tun
1.服务端在server1,server2,server3上添加隧道(三个都要添加,在虚拟服务器和真实服务器之间是直接通过隧道交换包的)
[root@server1 ~]# modprobe ipip
[root@server1 ~]# ip link set up tunl0 将三台服务器隧道全部激活
[root@server1 ~]# ip addr add 172.25.254.100/24 dev tunl0 在server1,2,3上通过隧道添加对外暴露的VIP
[root@server1 ~]# ipvsadm -C 在server上清除之前的策略重新添加新的策略
[root@server1 ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.2:80 -i
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.3:80 -i
[root@server1 ~]# ipvsadm -l
IP virtual Server version 1.2.1 (size=4096)
Prot localAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:http rr
-> server2:http tunnel 1 0 0
-> server3:http Tunnel 1 0 0
2.server2和server3上打开arptables_jf,添加DROP策略,在server2和server3上修改rp_filter参数
[root@server2 ~]# modprobe ipip
[root@server2 ~]# ip link set up tunl0
[root@server2 ~]# ip addr add 172.25.254.100/24 dev tunl0
[root@server2 ~]# /etc/init.d/arptables_jf start
Starting arptables_jf [ OK Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
APPlying arptables firewall rules: [ OK ]
[root@server2 ~]# arptables -A IN -d 172.25.254.100 -j DROP
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:http rr
-> server2:http Tunnel 1 0 0
-> server3:http Tunnel 1 0 0
server3
[root@server3 ~]# modprobe ipip
[root@server3 ~]# ip link set up tunl0
[root@server3 ~]# ip addr add 172.25.254.100/24 dev tunl0
[root@server3 ~]# /etc/init.d/arptables_jf start
Starting arptables_jf [ OK Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying arptables firewall rules: [ OK ]
[root@server3 ~]# arptables -A IN -d 172.25.254.100 -j DROP
[root@server3 ~]# sysctl -w net.ipv4.conf.tunl0.rp_filter=0
net.ipv4.conf.tunl0.rp_filter = 0
[root@server3 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.254.3 for ServerName
[ OK ]
测试:
[root@foundation61 ~]# curl 172.25.254.100
<h1>bbs.westos.org-server3</h1>
[root@foundation61 ~]# curl 172.25.254.100
<h1>www.westos.org-server2</h1>
[root@foundation61 ~]# curl 172.25.254.100
<h1>bbs.westos.org-server3</h1>
[root@foundation61 ~]# curl 172.25.254.100
<h1>www.westos.org-server2</h1>
[root@foundation61 ~]# curl 172.25.254.100
<h1>bbs.westos.org-server3</h1>
[root@foundation61 ~]# curl 172.25.254.100
<h1>www.westos.org-server2</h1>
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:http rr
-> server2:http Route 1 0 4
-> server3:http Route 1 0 3
相关阅读
第9章Spark 2.1.0新一代Tungsten优化引擎彻底解析
第9章 Spark 2.1.0新一代Tungsten优化引擎彻底解析 1.1 概述Spark作为一个一体化多元化的大数据处理通用平台,性能
iTunes备份文件在哪?如何改变默认备份文件目录?答案都在
iTunes和iCloud这两个东西,相信苹果用户都很熟悉,由于iCloud的服务器在国外,所以它虽然可以在手机内操作,但是那备份恢复手机数据
FastUnit是基于Java的快速开发平台,开发时几乎不需编码,以可插拔组件为核心实现软件自动化,在可视化环境中创建可观察、可管理的企业
Oracle 11g DBMS_SQLTUNE1. 创建调优任务1.1 语法2. 执行调优任务2.1语法3. 查看调优报告3.1 语法4. 删除SQL调优任务4.1 语法5.
最近在一台新电脑上面装XX-Net,刚开始扫描IP贼慢,当时没多在意,今天在github上面突然发现XX-Net新增了一条日志: 2017-09-228月份开