IP ÅͳθµÀ» ÀÌ¿ëÇÑ °¡»ó¼­¹ö

´ÙÀ½Àº °¡»ó ¼­¹öÀÇ È®À强À» ´ë±Ô¸ð·Î Áõ°¡½Ã۱â À§ÇØ IP ÅͳθµÀ» ¾î¶»°Ô »ç¿ëÇÏ´ÂÁö¿¡ ´ëÇØ ¼³¸íÇÑ´Ù.

IP Åͳθµ

IP Åͳθµ (IP encapsulation)Àº IP µ¥ÀÌÅͱ׷¥¾È¿¡ IP µ¥ÀÌÅͱ׷¥À» ³Ö´Â ±â¼ú·Î¼­, ¾î¶² IP ÁÖ¼Ò¸¦ ÇâÇÏ´Â µ¥ÀÌÅͱ׷¥À» °¨½Î ´Ù¸¥ IP ÁÖ¼Ò·Î ÀçÁöÇâÇÒ ¼ö ÀÖ´Ù. IP encapsulationÀº ÇöÀç ¿¢½ºÆ®¶ó³Ý, ¸ðºô-IP, IP-¸ÖƼij½ºÆ®, tunnled È£½ºÆ®³ª ³×Æ®¿÷ µî¿¡ ÀϹÝÀûÀ¸·Î »ç¿ëµÇ°í ÀÖ´Ù. »ó¼¼ÇÑ ³»¿ëÀº NET-3-HOWTO¸¦ Âü°íÇÏÀÚ.

°¡»ó ¼­¹ö¿¡¼­ IP Åͳθµ »ç¿ëÇϱâ

¸ÕÀú IP ÅͳθµÀ» ÀÌ¿ëÇÑ °¡»ó ¼­¹ö ±×¸²À» º¸ÀÚ. IP ÅͳθµÀ» ÀÌ¿ëÇÑ °¡»ó ¼­¹ö°¡ NAT¸¦ ÀÌ¿ëÇÑ ¹æ½Ä°ú °¡Àå ´Ù¸¥ °ÍÀº, ÀüÀÚÀÇ °æ¿ì ºÎÇϺл꼭¹ö¿¡¼­ IP ÅͳÎÀ» ÀÌ¿ëÇØ ¿ä±¸¸¦ ½ÇÁ¦ ¼­¹ö·Î º¸³»´Â ¹Ý¸é, ÈÄÀÚÀÇ °æ¿ì´Â ³×Æ®¿÷ ÁÖ¼Ò º¯È¯¹æ½ÄÀ» ÀÌ¿ëÇÑ´Ù´Â °ÍÀÌ´Ù.

 

»ç¿ëÀÚ°¡ ¼­¹ö Ŭ·¯½ºÅÍ¿¡¼­ Á¦°øÇÏ´Â ¼­ºñ½º¿¡ Á¢±ÙÇÒ¶§, °¡»ó IP ÁÖ¼Ò(°¡»ó ¼­¹öÀÇ IP ÁÖ¼Ò)·Î ÇâÇÏ´Â ¿ä±¸ ÆÐŶÀÌ ºÎÇϺл꼭¹ö·Î °£´Ù. ºÎÇϺл꼭¹ö¿¡¼­ ÆÐŶÀÇ ¸ñÀûÁö ÁÖ¼Ò¿Í Æ÷Æ® ¹øÈ£¸¦ °Ë»çÇÑ´Ù. ±× ³»¿ëÀÌ °¡»ó ¼­¹ö ¼­ºñ½º¿Í ÀÏÄ¡ÇÏ¸é ½ºÄÉÁ층 ¾Ë°í¸®Áò¿¡ µû¶ó Ŭ·¯½ºÅÍ¿¡¼­ ½ÇÁ¦ ¼­¹ö¸¦ ¼±ÅÃÇϰí, Á¢¼ÓÀ» ±â·ÏÇÏ´Â ÇØ½¬ Å×ÀÌºí¿¡ »õ·Î¿î Á¢¼ÓÀ» Ãß°¡ÇÑ´Ù. ±×·¯°í ³ª¼­ ºÎÇϺл꼭¹ö¿¡¼­ IP µ¥ÀÌÅͱ׷¥¾È¿¡ ÆÐŶÀ» °¨½Î ³Ö°í(encapsulate) ½ÇÁ¦ ¼­¹ö·Î Àü¼ÛÇÑ´Ù. µé¾î¿À´Â ÆÐŶÀÌ ÀÌ·¯ÇÑ Á¢¼Ó¿¡ ÇØ´çÇϰí ÇØ½¬ Å×ÀÌºí¿¡¼­ ¼±ÅÃÇÑ ¼­¹ö¸¦ ãÀ» ¼ö ÀÖÀ¸¸é ÆÐŶÀ» °¨½Î³Ö¾î ¼±ÅÃÇÑ ¼­¹ö·Î Àü¼ÛÀ» ÇÒ °ÍÀÌ´Ù. ¼­¹ö¿¡¼­ °¨½Î³Ö¾îÁø ÆÐŶÀ» ¹ÞÀ¸¸é ÆÐŶÀ» ´Ù½Ã Ç®°í ¿äûÀ» ó¸®ÇÑ´ÙÀ½ ÃÖÁ¾ÀûÀ¸·Î ½ÇÁ¦ ¼­¹öÀÇ ¶ó¿ìÆÃ Å×ÀÌºí¿¡ µû¶ó »ç¿ëÀÚ¿¡°Ô Á÷Á¢ °á°ú¸¦ µ¹·ÁÁØ´Ù. Á¢¼ÓÀÌ ÇØÁ¦µÇ°Å³ª ½Ã°£À» ÃʰúÇϸé, ÇØ½¬ Å×ÀÌºí¿¡¼­ ¿¬°á ±â·ÏÀ» Á¦°ÅÇÑ´Ù. ÀÛ¾÷ÀÇ È帧Àº ´ÙÀ½°ú °°´Ù.

