LVS负载均衡之Nat模式
文章目录
1.实验拓扑图
我们需要一台win10主机来充当客户机,一台负载均衡器做防火墙、nat,两台web服务器,一台文件系统服务器。
2.NFS服务器的配置
1.在服务器上添加两块硬盘
2.我们打开虚拟机,并修改硬盘的格式,并将其格式化
//修改主机名,并修改硬盘的格式
[root@localhost ~]# hostnamectl set-hostname nfs
[root@localhost ~]# su
//修改硬盘的格式
[root@nfs ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xfd590366.
//n是new新建的意思
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
//回车代表默认
Select (default p):
Using default response p
//1号分区
Partition number (1-4, default 1):
//第一个扇区的位置
First sector (2048-41943039, default 2048):
Using default value 2048
//把所有的空间都用上
Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039):
Using default value 41943039
Partition 1 of type Linux and of size 20 GiB is set
//保存修改
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@nfs ~]# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x7dbf0c23.
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p):
Using default response p
Partition number (1-4, default 1):
First sector (2048-41943039, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039):
Using default value 41943039
Partition 1 of type Linux and of size 20 GiB is set
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
//格式化硬盘
[root@nfs ~]# mkfs.xfs /dev/sdb1
meta-data=/dev/sdb1 isize=512 agcount=4, agsize=1310656 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=5242624, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@nfs ~]# mkfs.xfs /dev/sdc1
meta-data=/dev/sdc1 isize=512 agcount=4, agsize=1310656 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=5242624, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
3.创建挂载点,并永久挂载
[root@nfs ~]# mkdir /opt/hello
[root@nfs ~]# mkdir /opt/world
[root@nfs ~]# vim /etc/fstab
//在最后两行添加以下内容
/dev/sdb1 /opt/hello xfs defaults 0 0
/dev/sdc1 /opt/world xfs defaults 0 0
[root@nfs ~]# mount -a
[root@nfs ~]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 20G 3.7G 17G 19% /
devtmpfs devtmpfs 897M 0 897M 0% /dev
tmpfs tmpfs 912M 0 912M 0% /dev/shm
tmpfs tmpfs 912M 9.0M 903M 1% /run
tmpfs tmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/sda1 xfs 6.0G 179M 5.9G 3% /boot
/dev/mapper/centos-home xfs 10G 33M 10G 1% /home
tmpfs tmpfs 183M 4.0K 183M 1% /run/user/42
tmpfs tmpfs 183M 44K 183M 1% /run/user/0
/dev/sr0 iso9660 4.3G 4.3G 0 100% /run/media/root/CentOS 7 x86_64
/dev/sdb1 xfs 20G 33M 20G 1% /opt/hello
/dev/sdc1 xfs 20G 33M 20G 1% /opt/world
4.关闭防火墙,安装nfs的必要组件,并对nfs进行配置
[root@nfs ~]# systemctl stop firewalld
[root@nfs ~]# setenforce 0
[root@nfs ~]# yum -y install nfs-utils rpcbind
[root@nfs ~]# vim /etc/exports
//源文件是空的,我们写入我们提供挂载的文件
/opt/hello 192.168.73.0/24(rw,sync,no_root_squash)
/opt/world 192.168.73.0/24(rw,sync,no_root_squash)
5.开启nfs,并修改IP地址
[root@nfs ~]# systemctl start nfs
[root@nfs ~]# systemctl start rpcbind
[root@nfs ~]# showmount -e
Export list for nfs:
/opt/world 192.168.73.0/24
/opt/hello 192.168.73.0/24
[root@nfs ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="ffeba09d-e595-4901-902d-5b0c8d7a5a6e"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="192.168.73.110"
NETMASK="255.255.255.0"
GATEWAY="192.168.73.1"
[root@nfs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:46:5f:29 brd ff:ff:ff:ff:ff:ff
inet 192.168.73.110/24 brd 192.168.73.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::3fe5:d5e:769f:c53a/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:a6:d3:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:a6:d3:17 brd ff:ff:ff:ff:ff:ff
3.web1服务器的配置
1.修改主机名,安装Apache服务
[root@localhost ~]# hostnamectl set-hostname web1
[root@localhost ~]# su
