1、LVS-NAT基於Cisco的LocalDirector。VS/NAT不需要在RealServer上做任何設置,其只要能提供一個tcp/ip的協議棧即可,甚至其無論基於什麼OS。
2、基於VS/NAT,所有的入站數據包均由Director進行目標地址轉換後轉發至內部的RealServer,RealServer響應的數據包再由Director轉換源地址後發回客戶端。
3、VS/NAT模式不能與netfilter兼容,因此,不能將VS/NAT模式的Director運行在netfilter的保護範圍之中。
# 注意:各節點間的時間偏差不應該超出1秒鐘。
# Director配置NTP服務器:
Director:
yum install ntp
/etc/init.d/ntpd start
Client:
/usr/sbin/ntpdate Director_IP
VS/NAT拓撲示例:
Client
CIP=192.168.101.253
|
|
VIP=192.168.101.168 (eth0)
Director
DIP=10.10.10.1 (eth1)
|
(switch) ——————————
| |
RIP=10.10.10.11 (eth0) RIP=10.10.10.12 (eth0)
RS1 RS2
VS/NAT配置示例:
Director IP:
VIP:192.168.101.168/24
DIP:10.10.10.1/24
RS1 IP:
RIP:10.10.10.11/24 gw:10.10.10.1
RS2 IP:
RIP:10.10.10.12/24 gw:10.10.10.1
1、Director安裝ipvsadm
# yum install ipvsadm
2、RS1安裝httpd
# yum install httpd
# echo "rs1.redhat.com" > /var/www/html/index.html
# service httpd start
3、RS2安裝httpd
# yum install httpd
# echo "rs2.redhat.com" > /var/www/html/index.html
# service httpd start
4、Director配置集羣(調度算法:RR)
# echo 1 > /proc/sys/net/ipv4/ip_forward
# ipvsadm -A -t 192.168.101.168:80 -s rr
# ipvsadm -a -t 192.168.101.168:80 -r 10.10.10.11 -m
# ipvsadm -a -t 192.168.101.168:80 -r 10.10.10.12 -m
# ipvsadm -L -n
5、瀏覽器訪問:http://192.168.101.168
6、Director配置集羣(調度算法:WRR)
# ipvsadm -E -t 192.168.101.168:80 -s wrr
# ipvsadm -e -t 192.168.101.168:80 -r 10.10.10.11 -m -w 3
# ipvsadm -e -t 192.168.101.168:80 -r 10.10.10.12 -m -w 1
# ipvsadm -L -n --stats
7、瀏覽器訪問:http://192.168.101.168
8、保存規則
# service ipvsadm save
或者:
# ipvsadm -S > /etc/sysconfig/ipvsadm.web
VS/NAT Script:
#!/bin/bash
#
# chkconfig: - 88 12
# description: LVS Script for VS/NAT.
#
. /etc/rc.d/init.d/functions
VIP=192.168.101.168
DIP=10.10.10.1
RIP1=10.10.10.11
RIP2=10.10.10.12
CSTATUS1() {
[ -e /var/lock/subsys/ipvsadm.lock ] && echo -e "\033[32mipvsadm is running...\033[0m" && exit 1
}
CSTATUS2() {
[ ! -e /var/lock/subsys/ipvsadm.lock ] && echo -e "\033[32mipvsadm is not running...\033[0m" && exit 2
}
case "$1" in
start)
CSTATUS1
echo -e "\033[32mStart VS/NAT of Director Server...\033[0m"
# Set the Virtual IP address.
/sbin/ifconfig eth0 $VIP netmask 255.255.255.0 up
/sbin/ifconfig eth1 $DIP netmask 255.255.255.0 up
# Director must open packet forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Clean all iptables rules.
/sbin/iptables -F
# Reset iptables counters.
/sbin/iptables -Z
# Clean all ipvsadm rules/services.
/sbin/ipvsadm -C
# Set VS/NAT, Scheduling is Round Robin.
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -m
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -m
# Show VS/NAT status.
/sbin/ipvsadm -L -n
/bin/touch /var/lock/subsys/ipvsadm.lock
;;
stop)
CSTATUS2
echo -e "\033[32mStop VS/NAT of Director Server...\033[0m"
# Reset ipvsadm.
/sbin/ipvsadm -C
# Close VIP interface.
/sbin/ifconfig eth0 down &> /dev/null
# Close packet forwarding.
echo 0 > /proc/sys/net/ipv4/ip_forward
/bin/rm -f /var/lock/subsys/ipvsadm.lock
;;
status)
[ -e /var/lock/subsys/ipvsadm.lock ] && echo -e "\033[32mipvsadm is running...\033[0m" || echo -e "\033[32mipvsadm is not running...\033[0m"
;;
*)
echo -e "\033[32mUsage: $0 {start|stop|status}\033[0m"
;;
esac