 

**¿ªÁÖ)À§ ±×¸²¿¡¼­ LinuxDirector¿¡ ÀÖ´Â ³»¿ëÀ» º¸¸é "client-to-server half connection"À̶õ ¸»ÀÌ ÀÖ´Ù. ÀÌ°Ç Å¬¶óÀÌ¾ðÆ®¿¡¼­ ¿äûÀ» ¹ÞÀ» ¶§¸¸ ºÎÇϺл꼭¹ö°¡ ÆÐŶÀ» º¯È¯Çϰí ÀÀ´äÀº ½ÇÁ¦ ¼­¹ö¿¡¼­ Á÷Á¢ Ŭ¶óÀÌ¾ðÆ®·Î °£´Ù´Â °ÍÀÌ´Ù. NAT¸¦ ÀÌ¿ëÇÒ ¶§´Â µé¾î¿À°í ³ª°¡´Â ÆÐŶÀÌ ¸ðµÎ ºÎÇϺл꼭¹ö¿¡¼­ º¯È¯µÇ´Âµ¥ À̰ÍÀº Full connectionÀ̶ó°í ÇÒ ¼ö ÀÖ´Ù.

½ÇÁ¦ ¼­¹ö´Â ¾î¶°ÇÑ ³×Æ®¿÷ÀÇ ¾î¶°ÇÑ IP ÁÖ¼Òµµ »ç¿ëÇÒ ¼ö ÀÖ°í Áö¿ªÀûÀ¸·Î ºÐ»êÀÌ °¡´ÉÇÏ´Ù´Â °ÍÀ» ±â¾ïÇÏÀÚ. ±×·¸Áö¸¸ IP °¨½Î±â ÇÁ·ÎÅäÄÝ(IP encapsulation protocol)À» Áö¿øÇؾßÇÑ´Ù. ÅͳΠµð¹ÙÀ̽º¸¦ Á¦´ë·Î ¼³Á¤ÇØ¾ß ½Ã½ºÅÛ¿¡¼­ °¨½ÎÁø ÆÐŶÀ» Á¦´ë·Î Ç® ¼ö ÀÖ´Ù. °¡»ó IP ÁÖ¼Ò´Â non-arp µð¹ÙÀ̽º³ª non-arp µð¹ÙÀ̽ºÀÇ ¾Ë¸®¾Æ½º·Î ¼³Á¤ÇؾßÇÑ´Ù. ¶Ç´Â ½Ã½ºÅÛ¿¡¼­ °¡»ó IP ÁÖ¼ÒÀÇ ÆÐŶÀ» Áö¿ª ¼ÒÄÏÀ¸·Î ÀçÁöÇâÇÒ ¼ö ÀÖ¾î¾ßÇÑ´Ù. ÀÚ¼¼ÇÑ Á¤º¸´Â ´ÙÀ½À» Âü°íÇÏÀÚ. the arp problem page

¸¶Áö¸·À¸·Î, °¨½ÎÁø ÆÐŶÀÌ µµÂøÇÏ¸é ½ÇÁ¦ ¼­¹ö°¡ ÆÐŶÀ» Ç®¾î °¡»ó IP ÁÖ¼Ò·Î ÇâÇÏ´Â ÆÐŶÀ» ã°í, "ÀÌ°Ç ³ª¿¡°Ô ¿Â°Å¾ß, ³»°¡ ó¸®ÇÒ²²¿ë~" À̶ó°í À̾߱⸦ ÇÑ´Ù. ±×·¯°í ¿äû¸¦ ó¸®ÇÑ´ÙÀ½ ±×°á°ú¸¦ ÃÖÁ¾ »ç¿ëÀÚ¿¡°Ô Á÷Á¢ º¸³»´Â °ÍÀÌ´Ù.

