LVS之nat&dr

Evernote Export

负载均衡集群设计时的要点:

       (1)session保持

           session sticky(ip hash)

           session cluster

           session server

       (2)数据共享

           共享存储:

               NAS:Network Attached Storage,文件服务器,访问接口是文件级别(NFS,SAMBA)

               SAN:Storage Area Network,访问接口是块级别;SCSI协议借助于其他网络技术(FC,以太网)

               DS:Distributed Storage,访问接口通常是文件级别,接口可是文件系统,也可以API;ceph,内核级分布式存储;

           数据同步:

               rsync+inotify


           数据结构:

               结构化数据:存储于SQL数据库中;

               半结构化数据:xml,json,存储于文件系统或NoSQL;

               非结构化数据:文件系统,DS;


ipvsadm命令的用法:

ipvsadm -A|E -t|u|f service-address [-s scheduler]

[-p [timeout]] [-M netmask] [-b sched-flags]

ipvsadm -D -t|u|f service-address

ipvsadm -C

ipvsadm -R

ipvsadm -S [-n]

ipvsadm -a|e -t|u|f service-address -r server-address

[-g|i|m] [-w weight] [-x upper] [-y lower]

ipvsadm -d -t|u|f service-address -r server-address

ipvsadm -L|l [options]

ipvsadm -Z [-t|u|f service-address]

ipvsadm –set tcp tcpfin udp

ipvsadm -h

管理集群服务:增、改、删、查

ipvsadm  -A|E  -t|u|f  service-address  [-s scheduler]

ipvsadm  -D  -t|u|f service-address

-A:添加

-E:修改

-D:删除

service-address:

-t, tcp, vip:port

-u, udp, vip:port

-f, fwm, MARK

-s scheduler:默认为wlc;

管理集群服务上的RS:

ipvsadm -a|e  -t|u|f service-address -r server-address [-g|i|m] [-w weight]

ipvsadm -d -t|u|f service-address -r server-address

-a:添加一个RS

-e:修改一个RS

-d:删除一个RS

-r server-address:

RS的地址

rip[:port]

-g:GATEWAY (默认)

-i: IPIP

-m: MASQUERADE,nat

-w weight,

查看:

ipvsadm -L|l [options]

-n:numeric,数字格式显示地址和端口;

-c:connection,显示ipvs连接;

–stats:统计数据;

–rate:速率

–exact:精确值

清空规则:

ipvsadm  -C

保存和重载:

保存:

ipvsadm -S  > /PATH/TO/SOME_RULE_FILE

ipvsadm-save  > /PATH/TO/SOME_RULE_FILE

重载:

ipvsadm  -R < /PATH/FROM/SOME_RULE_FILE

ipvsadm-restore < /PATH/FROM/SOME_RULE_FILE

计数器清零:

ipvsadm  -Z  [-t|u|f service-address]


  • lvs-nat;

多目标的DNAT:通过将请求报文的目标地址和目标端口修改为挑选出某RS的RIP和PORT来实现;


           (1) RIP和DIP应该使用私网地址,RS的网关应该指向DIP(保证响应报文必须经由VS);

           (2) 请求和响应报文都要经由director转发;极高负载的场景中,Director可能会成为系统瓶颈;

           (3) 支持端口映射;

           (4) VS必须为Linux,RS可以是任意的OS;

           (5) RS的RIP与Director的DIP必须在同一IP网络;


设计要点:

           (1)DIP与RIP要在同一IP网络,RIP的网关要指向DIP;

           (2)支持端口映射;

           (3)是否用到共享存储取决业务要求;


实验拓扑:

            DS两张网卡两个IP地址:1.1.1.130模拟外部网络VIP,192.168.150.137模拟内部网络DIP

            RS1地址:192.168.150.138     RIP

            RS2地址:192.168.150.139     RIP


DS配置及说明


[root@localhost ~]# ifconfig

eno16777752: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 1.1.1.130  netmask 255.255.255.0  broadcast 1.1.1.255

inet6 fe80::20c:29ff:fe87:41f3  prefixlen 64  scopeid 0x20<link>

ether 00:0c:29:87:41:f3  txqueuelen 1000  (Ethernet)

RX packets 121  bytes 15542 (15.1 KiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 38  bytes 6012 (5.8 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.150.137  netmask 255.255.255.0  broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe87:41fd  prefixlen 64  scopeid 0x20<link>

ether 00:0c:29:87:41:fd  txqueuelen 1000  (Ethernet)

RX packets 6811  bytes 5830568 (5.5 MiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 3197  bytes 312274 (304.9 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 0  (Local Loopback)

RX packets 0  bytes 0 (0.0 B)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 0  bytes 0 (0.0 B)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# iptables -nL          查看iptables规则,确保iptables所有规则都为ACCEPT

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@localhost ~]# iptables -F          清空所有iptables规则

