´ÙÀ½Àº °¡»ó ¼¹öÀÇ È®À强À» ´ë±Ô¸ð·Î Áõ°¡½Ã۱â À§ÇØ IP ÅͳθµÀ» ¾î¶»°Ô »ç¿ëÇÏ´ÂÁö¿¡ ´ëÇØ ¼³¸íÇÑ´Ù.
IP Åͳθµ (IP encapsulation)Àº IP µ¥ÀÌÅͱ׷¥¾È¿¡ IP µ¥ÀÌÅͱ׷¥À» ³Ö´Â ±â¼ú·Î¼, ¾î¶² IP ÁÖ¼Ò¸¦ ÇâÇÏ´Â µ¥ÀÌÅͱ׷¥À» °¨½Î ´Ù¸¥ IP ÁÖ¼Ò·Î ÀçÁöÇâÇÒ ¼ö ÀÖ´Ù. IP encapsulationÀº ÇöÀç ¿¢½ºÆ®¶ó³Ý, ¸ðºô-IP, IP-¸ÖƼij½ºÆ®, tunnled È£½ºÆ®³ª ³×Æ®¿÷ µî¿¡ ÀϹÝÀûÀ¸·Î »ç¿ëµÇ°í ÀÖ´Ù. »ó¼¼ÇÑ ³»¿ëÀº NET-3-HOWTO¸¦ Âü°íÇÏÀÚ.
¸ÕÀú IP ÅͳθµÀ» ÀÌ¿ëÇÑ °¡»ó ¼¹ö ±×¸²À» º¸ÀÚ. IP ÅͳθµÀ» ÀÌ¿ëÇÑ °¡»ó ¼¹ö°¡ NAT¸¦ ÀÌ¿ëÇÑ ¹æ½Ä°ú °¡Àå ´Ù¸¥ °ÍÀº, ÀüÀÚÀÇ °æ¿ì ºÎÇϺл꼹ö¿¡¼ IP ÅͳÎÀ» ÀÌ¿ëÇØ ¿ä±¸¸¦ ½ÇÁ¦ ¼¹ö·Î º¸³»´Â ¹Ý¸é, ÈÄÀÚÀÇ °æ¿ì´Â ³×Æ®¿÷ ÁÖ¼Ò º¯È¯¹æ½ÄÀ» ÀÌ¿ëÇÑ´Ù´Â °ÍÀÌ´Ù.
»ç¿ëÀÚ°¡ ¼¹ö Ŭ·¯½ºÅÍ¿¡¼ Á¦°øÇÏ´Â ¼ºñ½º¿¡ Á¢±ÙÇÒ¶§, °¡»ó IP ÁÖ¼Ò(°¡»ó ¼¹öÀÇ IP ÁÖ¼Ò)·Î ÇâÇÏ´Â ¿ä±¸ ÆÐŶÀÌ ºÎÇϺл꼹ö·Î °£´Ù. ºÎÇϺл꼹ö¿¡¼ ÆÐŶÀÇ ¸ñÀûÁö ÁÖ¼Ò¿Í Æ÷Æ® ¹øÈ£¸¦ °Ë»çÇÑ´Ù. ±× ³»¿ëÀÌ °¡»ó ¼¹ö ¼ºñ½º¿Í ÀÏÄ¡ÇÏ¸é ½ºÄÉÁ층 ¾Ë°í¸®Áò¿¡ µû¶ó Ŭ·¯½ºÅÍ¿¡¼ ½ÇÁ¦ ¼¹ö¸¦ ¼±ÅÃÇϰí, Á¢¼ÓÀ» ±â·ÏÇÏ´Â ÇØ½¬ Å×ÀÌºí¿¡ »õ·Î¿î Á¢¼ÓÀ» Ãß°¡ÇÑ´Ù. ±×·¯°í ³ª¼ ºÎÇϺл꼹ö¿¡¼ IP µ¥ÀÌÅͱ׷¥¾È¿¡ ÆÐŶÀ» °¨½Î ³Ö°í(encapsulate) ½ÇÁ¦ ¼¹ö·Î Àü¼ÛÇÑ´Ù. µé¾î¿À´Â ÆÐŶÀÌ ÀÌ·¯ÇÑ Á¢¼Ó¿¡ ÇØ´çÇϰí ÇØ½¬ Å×ÀÌºí¿¡¼ ¼±ÅÃÇÑ ¼¹ö¸¦ ãÀ» ¼ö ÀÖÀ¸¸é ÆÐŶÀ» °¨½Î³Ö¾î ¼±ÅÃÇÑ ¼¹ö·Î Àü¼ÛÀ» ÇÒ °ÍÀÌ´Ù. ¼¹ö¿¡¼ °¨½Î³Ö¾îÁø ÆÐŶÀ» ¹ÞÀ¸¸é ÆÐŶÀ» ´Ù½Ã Ç®°í ¿äûÀ» ó¸®ÇÑ´ÙÀ½ ÃÖÁ¾ÀûÀ¸·Î ½ÇÁ¦ ¼¹öÀÇ ¶ó¿ìÆÃ Å×ÀÌºí¿¡ µû¶ó »ç¿ëÀÚ¿¡°Ô Á÷Á¢ °á°ú¸¦ µ¹·ÁÁØ´Ù. Á¢¼ÓÀÌ ÇØÁ¦µÇ°Å³ª ½Ã°£À» ÃʰúÇϸé, ÇØ½¬ Å×ÀÌºí¿¡¼ ¿¬°á ±â·ÏÀ» Á¦°ÅÇÑ´Ù. ÀÛ¾÷ÀÇ È帧Àº ´ÙÀ½°ú °°´Ù.
