一、概述
通过修改请求报文的目标IP地址,而后根据调度算法挑选出一台RS节点进行转发
(请求进入负载均衡器LVS时做DNAT,后端返回数据出负载均衡时做SNAT)
1、NAT基础图解
2、NAT底层实现
3、NAT访问原理
1、当用户请求到达Director Server,此时请求的数据报文会先到内核空间的PREROUTING链,此时报文的源IP为CIP,目标IP为VIP
2、PREROUTING检查发现数据包的目标IP是本机,将数据包发送至INPUT链
3、IPVS比对数据包请求的服务是否为集群服务,若是,通过调度算法挑选一台后端RS服务器,并修改数据包的目标IP为RS的IP,
然后将数据包发送至POSTROUTING链,此时报文的源IP为CIP,目标IP为RIP
4、POSTROUTING链通过选路,将数据包通过Director Server的DIP发送给RS
5、RS发现目标为自己的IP,则交给应用程序处理,然后构建响应报文发回给Director Server,此时报文的源IP为RIP,目标IP为CIP
6、Director Server在响应客户端前,会将源IP地址修改为VIP地址,然后响应给客户端,此时报文的源IP为VIP,目标IP为CIP
4、NAT特性总结
1、RS必须使用私网地址,并需要将网关指向DS
2、RIP和DIP必须为同一网段内
3、NAT模型支持端口映射 #即客户端访问端口与后端服务端口可以不一样,DR必须一样
4、RS可以使用任意操作系统,例如Linux、Windows等
5、请求和响应报文都要经过DS,高负载场景中,DS易成为瓶颈
5、NAT模型场景实践
1、客户端: 仅需要配置一个公网的地址即可:
eth0: 10.0.0.10
eth1: 不需要,直接关闭;
[root@client ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.10
PREFIX=24
[root@client ~]# ifdown eth0 && ifup eth0
[root@client ~]# ifdown eth1
2、路由器: (充当真正的路由)
eth0: 10.0.0.200 gateway: 10.0.0.2
eth1: 172.16.1.200
开启forward转发功能;
eth0配置:
[root@route ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.200
PREFIX=24
GATEWAY=10.0.0.2
DNS1=223.5.5.5
eth1配置:
[root@route ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.1.200
PREFIX=24
开启forward转发:
[root@route ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
[root@route ~]# sysctl -p
3、RS节点:
eth0: 关闭
eth1: 172.16.1.5 gateway:172.16.1.100
nginx:提供web站点; 修改成proxy模式;
eth0配置:
[root@proxy01 ~]# ifdown eth0
eth1配置:
[root@proxy01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.1.5
PREFIX=24
GATEWAY=172.16.1.100
[root@proxy01 ~]# ifdown eth1 && ifup eth1
nginx配置:
[root@proxy01 ~]# cat /etc/nginx/conf.d/.conf
server {
listen 80;
server_name ;
root /opt;
location / {
index index.html;
}
}
[root@proxy01 ~]# echo "Proxy01 Real Server" > /opt/index.html
[root@proxy01 ~]# nginx -t
[root@proxy01 ~]# systemctl reload nginx
4.RS节点:
eth0: 关闭
eth1: 172.16.1.6 gateway:172.16.1.100
nginx:提供web站点; 修改成proxy模式;
eth0配置:
[root@proxy02 ~]# ifdown eth0
eth1配置:
[root@proxy02 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.1.6
PREFIX=24
GATEWAY=172.16.1.100
[root@proxy02 ~]# ifdown eth1 && ifup eth1
nginx配置:
[root@proxy01 ~]# cat /etc/nginx/conf.d/.conf
server {
listen 80;
server_name ;
root /opt;
location / {
index index.html;
}
}
[root@proxy02 ~]# echo "Proxy01 Real Server" > /opt/index.html
[root@proxy02 ~]# nginx -t
[root@proxy02 ~]# systemctl reload nginx
5.配置LVS规则:
eth0: 关闭
eth1: 172.16.1.3 gateway:172.16.1.200
vip : 172.16.1.100
开启forward转发功能;
eth0配置:
[root@lvs01 ~]# ifdown eth0
eth1配置:
[root@lvs01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.1.3
PREFIX=24
GATEWAY=172.16.1.200
[root@lvs01 ~]# ifdown eth1 && ifup eth1
vip配置:
[root@lvs01 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth1:1
[root@lvs01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1:1
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth1:1
DEVICE=eth1:1
ONBOOT=yes
IPADDR=172.16.1.100
PREFIX=24
[root@lvs01 ~]# ifdown eth1:1 && ifup eth1:1
开启forward:
[root@lvs01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
[root@lvs01 ~]# sysctl -p
配置ipvs规则; 将请求的80端口,调度到后端rs节点;
[root@lvs01 ~]# yum install ipvsadm -y
[root@lvs01 ~]# ipvsadm -A -t 172.16.1.100:80 -s rr
[root@lvs01 ~]# ipvsadm -a -t 172.16.1.100:80 -r 172.16.1.5 -m
[root@lvs01 ~]# ipvsadm -a -t 172.16.1.100:80 -r 172.16.1.6 -m
[root@lvs01 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.1.100:80 rr
-> 172.16.1.5:80 Masq 1 0 0
-> 172.16.1.6:80 Masq 1 0 0
6.在路由器上增加端口映射,模拟实现真实的公网环境:
[root@route ~]# iptables -t nat -A PREROUTING -d 10.0.0.200 -p tcp --dport 80 -j DNAT --to 172.16.1.100:80
[root@route ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 10.0.0.200 tcp dpt:80 to:172.16.1.100:80
7、客户端测试
curl -HHost:
RS节点操作
dd if=/dev/zore of=/opt/bigdata bs=2000M count=1