One Network LVS-NAT
LVS NAT 模式,VIP 和 RIP 处于同一网段方案,基本架构图如下:
________
| |
| client |
|________|
CIP=192.168.1.254
|
|
__________ |
| | | VIP=192.168.1.110 (eth0:110)
| director |---|
|__________| | DIP=192.168.1.9 (eth0:9)
|
|
------------------------------------
| | |
| | |
RIP1=192.168.1.2 RIP2=192.168.1.3 RIP3=192.168.1.4 (all eth0)
_____________ _____________ _____________
| | | | | |
| realserver | | realserver | | realserver |
|_____________| |_____________| |_____________|
1. To get a LVS-NAT LVS to work on one network
- 在调度器上关闭 icmp 包重定向,根据实际情况修改端口,这里为 eth0
director:/etc/lvs# echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects director:/etc/lvs# echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects director:/etc/lvs# echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
或修改 /etc/sysctl.conf 添加如下选项执行 sysctl -p 使配置永久生效
net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0
- 设置 diretor 为 RealServer 的唯一包出口(指定 director 为默认网关)
默认设置之后,可能 RealServer 主机路由是以下状态:
realserver:/etc/lvs# route -n Kernel IP routing table 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.1.9 0.0.0.0 UG 0 0 0 eth0
移除 192.168.1.0/24 的路由,防止 RIP 和 CIP直接通信
realserver:/etc/lvs# route del -net 192.168.1.0 netmask 255.255.255.0 dev eth0 realserver:/etc/lvs# route -n Kernel IP routing table 0.0.0.0 192.168.1.9 0.0.0.0 UG 0 0 0 eth0