[root@web1 ~]# yum -y install httpd
2.关防火墙,修改网卡配置文件,重启网卡服务
[root@web1 ~]# systemctl stop firewalld
[root@web1 ~]# setenforce 0
[root@web1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="b123ae2d-6d06-4322-b6e8-70c4d4b9bbe0"
DEVICE="ens33"
ONBOOT="yes"
IPV6_PRIVACY="no"
IPADDR="192.168.73.100"
NETMASK="255.255.255.0"
GATEWAY="192.168.73.1"
[root@web1 ~]# service network restart
Restarting network (via systemctl): [ OK ]
3.永久挂载nfs提供的站点,在网站的站点创建站点和web2加以区分
[root@web1 ~]# vim /etc/fstab
192.168.73.110:/opt/hello /var/www/html nfs defaults,_netdev 0 0
[root@web1 ~]# mount -a
[root@web1 ~]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 20G 3.6G 17G 18% /
devtmpfs devtmpfs 897M 0 897M 0% /dev
tmpfs tmpfs 912M 0 912M 0% /dev/shm
tmpfs tmpfs 912M 9.0M 903M 1% /run
tmpfs tmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/mapper/centos-home xfs 10G 33M 10G 1% /home
/dev/sda1 xfs 6.0G 179M 5.9G 3% /boot
tmpfs tmpfs 183M 40K 183M 1% /run/user/0
/dev/sr0 iso9660 4.3G 4.3G 0 100% /run/media/root/CentOS 7 x86_64
192.168.73.110:/opt/hello nfs4 20G 32M 20G 1% /var/www/html
[root@web1 ~]# echo "this is hello web" >> /var/www/html/index.html
[root@web1 ~]# systemctl restart httpd
[root@web1 ~]# netstat -ntap|grep 80
tcp6 0 0 :::80 :::* LISTEN 46490/httpd
4.web2服务器的配置
1.修改主机名,安装Apache服务
[root@localhost ~]# hostnamectl set-hostname web2
[root@localhost ~]# su
[root@web2 ~]# yum -y install httpd
2.关防火墙,修改网卡配置文件,重启网卡服务
[root@web2 ~]# systemctl stop firewalld
[root@web2 ~]# setenforce 0
[root@web2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="6334d05b-a187-41fb-8edd-007158933fc2"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="192.168.73.101"
NETMASK="255.255.255.0"
GATEWAY="192.168.73.1"
[root@web2 ~]# systemctl restart network
[root@web2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:43:3d:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.73.101/24 brd 192.168.73.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::b0e8:6ce0:62fa:f1ab/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:ed:3c:74 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:ed:3c:74 brd ff:ff:ff:ff:ff:ff
3.永久挂载nfs提供的站点,在网站的站点创建站点和web1加以区分
[root@web2 ~]# vim /etc/fstab
192.168.73.110:/opt/world /var/www/html nfs defaults,_netdev 0 0
[root@web2 ~]# mount -a
[root@web2 ~]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 20G 3.4G 17G 17% /
devtmpfs devtmpfs 897M 0 897M 0% /dev
tmpfs tmpfs 912M 0 912M 0% /dev/shm
tmpfs tmpfs 912M 9.0M 903M 1% /run
tmpfs tmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/sda1 xfs 6.0G 179M 5.9G 3% /boot
/dev/mapper/centos-home xfs 10G 33M 10G 1% /home
tmpfs tmpfs 183M 8.0K 183M 1% /run/user/42
tmpfs tmpfs 183M 40K 183M 1% /run/user/0
/dev/sr0 iso9660 4.3G 4.3G 0 100% /run/media/root/CentOS 7 x86_64
192.168.73.110:/opt/world nfs4 20G 32M 20G 1% /var/www/html
[root@web2 ~]# echo "this is world web" >> /var/www/html/index.html
[root@web2 ~]# systemctl restart httpd
[root@web2 ~]# netstat -ntap | grep 80
tcp6 0 0 :::80 :::* LISTEN 46787/httpd
5.LVS负载均衡器的配置
1.修改主机名,下载必要的安装包
[root@localhost ~]# hostnamectl set-hostname lvs
[root@localhost ~]# su
[root@lvs ~]# yum -y install ipvsadm
2.添加一块网卡
3.查看网卡地址,并修改网卡地址
[root@lvs ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.73.133 netmask 255.255.255.0 broadcast 192.168.73.255
inet6 fe80::b763:b082:a8a0:b1bf prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:0c:d2:cd txqueuelen 1000 (Ethernet)
RX packets 2586 bytes 244242 (238.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 100 bytes 11492 (11.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.157.130 netmask 255.255.255.0 broadcast 192.168.157.255
