分类: LINUX
2008-04-28 22:07:52
中国IT实验室收集整理
三、IP Tunnel方式vpn server:
eth0:10.0.0.3 (测试时使用的OPENVPN)
gateway server:
eth0:10.0.0.2
eth1:192.168.1.254
gatewat server2:
eth0:10.0.0.4
eth1:172.0.0.254
LVS Director Servers:
Load Balance:192.168.1.1
Virtual IP: 10.0.0.1
nameserver: 192.168.1.254
gateway: 192.168.1.254
RealServer1:
ip: 192.168.1.2
gateway: 192.168.1.254
nameserver: 192.168.1.254
tun0: 20.0.0.1 (这个是连接到vpn后有分配到的)
RealServer2:
ip: 172.0.0.1
gateway: 172.0.0.254
nameserver: 172.0.0.254
tun0: 20.0.0.2 (这个是连接到vpn后有分配到的)
1.开启路由机制
#echo 1 > /proc/sys/net/ipv4/ip_forward
注意:
永久修改要修改sysctl.conf
2.加载rule
#ipvsadm -A -t 10.0.0.1:80 -s rr
#ipvsadm -a -t 10.0.0.1:80 -r 20.0.0.1:80 -i (RS1的地址指定,也可以选择本地地址192.168.1.2)
#ipvsadm -a -t 10.0.0.1:80 -r 20.0.0.2:80 -i
rr 轮询方式
-i 设置为IP Tunnel方式
3.保存rule
#ipvsadm ——save > /etc/sysconfig/ipvsadm
4.邦定vip
#ifconfig eth0:1 10.0.0.1 netmask 255.255.255.0 borcast 10.0.0.255
5.RealServer设置
RealServer1:
ip: 192.168.1.2
gateway: 192.168.1.254
nameserver: 192.168.1.254
tun0: 20.0.0.1
#ifconfig tunl0 10.0.0.1 netmask 255.255.255.255 borcast 10.0.0.1
#echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore 注释:这四句目的是为了关闭ARP广播响应
#echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce
#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
开启HTTP服务,确认自己能够访问。
RealServer2:
RealServer2:
ip: 172.0.0.1
gateway: 172.0.0.254
nameserver: 172.0.0.254
tun0: 20.0.0.2
#ifconfig tunl0 10.0.0.1 netmask 255.255.255.255 borcast 10.0.0.1
#echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
#echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce
#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
开启HTTP服务,确认自己能够访问。页面与realserver1不同就可以。
6.测试
在网关作测试即可,访问,反复刷新网页,每次出现的网页不同则表示成功。
