1. NAT mode schematic diagram
NAT (Network Address Translation) Network Address Translation mode
When the user requests to arrive at the Director Server, the requested data message will first arrive at the pre routing chain in the kernel space. At this time, the source IP of the message is CIP and the target IP is VIP
PREROUTING checks that the destination IP of the packet is local and sends the packet to the INPUT chain
IPVS compares whether the service requested by the packet is a cluster service. If so, modify the destination IP address of the packet to the IP address of the back-end server, and then send the packet to the post routing chain. At this time, the source IP of the message is CIP, and the target IP is RIP
POSTROUTING chain sends data packets to Real Server through routing
Real Server compares and finds that the target is its own IP, and starts to build a response message to send back to Director Server. At this time, the source IP of the message is RIP, and the target IP is CIP
Before responding to the client, the Director Server will change the source IP address to its own VIP address, and then respond to the client. At this time, the source IP of the message is VIP and the target IP is CIP
2. Characteristics of lvs-nat model
RS should use private address, RS gateway must point to DIP
DIP and RIP must be in the same network segment
Both request and response messages need to pass through Director Server. In high load scenarios, Director Server is easy to become a performance bottleneck
Supports port mapping
RS can use any operating system
Defect: the pressure on the director server will be great, and the request and response need to go through the director server
3. Configure LVS in NAT mode
1. Add a network card eth1 to server1, add external ip to the network card, and activate the network card
Among them, 172.25.254.1 is used as the intranet address to communicate with the real server
172.25.8.110 as the external address, receiving the client's request
[root@server1 ~]# ip addr add 172.25.8.110/24 dev eth1 [root@server1 ~]# ip link set up eth1 [root@server1 ~]# ip addr show
2. Add ipvsadm policy in server1
[root@server1 ~]# ipvsadm -A -t 172.25.8.110:80 -s rr [root@server1 ~]# ipvsadm -a -t 172.25.8.110:80 -r 172.25.254.2:80 -m [root@server1 ~]# ipvsadm -a -t 172.25.8.110:80 -r 172.25.254.3:80 -m [root@server1 ~]# ipvsadm -l IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP server1:http rr -> server2:http Masq 1 0 0 -> server3:http Masq 1 0 0 [root@server1 ~]#
3. Turn on routing mechanism in server1
[root@server1 ~]# sysctl -a |grep ip_forward net.ipv4.ip_forward = 0 net.ipv4.ip_forward_use_pmtu = 0 [root@server1 ~]# vim /etc/sysctl.conf [root@server1 ~]# sysctl -p net.ipv4.ip_forward = 1 [root@server1 ~]#
4. Load NAT module in server1 to start service
[root@server1 ~]# modprobe iptable_nat [root@server1 ~]#
5. Server2 and Server3, as back-end servers, need to install httpd service, and set gateway as internal ip of scheduler
[root@server2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.25.254.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.25.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 [root@server2 ~]# cat /var/www/html/index.html i am server2 [root@server2 ~]#
[root@server3 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.25.254.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.25.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 [root@server3 ~]# cat /var/www/html/index.html i am server3 [root@server3 ~]#
Real machine test:
[kiosk@foundation8 ~]$ curl 172.25.8.110 i am server3 [kiosk@foundation8 ~]$ curl 172.25.8.110 i am server2 [kiosk@foundation8 ~]$ curl 172.25.8.110 i am server3 [kiosk@foundation8 ~]$ curl 172.25.8.110 i am server2 [kiosk@foundation8 ~]$ curl 172.25.8.110 i am server3 [kiosk@foundation8 ~]$ curl 172.25.8.110 i am server2 [kiosk@foundation8 ~]$