 

Ä¿³Î ¼³Á¤Çϱâ

1. The VS patch for kernel 2.0.36

¸ÕÀú Àû´çÇÑ ¹öÀüÀÇ ¸®´ª½º Ä¿³Î ¼Ò½º¸¦ ±¸ÇÑ´Ù. ±×·¯°í³ª¼­ Ä¿³Î¿¡ °¡»ó ¼­¹ö ÆÐÄ¡¸¦ Àû¿ëÇÑ´Ù. ¼¼ ¹øÂ°·Î ÃÖ¼ÒÇÑ ¿©±â¼­ ¼±ÅÃÇÑ Ä¿³Î ÄÄÆÄÀÏ ¿É¼ÇÀ» ¼±ÅÃÇß´ÂÁö È®ÀÎÇÑ´Ù.

Ä¿³Î ÄÄÆÄÀÏ ¿É¼Ç:

Code maturity level options --->
    [*] Prompt for development and/or incomplete code/drivers
 
Networking options --->
    [*] Network firewalls
    ...
    [*] IP: forwarding/gatewaying
    ...
    [*] IP: firewalling
    ...
    [*] IP: masquerading
    ...
    [*] IP: ippfvs(LinuxDirector) masquerading (EXPERIMENTAL)
    Virtual server request dispatching technique---
    ( ) VS-NAT
    (X) VS-Tunneling
    ( ) VS-DRouting

±×¸®°í ÇϳªÀÇ ½ºÄÉÁ층 ¾Ë°í¸®ÁòÀ» ¼±ÅÃÇØ¾ßÇÑ´Ù.

    Virtual server scheduling algorithm
    (X) WeightedRoundRobin
    ( ) LeastConnection
    ( ) WeightedLeastConnection
    [ ] IP: enabling ippfvs with the local node feature

±×´ÙÀ½ Ä¿³ÎÀ» ÄÄÆÄÀÏÇÑ´Ù. ÀûÀýÇÏ°Ô Ä¿³ÎÀÌ ÄÄÆÄÀϵǾú´Ù¸é, ½Ã½ºÅÛ Ä¿³ÎÀ» ¾÷µ¥ÀÌÆ®Çϰí ÀçºÎÆÃÇÑ´Ù. ¸¶Áö¸·À¸·Î cd ¸í·ÉÀ» ÀÌ¿ë, ipvsadm ¼Ò½º µð·ºÅ丮·Î À̵¿ÇÏ¿© "make install" À̶ó°í ¸í·ÉÀ» Ä¡¸é ipvsadm ÇÁ·Î±×·¥À» ½Ã½ºÅÛ µð·ºÅ丮¿¡ ¼³Ä¡ÇÑ´Ù.

 

2. The VS patch for kernel 2.2.14

Ä¿³Î ÄÄÆÄÀÏ ¿É¼Ç:

Code maturity level options --->
    [*] Prompt for development and/or incomplete code/drivers
 
Networking options --->
    [*] Network firewalls
    ...
    [*] IP: forwarding/gatewaying
    ...
    [*] IP: firewalling
    ...
    [*] IP: masquerading
    ...
    [*] IP: masquerading virtual server support (EXPERIMENTAL)
    (12) IP masquerading table size (the Nth power of 2)
    <M> IPVS: round-robin scheduling(NEW)
    <M> IPVS: weighted round-robin scheduling(NEW)
    <M> IPVS: weighted least-connection scheduling(NEW)
    <M> IPVS: persistent client connection scheduling(NEW)

±×´ÙÀ½ Ä¿³ÎÀ» ÄÄÆÄÀÏÇÑ´Ù. ÀûÀýÇÏ°Ô Ä¿³ÎÀÌ ÄÄÆÄÀϵǾú´Ù¸é, ½Ã½ºÅÛ Ä¿³ÎÀ» ¾÷µ¥ÀÌÆ®Çϰí ÀçºÎÆÃÇÑ´Ù. ¸¶Áö¸·À¸·Î cd ¸í·ÉÀ» ÀÌ¿ë, ipvsadm ¼Ò½º µð·ºÅ丮·Î À̵¿ÇÏ¿© "make install" À̶ó°í ¸í·ÉÀ» Ä¡¸é ipvsadm ÇÁ·Î±×·¥À» ½Ã½ºÅÛ µð·ºÅ丮¿¡ ¼³Ä¡ÇÑ´Ù.

