ipvsadm.service : reverse proxy

--server
[root@localhost ~]# dnf -y install ipvsadm

web 1 , web 2 

--CLI
[root@localhost ~]# systemctl set-default multi-user.target 
Removed "/etc/systemd/system/default.target".
Created symlink /etc/systemd/system/default.target → /usr/lib/systemd/system/multi-user.target.
[root@localhost ~]# reboot

원격에서 내부 웹 서버로 접속

--web1
hostnamectl set-hostname realserver-01
[root@realserver-01 ~]# cat /etc/hostname
realserver-01

--web2
hostnamectl set-hostname realserver-02
[root@realserver-02 ~]# cat /etc/hostname
realserver-02

hostname 변경

 

--server 
--커널 IP 전달(net.ipv4.ip_forward): 라우팅 기능 활성화
[root@localhost ~]# vi /etc/sysctl.conf
net.ipv4.ip_forward
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1

 

arptables 존재하는지 확인

[root@realserver-01 ~]# arptables
arptables v1.8.8 (nf_tables): no command specified
Try `arptables -h' or 'arptables --help' for more information.

[root@realserver-02 ~]# arptables
arptables v1.8.8 (nf_tables): no command specified
Try `arptables -h' or 'arptables --help' for more information.

 

virtual ip 설정

--server, web1, web2 
--arp 응답 안하게 하기 위해서 virtual IP 추가
ifconfig ens160:1 172.16.0.200 netmask 255.255.255.0

 

arptables 구성

--Virtual IP에 대한 ARP 수신 시 Director 에게 우선권을 부여
--web1
[root@realserver-01 ~]# arptables -A INPUT -d 172.16.0.200 -j DROP
[root@realserver-01 ~]# arptables -A OUTPUT -s 172.16.0.200 -j mangle --mangle-ip-s 172.16.0.121
[root@realserver-01 ~]# arptables-save
# Generated by arptables-save v1.8.8 (nf_tables) on Fri Mar 22 11:10:51 2024
*filter
:INPUT ACCEPT
:OUTPUT ACCEPT
-A INPUT -j DROP -d 172.16.0.200
-A OUTPUT -j mangle -s 172.16.0.200 --mangle-ip-s realserver-01
# Completed on Fri Mar 22 11:10:52 2024

--web2
[root@realserver-02 ~]# arptables -A INPUT -d 172.16.0.200 -j DROP
[root@realserver-02 ~]# arptables -A OUTPUT -s 172.16.0.200 -j mangle --mangle-ip-s 172.16.0.122
[root@realserver-02 ~]# arptables-save
# Generated by arptables-save v1.8.8 (nf_tables) on Fri Mar 22 11:11:20 2024
*filter
:INPUT ACCEPT
:OUTPUT ACCEPT
-A INPUT -j DROP -d 172.16.0.200
-A OUTPUT -j mangle -s 172.16.0.200 --mangle-ip-s realserver-02
# Completed on Fri Mar 22 11:11:20 2024

 

--web1, web2 html 설정
[root@realserver-01 ~]# cd /var/www/html/
[root@realserver-01 html]# vi index.html
[root@realserver-01 html]# systemctl restart httpd


[root@realserver-02 ~]# cd /var/www/html/
[root@realserver-02 html]# vi index.html
[root@realserver-02 html]# systemctl restart httpd

--server에서 확인
[root@localhost ~]# curl http://172.16.0.121
<html>
        <head> 
                <title>172.16.0.121</title>
        </head>
        <body>
                jiwon's WebServer
        </body>
</html>
[root@localhost ~]# curl http://172.16.0.122
<html>
        <head> 
                <title>172.16.0.122</title>
        </head>
        <body>
                jiwon's WebServer
        </body>
</html>

브라우저에서 확인

 

ipvsadm 설정

 

--모니터링
watch ipvsadm -Ln

 

web browser 2개 킨 후 똑같은 ip 넣고 분할하는지 확인

 

옆사람이 들어올 수 있도록 설정 

20000 port로 들어오면 172.16.0.200:80 으로

 

host web brower에서 http://200.200.200.x1:200