**¿ªÁÖ)À§ ±×¸²¿¡¼ LinuxDirector¿¡ ÀÖ´Â ³»¿ëÀ» º¸¸é "client-to-server half connection"À̶õ ¸»ÀÌ ÀÖ´Ù. ÀÌ°Ç Å¬¶óÀÌ¾ðÆ®¿¡¼ ¿äûÀ» ¹ÞÀ» ¶§¸¸ ºÎÇϺл꼹ö°¡ ÆÐŶÀ» º¯È¯Çϰí ÀÀ´äÀº ½ÇÁ¦ ¼¹ö¿¡¼ Á÷Á¢ Ŭ¶óÀÌ¾ðÆ®·Î °£´Ù´Â °ÍÀÌ´Ù. NAT¸¦ ÀÌ¿ëÇÒ ¶§´Â µé¾î¿À°í ³ª°¡´Â ÆÐŶÀÌ ¸ðµÎ ºÎÇϺл꼹ö¿¡¼ º¯È¯µÇ´Âµ¥ À̰ÍÀº Full connectionÀ̶ó°í ÇÒ ¼ö ÀÖ´Ù.
½ÇÁ¦ ¼¹ö´Â ¾î¶°ÇÑ ³×Æ®¿÷ÀÇ ¾î¶°ÇÑ IP ÁÖ¼Òµµ »ç¿ëÇÒ ¼ö ÀÖ°í Áö¿ªÀûÀ¸·Î ºÐ»êÀÌ °¡´ÉÇÏ´Ù´Â °ÍÀ» ±â¾ïÇÏÀÚ. ±×·¸Áö¸¸ IP °¨½Î±â ÇÁ·ÎÅäÄÝ(IP encapsulation protocol)À» Áö¿øÇؾßÇÑ´Ù. ÅͳΠµð¹ÙÀ̽º¸¦ Á¦´ë·Î ¼³Á¤ÇØ¾ß ½Ã½ºÅÛ¿¡¼ °¨½ÎÁø ÆÐŶÀ» Á¦´ë·Î Ç® ¼ö ÀÖ´Ù. °¡»ó IP ÁÖ¼Ò´Â non-arp µð¹ÙÀ̽º³ª non-arp µð¹ÙÀ̽ºÀÇ ¾Ë¸®¾Æ½º·Î ¼³Á¤ÇؾßÇÑ´Ù. ¶Ç´Â ½Ã½ºÅÛ¿¡¼ °¡»ó IP ÁÖ¼ÒÀÇ ÆÐŶÀ» Áö¿ª ¼ÒÄÏÀ¸·Î ÀçÁöÇâÇÒ ¼ö ÀÖ¾î¾ßÇÑ´Ù. ÀÚ¼¼ÇÑ Á¤º¸´Â ´ÙÀ½À» Âü°íÇÏÀÚ. the arp problem page
¸¶Áö¸·À¸·Î, °¨½ÎÁø ÆÐŶÀÌ µµÂøÇÏ¸é ½ÇÁ¦ ¼¹ö°¡ ÆÐŶÀ» Ç®¾î °¡»ó IP ÁÖ¼Ò·Î ÇâÇÏ´Â ÆÐŶÀ» ã°í, "ÀÌ°Ç ³ª¿¡°Ô ¿Â°Å¾ß, ³»°¡ ó¸®ÇÒ²²¿ë~" À̶ó°í À̾߱⸦ ÇÑ´Ù. ±×·¯°í ¿äû¸¦ ó¸®ÇÑ´ÙÀ½ ±×°á°ú¸¦ ÃÖÁ¾ »ç¿ëÀÚ¿¡°Ô Á÷Á¢ º¸³»´Â °ÍÀÌ´Ù.
¸ÕÀú Àû´çÇÑ ¹öÀüÀÇ ¸®´ª½º Ä¿³Î ¼Ò½º¸¦ ±¸ÇÑ´Ù. ±×·¯°í³ª¼ Ä¿³Î¿¡ °¡»ó ¼¹ö ÆÐÄ¡¸¦ Àû¿ëÇÑ´Ù. ¼¼ ¹øÂ°·Î ÃÖ¼ÒÇÑ ¿©±â¼ ¼±ÅÃÇÑ Ä¿³Î ÄÄÆÄÀÏ ¿É¼ÇÀ» ¼±ÅÃÇß´ÂÁö È®ÀÎÇÑ´Ù.
