调度器会把用户的请求通过预设的iptables规则转发给后端的真实服务器。其中调度器有两个IP,一个是公网IP,一个是内网IP,而真实服务器只有内网IP。用户访问的时候请求的是调度器的公网IP,它会把用户的请求转发到真实服务器的内网IP上。这种模式的好处是节省公网IP,但是调度器会成为一个瓶颈。
其中调度器上有两块网卡,作为内网的这块网卡使用的是NAT的网络,而作为“公网”的网卡使用的是仅主机网络。需要注意,所谓的公网其实仅仅是模拟的,并不是真正意义上的公网。

模拟规则 主机名 IP 网关
调度器 dir 192.168.200.130(内网,NAT模式)
192.168.100.130(外网,仅主机模式)		 192.168.200.2
真实服务器1 rs1 192.168.200.131 192.168.200.130
真实服务器2 rs2 192.168.200.132 192.168.200.130

为三台服务器安装nginx服务,配置完成后重启网络

1.三台服务器均关闭防火墙

  1. # systemctl stop firewalld
  2. # systemctl disable firewalld
  3. # getenforce 0
  4. # vim /etc/sysconfig/selinux 
  5.  # This file controls the state of SELinux on the system.
  6.  # SELINUX= can take one of these three values:
  7.  #     enforcing - SELinux security policy is enforced.
  8.  #     permissive - SELinux prints warnings instead of enforcing.
  9.  #     disabled - No SELinux policy is loaded.
  10.  SELINUX=disabled

三台服务器均安装iptables服务

  2. # yum install -y iptables-services  
  4. # systemctl start iptables
  5. # systemctl enable iptables
  6. Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
  8. # iptables -F
  9. # service iptables save
  10. iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

2.在dir上安装ipvsadm工具

  1. # yum install -y ipvsadm

在dir上编写一个脚本:

  1. # vim /usr/local/sbin/lvs_nat.sh
  2. #! /bin/bash
  3. # director 服务器上开启路由转发功能
  4. echo 1 > /proc/sys/net/ipv4/ip_forward
  5. # 关闭icmp的重定向
  6. echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
  7. echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
  8. # 注意区分网卡名字
  9. echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects
  10. echo 0 > /proc/sys/net/ipv4/conf/ens34/send_redirects
  11. # director 设置nat防火墙
  12. iptables -t nat -F
  13. iptables -t nat -X
  14. iptables -t nat -A POSTROUTING -s 192.168.200.0/24  -j MASQUERADE
  15. # director设置ipvsadm
  16. IPVSADM='/usr/sbin/ipvsadm'
  17. $IPVSADM -C
  18. $IPVSADM -A -t 192.168.147.144:80 -s wlc -p 300
  19. $IPVSADM -a -t 192.168.147.144:80 -r 192.168.200.131:80 -m -w 1
  20. $IPVSADM -a -t 192.168.147.144:80 -r 192.168.200.132:80 -m -w 1

执行脚本:

  1.  sh /usr/local/sbin/lvs_nat.sh

3.给rs1、rs2更改一个默认主页

  1. # echo "rs1" > /usr/local/nginx/html/index.html    //131上执行
  2. # echo "rs2" > /usr/local/nginx/html/index.html    //132上执行

若无法执行则需要为三个服务器安装nginx服务

4.在dir上分别访问两个rs

rs1:192.168.200.131
rs2:192.168.200.132

  1. [root@dir ~]# curl 192.168.200.131
  2. rs1
  3. [root@dir ~]# curl 192.168.200.132
  4. rs2

直接在dir上访问外网:

  1. # curl 192.168.147.144
  2. rs2
  3. # curl 192.168.147.144
  4. rs2
  5. # curl 192.168.147.144
  6. rs2
  7. # curl 192.168.147.144
  8. rs2
  9. # curl 192.168.147.144
  10. rs2
  11. # curl 192.168.147.144
  12. rs2
  13. # curl 192.168.147.144
  14. rs2

连续多次访问,一直请求在rs2上,是因为脚本中有设置-p参数,理论上在300秒内会一直请求在rs2上。重新编辑/usr/local/sbin/lvs_nat.sh脚本把-p参数删除,然后再次测试

  1. # curl 192.168.147.144
  2. rs2
  3. # curl 192.168.147.144
  4. rs1
  5. # curl 192.168.147.144
  6. rs2
  7. # curl 192.168.147.144
  8. rs1
  9. # curl 192.168.147.144
  10. rs2
  11. # curl 192.168.147.144
  12. rs1

这样就做到了均衡访问

如果出现以下问题

  1. # curl 192.168.200.131
  2. curl: (7) Failed connect to 192.168.200.131:80; Connection refused //拒绝访问
  3. # curl 192.168.200.132
  4. curl: (7) Failed connect to 192.168.200.132:80; Connection refused

原因可能有:
1.防火墙未完全关闭,查看防火墙是否全部关闭

  1. systemctl stop firewalld  //临时关闭防火墙
  2. systemctl disable firewalld //永久关闭防火墙
  3. setenforce 0

2.脚本中绑定的访问地址错误

  1. # ipvsadm -At 192.168.10.10:80 -s rr
  2. # ipvsadm -at 192.168.10.10:80 -r 10.0.0.3 -m
  3. # ipvsadm -at 192.168.10.10:80 -r 10.0.0.4 -m

-at后面的IP应为外网IP