[root@localhost ~]# less /etc/sysctl.conf

[root@localhost ~]# vim /etc/sysctl.conf          修改内核参数,开启内核转发功能

[root@localhost ~]# cat /etc/sysctl.conf

# System default settings live in /usr/lib/sysctl.d/00-system.conf.

le

#

# For more information, see sysctl.conf(5) and sysctl.d(5).

net.ipv4.ip_forward = 1

[root@localhost ~]# sysctl -p

net.ipv4.ip_forward = 1

[root@localhost ~]# cat /proc/sys/net/ipv4/i

icmp_echo_ignore_all               ip_dynaddr

icmp_echo_ignore_broadcasts        ip_early_demux

icmp_errors_use_inbound_ifaddr     ip_forward

icmp_ignore_bogus_error_responses  ip_forward_use_pmtu

icmp_ratelimit                     ipfrag_high_thresh

icmp_ratemask                      ipfrag_low_thresh

igmp_max_memberships               ipfrag_max_dist

igmp_max_msf                       ipfrag_secret_interval

igmp_qrv                           ipfrag_time

inet_peer_maxttl                   ip_local_port_range

inet_peer_minttl                   ip_local_reserved_ports

inet_peer_threshold                ip_nonlocal_bind

ip_default_ttl                     ip_no_pmtu_disc

[root@localhost ~]# cat /proc/sys/net/ipv4/ip_forward

1

[root@localhost ~]# ipvsadm -Ln     查看目前LVS的规则

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port           Forward Weight ActiveConn InActConn

[root@localhost ~]# ipvsadm -A -t 1.1.1.130:80 -s rr          管理集群服务,添加集群主机VIP,调度规则算法,rr为round robin, 轮调,轮询,轮叫

[root@localhost ~]# ipvsadm -a -t 1.1.1.130:80 -r 192.168.150.138:80 -m -w 1     管理集群服务上的RS,添加RS主机,-m为添LVS类型为nat,-w为调度算法加权重,此时权重值无效,因为为rr算法

[root@localhost ~]# ipvsadm -a -t 1.1.1.130:80 -r 192.168.150.139:80 -m -w 2

[root@localhost ~]# ipvsadm -Ln     查看目前LVS的规则,已经存在

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  1.1.1.130:80 rr

-> 192.168.150.138:80           Masq    1      0          0

-> 192.168.150.139:80           Masq    2      0          0

[root@localhost ~]# curl http://1.1.1.130     此时访问VIP时,后台提供http服务的主机已经在轮询

<h1>RS1</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS2</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS1</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS2</h1>

[root@localhost ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  1.1.1.130:80 rr

-> 192.168.150.138:80           Masq    1      0          3

-> 192.168.150.139:80           Masq    2      0          4

[root@localhost ~]# ipvsadm -E -t 1.1.1.130:80 -s wrr     -E为修改LVS规则,将调度算法修改为wrr,加权的轮询算法

[root@localhost ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  1.1.1.130:80 wrr

-> 192.168.150.138:80           Masq    1      0          3

-> 192.168.150.139:80           Masq    2      0          3

[root@localhost ~]# curl http://1.1.1.130      此时根据权重,RS2主机访问量会是RS1主机的两倍

<h1>RS2</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS2</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS1</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS2</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS2</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS1</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS2</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS2</h1>

[root@localhost ~]# curl http://1.1.1.130

<h1>RS1</h1>

[root@localhost ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  1.1.1.130:80 wrr

-> 192.168.150.138:80           Masq    1      0          4

-> 192.168.150.139:80           Masq    2      0          9

[END] 2016/11/30 22:52:30


RS配置及说明:


RS1:

[BEGIN] 2016/11/30 21:47:08

[root@localhost ~]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.150.138  netmask 255.255.255.0  broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe1e:b6ec  prefixlen 64  scopeid 0x20<link>

ether 00:0c:29:1e:b6:ec  txqueuelen 1000  (Ethernet)

RX packets 200  bytes 21679 (21.1 KiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 77  bytes 10491 (10.2 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 0  (Local Loopback)

RX packets 0  bytes 0 (0.0 B)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 0  bytes 0 (0.0 B)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# yum -y install httpd telnet-server

已加载插件:fastestmirror

Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast

base                                                                 | 3.6 kB  00:00:00

epel                                                                 | 4.3 kB  00:00:00

extras                                                               | 3.4 kB  00:00:00

local                                                                | 3.6 kB  00:00:00

updates                                                              | 3.4 kB  00:00:00

(1/2): epel/updateinfo                                               | 677 kB  00:00:00

(2/2): epel/primary_db                                               | 4.4 MB  00:00:04

Determining fastest mirrors

* base: mirrors.cn99.com

* extras: mirrors.cn99.com

* updates: mirrors.cn99.com

正在解决依赖关系

–> 正在检查事务

—> 软件包 httpd.x86_64.0.2.4.6-40.el7.centos.4 将被 安装

os.4.x86_64 需要

–> 正在处理依赖关系 /etc/mime.types,它被软件包 httpd-2.4.6-40.el7.centos.4.x86_64 需要

—> 软件包 telnet-server.x86_64.1.0.17-59.el7 将被 安装

–> 正在检查事务

—> 软件包 httpd-tools.x86_64.0.2.4.6-40.el7.centos.4 将被 安装

—> 软件包 mailcap.noarch.0.2.1.41-2.el7 将被 安装

–> 解决依赖关系完成

依赖关系解决

============================================================================================