 

»ç¿ë¹æ¹ý

»ç¿ë¹æ¹ýÀ» ¾Ë±â À§ÇØ ¿¹Á¦¸¦ º¸ÀÚ. ´ÙÀ½ Ç¥´Â IP ÅͳθµÀ» ÀÌ¿ëÇÏ¿© °¡»ó ¼­¹ö¸¦ Áö¿øÇÏ´Â ¸®´ª½º ¼­¹ö¿¡¼­ »ç¿ëÇÑ ±ÔÄ¢ÀÌ´Ù. ½ÇÁ¦ ¼­¹ö¿¡¼­ ¿î¿µÇÏ´Â ¼­ºñ½º¿Í °¡»ó ¼­ºñ½º°¡ °°Àº Æ÷Æ®¸¦ »ç¿ëÇØ¾ßÇÏ¸ç ½ÇÁ¦ ¼­¹ö¿¡¼­ ¼­ºñ½º Æ÷Æ®¸¦ ÁöÁ¤ÇÒ Çʿ䰡 ¾ø´Ù´Â °ÍÀ» ±â¾ïÇÏÀÚ.

 

Protocol

Virtual IP Address

Port

Real IP Address

Weight

TCP

202.103.106.5

80

202.103.107.2

1

202.103.106.3

2

 

IP ÁÖ¼Ò 202.103.106.5 Æ÷Æ® 80À» ÇâÇÏ´Â ¸ðµç Æ®·¡ÇÈÀº ½ÇÁ¦ ÁÖ¼Ò°¡ 202.103.107.2 Æ÷Æ® 80°ú 202.103.106.3 Æ÷Æ® 80·Î ºÎÇϺлêµÈ´Ù.

´ÙÀ½°ú °¥ÀÌ À§¿¡¼­ ¼³¸íÇÑ Å×ÀÌºí ±ÔÄ¢À» ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.

1. For kernel 2.0.x

ippfvsadm -A -t 202.103.106.5:80 -R 202.103.107.2 -w 1
ippfvsadm -A -t 202.103.106.5:80 -R 202.103.106.3 -w 2

2. For kernel 2.2.x

ipvsadm -A -t 202.103.106.5:80 -s wlc
ipvsadm -a -t 202.103.106.5:80 -R 202.103.107.2 -i -w 1
ipvsadm -a -t 202.103.106.5:80 -R 202.103.106.3 -i -w 2
 

ÅͳθµÀ» »ç¿ëÇÑ °¡»ó ¼­¹ö ½ÇÇè ¿¹Á¦

´ÙÀ½Àº ÅͳθµÀ» ÀÌ¿ë °¡»ó ¼­¹ö¸¦ ½ÇÇèÇÑ ¿¹Á¦ÀÌ´Ù. ¼³Á¤Àº ´ÙÀ½°ú °°´Ù. ÀÌ°Ç ÀÌ ±ÛÀ» º¸´Â »ç¶÷µé¿¡°Ô ÇϳªÀÇ ½Ç¸¶¸®¸¦ Áֱ⠹ٶõ´Ù. ºÎÇÏ ºÐ»ê¼­¹öÀº 172.26.20.111 ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ°í ½ÇÁ¦ ¼­¹ö´Â 172.26.112ÀÌ´Ù. °¡»ó IP ÁÖ¼Ò´Â 172.26.20.110 ÀÌ´Ù. ÀÌ ¿¹Á¦¿¡¼­ "telnet 172.26.20.110"À» ÇÏ¸é ½ÇÁ¦ ¼­¹ö¿¡ Á¢¼ÓÇÒ °ÍÀÌ´Ù.

