我正在尝试学习 IPVS/LVS,但有点卡住了。director 似乎配置正确,数据包进入,但数据包没有转发到后端服务器。有什么提示说缺少了什么吗?我以为负载均衡器可以在没有 iptables 的情况下实现,我想实现它。
导演 主持人
root@ip-172-31-16-196:/home/ubuntu# cat /proc/sys/net/ipv4/ip_forward
1
root@ip-172-31-16-196:/home/ubuntu# ifconfig
eth0 Link encap:Ethernet HWaddr 06:a0:5b:48:1b:f5
inet addr:172.31.16.196 Bcast:172.31.31.255 Mask:255.255.240.0
inet6 addr: fe80::4a0:5bff:fe48:1bf5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1
RX packets:4211 errors:0 dropped:0 overruns:0 frame:0
TX packets:3692 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:416625 (416.6 KB) TX bytes:406446 (406.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:173 errors:0 dropped:0 overruns:0 frame:0
TX packets:173 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:12776 (12.7 KB) TX bytes:12776 (12.7 KB)
root@ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.31.16.196:80 rr
-> 172.31.16.195:80 Masq 1 0 0
root@ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 172.31.16.196:80 23 122 0 6436 0
-> 172.31.16.195:80 23 122 0 6436 0
root@ip-172-31-16-196:/home/ubuntu# curl 172.31.16.195-vv
* Rebuilt URL to: 172.31.16.195/
* Trying 172.31.16.195...
* Connected to 172.31.16.195 (172.31.16.195) port 80 (#0)
> GET / HTTP/1.1
> Host: 172.31.16.195
> User-Agent: curl/7.47.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Server: SimpleHTTP/0.6 Python/2.7.12
< Date: Mon, 21 Nov 2016 04:59:04 GMT
< Content-type: text/html
< Content-Length: 26
< Last-Modified: Mon, 21 Nov 2016 00:58:21 GMT
<
From server 172.31.16.195
* Closing connection 0
# Show the public IP of this host
root@ip-172-31-16-196:/home/ubuntu# wget http://ipinfo.io/ip -qO -
52.15.105.107
后端服务器
root@ip-172-31-16-195:/home/ubuntu# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2444/python
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1221/sshd
tcp6 0 0 :::22 :::* LISTEN 1221/sshd
root@ip-172-31-16-195:/home/ubuntu# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
从远程客户端
# Hitting the public IP
$ curl -vvv http://52.15.105.107/
* Trying 52.15.105.107...
* Connected to 52.15.105.107 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 52.15.105.107
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 504 Gateway Time-out
< Server: ScanSafe
< Mime-Version: 1.0
< Date: Mon, 21 Nov 2016 05:40:50 GMT
< Content-Type: text/html
< Content-Length: 1664
< X-ScanSafe-Error: ERR_CONNECT_FAIL 110
< Keep-Alive: 60
< Via: HTTP/1.1 proxy10829
答案1
从我的 LVS 邮件列表回复中重新发布:
通常对于 MASQ/NAT 模式,真实服务器会位于不同的子网中,并且 LVS 服务器设置为默认网关。
如果您想要执行单臂即同一子网 MASQ,那么测试客户端需要位于单独的子网中,或者您需要在真实(后端)服务器上有特殊的路由规则。