Package               架构           版本                            源               大小

============================================================================================

正在安装:

httpd                 x86_64         2.4.6-40.el7.centos.4           updates         2.7 M

telnet-server         x86_64         1:0.17-59.el7                   base             40 k

为依赖而安装:

httpd-tools           x86_64         2.4.6-40.el7.centos.4           updates          83 k

mailcap               noarch         2.1.41-2.el7                    base             31 k

事务概要

============================================================================================

安装  2 软件包 (+2 依赖软件包)

总下载量:2.8 M

安装大小:9.6 M

Downloading packages:

头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY

httpd-tools-2.4.6-40.el7.centos.4.x86_64.rpm 的公钥尚未安装

(1/4): httpd-tools-2.4.6-40.el7.centos.4.x86_64.rpm                  |  83 kB  00:00:00

(2/4): httpd-2.4.6-40.el7.centos.4.x86_64.rpm                        | 2.7 MB  00:00:00

mailcap-2.1.41-2.el7.noarch.rpm 的公钥尚未安装=========== ]  0.0 B/s | 2.8 MB  –:–:– ETA

(3/4): mailcap-2.1.41-2.el7.noarch.rpm                               |  31 kB  00:00:00

(4/4): telnet-server-0.17-59.el7.x86_64.rpm                          |  40 kB  00:00:00

——————————————————————————————–

总计                                                        1.5 MB/s | 2.8 MB  00:00:01

从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 检索密钥

导入 GPG key 0xF4A80EB5:

用户ID     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"

指纹       : 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5

软件包     : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda)

来自       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

正在安装    : mailcap-2.1.41-2.el7.noarch                                             1/4

正在安装    : httpd-tools-2.4.6-40.el7.centos.4.x86_64                                2/4

正在安装    : httpd-2.4.6-40.el7.centos.4.x86_64                                      3/4

正在安装    : 1:telnet-server-0.17-59.el7.x86_64                                      4/4

验证中      : httpd-tools-2.4.6-40.el7.centos.4.x86_64                                1/4

验证中      : 1:telnet-server-0.17-59.el7.x86_64                                      2/4

验证中      : mailcap-2.1.41-2.el7.noarch                                             3/4

验证中      : httpd-2.4.6-40.el7.centos.4.x86_64                                      4/4

已安装:

httpd.x86_64 0:2.4.6-40.el7.centos.4          telnet-server.x86_64 1:0.17-59.el7

作为依赖被安装:

httpd-tools.x86_64 0:2.4.6-40.el7.centos.4          mailcap.noarch 0:2.1.41-2.el7

完毕!

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554976     lvs的nat方式,RS的网关必须执行DS的内部ip,此次试验为192.168.150.137

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno33554976

TYPE=Ethernet

DEFROUTE=yes

PEERDNS=yes

PEERROUTES=yes

IPV4_FAILURE_FATAL=no

IPADDR=192.168.150.138

NETMASK=255.255.255.0

GATEWAY=192.168.150.137

DNS1=192.168.150.2

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_PEERDNS=yes

IPV6_PEERROUTES=yes

IPV6_FAILURE_FATAL=no

NAME=eno33554976

UUID=b457f2cf-086d-48ef-81e7-2baa2a828c90

DEVICE=eno33554976

ONBOOT=yes

[root@localhost ~]# systemctl restart network.service

[root@localhost ~]# ip addr list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

00

link/ether 00:0c:29:1e:b6:ec brd ff:ff:ff:ff:ff:ff

inet 192.168.150.138/24 brd 192.168.150.255 scope global eno33554976

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe1e:b6ec/64 scope link

valid_lft forever preferred_lft forever

[root@localhost ~]# ip route list

default via 192.168.150.137 dev eno33554976  proto static  metric 100

192.168.150.0/24 dev eno33554976  proto kernel  scope link  src 192.168.150.138  metric 100

[root@localhost ~]# ping 192.168.150.137

PING 192.168.150.137 (192.168.150.137) 56(84) bytes of data.

