强烈求教章博士关于LVS/TUN的配置问题!详情请进来看

问题描述:
Loadbalance:192.168.0.10----kernel支持LVS
Loadbalance1:192.168.0.11----kernel支持LVS
Realserver1:192.168.0.12----kernel打过避免ARP问题的补丁
Realserver2:192.168.0.13----kernel打过避免ARP问题的补丁

前面的准备工作已经做完了,并且,在这4台机器上,我LVS/DR方式能够正常工作,但我现在把LVS的参数改到LVS/TUN的方式却不能够工作,为什么呢?
是不是前端调度机器Loadbalance也要打避免ARP问题的补丁?

具体的配置我是这样做的,在调度机Loadbalance上
ifconfig eth0:0 192.168.0.20 netmask 255.255.255.255 broadcast 192.168.0.20 up
echo "1" >/proc/sys/net/ipv4/ip_forward
IPVSADM -A -t 192.168.0.20:80 -s rr
IPVSADM -a -t 192.168.0.20:80 -r 192.168.0.12 -i
IPVSADM -a -t 192.168.0.20:80 -r 192.168.0.13 -i

在Realserver1和Realserver2上:
ifconfig tunl0 192.168.0.20 netmask 255.255.255.255 broadcast 192.168.0.20
route add -host 192.168.0.20 dev tunl0
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/conf/all/hidden
echo "1" > /proc/sys/net/ipv4/conf/tunl0/hidden

192.168.0.20是虚拟IP,但我不能够通过虚拟IP访问到Realserver的web服务

Forums:

看上去配置命令都是正确的,一时想不出来原因所在。

或许你可以在调度器和真实服务器上用tcpdump/ethereal抓报文看看。会不会是真实服务器上iptables将tunnel的封包给过滤掉了?

不防直接用arptables来做noarp,我记得以前我象你这样的配置也是不行!后来改用arptables来处理noarp就OK了!

http://www.ourlinux.net

能说下如何用arptables来做noarp吗?

ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $BROADCAST up
/sbin/arptables -F
/sbin/arptables -A IN -j DROP -d ${VIP}
/sbin/arptables -A OUT -j mangle -o eth0 -s ${VIP} --mangle-ip-s ${LOCAL_IP}
这个是我的脚本

http://www.ourlinux.net

请问 bixuan,你在LVS/TUN方式下是怎么配的呢

$BROADCAST和$VIP是相同的吗?

在LVS/TUN方式下
echo n > /proc/sys/net/ipv4/ip_forwad

n的值是 0 还是 1 呢?

谢谢了

$BROADCAST和$VIP这2个怎么会相同呢?

$BROADCAST就是$VIP真实环境下的broadcast

在LVS/TUN 包括DR方式下我都是下面的设置的:
echo 1 > /proc/sys/net/ipv4/ip_forwad

http://www.ourlinux.net

非常感谢回复,那请问,当我的VIP为192.168.0.20时
ifconfig tunl0 192.168.0.20 netmask 255.255.255.255 broadcast 192.168.0.20

这个broadcast对吗?还是应该是192.168.0.255?

应该是192.168.0.255

我给你看一下我的脚本:

#!/bin/sh
# chkconfig: 2345 90 10
# description: Preparing for Load Balancer and Real Server switching
# by bixuan

VIP=xx.xx.41.180
LOCAL_IP=xx.xx.41.165
BROADCAST=xx.xx.41.191

LAN_VIP=192.168.3.180
LAN_IP=192.168.3.165
LAN_BR=192.168.3.255

#echo "1" > /proc/sys/net/ipv4/ip_forward

. /etc/rc.d/init.d/functions

case "$1" in
start)
echo "Preparing for Load Balancer"
echo "1" > /proc/sys/net/ipv4/ip_forward
ifconfig lo:0 down
ifconfig lo:1 down
/sbin/arptables -F
;;
stop)
echo "Preparing for Real Server"
echo "0" > /proc/sys/net/ipv4/ip_forward
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $BROADCAST up
ifconfig lo:1 $LAN_VIP netmask 255.255.255.255 broadcast $LAN_BR up
/sbin/arptables -F
/sbin/arptables -A IN -j DROP -d ${VIP}
/sbin/arptables -A OUT -j mangle -o eth0 -s ${VIP} --mangle-ip-s ${LOCAL_IP}
/sbin/arptables -A IN -j DROP -d ${LAN_VIP}
/sbin/arptables -A OUT -j mangle -o eth1 -s ${LAN_VIP} --mangle-ip-s ${LAN_BR}
;;
*)
echo "Usage: lvs {start|stop}"
exit 1
esac

