NAT mode construction of LVS

Keywords: network curl vim

1. NAT mode schematic diagram

NAT (Network Address Translation) Network Address Translation mode

When the user requests to arrive at the Director Server, the requested data message will first arrive at the pre routing chain in the kernel space. At this time, the source IP of the message is CIP and the target IP is VIP

PREROUTING checks that the destination IP of the packet is local and sends the packet to the INPUT chain

IPVS compares whether the service requested by the packet is a cluster service. If so, modify the destination IP address of the packet to the IP address of the back-end server, and then send the packet to the post routing chain. At this time, the source IP of the message is CIP, and the target IP is RIP

POSTROUTING chain sends data packets to Real Server through routing

Real Server compares and finds that the target is its own IP, and starts to build a response message to send back to Director Server. At this time, the source IP of the message is RIP, and the target IP is CIP

Before responding to the client, the Director Server will change the source IP address to its own VIP address, and then respond to the client. At this time, the source IP of the message is VIP and the target IP is CIP

2. Characteristics of lvs-nat model

RS should use private address, RS gateway must point to DIP

DIP and RIP must be in the same network segment

Both request and response messages need to pass through Director Server. In high load scenarios, Director Server is easy to become a performance bottleneck

Supports port mapping

RS can use any operating system

Defect: the pressure on the director server will be great, and the request and response need to go through the director server

3. Configure LVS in NAT mode

1. Add a network card eth1 to server1, add external ip to the network card, and activate the network card

Among them, 172.25.254.1 is used as the intranet address to communicate with the real server
172.25.8.110 as the external address, receiving the client's request

[root@server1 ~]# ip addr add 172.25.8.110/24 dev eth1
[root@server1 ~]# ip link set up eth1
[root@server1 ~]# ip addr show

2. Add ipvsadm policy in server1

[root@server1 ~]# ipvsadm -A -t 172.25.8.110:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.8.110:80 -r 172.25.254.2:80 -m
[root@server1 ~]# ipvsadm -a -t 172.25.8.110:80 -r 172.25.254.3:80 -m
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  server1:http rr
  -> server2:http                 Masq    1      0          0         
  -> server3:http                 Masq    1      0          0         
[root@server1 ~]# 

3. Turn on routing mechanism in server1

[root@server1 ~]# sysctl -a |grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_use_pmtu = 0
[root@server1 ~]# vim /etc/sysctl.conf 
[root@server1 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@server1 ~]# 

4. Load NAT module in server1 to start service

[root@server1 ~]# modprobe iptable_nat
[root@server1 ~]# 

5. Server2 and Server3, as back-end servers, need to install httpd service, and set gateway as internal ip of scheduler

[root@server2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.25.254.1    0.0.0.0         UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
172.25.254.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
[root@server2 ~]# cat /var/www/html/index.html 
i am server2
[root@server2 ~]# 
[root@server3 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.25.254.1    0.0.0.0         UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
172.25.254.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
[root@server3 ~]# cat /var/www/html/index.html 
i am server3
[root@server3 ~]# 

Real machine test:

[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server3
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server2
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server3
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server2
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server3
[kiosk@foundation8 ~]$ curl 172.25.8.110
i am server2
[kiosk@foundation8 ~]$ 

Published 150 original articles, won praise 1, visited 2596
Private letter follow

Posted by l4nc3r on Thu, 20 Feb 2020 22:20:44 -0800