inet6 fe80::2b37:c6e7:3bb7:da6d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:0c:d2:d7 txqueuelen 1000 (Ethernet)
RX packets 39 bytes 6188 (6.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26 bytes 4468 (4.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 12 bytes 1404 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12 bytes 1404 (1.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:48:0d:1c txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@lvs ~]# cd /etc/sysconfig/network-scripts/
[root@lvs network-scripts]# ls
ifcfg-ens33 ifdown-isdn ifup ifup-plip ifup-tunnel
ifcfg-lo ifdown-post ifup-aliases ifup-plusb ifup-wireless
ifdown ifdown-ppp ifup-bnep ifup-post init.ipv6-global
ifdown-bnep ifdown-routes ifup-eth ifup-ppp network-functions
ifdown-eth ifdown-sit ifup-ib ifup-routes network-functions-ipv6
ifdown-ib ifdown-Team ifup-ippp ifup-sit
ifdown-ippp ifdown-TeamPort ifup-ipv6 ifup-Team
ifdown-ipv6 ifdown-tunnel ifup-isdn ifup-TeamPort
[root@lvs network-scripts]# vim ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="db6f211d-4bf0-4862-831f-e848892c8eac"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="192.168.73.1"
NETMASK="255.255.255.0"
[root@lvs network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[root@lvs network-scripts]# vim ifcfg-ens36
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens36"
DEVICE="ens36"
ONBOOT="yes"
IPADDR="12.0.0.1"
NETMASK="255.255.255.0"
[root@lvs network-scripts]# systemctl restart network
[root@lvs network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0c:d2:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.73.1/24 brd 192.168.73.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::b763:b082:a8a0:b1bf/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:48:0d:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:48:0d:1c brd ff:ff:ff:ff:ff:ff
5: ens36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0c:d2:d7 brd ff:ff:ff:ff:ff:ff
inet 12.0.0.1/24 brd 12.0.0.255 scope global ens36
valid_lft forever preferred_lft forever
inet6 fe80::7144:8c2f:ded0:c92/64 scope link
valid_lft forever preferred_lft forever
4.开启路由转发功能
[root@lvs network-scripts]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@lvs network-scripts]# tail -2 /etc/sysctl.conf
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1
[root@lvs network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
6.修改win10主机
修改win10的IP地址和网关
7.测试主机是否能够正常访问
在lvs负载均衡服务器上输入
iptables -F
在win10主机里面查看
8.开启nat,ipcsadm工具管理集群
1.在lvs服务器上面清空防火墙nat表的规则
iptables -t nat -F
2.配置防火墙规则链
[root@lvs ~]# iptables -t nat -A POSTROUTING -o ens36 -s 192.168.73.0/24 -j SNAT --to-source 12.0.0.1
3.使用ipvsadm工具
//加载ip_vs模块
[root@lvs ~]# modprobe ip_vs
[root@lvs ~]# cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
//一定要先安全
[root@lvs ~]# ipvsadm --save > /etc/sysconfig/ipvsadm
[root@lvs ~]# service ipvsadm start
Redirecting to /bin/systemctl start ipvsadm.service
[root@lvs opt]# vim nat.sh
#!/bin/bash
//清空内核虚拟服务器表中的所有记录
ipvsadm -C
//轮询模式
ipvsadm -A -t 12.0.0.1:80 -s rr
//web1服务器的nat规则
ipvsadm -a -t 12.0.0.1:80 -r 192.168.73.100:80 -m
//web2服务器的nat规则
ipvsadm -a -t 12.0.0.1:80 -r 192.168.73.101:80 -m
ipvsadm
[root@lvs opt]# chmod +x nat.sh
[root@lvs opt]# ./nat.sh
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP lvs:http rr
-> 192.168.73.100:http Masq 1 0 0
-> 192.168.73.101:http Masq 1 0 0
9.在win10主机里面测试
1.输入12.0.0.1:80
2.清空浏览器缓存后再访问12.0.0.1:80
