使用统计模块的iptables nth模式进行简单的负载平衡 [英] Simple load balancing using iptables nth mode of the statistics module

问题描述

我正在尝试使用iptables进行负载平衡.我正在使用virtualbox.所有VM(debian)都在内部网络中，并且IP是静态的.我想将请求发送到IP地址为10.0.0.2:80的Web服务器(apache2)到另一个网络上的服务器10.0.0.3:80和192.168.0.2:80的IP地址.该网络的结构如下:
网关执行IP转发，它具有两个接口:用于网络10.0.0.0的eth0和用于网络192.168.0.0的eth1.然后有一个IP地址10.0.0.2的负载平衡器.我试图设置这些规则，但是它们不起作用:

I am trying to use iptables for load balancing. I'm working with virtualbox. All VMs (debian) are in an internal network and IPs are static. I want to route requests coming to my web server (apache2) with IP address 10.0.0.2:80 to IP addresses of the servers 10.0.0.3:80 and 192.168.0.2:80 on the other network. The network is constructed as such:
The gateway does IP forwarding, it has two interfaces: eth0 used for network 10.0.0.0 and eth1 for network 192.168.0.0. Then there is a load balancer with IP address 10.0.0.2. I've tried to set these rules but they didn't work:

iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 0 -j DNAT --to-destination 10.0.0.3:80    
iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 1 -j DNAT --to-destination 192.168.0.2:80

推荐答案

首先，由于在您的情况下，传入的连接应该分布在2台服务器上，因此，一个服务器可能期望与建议的服务器类似的解决方案，但是使用--every 2，而不是--every 3.

First of all, since in your case the incoming connection should be distributed across 2 servers, one would have expected a similar solution to the one suggested, but with --every 2, rather than --every 3, to work.

但是，正如此答案所建议的那样，当nth模式成为statistic模块的一部分时(在过去，它是一个单独的模块)，然后将数据包计数器从全局计数器修改为许多单个计数器，每个规则一个.

However, as this answer suggests, when the nth mode was made part of the statistic module (in the past it was a separate module), the packet counter was modified from a global one to many individual ones, one per rule.

因此，以下方法应该起作用:

Therefore, the following should work:

iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j DNAT --to-destination 10.0.0.3:80
iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -j DNAT --to-destination 192.168.0.2:80

当然，在第二条规则中实际上并不需要使用statistic模块，但是我已经将其放置在此处以供将来参考，以便阐明如果要建立传入连接，应如何构造规则.分布在3台或更多服务器上，而不仅仅是2台.

Of course there is no actual need for use of the statistic module in the second rule, but I've placed it there for future reference in order to clarify how the rules should be constructed if the incoming connections were to be distributed across 3 or more servers, rather than just 2.

这篇关于使用统计模块的iptables nth模式进行简单的负载平衡的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！