Lvs-TUN

1.客户端将请求发往前端的负载均衡器,请求报文源地址是CIP,目标地址为VIP。

2.负载均衡器收到报文后,发现请求的是在规则里面存在的地址,那么它将在客户端请求报文的首部再封装一层IP报文,将源地址改为DIR

目标地址改为RIP,并将此包发送给RS。

3.RS收到请求报文后,会首先拆开第一层封装,然后发现里面还有一层IP首部的目标地址是自己lo接口上的VIP,所以会处理次请求报文,

并将响应报文通过lo接口送给eth0网卡(这个网卡一般指和调度器在一个网段的网卡)直接发送给客户端。

注意:需要设置lo接口的VIP不能在公网上出现。

采用封装IP技术
可惜没有DNS 视图方便。
Clinet:
CIP:110.0.0.1/24
DGW:
110.0.0.254
192.168.0.253
Director:
DIP:192.168.0.9/24
VIP:192.168.0.211/24

RealServer:
RIP:192.168.0.5
RIP:192.168.0.8
配置:
Client:
配置IP 110.0.0.1/24
网关: 110.0.0.254
DGW:
配置IP
110.0.0.254
192.168.0.253
IP转发
Director:
1,
eth0 DIP
eth0:1 VIP
ifconfig eth0 192.168.0.9 netmask 255.255.255.0
ifconfig eth0:1 192.168.0.211 netmask 255.255.255.0
2,
ip_forward = 1

3,
ipvsadm -A -t VIP:PORT -s rr
ipvsadm -a -t VIP:PORT -r RIP -g
(如果是隧道 -i)
ipvsadm -C
ipvsadm -A -t 192.168.0.211:80 -s rr
ipvsadm -a -t 192.168.0.211:80 -r 192.168.0.8 -i
ipvsadm -a -t 192.168.0.211:80 -r 192.168.0.5 -i
RealServer:
1,
eth0 RIP 192.168.0.8
2,
modprobe ipip
模板:
ifconfig tunl0 VIP netmask 255.255.255.255
实际配置:
ifconfig tunl0 192.168.0.211 netmask 255.255.255.255
3,
作用:关闭ARP转发。
  echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
  echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
永久生效:
vim sysctl.conf
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
4,
route add default gw 192.168.0.253

  [root@CIP]# tcpdump -i eth0 -nn port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:13:00.867902 IP 110.0.0.1.46600 > 192.168.0.211.80: S 400905820:400905820(0) win 5840 <mss 1460,sackOK,timestamp 20190840 0,nop,wscale 7>
15:13:00.869876 IP 192.168.0.211.80 > 110.0.0.1.46600: S 3596795888:3596795888(0) ack 400905821 win 5792
 <mss 1460,sackOK,timestamp 5214744 20190840,nop,wscale 7>
[root@DGW]# tcpdump -i eth0 -nn port 80 -e
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:22:53.719320 00:14:78:80:be:8b > 00:e0:4c:5b:69:93, ethertype IPv4 (0x0800), length 74: 110.0.0.1.35204 > 192.168.0.211.80:
S 1126015306:1126015306(0) win 5840 <mss 1460,sackOK,timestamp 20870994 0,nop,wscale 7>
15:22:53.719536 00:e0:4c:5b:69:93 > 00:e0:4c:14:f4:84, ethertype IPv4 (0x0800), length 74: 110.0.0.1.35204 > 192.168.0.211.80:
S 1126015306:1126015306(0) win 5840 <mss 1460,sackOK,timestamp 20870994 0,nop,wscale 7>
15:22:53.720721 00:19:21:0b:c1:cd > 00:e0:4c:5b:69:93, ethertype IPv4 (0x0800), length 74: 192.168.0.211.80 > 110.0.0.1.35204:
S 23327032:23327032(0) ack 1126015307 win 5792 <mss 1460,sackOK,timestamp 5895033 20870994,nop,wscale 7>
15:22:53.720753 00:e0:4c:5b:69:93 > 00:14:78:80:be:8b, ethertype IPv4 (0x0800), length 74: 192.168.0.211.80 > 110.0.0.1.35204:
S 23327032:23327032(0) ack 1126015307 win 5792 <mss 1460,sackOK,timestamp 5895033 20870994,nop,wscale 7>
[root@DIR]# tcpdump -i eth0 -nn -e -vv not port 22
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:18:01.398854 00:14:78:80:be:8b > 00:e0:4c:14:f4:84, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 21345, offset 0, flags [DF],
proto: TCP (6), length: 60) 110.0.0.1.35107 > 192.168.0.211.80: S, cksum 0xcf2f (correct), 1399115940:1399115940(0) win 5840 <mss 1460,sackOK,timestamp
21136325 0,nop,wscale 7>
15:18:01.398896 00:e0:4c:14:f4:84 > 00:e0:4d:3b:01:57, ethertype IPv4 (0x0800), length 94: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: IPIP (4),
length: 80) 192.168.0.9 > 192.168.0.5: (tos 0x0, ttl 64, id 21345, offset 0, flags [DF], proto: TCP (6), length: 60) 110.0.0.1.35107 > 192.168.0.211.80: S,
cksum 0xcf2f (correct), 1399115940:1399115940(0) win 5840 <mss 1460,sackOK,timestamp 21136325 0,nop,wscale 7>
[root@realserver]# tcpdump -i eth0 -nn -e -vv not port 22 and not udp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:28:33.794665 00:e0:4c:14:f4:84 > 00:19:21:0b:c1:cd, ethertype IPv4 (0x0800), length 94: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: IPIP (4), length: 80)
192.168.0.9 > 192.168.0.8: (tos 0x0, ttl 64, id 58776, offset 0, flags [DF], proto: TCP (6), length: 60) 110.0.0.1.42555 > 192.168.0.211.80:
S, cksum 0xeff9 (correct), 1674032468:1674032468(0) win 5840 <mss 1460,sackOK,timestamp 21385420 0,nop,wscale 7>
15:28:33.795829 00:19:21:0b:c1:cd > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.0.253 tell 192.168.0.8
15:28:33.795929 00:e0:4c:5b:69:93 > 00:19:21:0b:c1:cd, ethertype ARP (0x0806), length 60: arp reply 192.168.0.253 is-at 00:e0:4c:5b:69:93
15:28:33.795939 00:19:21:0b:c1:cd > 00:e0:4c:5b:69:93, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60)
192.168.0.211.80 > 110.0.0.1.42555: S, cksum 0x8c04 (correct), 560690415:560690415(0) ack 1674032469 win 5792 <mss 1460,sackOK,timestamp 6409560 21385420,nop,

posted @ 2019-05-08 09:20  屌丝的IT  阅读(173)  评论(0)    收藏  举报