LVS Nat Model Creation

LVS Nat Model Creation
I. Nat model topology of LVS
When a client requests a message, director is used to change the target IP address for forwarding. (When directed ctor, the target IP address is changed from VIP to rip, but when the request message is sent from Director, it is still sent from the interface of the NIC where the dip is located .)
Packet Flow Direction: 1-> 2-> 3
The source address of 1 is CIP, and the target address is ctor's VIP.
The source address of 2 is CIP, and the target address is Rip of ctor.

Figure 1

When the server responds, the source IP address is changed through Director to implement forwarding. (After ctor, the source IP address is changed from Rip to VIP)
Packet Flow Direction: 1-> 2-> 3
The source address of 1 is Rip, and the target address is CIP of ctor.
The source address of 2 is VIP, and the target address is CIP of ctor.

Figure 2

2. Analysis of LVS-NAT model content
1. When requesting a message, the message must pass through ctor to achieve load balancing. At the same time, modify the target IP address on Director to implement forwarding. When responding to a message, modify the source IP address on Director to implement forwarding.
2. the dip of ctor and the rip of each Real Server must be in the same physical network segment, and the rip gateway must point to the dip.
3. Port ing is supported.
4. In the NAT model, VIP addresses are generally public IP addresses, and dip and rip addresses are generally private IP addresses. The main purpose of using the NAT model is to hide the Server IP address.

Iii. Demonstration Environment Planning (system Red Hat 6.8)
Director (BRIDGE, eth0, eth1 ):
VIP, eth0: 172.16.100.9
Dip, eth1: 192.168.20.1
Real Server 1 (vmnet2, eth0)
Rip, eth0: 192.168.20.7
Real Server 2 (vmnet2, eth0)
Rip, eth0: 192.168.20.8

4. Set the LVS-Nat model. (The Nat model supports port ing.
1. Configure Director VIP and dip, and then restart the network.
Set the VIP address of the Director server eth0 (or eno16777736) to 172.16.100.9 (centos7 is shown below, and eth0 of centos6.8 is named eno16777736 ).


View the system Nic name ifconfig-A (the two NICs in centos7 are eno16777736 and eno33554992 ).

Configure the eth1 (or eno33554992) Nic dip of ctor as 192.168.20.1 and dip as the private network address. The Gateway is not required. We do not plan to use this route. After the VIP is configured, you can directly copy the VIP configuration file to the dip configuration file by using CP (ipaddr, netmask, name, device, remove gateway and UUID ).


Restart the network after Configuration:
Centos7

Centos6.8

Check the VIP and dip configurations after the network is restarted.

2. Check and install the yum source (the purpose of installing yum is to install the ipvsadm suite ).
Use Yum grouplist to check the yum installation and then install the yum source. In a closed network or when the OS is Red Hat, there may be no way to load the yum Suite (Red Hat requires money). In the command mode of Linux, yum grouplist checks, if not, the list of required suites cannot be displayed and necessary suites cannot be installed. (Steps for blue being a new energy vendor)

First, place the ISO image to the/tmp directory of ctor and then mount it. Then, install the yum source.

Set the Mount location
Mkdir-P/Media/CDROM
Mount to a specified location

[This is Ma Ge Mount]

Mount-T iso9660-o loop rhel-server-6.8-x86_64-dvd.iso/Media/CDROM [This is available for new vendors Mount]

Mount upon startup
Vim/etc/fstab
/Tmp/rhel-server-6.8-x86_64-dvd.iso/Media/CDROM iso9660 ults, Ro, loop 0 0

Go to the yum folder
CD/etc/yum. Repos. d/

Newly read Yum Source
Vim DVD. Repo

DVD. Repo content:
[DVD-source]
Name = RHEL 6.8 DVD Repo
Baseurl = file: // media/CDROM
Enabled = 1
Gpgcheck = 0

Clear the system yum for temporary storage and re-establish
Yum clean all
Yum makecache
Yum install-y "submodules-Manager-Gui"

Check whether it is successful. If it is successful, the list is displayed.
Yum grouplist

Install yum

1. Chinese Language Pack
   Yum groupinstall "Chinese support"
2. Developer Tools
   Yum groupinstall "development tools"
3. Vim (an easy-to-use Linux File editing tool)
   Yum install Vim

3. Install ipvsadm.
Direct Yum install ipvsadm

Or use rpm-IVH to install ipvsadm.

4. Configure the rip (eth0) of the Real Server as 192.168.20.7 and 192.168.20.8 (the rip gateway points to dip192.168.20.1), and then restart the network.