64 bytes from 192.168.150.137: icmp_seq=1 ttl=64 time=0.772 ms

^C

— 192.168.150.137 ping statistics —

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.772/0.772/0.772/0.000 ms

[root@localhost ~]# vim /var/www/html/index.html

[root@localhost ~]# cat /var/www/html/index.html

<h1>RS1</h1>

[root@localhost ~]# systemctl start httpd.service

[root@localhost ~]# ss -tnl

State      Recv-Q Send-Q Local Address:Port                Peer Address:Port

LISTEN     0      128                *:22                             *:*

LISTEN     0      100        127.0.0.1:25                             *:*

LISTEN     0      128               :::80                            :::*

LISTEN     0      128               :::22                            :::*

LISTEN     0      100              ::1:25                            :::*

[END] 2016/11/30 22:52:35

RS2:

[BEGIN] 2016/11/30 21:47:23

[root@localhost ~]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.150.139  netmask 255.255.255.0  broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe7c:2ca9  prefixlen 64  scopeid 0x20<link>

ether 00:0c:29:7c:2c:a9  txqueuelen 1000  (Ethernet)

RX packets 179  bytes 19733 (19.2 KiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 76  bytes 9965 (9.7 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 0  (Local Loopback)

RX packets 4  bytes 352 (352.0 B)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 4  bytes 352 (352.0 B)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# yum -y install httpd telnet-server

已加载插件:fastestmirror

Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast

base                                                                 | 3.6 kB  00:00:00

epel                                                                 | 4.3 kB  00:00:00

extras                                                               | 3.4 kB  00:00:00

local                                                                | 3.6 kB  00:00:00

updates                                                              | 3.4 kB  00:00:00

(1/2): epel/updateinfo                                               | 677 kB  00:00:01

(2/2): epel/primary_db                                               | 4.4 MB  00:00:05

Determining fastest mirrors

* base: mirrors.aliyun.com

* extras: mirrors.aliyun.com

* updates: mirrors.aliyun.com

正在解决依赖关系

–> 正在检查事务

—> 软件包 httpd.x86_64.0.2.4.6-40.el7.centos.4 将被 安装

os.4.x86_64 需要

–> 正在处理依赖关系 /etc/mime.types,它被软件包 httpd-2.4.6-40.el7.centos.4.x86_64 需要

—> 软件包 telnet-server.x86_64.1.0.17-59.el7 将被 安装

–> 正在检查事务

—> 软件包 httpd-tools.x86_64.0.2.4.6-40.el7.centos.4 将被 安装

—> 软件包 mailcap.noarch.0.2.1.41-2.el7 将被 安装

–> 解决依赖关系完成

依赖关系解决

============================================================================================

Package               架构           版本                            源               大小

============================================================================================

正在安装:

httpd                 x86_64         2.4.6-40.el7.centos.4           updates         2.7 M

telnet-server         x86_64         1:0.17-59.el7                   base             40 k

为依赖而安装:

httpd-tools           x86_64         2.4.6-40.el7.centos.4           updates          83 k

mailcap               noarch         2.1.41-2.el7                    base             31 k

事务概要

============================================================================================

安装  2 软件包 (+2 依赖软件包)

总下载量:2.8 M

安装大小:9.6 M

Downloading packages:

RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY

httpd-2.4.6-40.el7.centos.4.x86_64.rpm 的公钥尚未安装

(1/4): httpd-2.4.6-40.el7.centos.4.x86_64.rpm                        | 2.7 MB  00:00:00

(2/4): httpd-tools-2.4.6-40.el7.centos.4.x86_64.rpm                  |  83 kB  00:00:00

telnet-server-0.17-59.el7.x86_64.rpm 的公钥尚未安装====== ]  0.0 B/s | 2.8 MB  –:–:– ETA

(3/4): telnet-server-0.17-59.el7.x86_64.rpm                          |  40 kB  00:00:00

(4/4): mailcap-2.1.41-2.el7.noarch.rpm                               |  31 kB  00:00:00

——————————————————————————————–

总计                                                        1.7 MB/s | 2.8 MB  00:00:01

从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 检索密钥

导入 GPG key 0xF4A80EB5:

用户ID     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"

指纹       : 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5

软件包     : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda)

来自       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

正在安装    : mailcap-2.1.41-2.el7.noarch                                             1/4

正在安装    : httpd-tools-2.4.6-40.el7.centos.4.x86_64                                2/4

正在安装    : httpd-2.4.6-40.el7.centos.4.x86_64                                      3/4

正在安装    : 1:telnet-server-0.17-59.el7.x86_64                                      4/4

验证中      : httpd-tools-2.4.6-40.el7.centos.4.x86_64                                1/4

验证中      : 1:telnet-server-0.17-59.el7.x86_64                                      2/4

验证中      : mailcap-2.1.41-2.el7.noarch                                             3/4

验证中      : httpd-2.4.6-40.el7.centos.4.x86_64                                      4/4

已安装:

httpd.x86_64 0:2.4.6-40.el7.centos.4          telnet-server.x86_64 1:0.17-59.el7

作为依赖被安装:

httpd-tools.x86_64 0:2.4.6-40.el7.centos.4          mailcap.noarch 0:2.1.41-2.el7

完毕!

