• LVS:DR模式(Direct Routing)部署实验


    本文介绍怎样在kvm的虚拟环境下,部署实验LVS的DR模式。包含网络结构图,怎样配置。以及使用tcpdump分析ip包。

    网络结构图

                                  kvm节点(client)
                                   192.168.7.2 (CIP)
                                               |
                                              br_e网桥
                                     /                    
                           (VIP)
             eth7:192.168.7.33      eth14: 192.168.7.99
              lvs虚拟主机                      server虚拟主机
                        (DIP)                         (RIP)
             eth8:192.168.88.10     eth12: 192.168.88.20
                                                             /
                                             br_lvs网桥


    实验步骤

    1.创建bridge:br_e和br_lvs,并分别设置ip

    # kvm节点
    $ ifconfig br_e 192.168.7.2 netmask 255.255.255.0

    2.lvs配置

    $ ipvsadm -A -t 192.168.7.33:8000 -s rr
    $ ipvsadm -a -t 192.168.7.33:8000 -r 192.168.88.20 -g

    3.server配置

    # 让主机处理dst为192.168.7.33的ip包
    # 子网掩码必须是255.255.255.255,假设是255.255.255.0则不会处理ip包
    $ ifconfig lo:0 192.168.7.33 netmask 255.255.255.255 up

    /etc/sysctl.conf配置(好像不须要设置?)
    ip_forward=0  # 不须要配置为1
    rp_filter = 0   # 默认配置

    # 解决arp问题
    # 官方文档说lo不须要设置arp
    # 注销后没问题
    # net.ipv4.conf.lo.arp_ignore = 0
    # net.ipv4.conf.lo.arp_announce = 0
    # eth14是br_e上的网卡
    # 仅仅有当arp请求的目标ip和eth14上绑定ip同样时,eth14才会处理
    # 否则lvs的vip会和server的vip冲突
    # 在本例中,br_e网络中会存在两个192.168.7.33
    net.ipv4.conf.eth14.arp_ignore = 1
    # 用于eth14发送arp请求时src ip?
    net.ipv4.conf.eth14.arp_announce = 2
    # net.ipv4.conf.all.arp_ignore = 1
    # net.ipv4.conf.all.arp_announce = 2


    4.在server虚拟主机上开启web服务

    # 默认监听8000port
    $ python -m SimpleHTTPServer

    5.在kvm节点(client)上

    $ curl http://192.168.7.33:8000

    tcpdump分析IP包

    [kvm send: br_e] 发出ip包(syn)
    00:1a:a0:21:21:65 > de:ad:be:ef:24:46, 192.168.7.2.51091 > 192.168.7.33.8000: Flags [S], seq 3773377896

    [lvs recv: br_e]lvs收到ip包
     00:1a:a0:21:21:65 > de:ad:be:ef:24:46, 192.168.7.2.51091 > 192.168.7.33.8000: Flags [S], seq 3773377896,

    [lvs send: br_lvs] lvs改动ip包的mac,目标mac改成server的mac
    00:16:3e:5d:a6:b3 > 52:54:00:ba:3d:b9
    , 192.168.7.2.51091 > 192.168.7.33.8000: Flags [S], seq 3773377896,

    [server recv: br_lvs] server接收ip包(mac同样)
     00:16:3e:5d:a6:b3 > 52:54:00:ba:3d:b9, 192.168.7.2.51091 > 192.168.7.33.8000: Flags [S], seq 3773377896

    [server send: br_e] server发出ip包(ack) 。ip包的src是lvs的ip。 dst是client的ip
    52:54:00:c1:a7:5e > 00:1a:a0:21:21:65
    , 192.168.7.33.8000 > 192.168.7.2.51091: Flags [S.], seq 3629588945, ack 3773377897

    [kvm recv: br_e] client收到ip包(ack)
    52:54:00:c1:a7:5e > 00:1a:a0:21:21:65, 192.168.7.33.8000 > 192.168.7.2.51091: Flags [S.], seq 3629588945, ack 3773377897


    arp_ignore和arp_announce
    arp_announce - INTEGER
    Define different restriction levels for announcing the local
    source IP address from IP packets in ARP requests sent on
    interface:
    0 - (default) Use any local address, configured on any interface
    1 - Try to avoid local addresses that are not in the target's
    subnet for this interface. This mode is useful when target
    hosts reachable via this interface require the source IP
    address in ARP requests to be part of their logical network
    configured on the receiving interface. When we generate the
    request we will check all our subnets that include the
    target IP and will preserve the source address if it is from
    such subnet. If there is no such subnet we select source
    address according to the rules for level 2.
    2 - Always use the best local address for this target.
    In this mode we ignore the source address in the IP packet
    and try to select local address that we prefer for talks with
    the target host. Such local address is selected by looking
    for primary IP addresses on all our subnets on the outgoing
    interface that include the target IP address. If no suitable
    local address is found we select the first local address
    we have on the outgoing interface or on all other interfaces,
    with the hope we will receive reply for our request and
    even sometimes no matter the source IP address we announce.

    The max value from conf/{all,interface}/arp_announce is used.

    Increasing the restriction level gives more chance for
    receiving answer from the resolved target while decreasing
    the level announces more valid sender's information.

    arp_ignore - INTEGER
    Define different modes for sending replies in response to
    received ARP requests that resolve local target IP addresses:
    0 - (default): reply for any local target IP address, configured
    on any interface
    1 - reply only if the target IP address is local address
    configured on the incoming interface
    2 - reply only if the target IP address is local address
    configured on the incoming interface and both with the
    sender's IP address are part from same subnet on this interface
    3 - do not reply for local addresses configured with scope host,
    only resolutions for global and link addresses are replied
    4-7 - reserved
    8 - do not reply for all local addresses

    The max value from conf/{all,interface}/arp_ignore is used
    when ARP request is received on the {interface}
  • 相关阅读:
    Android渐变GradientDrawable叠加组合环ring
    72.spring boot讨论群【从零开始学Spring Boot】
    71.mybatis 如何获取插入的id【从零开始学Spring Boot】
    Android GradientDrawable的XML实现
    服务器端架构及实战 — C#分享
    70.打印所有Spring boot载入的bean【从零开始学Spring Boot】
    69. JPA实体Bean的生命周期【从零开始学Spring Boot】
    Android版网易云音乐唱片机唱片磁盘旋转及唱片机机械臂动画关键代码实现思路
    服务器架构及实战(架构篇)- PHP建站
    创建MyOffice项目
  • 原文地址:https://www.cnblogs.com/bhlsheji/p/5221848.html
Copyright © 2020-2023  润新知