Go to the Real Server (both must be configured) Nic configuration (configure rip) file and edit it:

Ipaddr = 192.168.20.7
Gateway = 192.168.20.1
Netmask = 255.255.255.0

Restart the real server network
~] Service Network restart

Ping dip192.168.20.1 on the Real Server to check whether the connection is successful.

5. Test The LVS function. The web interfaces of the two real servers are different. Edit the/var/www/html/index.html file of two real servers. The content is as follows.
<H1> test page on Real Server 1

Start two Real Server httpd services.
~] Service httpd start

First, manually request the Real Server Web interface to view the content.

6. Make sure that director's iptables is disabled. Because ipvsadm and iptables are difficult to coexist (iptables includes iptables-ln, iptables-L-n-t Nat, iptables-L-n-t mangle must be cleared ), to coexist, you must carefully design the application mechanism.

On Director, centos6 directly
~] Service iptables stop
Or
~] Iptables-F
~] Iptables-S>/etc/sysconfig/ipvsadm
7. Enable Director ip_forward.
Open/etc/sysctl. conf
~] Vim/etc/sysctl. conf
Set net. ipv4.ip _ forward = 1, archive

8. Define ipvsadm rules on ctor (in ipvsadm,-A is the rule, and-T is the TCP, because the HTTP service in the drill is based on the TCP Service, -s indicates the scheduler scheduling algorithm, and the cluster type is specified in add real server ). [Nat clusters can use port ing to implement cluster services when adding real servers .] To implement a cluster, you only need to define a cluster and add real server. That is, the following one two steps are acceptable.
One: Define a cluster first.

Two: Add two real servers.

The above content is explained:
Forward when forwarding, masq is based on the NAT model.
Weight: weight. No weight is required for RR. The default value is 1.
Activeconn: Number of active connections on the current server.
Inactconn: number of inactive connections on the current server.

V. Introduction to ipvsadm usage. Modify or delete the ipvsadm.
1. Save ipvsadm.
First, check which files are generated by installing ipvsadm (director is centos7 ). The stored ipvsadm rules are in the/usr/lib/systemd/system/ipvsadm. service file.

View the file saved by ipvsadm.

After the above ipvsadm rule definition and adding real server, save the ipvsadm rule to the ipvsadm rule save file (The rule save file is/etc/sysconfig/ipvsadm ).
Ipvsadm-S>/etc/sysconfig/ipvsadm

2. Release ipvsadm if the restoration rule can be used (ipvsadm-r </etc/sysconfig/ipvsadm) to restore the rule for storing the file in ipvsadm to the rule of ipvsadm.

3. Clear ipvsadm rules. You can clear the rules (ipvsadm-C) If you do not need them ).

4. Modify ipvsadm rules (ipvsadm-E and ipvsadm-E ). -E is to modify ctor, and-E is to modify the Real Server section. However, both-E and-e operate on ctor.
For example (ipvsadm-E), change the RR algorithm in the ipvsadm rule to the sh algorithm, as shown below.

For example (ipvsadm-E), change the HTTP service port of the Real Server of ipvsadm backend from 80 to 8080, as shown below.
One: Change the port number of the Real Server from 80 to 8080 (executed on the Real Server ).

Two: restart the HTTP service of Real Server (executed on Real Server ).

Three: Modify the port ing of the Real Server of ipvsadm on director, and change the port of the backend Real Server from 80 to 8080 (executed on Director) (ipvsadm-E ). (You can directly use ipvsadm-e to modify the information of the Real Server, or you can save the file modification and reload the file to modify the information of the Real Server .)

If the above normal operation is incorrect (there is a problem above, and there is a problem with the menory allocation problem memory allocation), you can use (modify and save the file first, and then delete the SADM-C rule, finally, ipvsadm-r/etc/sysconfig/ipvsadm)
I: Modify and save the file (changed from 1 to 2 ).

II: clear existing ipvsadm rules.

III: Repeat ipvsadm to save the file.

5. Delete ipvsadm (ipvsadm-D deletes Real Server and ipvsadm-D deletes cluster services ).

6. ipvsadm usage.

1 ~] Ipvsadm-L-C (display the current activity status) as follows

2 ~] Ipvsadm-l-N -- stats (-- stats display statistics)

Conns: number of links processed
Inpkts: count the number of inbound packages
Outpkts: count the number of stack packages
Inbytes: count the number of inbound bytes
Outbytes: counts the number of stack bytes

3 ~] Ipvsadm-l-N -- rate (-- rate indicates the statistical rate)

CPS:
Inpps: Number of packages per second on the inbound Stack
Outpps: Number of outgoing packets per second
Inbps: number of bytes per second on the inbound Stack
Outbps: number of bytes per second on the output Stack

4 -- exact: displays the exact value without converting the unit.

LVS Nat Model Creation