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554976

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno33554976

TYPE=Ethernet

DEFROUTE=yes

PEERDNS=yes

PEERROUTES=yes

IPV4_FAILURE_FATAL=no

IPADDR=192.168.150.139

NETMASK=255.255.255.0

GATEWAY=192.168.150.137

DNS1=192.168.150.2

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_PEERDNS=yes

IPV6_PEERROUTES=yes

IPV6_FAILURE_FATAL=no

NAME=eno33554976

UUID=b457f2cf-086d-48ef-81e7-2baa2a828c90

DEVICE=eno33554976

ONBOOT=yes

[root@localhost ~]# systemctl restart network.service

[root@localhost ~]# ip addr list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

00

link/ether 00:0c:29:7c:2c:a9 brd ff:ff:ff:ff:ff:ff

inet 192.168.150.139/24 brd 192.168.150.255 scope global eno33554976

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe7c:2ca9/64 scope link

valid_lft forever preferred_lft forever

[root@localhost ~]# ip route list

default via 192.168.150.137 dev eno33554976  proto static  metric 100

192.168.150.0/24 dev eno33554976  proto kernel  scope link  src 192.168.150.139  metric 100

[root@localhost ~]# ping 192.168.150.137

PING 192.168.150.137 (192.168.150.137) 56(84) bytes of data.

64 bytes from 192.168.150.137: icmp_seq=1 ttl=64 time=0.516 ms

^C

— 192.168.150.137 ping statistics —

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.516/0.516/0.516/0.000 ms

[root@localhost ~]# vim /var/www/html/index.html

[root@localhost ~]# cat /var/www/html/index.html

<h1>RS2</h1>

[root@localhost ~]# systemctl start httpd.service

[root@localhost ~]# ss -tnl

State      Recv-Q Send-Q Local Address:Port                Peer Address:Port

LISTEN     0      128                *:22                             *:*

LISTEN     0      100        127.0.0.1:25                             *:*

LISTEN     0      128               :::80                            :::*

LISTEN     0      128               :::22                            :::*

LISTEN     0      100              ::1:25                            :::*

[END] 2016/11/30 22:52:38


  • lvs-dr

lvs-dr:direct routing

           通过修改请求报文的MAC地址进行转发;IP首部不会发生变化(源IP为CIP,目标IP始终为VIP);

           通过为请求报文的重新封装一个MAC首部进行转发,元MAC是DIP所在接口的MAC,目标MAC是挑选出某RS的RIP所在接口的MAC地址;IP首部不会发生变化(CIP<–>VIP)


           (1) 确保前端路由器将目标IP为VIP的请求报文一定会发送给Director;

               解决方案:

                   在路由器上静态绑定VIP和Director的MAC地址;

                   禁止RS响应VIP的ARP请求,禁止RS的VIP进行通告;

                       (a) arptables;

                       (b) 修改各RS的内核参数,并把VIP配置在特定的接口上lo实现禁止其响应;

                           arp_ignore,arp_announce

           (2) RS的RIP可以使用私有地址,也可以使用公网地址;

           (3) RS跟Director必须在同一物理网络中;

           (4) 请求报文必须由Director调度,但响应报文必须不能经由Director;

           (5) 不支持端口映射;

           (6) 各RS可以使用大多数的OS;


       在各主机(Director,RS)均需要配置VIP;因此,要解决地址冲突的问题,目标是让各RS上的VIP不可见,仅用接收目标地址为VIP的报文,同时可作为响应报文的源地址;

           (1)在前端的网关接口上静态绑定;

           (2)在各RS上使用arptables;

           (3)在各RS上修改内核参数,来显示arp响应和通告;

               限制响应级别:arp_ignore

                   0:使用本地任意接口上配置的地址进行响应;

                   1:仅在请求的目标IP配置在本地主机的接收报文的接口上时才给予响应

                   2-8

               限制通告级别:arp_announce

                   0:默认,把本机所有接口信息向每个接口通告

                   1:尽量避免向非本网络通告;

                   2:总是避免;


       设计要点:

           (1):各主机一个接口即可,但需要在同一物理网络中;

           (2):rip的网管不能指向dip;rip和dip通常应该在同一网络,但此二者未必会与vip在同一网络;

           (3):各rs需要先设置内核参数,再设置vip和路由;


       Director:

           # ifconfig INTERFACE_ALIAS $vip netmask 255.255.255.255 broadcast $vip up

           #


           定义集群服务及服务上的RS;


       RealServer:

           内核参数:

               # echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

               # echo 2 > /proc/sys/net/ipv4/conf/all/arp_annouce


               # echo 1 > /proc/sys/net/ipv4/conf/INTERFACE/arp_ignore

               # echo 2 > /proc/sys/net/ipv4/conf/INTERFACE/arp_annouce


               注意:INTERFACE为你的物理接口;


               # ifconfig lo:0 $vip netmask 255.255.255.255 broadcast $vip up

               # route add -host $vip dev lo:0

实验拓扑:

            DS一张网卡两个地址:192.168.150.137 DIP,192.168.150.131 VIP

            RS1地址:192.168.150.138     RIP

            RS2地址:192.168.150.139     RIP


DS配置及说明:


[BEGIN] 2016/11/30 23:08:56

[root@localhost ~]# ipvsadm -C

[root@localhost ~]# ping 192.168.150.138

PING 192.168.150.138 (192.168.150.138) 56(84) bytes of data.

