root @ localhost ~] # Ipvsadm-A-t192.168.20.100: 22-srr-p60

[Root @ localhost ~] # Ipvsadm-a-t192.168.20.100: 22-r192.168.20.10: 22-g

[Root @ localhost ~] # Ipvsadm-a-t192.168.20.100: 80-r192.168.20.20: 80-g

Root @ localhost ~] # Ipvsadm-l

IPVirtualServerversion1.2.1 (size = 4096)

ProtLocalAddress: PortSchedulerFlags

-> RemoteAddress: PortForwardWeightActiveConnInActConn

Tcp192.168.0000100: httprrpersistent60

-> 192.168.20.20: httpRoute100

Tcp192.168.0000100: sshrrpersistent60

-> 192.168.20.10: sshRoute100

When you access http: // 192.168.20.100, the request is forwarded to port 80 on the web server of Node 2 and the page content on the second node is accessed.

When accessing ssh: 192.168.255.100, the request is forwarded to port 25 on node 1 and remotely logged on to the first node.

3: firewall-based highly persistent connection to http Services

Rules on the firewall:

[Root @ localhost ~] # Iptables-tmangle-APREROUTING-d192.168.20.100-ptcp -- dport80-jMARK -- set-mark10

[Root @ localhost ~] # Iptables-tmangle-APREROUTING-d192.168.20.100-ptcp -- dport443-jMARK -- set-mark10

[Root @ localhost ~] # Iptables-tmangle-L

ChainPREROUTING (policyACCEPT)

Targetprotoptsourcedestination

MARKtcp -- anywhere192.168.20.100tcpdpt: httpMARKxset0xa/0 xffffffff

MARKtcp -- anywhere192.168.20.100tcpdpt: httpsMARKxset0xa/0 xfffffff

Rules on the Virtual Server:

[Root @ localhost ~] # Ipvsadm-A-f10-p60-srr

[Root @ localhost ~] #

[Root @ localhost ~] #

[Root @ localhost ~] # Ipvsadm-a-f10-r192.168.20.10-g

[Root @ localhost ~] # Ipvsadm-a-f10-r192.168.20.20-g

[Root @ localhost ~] # Ipvsadm-l

IPVirtualServerversion1.2.1 (size = 4096)

ProtLocalAddress: PortSchedulerFlags

-> RemoteAddress: PortForwardWeightActiveConnInActConn

FWM10rrpersistent60

-> 192.168.20.20: 0Route100

-> 192.168.20.10: 0Route100

650) this. width = 650; "title =" image 2.png "src =" http://www.bkjia.com/uploads/allimg/131228/041HH3H-1.png "alt =" 225006201.png"/>

Open a browser to access http: // 192.168.20.100

Page Content of node 1apache server appears

Access https: // 192.168.20.100/

The content displayed at the backend is the page content of Node 1.

View virtual service matching rules iplvsadm-l

650) this. width = 650; "title =" image 3.png "src =" http://www.bkjia.com/uploads/allimg/131228/041HJ096-2.png "alt =" 225017945.png"/>

4: firewall-based persistent connection to the ftp service

Firewall Rules:

[Root @ localhost ~] # Iptables-tmangle-APREROUTING-d192.168.20.100-ptcp -- dport21-jMARK -- set-mark20

[Root @ localhost ~] # Iptables-tmangle-APREROUTING-d192.168.20.100-ptcp-mmultiport -- dport10000: 10002-jMARK -- set-mark20

[Root @ localhost ~] # Iptables-tmangle-L-n -- line-number

ChainPREROUTING (policyACCEPT) numtargetprotoptsourcedestination

1MARKtcp -- 0.0.0.0/0192.168.20.100tcpdpt: 21MARKxset0x14/0 xffffffff

2MARKtcp -- 0.0.0.0/0192.168.20.100multiportdports10000: 10002MARKxset0x14/0 xffffffff

Virtual service rules:

[Root @ localhost ~] # Ipvsadm-A-f20-srr-p1800

[Root @ localhost ~] # Ipvsadm-a-f20-r192.168.20.10-g

[Root @ localhost ~] # Ipvsadm-a-f20-r192.168.20.20-g

[Root @ localhost ~] #

[Root @ localhost ~] # Ipvsadm-l

IPVirtualServerversion1.2.1 (size = 4096)

ProtLocalAddress: PortSchedulerFlags

-> RemoteAddress: PortForwardWeightActiveConnInActConn

FWM20rrpersistent1800

-> 192.168.20.20: 0Route100

-> 192.168.20.10: 0Route100

View matching of virtual service rules

[Root @ localhost ~] # Ipvsadm-l

IPVirtualServerversion1.2.1 (size = 4096)

ProtLocalAddress: PortSchedulerFlags

-> RemoteAddress: PortForwardWeightActiveConnInActConn

FWM20rrpersistent1800

-> 192.168.20.20: 0Route115

-> 192.168.20.10: 0Route100

When client 1 accesses ftp: // 192.168.20.100, the requested result is the content on the node 1 ftp server, and node 2 is accessed within 1800 seconds.

When client 2 accesses ftp: // 192.168.20.100, the requested result is the content on the node 1 ftp server, and node 1 is accessed within 1800 seconds.

This article is from "My blog" blog, please be sure to keep this source http://7615912.blog.51cto.com/7605912/1304675