所有的请求报文经由Director Server,但响应报文必须不能进过Director Server
不支持端口映射
RS的系统必须支持隧道
其实企业中最常用的是 DR 实现方式,而 NAT 配置上比较简单和方便,后边实践中会总结 DR 和 NAT 具体使用配置过程。
TUN(virtual server via ip tunneling IP 隧道)调度器把请求的报文通过IP隧道转发到真实的服务器。真实的服务器将响应处理后的数据直接返回给客户端。这样调度器就只处理请求入站报文。此转发方式不修改请求报文的IP首部(源IP为CIP,目标IP为VIP),而在原IP报文之外再封装一个IP首部(源IP是DIP,目标IP是RIP),将报文发往挑选出的目标RS;RS直接响应给客户端(源IP是VIP,目标IP是CIP),由于一般网络服务应答数据比请求报文大很多,采用lvs-tun模式后,集群系统的最大吞吐量可以提高10倍
# write script, recommand manage it by keepalived.conf #!/bin/sh # Startup script handle the initialisation of LVS # chkconfig: - 28 72 # description: Initialise the Linux Virtual Server for TUN # ### BEGIN INIT INFO # Provides: ipvsadm # Required-Start: $local_fs $network $named # Required-Stop: $local_fs $remote_fs $network # Short-Description: Initialise the Linux Virtual Server # Description: The Linux Virtual Server is a highly scalable and highly # available server built on a cluster of real servers, with the load # balancer running on Linux. # description: start LVS of TUN LOCK=/var/lock/lvs-tun.lock VIP=10.10.36.11 RIP1=10.10.36.4 RIP2=10.10.36.7 . /etc/rc.d/init.d/functions
then echo"The LVS-TUN Server is already running !" else #Load the tun mod /sbin/modprobe tun /sbin/modprobe ipip #Set the tun Virtual IP Address /sbin/ifconfig tunl0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev tunl0 #Clear IPVS Table /sbin/ipvsadm -C #The icmp recruit setting echo"0" >/proc/sys/net/ipv4/ip_forward echo"0" >/proc/sys/net/ipv4/conf/all/send_redirects echo"0" >/proc/sys/net/ipv4/conf/default/send_redirects #Set Lvs /sbin/ipvsadm -At $VIP:80 -s rr /sbin/ipvsadm -at $VIP:80 -r $RIP1:80 -i -w 1 /sbin/ipvsadm -at $VIP:80 -r $RIP2:80 -i -w 1 /bin/touch $LOCK #Run Lvs echo"starting LVS-TUN-DIR Server is ok !" fi }
stop() { #stop Lvs server /sbin/ipvsadm -C /sbin/ifconfig tunl0 down >/dev/null #Remove the tun mod /sbin/modprobe -r tun /sbin/modprobe -r ipip rm -rf $LOCK echo"stopping LVS-TUN-DIR server is ok !" }
status() { if [ -e $LOCK ]; then echo"The LVS-TUN Server is already running !" else echo"The LVS-TUN Server is not running !" fi }
# iptables允许ipip协议 iptables -I INPUT 1 -p 4 -j ACCEPT vim /etc/sysconfig/iptables -A INPUT -p ipv4 -j ACCEPT
# 编写RS启停脚本,推荐用脚本管理RS vim /etc/init.d/lvs-tun
#!/bin/sh # # Startup script handle the initialisation of LVS # chkconfig: - 28 72 # description: Initialise the Linux Virtual Server for TUN # ### BEGIN INIT INFO # Provides: ipvsadm # Required-Start: $local_fs $network $named # Required-Stop: $local_fs $remote_fs $network # Short-Description: Initialise the Linux Virtual Server # Description: The Linux Virtual Server is a highly scalable and highly # available server built on a cluster of real servers, with the load # balancer running on Linux. # description: start LVS of TUN-RIP LOCK=/var/lock/ipvsadm.lock VIP=10.10.36.11 . /etc/rc.d/init.d/functions start() { PID=`ifconfig | grep tunl0 | wc -l` if [ $PID -ne 0 ]; then echo"The LVS-TUN-RIP Server is already running !" else #Load the tun mod /sbin/modprobe tun /sbin/modprobe ipip #Set the tun Virtual IP Address /sbin/ifconfig tunl0 $VIP netmask 255.255.255.255 broadcast $VIP up /sbin/route add -host $VIP dev tunl0 echo"1" >/proc/sys/net/ipv4/conf/tunl0/arp_ignore echo"2" >/proc/sys/net/ipv4/conf/tunl0/arp_announce echo"1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo"2" >/proc/sys/net/ipv4/conf/all/arp_announce echo"0" > /proc/sys/net/ipv4/conf/tunl0/rp_filter echo"0" > /proc/sys/net/ipv4/conf/all/rp_filter /bin/touch $LOCK echo"starting LVS-TUN-RIP server is ok !" fi }
stop() { /sbin/ifconfig tunl0 down echo"0" >/proc/sys/net/ipv4/conf/tunl0/arp_ignore echo"0" >/proc/sys/net/ipv4/conf/tunl0/arp_announce echo"0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo"0" >/proc/sys/net/ipv4/conf/all/arp_announce #Remove the tun mod /sbin/modprobe -r tun /sbin/modprobe -r ipip rm -rf $LOCK echo"stopping LVS-TUN-RIP server is ok !" }
status() { if [ -e $LOCK ]; then echo"The LVS-TUN-RIP Server is already running !" else echo"The LVS-TUN-RIP Server is not running !" fi }
# 关于3中模式的参数 [packet-forwarding-method] -g, --gatewaying Use gatewaying (direct routing). This is the default. -i, --ipip Use ipip encapsulation (tunneling). -m, --masquerading Use masquerading (network access translation, or NAT). Note: Regardless of the packet-forwarding mechanism specified, real servers for addresses forwhich there are interfaces on the local node will be use the local forwarding method, then packets for the servers will be passed to upper layer on the local node. This cannot be specified by ipvsadm, rather it set by the kernel as real servers are added or modified.