64 bytes from 192.168.150.138: icmp_seq=1 ttl=64 time=0.488 ms

^C

— 192.168.150.138 ping statistics —

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.488/0.488/0.488/0.000 ms

[root@localhost ~]# ping 192.168.150.139

PING 192.168.150.139 (192.168.150.139) 56(84) bytes of data.

64 bytes from 192.168.150.139: icmp_seq=1 ttl=64 time=0.676 ms

^C

— 192.168.150.139 ping statistics —

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.676/0.676/0.676/0.000 ms

[root@localhost ~]# ifconfig

eno16777752: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

ether 00:0c:29:87:41:f3  txqueuelen 1000  (Ethernet)

RX packets 284  bytes 36266 (35.4 KiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 113  bytes 17679 (17.2 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.150.137  netmask 255.255.255.0  broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe87:41fd  prefixlen 64  scopeid 0x20<link>

ether 00:0c:29:87:41:fd  txqueuelen 1000  (Ethernet)

RX packets 8906  bytes 6016519 (5.7 MiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 4604  bytes 475486 (464.3 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 0  (Local Loopback)

RX packets 0  bytes 0 (0.0 B)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 0  bytes 0 (0.0 B)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# ip addr add 192.168.150.131/24 dev  eno33554976     在同一网卡上配置了192.168.150.131作为VIP

[root@localhost ~]# ip addr l

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eno16777752: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

link/ether 00:0c:29:87:41:f3 brd ff:ff:ff:ff:ff:ff

3: eno33554976: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:0c:29:87:41:fd brd ff:ff:ff:ff:ff:ff

inet 192.168.150.137/24 brd 192.168.150.255 scope global eno33554976

valid_lft forever preferred_lft forever

inet 192.168.150.131/24 scope global secondary eno33554976

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe87:41fd/64 scope link

valid_lft forever preferred_lft forever

[root@localhost ~]# ip addr del 192.168.150.131/24 dev eno33554976

[root@localhost ~]# ip addr l

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eno16777752: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

link/ether 00:0c:29:87:41:f3 brd ff:ff:ff:ff:ff:ff

3: eno33554976: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:0c:29:87:41:fd brd ff:ff:ff:ff:ff:ff

inet 192.168.150.137/24 brd 192.168.150.255 scope global eno33554976

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe87:41fd/64 scope link

valid_lft forever preferred_lft forever

[root@localhost ~]# ifconfig

eno16777752: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

ether 00:0c:29:87:41:f3  txqueuelen 1000  (Ethernet)

RX packets 284  bytes 36266 (35.4 KiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 113  bytes 17679 (17.2 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.150.137  netmask 255.255.255.0  broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe87:41fd  prefixlen 64  scopeid 0x20<link>

ether 00:0c:29:87:41:fd  txqueuelen 1000  (Ethernet)

RX packets 9364  bytes 6054581 (5.7 MiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 4855  bytes 504970 (493.1 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno33554976:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500               VIP地址子网掩码设置为255.255.255.255,并将广播地址设置为本身,禁止广播

inet 192.168.150.131  netmask 255.255.255.255  broadcast 192.168.150.131

ether 00:0c:29:87:41:fd  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 0  (Local Loopback)

RX packets 0  bytes 0 (0.0 B)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 0  bytes 0 (0.0 B)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# ipvsadm -C

[root@localhost ~]# ipvsadm -A -t 192.168.150.131 -s rr

Zero port specified for non-persistent service

[root@localhost ~]# ipvsadm -A -t 192.168.150.131:80 -s rr

[root@localhost ~]# ipvsadm -a -t 192.168.150.131:80 -r 192.168.150.138 -g -w 1     -g即指定gateway(默认模式)LVS方式为DR

[root@localhost ~]# ipvsadm -a -t 192.168.150.131:80 -r 192.168.150.139 -g -w 2

[root@localhost ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  192.168.150.131:80 rr

-> 192.168.150.138:80           Route   1      0          0

-> 192.168.150.139:80           Route   2      0          0

模拟客户机进行http访问结果:

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS2</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS2</h1>

此时本网络内的arp表     arp将192.168.150.131指向的mac地址肯定是DS中的mac

arp -a

接口: 192.168.150.1 — 0xb

Internet 地址         物理地址              类型

192.168.150.131       00-0c-29-87-41-fd     动态

192.168.150.137       00-0c-29-87-41-fd     动态

192.168.150.138       00-0c-29-1e-b6-ec     动态

192.168.150.139       00-0c-29-7c-2c-a9     动态

192.168.150.255       ff-ff-ff-ff-ff-ff     静态

224.0.0.2             01-00-5e-00-00-02     静态

224.0.0.22            01-00-5e-00-00-16     静态

224.0.0.252           01-00-5e-00-00-fc     静态

239.255.255.250       01-00-5e-7f-ff-fa     静态


RS的配置及说明:


