The Linux platform based on the DR model of LVS construction

One: Dr Mode workflow

Vs-dr:virtual server via direct Routing directly routed virtual server

650) this.width=650; "src=" Https://s3.51cto.com/oss/201711/10/f1e11bc000a12dfe128a4716d5ec4e6a.png "style=" float: none; "Title=" Image [9].png "alt=" F1e11bc000a12dfe128a4716d5ec4e6a.png "/>

650) this.width=650; "src=" Https://s3.51cto.com/oss/201711/10/dbb069b18b0f46bb717ec4734b668328.png "style=" float: none; "Title=" Image [10].png "alt=" Dbb069b18b0f46bb717ec4734b668328.png "/>

VS (virtual server)

VIP: Receive client requests

DIP: Send request to Rs RIP

RS (real server)

RIP: Receiving Requests

VIP: Responding to requests to clients

Attention:

① four IP addresses for public network

② RS is the same as the VIP of VS and both are public IP

③ When the VIP of the LVS on the same LAN as the VIP of the RS, you can modify the kernel parameters, so that the VIP of the RS is forbidden to broadcast, so that it is only used to respond to user requests, and the two VIPs do not conflict.

④ MAC addresses are only used for inter-LAN communication

Specific Work Flow    

(a) When a user requests to arrive at the director Server, the requested data message is first to the prerouting chain of the kernel space. At this time the source IP of the message is CIP, the target IP is VIP

(b) prerouting check that the destination IP of the packet is native and the packet is sent to the input chain

(c) If the Ipvs is a cluster service than the packet request, if the source MAC address in the request message is modified to the MAC address of the dip, the destination MAC address is modified to the MAC address of the RIP and then the packet is sent to the postrouting chain. The source IP and destination IP are not modified at this time, only the MAC address of the source MAC address is modified and the MAC address of the destination MAC address is RIP.

(d) Because DS and RS are in the same network, they are transmitted over two layers. The postrouting chain checks the MAC address of the destination MAC address for RIP, and the packet will be sent to real Server at this time.

(e) When Rs discovers that the MAC address of the request message is its own MAC address, it receives the message. After processing is completed, the response message is routed through the LO interface to the eth0 NIC and then outward. At this point the source IP address is VIP, the target IP is CIP

(f) The response message is eventually delivered to the client

Second: Experimental environment

vs a set:

vip:172.17.252.1 (eth0:0 Bridging mode)

RS Two units:

RS1

rip:172.17.250.121

vip:172.17.252.1 (lo:0)

RS2

rip:172.17.250.122

vip:172.17.252.1 (lo:0)

Three: Preparation before the experiment

1. Ensure that both RS have a test site based on LNMP (LNMP website build process Visible Blog:http://13172823.blog.51cto.com/13162823/1978924)

2.VS

① Installing IPVSADM management software

[email protected] ~]# Yum install ipvsadm-y

② clear the firewall policy and turn off SELinux

[Email protected] ~]# Iptables-f&&setenforce 0

③ detect if the kernel supports IPVS modules

[Email protected] ~]# Grep-i-C Ten "Ipvs"/boot/config-2.6.32-696.el6.x86_64

Four: Experimental steps

※ Operating Environment: VS

1. Configure eth0:0 as VIP and only broadcast yourself

Ifconfig eth0:0 172.17.252.1 broadcast 172.17.252.1 netmask 255.255.255.255 up

2. Configure VIP routing Table

Route add-host 172.17.252.1 Dev eth0:0

3. Create a 80-port-based vs with a dispatch mode of WRR

Ipvsadm-a-T 172.17.252.1:80-s WRR

4. Add RS1, RS2, weight 1

Ipvsadm-a-T 172.17.252.1:80-r 172.17.250.121:80-g-W 1

Ipvsadm-a-T 172.17.252.1:80-r 172.17.250.122:80-g-W 1

5. Modify the kernel configuration to turn on the VS route forwarding function

① Editing a configuration file

Vim/etc/sysctl.conf

net.ipv4.ip_forward = 1

② making the configuration file effective

Sysctl-p

※ Operating Environment: RS1, 2

1. Configure VIP to lo:0, and broadcast only to yourself

Ifconfig lo:0 172.17.252.1 broadcast 172.17.252.1 netmask 255.255.255.255 upifconfig lo:0 172.17.252.1 broadcast 172.17.252.1 netmask 255.255.255.255 up

2. Configure lo:0 Routing

Route Add-host 172.17.252.1 lo:0

3. answer only the destination IP address is the ARP query request that visited the local address of the network interface

echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

4. Use the most appropriate local address for the query target. This mode ignores the source address of this IP packet and attempts to select a local address that can communicate with that address

echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

5. Turn off ARP replies

echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore

echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

Relevant knowledge points:

"1": response is only given when the requested destination IP is configured on the interface of the local host receiving the request message

"2": Must avoid advertising the interface information to the non-network

6. Ensure that the Nginx, PHP-FPM, mariadb service on the RS is turned on

The Linux platform based on the DR model of LVS construction