这里我是做了2个VIP,一个是内网一个是外网^^

如果你是tun的,就把:lo:改成:tunl即可!
其他的配置可以看我以前的帖子^^ good luck!

http://www.ourlinux.net

兄弟,照着你说的做还是不行啊,
我的情况是这样的,winXP下用VM虚拟了3个linux系统,网卡工作模式是host only,本地连接的Internet共享属性里选择VMnet1,VMnet1的默认IP地址是192.168.0.1,3个linux系统的网卡eth0的IP地址信息分别是:
Loadbalance:192.168.0.10/255.255.255.0/192.168.0.255
Realserver1:192.168.0.11/255.255.255.0/192.168.0.255
Realserver2:192.168.0.12/255.255.255.0/192.168.0.255
他们的默认网关都是192.168.0.1,3个linux系统都可以通过VMnet1出到Internet上去

Loadbalance上装好了ipvsadm-1.24
脚本:
#!/bin/sh
#/etc/init.d/lvs
PATH=/bin:/usr/bin:/sbin:/usr/sbin
export PATH
IPVSADM=/sbin/ipvsadm

VIP=192.168.0.20
BR=192.168.0.255

case "$1" in
start)
if [ -x $IPVSADM ]
then
echo "1" > /proc/sys/net/ipv4/ip_forward
ifconfig eth0:0 $VIP netmask 255.255.255.255 broadcast $BR up
$IPVSADM -A -t 192.168.0.20:80 -s rr
$IPVSADM -a -t 192.168.0.20:80 -r 192.168.0.12 -i
$IPVSADM -a -t 192.168.0.20:80 -r 192.168.0.13 -i
fi
;;
stop)
if [ -x $IPVSADM ]
then
$IPVSADM -C
ifconfig eth0:0 down
fi
;;
*)
echo "Usage: lvs {start|stop}"
exit 1
esac

2个Realserver装好了arptables,我的系统是ubuntu,这个包是从rpmfind上找来的arptables_jf-0.0.8-2.i386.rpm,
脚本如下
#!/bin/sh
#/etc/init.d/lvs
PATH=/bin:/usr/bin:/sbin:/usr/sbin
export PATH
ARPTABLES=/sbin/arptables

VIP=192.168.0.20
IP=192.168.0.12
BR=192.168.0.255

case "$1" in
start)
if [ -x $ARPTABLES ]
then
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ipip
ifconfig tunl0 up
ifconfig tunl0:0 $VIP netmask 255.255.255.255 broadcast $BR up
$ARPTABLES -F
$ARPTABLES -A IN -j DROP -d ${VIP}
$ARPTABLES -A OUT -j mangle -o eth0 -s ${VIP} --mangle-ip-s ${IP}
fi
;;
stop)
if [ -x $ARPTABLES ]
then
echo 1 > /proc/sys/net/ipv4/ip_forward
ifconfig tunl0 down
$ARPTABLES -F
fi
;;
*)
echo "Usage:lvs{start|stop}"
exit 1
esac

另外,我同时把LD和RS的echo 1 > /proc/sys/net/ipv4/ip_forward中的1改为0也不行,
能不能请兄弟把完整的Loadbalance 和Realserver的脚本贴上来参考一下,不胜感激!

http://zh.linuxvirtualserver.org/node/62 这个是我的配置方法^^

http://www.ourlinux.net

Furrealz? That's malroleusvy good to know.

That's the best answer by far! Thanks for cogtributinn.

That's a crkacerjack answer to an interesting question

We codlu've done with that insight early on.

buy levitra hormonal abnormalities strength generic viagra desire before car cheap car insurance quotes motorists current circumstances online california auto insurance should posses

growth cycle propecia prescription hair loss me share cheap viagra 25mg impotence away ineffective viagra for sale go

lot auto insurance quotes companies look into insurance car different factors side cialis helps them several forms auto insurance quotes car reporting auto insurance qoute Massachusetts expenses missed today AK auto insurance qoutes golden market

orally cheap viagra major premium insurance car insurance website edr engine insurance car major players information auto insurance visit ingredient found sildenafil give

ineffectiveness erection increased blood effects though cialis online negative side required coverage insurance auto besides once daily cialis online appreciate more mg buy viagra multiple

customers looking looking for cheap car insurance make sure document road cheap car insurance second noted above cheap auto insurance antique car violating hamilton insurance car materials few over fifty car insurance then decide

This is a good site. eHow Hindi you can find good Sarkari Naukri and Government Jobs in Here.

Heck of a job there, it abotulsely helps me out.

Ho ho, who wodula thunk it, right?

Great Article it its really informative and innovative keep us posted with new updates. its was really valuable. thanks a lot.
Anybody May Download