ipv6 lvs架构部署
架构:
lvs1 lvs2 (lvs最少需要2块网卡,网卡1公网流量入口,网卡2内网转发)
I |
vip vip (2个lvs挂载相同vip到公网流量入口网卡)
| |
waf1 waf2 (2个waf内网卡各配置2个内网地址,网段1,网段2各一个)
lvs 基于centos6.2 内核2.6.32-220.el6.x86_64,使用quagga 通过ospf6d发布vip到公网
说明:
lvs 两块网卡,bond0配公网vip, bond0.200配两个网段的内网ip,内网ip到waf连通正常
waf 1块网卡,配置两个内网段ip,通过静态路由表处理lvs转发过来的流量
1.安装组件yum install ipvsadm keepalived mysql-server
rpm -ivh quagga-0.99.24.1-2015030701.x86_64.rpm
2.vip-->waf realip 映射关系写入到mysql
3.使用python脚本从mysql获取配置生成配置keepalived.conf文件
4.配置ospf6d.conf 协议,启用ospf服务,目的把vip挂到公网上(需要交换机支持)
/etc/init.d/watchquagga start
/etc/init.d/ospf6d start
/etc/init.d/zebra start
5. 将vip 挂载到lo口
ip -6 addr add xxx:xxx:64:8::42/128 dev lo
6.打开linux内核转发功能(默认关闭)
#/etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.core.netdev_max_backlog = 500000
7.waf配置静态路由表
#!/bin/bash
# 配置静态路由表目的是内网转发lvs到waf之间流量
ip -6 route add default via (lvs1网卡1) dev bond0.200 src (waf本地网卡1) table 11
ip -6 rule add from (waf本地网卡1) table 11
ip -6 addr add (waf本地网卡2) dev bond0.200 #一个网卡添加多个ip
ip -6 route add default via lvs1网卡2 dev bond0.200 src (waf本地网卡2) table 10
ip -6 rule add from (waf本地网卡2) table 10
#/etc/quagga/ospf6d.conf
!
! Zebra configuration saved from vty
! 2003/11/28 00:49:49
!
hostname ospf6d
password zebra
log stdout
debug ospf6 neighbor state
interface bond0
interface lo0
ipv6 ospf6 cost 1
!ipv6 ospf6 hello-interval 10
!ipv6 ospf6 dead-interval 40
!ipv6 ospf6 retransmit-interval 5
ipv6 ospf6 priority 1
ipv6 ospf6 transmit-delay 1
ipv6 ospf6 instance-id 0
!
router ospf6
router-id xxx.xxx.232.6
interface lo area 0.0.0.1
interface bond0 area 0.0.0.1
area 0.0.0.1 range 2xxx:xxx:64:8::6/48
#/etc/keepalived/keepalived.conf
local_address_group laddr_v4 {
192.168.33.254
}
local_address_group naddr_v4 {
xxx.xxx.232.6
}
local_address_group laddr_v6 {
fxxx:xxx:129:232:6:6:33::277 #内网转发ip,确保到waf连接正常
fxxx:xxx:129:232:6:6:33::278
}
local_address_group naddr_v6 {
fxxx:xxx:129:232:6:6:33::128 #本机公网vip
}
static_ipaddress {
fxxx:xxx:129:232:6:6:33:277/64 dev bond0.200 #内网转发ip,确保到waf连接正常
fxxx:xxx:129:232:6:6:33:278/64 dev bond0.200
}
virtual_server_group ipv6_vip_group_80 {
xxxx:xxxx:64:8::43 80 # 挂载lo vip 对外提供服务,对外可访问
xxxx:xxxx:64:8::44 80
}
virtual_server group ipv6_vip_group_80 {
delay_loop 5
lb_algo sh
lb_kind NAT
protocol TCP
syn_proxy
virtualhost lvscheck.xxx.xxx.net
laddr_group_name laddr_v6
real_server fxxx:xx:xxx:xx:6:6:33:6 8081 { #waf内网ip
weight 10
TCP_CHECK {
connect_port 8081
connect_timeout 5
}
}
real_server fxxx:xx:xxx:xx:6:6:33:6 8082 {
weight 10
TCP_CHECK {
connect_port 8082
connect_timeout 5
}
}
}
常用指令
ip -6 route show table 10 查看路由表的配置
ipvsadm -Ln 查看映射关系
ip addr show 查看vip是否挂载
ping6 xxx:xxx:xxx:xx::xx 测试ipv6地址连通性
网友评论