IPVS网络层配置
隐藏VIP方法:对外隐藏,对内可见 :
kernel parameter:
目标mac地址为全F,交换机触发广播
/proc/sys/net/ipv4/conf/IF/
arp_ignore: 定义接收到ARP请求时的响应级别;
0:只要本地配置的有相应地址,就给予响应;
1:仅在请求的目标(MAC)地址配置请求
到达的接口上的时候,才给予响应;
arp_announce:定义将自己地址向外通告时的通告级别;
0:将本地任何接口上的任何地址向外通告;
1:试图仅向目标网络通告与其网络匹配的地址;
2:仅向与本地接口上地址匹配的网络进行通告;
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-aRO4oQYP-1634482127814)(/Users/dazmon/Library/Application Support/typora-user-images/image-20211017224411839.png)]](https://img-blog.csdnimg.cn/6d66a77c25574de1b612a84ef271a537.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBARGF6bW9u,size_20,color_FFFFFF,t_70,g_se,x_16)
修改内核:![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-qh2zNqa5-1634482127816)(/Users/dazmon/Library/Application Support/typora-user-images/image-20211017223002137.png)]](https://img-blog.csdnimg.cn/52b52b60c2d6422c81524dbc5e07abb5.png)
Node01:
配置网卡,地址掩码:255.255.255.0
Node02和Node03:
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-p1GuMKe5-1634482127817)(/Users/dazmon/Library/Application Support/typora-user-images/image-20211017222938302.png)]](https://img-blog.csdnimg.cn/ef1e818a20a343f8a686fdc4ca7ab878.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBARGF6bW9u,size_20,color_FFFFFF,t_70,g_se,x_16)
为什么需要配成4个255?
发出去的地址会和掩码路由(route -a)会发生一次与运算,如果lo发出去匹配到eth0就能发出去,如果匹配到lo网卡就会死循环,无法发出去
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-MUZmax0o-1634482127817)(/Users/dazmon/Library/Application Support/typora-user-images/image-20211017223646366.png)]](https://img-blog.csdnimg.cn/5b3b3831c9af4bb0a011d199b2f5f1de.png)
LVS:
配置网卡:
ifconfig eth0:8 192.168.150.100/24
废止网卡:
ifconfig lo:2 down
node01:
ifconfig eth0:8 192.168.150.100/24
node02~node03:
1)修改内核:
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
2)设置隐藏的vip:
ifconfig lo:3 192.168.150.100 netmask 255.255.255.255
RS中的服务:
node02~node03:
yum install httpd -y
service httpd start
vi /var/www/html/index.html
from 192.168.150.1x
LVS服务配置
node01:
yum install ipvsadm
ipvsadm -A -t 192.168.150.100:80 -s rr
ipvsadm -a -t 192.168.150.100:80 -r 192.168.150.12 -g -w 1
ipvsadm -a -t 192.168.150.100:80 -r 192.168.150.13 -g -w 1
ipvsadm -ln
验证:
浏览器访问 192.168.150.100 看到负载 疯狂F5
node01:
netstat -natp 结论看不到socket连接
node02~node03:
netstat -natp 结论看到很多的socket连接
node01:
ipvsadm -lnc 查看偷窥记录本
TCP 00:57 FIN_WAIT 192.168.150.1:51587 192.168.150.100:80 192.168.150.12:80
FIN_WAIT: 连接过,偷窥了所有的包
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-u4swQBi2-1634482127818)(/Users/dazmon/Library/Application Support/typora-user-images/image-20211017222734403.png)]](https://img-blog.csdnimg.cn/b495b45b770e432eb4b0be06b1f2325a.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBARGF6bW9u,size_20,color_FFFFFF,t_70,g_se,x_16)
把其中一个网卡删了:
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-c9JlOyLl-1634482127819)(/Users/dazmon/Library/Application Support/typora-user-images/image-20211017223304728.png)]](https://img-blog.csdnimg.cn/473ec8dc6e034b71aa496ca8dc5fe7b0.png)
SYN_RECV: 基本上lvs都记录了,证明lvs没事,一定是后边网络层出问题
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-VjEFY6Gh-1634482127819)(/Users/dazmon/Library/Application Support/typora-user-images/image-20211017223325259.png)]](https://img-blog.csdnimg.cn/55dcad111bd142a2af6692627f449847.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBARGF6bW9u,size_20,color_FFFFFF,t_70,g_se,x_16)
?