RS1:

[BEGIN] 2016/11/30 23:10:53

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554976     编辑网络,网关无需指向DS

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno33554976

TYPE=Ethernet

DEFROUTE=yes

PEERDNS=yes

PEERROUTES=yes

IPV4_FAILURE_FATAL=no

IPADDR=192.168.150.138

NETMASK=255.255.255.0

GATEWAY=192.168.150.2

DNS1=192.168.150.2

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_PEERDNS=yes

IPV6_PEERROUTES=yes

IPV6_FAILURE_FATAL=no

NAME=eno33554976

UUID=b457f2cf-086d-48ef-81e7-2baa2a828c90

DEVICE=eno33554976

ONBOOT=yes

[root@localhost ~]# systemctl restart network.service

[root@localhost ~]# ip addr list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eno33554976: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:0c:29:1e:b6:ec brd ff:ff:ff:ff:ff:ff

inet 192.168.150.138/24 brd 192.168.150.255 scope global eno33554976

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe1e:b6ec/64 scope link

valid_lft forever preferred_lft forever

[root@localhost ~]# ip route

default via 192.168.150.2 dev eno33554976  proto static  metric 100

192.168.150.0/24 dev eno33554976  proto kernel  scope link  src 192.168.150.138  metric 100

[root@localhost ~]# ls

anaconda-ks.cfg  skp.sh

[root@localhost ~]# cat skp.sh     编辑内核修改脚本,关闭内核中的arp响应及通告

#!/bin/bash

#

case $1 in

start)

echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore

echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

;;

stop)

echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore

echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore

echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce

echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce

;;

esac

[root@localhost ~]# ./skp.sh start

[root@localhost ~]# scp skp.sh root@192.168.150.139:/root               拷贝脚本至RS2并执行

The authenticity of host '192.168.150.139 (192.168.150.139)' can't be established.

ECDSA key fingerprint is 2a:e3:03:52:8c:84:02:59:a2:26:a3:b2:f6:74:6c:3c.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.150.139' (ECDSA) to the list of known hosts.

root@192.168.150.139's password:

skp.sh                                                             100%  438     0.4KB/s   00:00

[root@localhost ~]# cat /proc/sys/net/ipv4/conf/lo/arp_announce     内核参数确认

2

[root@localhost ~]# ifconfig lo:0 192.168.150.131 netmask 255.255.255.255 broadcast 192.168.150.131     添加lo网卡的网络地址为VIP地址,并将广播地址设置为自己,静止广播

[root@localhost ~]# route add -host 192.168.150.131 dev lo:0     本地路由条目添加,经由此主机的地址出站报文均通告192.168.150.131

[root@localhost ~]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.150.138  netmask 255.255.255.0  broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe1e:b6ec  prefixlen 64  scopeid 0x20<link>

ether 00:0c:29:1e:b6:ec  txqueuelen 1000  (Ethernet)

RX packets 7876  bytes 8797152 (8.3 MiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 3443  bytes 292668 (285.8 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 0  (Local Loopback)

RX packets 8  bytes 704 (704.0 B)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 8  bytes 704 (704.0 B)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 192.168.150.131  netmask 255.255.255.255

loop  txqueuelen 0  (Local Loopback)

[root@localhost ~]# iptables -nL

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@localhost ~]# ss -tnl

State       Recv-Q Send-Q     Local Address:Port                    Peer Address:Port

LISTEN      0      128                    *:22                                 *:*

LISTEN      0      100            127.0.0.1:25                                 *:*

LISTEN      0      128                   :::80                                :::*

LISTEN      0      128                   :::22                                :::*

LISTEN      0      100                  ::1:25                                :::*

[root@localhost ~]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.150.138  netmask 255.255.255.0  broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe1e:b6ec  prefixlen 64  scopeid 0x20<link>

ether 00:0c:29:1e:b6:ec  txqueuelen 1000  (Ethernet)

RX packets 8007  bytes 8808139 (8.4 MiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 3519  bytes 301730 (294.6 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 0  (Local Loopback)

RX packets 8  bytes 704 (704.0 B)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 8  bytes 704 (704.0 B)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 192.168.150.131  netmask 255.255.255.255

loop  txqueuelen 0  (Local Loopback)

[END] 2016/12/1 0:03:24

RS2:

