The experimental environment:
Operating system: redhat EL 6.5
Machine:
Scheduler:
server1: 172.25.12.1 ipvsadm
RS Real Host:
server2: 172.25.12.2 arptables_jf
server3: 172.25.12.3 arptables_jf
Principle of experiment:
The client accesses vip (virtual ip), which is available on all the machines in the cluster, but the client can only access vip on the dispatcher (with arp policy on RS).
The target mac address of the data packet sent by client is changed by ipcsadm strategy on dispatcher (from dispatcher to RS) and thrown to RS in the background.
After RS processes the data, it sends the data packet to client(ip is vip,mac is its own mac)
The ipvsadm policy on dispatcher is the policy of the second layer data link layer of OSI model. If the mac address is changed, the IP of the third layer will not be changed. When the data packet is thrown to RS, the destination IP is found to be VIP in OSI model from bottom to top. If no VIP is added to RS, RS will throw the packet away because it does not match its own ip.
The strategy of arptables on RS is to realize none VIP, but it does not conflict with each other. These are all strategies between the second and third layers. There are two strategies on RS:
Article 1: When someone in the network sends an arp request to ask the corresponding mac address of VIP, RS does not respond.
Article 2: All arp responses or arp packages that go out of the machine, note that they are only arp packages, because they are arptables policies. If they are issued by VIP (two IPS on RS, one VIP, one RIP), they will be converted to RIP.
This piece of attention is that in the network, the data packets are first transmitted with the mac address (the second layer) as the target. After arriving at the destination, one layer by layer unpacks, matches, the third layer matches the ip, the fourth layer matches the port, and so on. As long as there is a layer of mismatch, the bag will be thrown away or rejected.
To configure:
Scheduler:
server1:
Modify the yum source first:
baseurl changed to its own mirror mount point. These are all files in the mirror. They are not read by default and should be written in on their own initiative.
[root@server1 ~]# cat /etc/yum.repos.d/rhel-source.repo
[Server]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.12.250/rhel6.5/Server
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[HighAvailability]
name=HighAvailability
baseurl=http://172.25.12.250/rhel6.5/HighAvailability
gpgcheck=0
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.12.250/rhel6.5/LoadBalancer
gpgcheck=0
[ResilientStorage]
name=ResilientStorage
baseurl=http://172.25.12.250/rhel6.5/ResilientStorage
gpgcheck=0
[ScalableFileSystem]
name=ScalableFileSystem
baseurl=http://172.25.12.250/rhel6.5/ScalableFileSystem
gpgcheck=0
To configure:
#Add vip
ip addr add 172.25.12.200/24 dev eth0
#Install ipvsadm
yum install -y ipvsadm.x86_64
#Setting up ipvsadm policy
#- A is to add a new virtual server (scheduler) - s is to select the algorithm rr is to poll
ipvsadm -A -t 172.25.12.200:80 -s rr
#- A is to add a real host after the virtual server (scheduler) - r is the real host - g is working as direct routing
ipvsadm -a -t 172.25.12.200:80 -r 172.25.12.7:80 -g
ipvsadm -a -t 172.25.12.200:80 -r 172.25.12.8:80 -g
#Saving ipvsadm policy
/etc/init.d/ipvsadm save
#View the ipvsadm policy
ipvsadm -ln
RS (Real Host) configuration:
server2:
#Add vip, otherwise the data packet can not reach the high level of osi model
ip addr add 172.25.12.200/24 dev eth0
#Install arptables
yum install arptables_jf -y
#Install apache
yum install -y httpd
cd /var/www/html/
echo server1 > index.html
/etc/init.d/httpd start
#Configuring arp policy
#Deny arp requests for vip in the network
arptables -A IN -d 172.25.12.200 -j DROP
#Change the arp packet from vip to RIP
arptables -A OUT -s 172.25.12.200 -j mangle --mangle-ip-s 172.25.12.7
server3:
ip addr add 172.25.12.200/24 dev eth0
yum install arptables_jf
cd /var/www/html/
vim index.html
arptables -A IN -d 172.25.12.200 -j DROP
arptables -A OUT -s 172.25.12.200 -j mangle --mangle-ip-s 172.25.12.7
/etc/init.d/httpd start
Test:
[root@groot ~]# curl 172.25.12.200
server2
[root@groot ~]# curl 172.25.12.200
server3
[root@groot ~]# curl 172.25.12.200
server2
[root@groot ~]# curl 172.25.12.200
server3
Observe the mac address returned by the arp package:
Consistent with server 1's mac address