The implementation principles of LVS load balancing NAT, FULLNAT, DR and TUN models have been introduced before. In this chapter, let’s practice together.
Practice environment
LVS is currently part of the Linux kernel -. The ipvS module in the kernel supports NAT, DR and TUNNEL models. You cannot operate the IPVS module directly. You need to install the ipvSADm interactive software and use it to interact with ipvS.
Use 3 UCloud cloud hosts to build the experimental environment, and choose timeshare purchase when creating cloud hosts, which is more cost-effective.
Experimental machine and environment
- Three UCloud cloud hosts, CentOS 7.9 64-bit, 1 core 1 GB, you need to pay attention to the firewall rules, in practice, choose [Web Server recommendation], open port 22, 3389, 80, 443, this can be customized
- Two Real Servers: RS01 and RS02, and one load balancing Server: LB01
- Rs01:10.23.190.76, RS02:10.23.122.152, LB01:10.23.21.184
- RS01, RS02 install HTTPD, quickly start HTTP server, and configure different request response
- LB01 Install and enable ipvsadm
Demonstration of experimental machines
NAT mode operation
To review the characteristics of NAT mode, see figure 1
- In NAT mode, the destination IP address or source IP address of a packet is changed. All request packets and response packets pass through the load balancer. Therefore, the NAT mode supports port translation
- The default gateway of the real server is the load balancer. Therefore, the real server and the load balancer must be on the same network segment
To start the actual operation, you must first do some preparatory work, that is, install and start the software and services to be installed.
RS01, RS02 install HTTPD, quickly start HTTP service
yum install httpd -y && service httpd start
echo "HelloFrom RS01/RS02" > /var/www/html/index.html
Curl 0.0.0.0: curl 0.0.0.0
yum install ipvsadm && ipvsadm --save> /etc/sysconfig/ipvsadm && service ipvsadm start
The following figure indicates that IPVSADm has been successfully started
The default gateway of RS01 and RS02 is SET to DIP, that is, IP 10.23.21.184 of LB01
View the current default gateway of RS01 and RS02
route -n
You can see that the current default gateway is 10.23.0.1
Route add default gw 10.23.21.184
After entering a command and pressing Enter, there will be no response for a long time, which is normal. After its connection is broken, and then through LB01 login to RS01, RS02
Route del default gw 10.23.0.1
To configure the route entry rule, use the -a parameter
- Because the cloud host is used in the experiment, the EIP or external IP address of the cloud host itself is mapped to the bound cloud host through NAT, so the EIP cannot be used as the VIP bound port. Here, the Intranet IP is directly used as the DIP
Ipvsadm-a-t 10.23.21.184:8000-s rr
To configure the route entry rule, use the -a parameter
Ipvsadm-a-t 10.23.21.184:8000-r 10.23.190.76:80-m
Ipvsadm-a-t 10.23.21.184:8000-r 10.23.122.152:80-m
Verify the configuration
ipvsadm -ln
echo 1 >/proc/sys/net/ipv4/ip_forward
The ipvsadm configuration is outlined here:
-A Adds A new virtual server record. That is, A new virtual server is added
-a Add a new real server record, that is, add a real server to the virtual server
-t The real server provides the TCP service
-s Indicates the scheduling algorithm used by load balancing. Rr indicates polling
-w Sets the weight
-r Specifies the real server
-m Specifies the NAT mode for LVS
-g Specifies DR mode for LVS
-i Specifies the TUNNEL mode for LVS
As you can see, the above configuration uses NAT mode and the scheduling algorithm is polling.
At this point, the configuration is complete, and then verify that LB01 can load to RS01 and RS02 as expected. Open the Internet IP address of LB01 in a browser.
To this verification success ~
TUNNEL mode operation
Review the characteristics of TUNNEL mode
– The real server and the load balancer can be in different network segments
– The REAL server needs to change THE ARP protocol and hide the VIP on the LO interface
TUNNEL mode is a bit different from the other modes in that it cannot directly use THE VIP as a DIP as before. Therefore, an additional DIP is required: 10.23.21.180.
The system starts to configure a specific load rule ~
RS01 and RS02 Install the IPIP module
modprobe ipip
Verify that the IPIP module is successfully loaded
lsmod | grep ipip
echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo 2 >/proc/sys/net/ipv4/conf/tunl0/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
Rp_filter indicates whether to enable the packet source address verification.
echo 0 > /proc/sys/net/ipv4/conf/tunl0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
Configuration DIP
Ifconfig tunl0 10.23.21.180 broadcast 10.23.21.180 netmask 255.255.255.255 Up route add-host 10.23.21.180 tunl0
Verify the configuration
ifconfig
route -n
Configure routing entry rules
Ipvsadm -a -t 10.23.21.180:80 -s WRR
Configure routing egress rules. The external IP addresses of RS01 and RS02 need to be set in different network segments
Ipvsadm-a-t 10.23.21.180:80 -r 10.23.190.76 - I -w 1
Ipvsadm -a -t 10.23.21.180:80 -r 10.23.122.152 -i -w 1
Configuration DIP
Install the IPIP module
modprobe ipip
Ifconfig tunl0 10.23.21.180 broadcast 10.23.21.180 netmask 255.255.255.255 Up route add-host 10.23.21.180 tunl0
Verify the configuration
ipvsadm -ln
route -n
DIP is a virtual IP address, so it cannot be found on the network. You need to manually access the DIP route to LB01.
Route add-host 10.23.21.180 gw 10.23.21.184
Verify (route-n)
Verification successful ~
The next part will continue to focus on the practical operation of the DR model and the implementation of the DR model with Keepalived.
Other articles in the series:
LVS load balancing series (1) : PRINCIPLE of NAT and FULLNAT models
LVS load balancing series (2) : DR and TUN model principles