[BEGIN] 2016/11/30 23:11:32

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554976

[root@localhost ~]#

[root@localhost ~]#

[root@localhost ~]#

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno33554976

TYPE=Ethernet

DEFROUTE=yes

PEERDNS=yes

PEERROUTES=yes

IPV4_FAILURE_FATAL=no

IPADDR=192.168.150.139

NETMASK=255.255.255.0

GATEWAY=192.168.150.2

DNS1=192.168.150.2

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_PEERDNS=yes

IPV6_PEERROUTES=yes

IPV6_FAILURE_FATAL=no

NAME=eno33554976

UUID=b457f2cf-086d-48ef-81e7-2baa2a828c90

DEVICE=eno33554976

ONBOOT=yes

[root@localhost ~]# systemctl restart network.service

[root@localhost ~]# ip addr list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eno33554976: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:0c:29:7c:2c:a9 brd ff:ff:ff:ff:ff:ff

inet 192.168.150.139/24 brd 192.168.150.255 scope global eno33554976

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe7c:2ca9/64 scope link

valid_lft forever preferred_lft forever

[root@localhost ~]# ip route

default via 192.168.150.2 dev eno33554976  proto static  metric 100

192.168.150.0/24 dev eno33554976  proto kernel  scope link  src 192.168.150.139  metric 100

[root@localhost ~]# ls

anaconda-ks.cfg  skp.sh

[root@localhost ~]# ./skp.sh start

[root@localhost ~]# cat /proc/sys/net/ipv4/conf/lo/arp_

arp_accept    arp_announce  arp_filter    arp_ignore    arp_notify

[root@localhost ~]# cat /proc/sys/net/ipv4/conf/lo/arp_

arp_accept    arp_announce  arp_filter    arp_ignore    arp_notify

[root@localhost ~]# cat /proc/sys/net/ipv4/conf/lo/arp_ignore

1

[root@localhost ~]# ifconfig lo:0 192.168.150.131 netmask 255.255.255.255 broadcast 192.168.150.131

[root@localhost ~]# route add -host 192.168.150.131 dev lo:0

[root@localhost ~]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.150.139  netmask 255.255.255.0  broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe7c:2ca9  prefixlen 64  scopeid 0x20<link>

ether 00:0c:29:7c:2c:a9  txqueuelen 1000  (Ethernet)

RX packets 7678  bytes 8904160 (8.4 MiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 3082  bytes 265852 (259.6 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 0  (Local Loopback)

RX packets 20  bytes 1760 (1.7 KiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 20  bytes 1760 (1.7 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 192.168.150.131  netmask 255.255.255.255

loop  txqueuelen 0  (Local Loopback)

[END] 2016/12/1 0:03:29


原创文章,作者:N23-苏州-void,如若转载,请注明出处:http://www.178linux.com/61777

(0)
上一篇 2016-12-01 08:41
下一篇 2016-12-01 11:11

相关推荐

  • 网络N22期-第二周作业

    1、Linux上的文件管理类命令都有哪些,其常用的使用方法及其相关示例演示。 常用文件管理类命令有cp、mv、rm。 # cp命令:文件复制命令     cp [OPTION]… [-T] SOURCE DEST 单文件复制     cp [OPTION]… SOURC…

    Linux干货 2016-08-22
  • Linux 基础(7)——文本处理工具

    cat  tac  rev  more  less           head  tail cut  paste  wc               &nbs…

    2017-07-29
  • N26 第三周博客作业

    1、列出当前系统上所有已经登录的用户的用户名,注意:同一个用户登录多次,则只显示一次即可。 思路:    首先使用 who 查看当前系统上所有已经登录的用户,然后用 cut 或 awk 截取用户名,最后使用 sort 或 unqi 去除重复信息。命令:    who | cut -d’ ‘ -f1 …

    Linux干货 2017-02-25
  • RedHat系列linux网络属性配置

    一、Linux网络管理基础 1 路由条目:  目标地址 经下一跳(nexthop) 目标地址的类别: 单个主机: 主机路由 网路接口: 网络路由 目标地址为0.0.0.0/0.0.0.0: 默认路由 2 将linux主机接入到网络中: IP/NETMASK: 本地通信 路由(网关): 酷网络通信 DNS服务器地址: 基于主机名的通信 主dns服务器…

    Linux干货 2016-09-19
  • 命令read

    read命令是一个bash命令,它用于从键盘或标准输入中读取文本.我们可以使用read以交互的形式读取来自用户的输入.并且read还提供一种不需要按回车就能够输入参数的方法. read可以从标准输入中读取单独的一行,或者使用-u选项,从文件描述符FD中读取.并且这单独的行被分隔成多个域,第一个词被赋值给第一个变量,第一个赋值给第二个变量,以此类推,直到剩下的…

    Linux干货 2016-08-12
  • 马哥教育网络班20期+第一周课程练习

    一、计算机的组成及其功能。 计算机是由几个单元所组成,输入单元,输出单元,运算器,控制器,存储器,5大单元组成  1、运算器 又称运算器又称算术逻辑单元,它是计算机对数据进行加工处理的部件,包括算术运算(加、减、乘、除等)和逻辑运算(与、或、非、异或、比较等)。 2、控制器 负责从存储器中取出指令,并对指令进行译码;根据指令的要求,按时间的先后顺序…

    Linux干货 2016-06-23

评论列表(1条)

  • 马哥教育
    马哥教育 2017-04-13 08:55

    总结的比较详细,能给出物理拓扑会比较好,另外lvs nat和lvs dr模式分别用在什么场景能说明白会更好~继续加油