cp /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eno16777736:1
vim /etc/sysconfig/network-scripts/ifcfg-eno16777736:1
#去掉DNS、网关,并配置以下内容
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736:1
UUID=324e6803-eef0-485a-8667-2b525785628c
DEVICE=eno16777736:1
ONBOOT=yes
IPADDR=192.168.1.160
PREFIX=32
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
service network restart
yum install ipvsadm -y
ipvsadm -A -t 192.168.1.160:80 -s rr
ipvsadm -a -t 192.168.1.160:80 -r 192.168.1.186 -g
ipvsadm -a -t 192.168.1.160:80 -r 192.168.1.188 -g
ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.160:80 rr
-> 192.168.1.186:80 Route 1 0 0
-> 192.168.1.188:80 Route 1 0 0
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
cp /etc/sysconfig/network-scripts/ifcfg-lo /etc/sysconfig/network-scripts/ifcfg-lo:1
vim /etc/sysconfig/network-scripts/ifcfg-lo:1
#删除广播地址
DEVICE=lo:1
IPADDR=192.168.1.160
NETMASK=255.255.255.255
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
ONBOOT=yes
NAME=loopback
service network restart
yum install httpd -y #安装httpd
echo 192.168.1.186 >/var/www/html/index.html #输入网站显示各自IP
systemctl restart httpd
firewall-cmd --permanent --add-port=80/tcp #开启防火墙80端口
firewall-cmd --reload
#测试,浏览器登录IP查看,是否正常启动。
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
注:
[root@test2 ~]# curl 192.168.1.160
192.168.1.188
[root@test2 ~]# curl 192.168.1.160
192.168.1.186
[root@test2 ~]# curl 192.168.1.160
192.168.1.188
[root@test2 ~]# curl 192.168.1.160
192.168.1.186
LVS realserver lo端口配置中涉及到调整两个网络参数 arp_announce=2 和 arp_ignore=1,忽略官方文档复杂晦涩的表述,其实我们可以这样理解:
arp_ignore=1 表示对于网络上发来的arp广播包,realserver的lo端口将会丢弃,因为如果做出应答,根据arp协议,相当于通告网络上其它主机VIP对应的Mac地址是realserver的Mac地址,而不是LB的Mac地址,这样客户端上就会绕过lvs,直接与后端的realserver通信,负载调度就失去了意义;
arp_announce:
realserver 一般至少两个端口 两个ip,eth0 有ip,lo:0也绑定了一个vip,根据arp协议,
arp请求包中必须包含源主机的IP地址和Mac地址,对方收到请求包后,记录下该源地址和Mac地址,建立一对一的映射,那么对于这种多IP的情况,realserver发送arp请求报的时候该如何取舍,将哪个ip作为源地址?
参数arp_anonunce 正好是用来解决这个问题的,arp_announce=2 官方表述为使用最适当的本地地址,其实就是将eth0上的ip作为源地址,如果将vip作为源地址,对方就会将vip与realserver的mac地址映射起来,导致请求包都发给realserver,而不经过lvs.