1. For kernel 2.0.x

The load balancer (LinuxDirector), kernel 2.0.36

ifconfig eth0 172.26.20.111 netmask 255.255.255.0 broadcast 172.26.20.255 up
route add -net 172.26.20.0 netmask 255.255.255.0 dev eth0
ifconfig eth0:0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up
route add -host 172.26.20.110 dev eth0:0
ippfvsadm -A -t 172.26.20.110:23 -R 172.26.20.112

The real server 1, kernel 2.0.36 (IP forwarding enabled)

ifconfig eth0 172.26.20.112 netmask 255.255.255.0 broadcast 172.26.20.255 up
route add -net 172.26.20.0 netmask 255.255.255.0 dev eth0
ifconfig tunl0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up
route add -host 172.26.20.110 dev tunl0

2. For kernel 2.2.x

The load balancer (LinuxDirector), kernel 2.2.14

ifconfig eth0 172.26.20.111 netmask 255.255.255.0 broadcast 172.26.20.255 up
route add -net 172.26.20.0 netmask 255.255.255.0 dev eth0
ifconfig eth0:0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up
route add -host 172.26.20.110 dev eth0:0
echo 1 > /proc/sys/net/ipv4/ip_forward
ipvsadm -A -t 172.26.20.110:23 -s wlc
ipvsadm -a -t 172.26.20.110:23 -r 172.26.20.112 -i

The real server 1, kernel 2.0.36 (IP forwarding enabled)

ifconfig eth0 172.26.20.112 netmask 255.255.255.0 broadcast 172.26.20.255 up
route add -net 172.26.20.0 netmask 255.255.255.0 dev eth0
ifconfig tunl0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up
route add -host 172.26.20.110 dev tunl0
 

´õ ÀÚ¼¼ÇÑ ¼³Á¤ ¿¹Á¦

IP ÅͳθµÀ» ÀÌ¿ëÇÑ °¡»ó ¼­¹ö¿¡ ´ëÇÑ ´õ ÀÚ¼¼ÇÑ ¼³Á¤ ¿¹Á¦ÀÌ´Ù. °ø°£À» Àý¾àÇϱâ À§ÇØ, Áß¿äÇÑ ¸í·É¸¸ »ç¿ëÇßÀ¸¸ç ±×´ÙÁö Áß¿äÇÏÁö ¾ÊÀº ¸í·ÉÀº Á¦¿ÜÇß´Ù.

1. Real server running kernel 2.2.14 or later with hidden device

The load balancer (LinuxDirector), kernel 2.2.14

echo 1 > /proc/sys/net/ipv4/ip_forward
ipvsadm -A -t 172.26.20.110:23 -s wlc
ipvsadm -a -t 172.26.20.110:23 -r 172.26.20.112 -i

The real server 1, kernel 2.2.14

echo 1 > /proc/sys/net/ipv4/ip_forward
# insert it if it is compiled as module
insmod ipip
ifconfig tunl0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up
route add -host 172.26.20.110 dev tunl0
echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/tunl0/hidden

Ä¿³Î 2.2´Â ÇϳªÀÇ ÅͳΠµð¹ÙÀ̽º tunl0¸¸ °¡Áö°í Àֱ⠶§¹®¿¡ ÀÌ ¼³Á¤¿¡¼­´Â ÇϳªÀÇ °¡»ó IP(VIP)¸¸ °¡Áú ¼ö ÀÖ´Ù. ´ÙÁß VIP¸¦ À§ÇØ, tunl0 µð¹ÙÀ̽º¸¦ ¿Ã¸®°í(up), tunnel/dummy/loopback µð¹ÙÀ̽ºÀÇ ¾Ë¸®¾Æ½º¸¦ ÀÌ¿ëÇØ À̸¦ ¼³Á¤ÇÑ ´ÙÀ½ µð¹ÙÀ̽º¸¦ °¨Ãá´Ù. ´ÙÀ½ ¿¹Á¦¸¦ º¸ÀÚ:

echo 1 > /proc/sys/net/ipv4/ip_forward
# insert it if it is compiled as module
insmod ipip
ifconfig tunl0 up
ifconfig dummy0 up
echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/dummy0/hidden
ifconfig dummy0:0 172.26.20.110 up
route add -host 172.26.20.110 dev dummy0:0
ifconfig dummy0:1 <Another-VIP> up
...

2. Real servers runing kernel 2.2.x with redirect approach(ÀçÁöÇâ ¹æ¹ý ÀÌ¿ë)

ºÎÇϺл꼭¹öÀÇ ¼³Á¤Àº À§ ¿¹Á¦¿Í °°´Ù. Ä¿³Î 2.2.x¸¦ °¡Áö°í ¿î¿µÇÏ´Â ¸®¾ó ¼­¹ö´Â ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÒ ¼ö ÀÖ´Ù:

echo 1 > /proc/sys/net/ipv4/ip_forward
# insert it if it is compiled as module
insmod ipip
ifconfig tunl0 up
ipchains -A input -j REDIRECT 23 -d 172.26.20.110 23 -p tcp
...


Created on: 1998/11/29