Ä¿³Î ÄÄÆÄÀÏ ¿É¼Ç:
Code maturity level options ---> [*] Prompt for development and/or incomplete code/drivers Networking options ---> [*] Network firewalls ... [*] IP: forwarding/gatewaying ... [*] IP: firewalling ... [*] IP: masquerading ... [*] IP: ippfvs(LinuxDirector) masquerading (EXPERIMENTAL) Virtual server request dispatching technique--- ( ) VS-NAT (X) VS-Tunneling ( ) VS-DRouting
±×¸®°í ÇϳªÀÇ ½ºÄÉÁ층 ¾Ë°í¸®ÁòÀ» ¼±ÅÃÇØ¾ßÇÑ´Ù.
Virtual server scheduling algorithm (X) WeightedRoundRobin ( ) LeastConnection ( ) WeightedLeastConnection [ ] IP: enabling ippfvs with the local node feature
±×´ÙÀ½ Ä¿³ÎÀ» ÄÄÆÄÀÏÇÑ´Ù. ÀûÀýÇÏ°Ô Ä¿³ÎÀÌ ÄÄÆÄÀϵǾú´Ù¸é, ½Ã½ºÅÛ Ä¿³ÎÀ» ¾÷µ¥ÀÌÆ®Çϰí ÀçºÎÆÃÇÑ´Ù. ¸¶Áö¸·À¸·Î cd ¸í·ÉÀ» ÀÌ¿ë, ipvsadm ¼Ò½º µð·ºÅ丮·Î À̵¿ÇÏ¿© "make install" À̶ó°í ¸í·ÉÀ» Ä¡¸é ipvsadm ÇÁ·Î±×·¥À» ½Ã½ºÅÛ µð·ºÅ丮¿¡ ¼³Ä¡ÇÑ´Ù.
Ä¿³Î ÄÄÆÄÀÏ ¿É¼Ç:
Code maturity level options ---> [*] Prompt for development and/or incomplete code/drivers Networking options ---> [*] Network firewalls ... [*] IP: forwarding/gatewaying ... [*] IP: firewalling ... [*] IP: masquerading ... [*] IP: masquerading virtual server support (EXPERIMENTAL) (12) IP masquerading table size (the Nth power of 2) <M> IPVS: round-robin scheduling(NEW) <M> IPVS: weighted round-robin scheduling(NEW) <M> IPVS: weighted least-connection scheduling(NEW) <M> IPVS: persistent client connection scheduling(NEW)
±×´ÙÀ½ Ä¿³ÎÀ» ÄÄÆÄÀÏÇÑ´Ù. ÀûÀýÇÏ°Ô Ä¿³ÎÀÌ ÄÄÆÄÀϵǾú´Ù¸é, ½Ã½ºÅÛ Ä¿³ÎÀ» ¾÷µ¥ÀÌÆ®Çϰí ÀçºÎÆÃÇÑ´Ù. ¸¶Áö¸·À¸·Î cd ¸í·ÉÀ» ÀÌ¿ë, ipvsadm ¼Ò½º µð·ºÅ丮·Î À̵¿ÇÏ¿© "make install" À̶ó°í ¸í·ÉÀ» Ä¡¸é ipvsadm ÇÁ·Î±×·¥À» ½Ã½ºÅÛ µð·ºÅ丮¿¡ ¼³Ä¡ÇÑ´Ù.
»ç¿ë¹æ¹ýÀ» ¾Ë±â À§ÇØ ¿¹Á¦¸¦ º¸ÀÚ. ´ÙÀ½ Ç¥´Â IP ÅͳθµÀ» ÀÌ¿ëÇÏ¿© °¡»ó ¼¹ö¸¦ Áö¿øÇÏ´Â ¸®´ª½º ¼¹ö¿¡¼ »ç¿ëÇÑ ±ÔÄ¢ÀÌ´Ù. ½ÇÁ¦ ¼¹ö¿¡¼ ¿î¿µÇÏ´Â ¼ºñ½º¿Í °¡»ó ¼ºñ½º°¡ °°Àº Æ÷Æ®¸¦ »ç¿ëÇØ¾ßÇÏ¸ç ½ÇÁ¦ ¼¹ö¿¡¼ ¼ºñ½º Æ÷Æ®¸¦ ÁöÁ¤ÇÒ Çʿ䰡 ¾ø´Ù´Â °ÍÀ» ±â¾ïÇÏÀÚ.
Protocol |
Virtual IP Address |
Port |
Real IP Address |
Weight |
TCP |
202.103.106.5 |
80 |
202.103.107.2 |
1 |
202.103.106.3 |
2 |
IP ÁÖ¼Ò 202.103.106.5 Æ÷Æ® 80À» ÇâÇÏ´Â ¸ðµç Æ®·¡ÇÈÀº ½ÇÁ¦ ÁÖ¼Ò°¡ 202.103.107.2 Æ÷Æ® 80°ú 202.103.106.3 Æ÷Æ® 80·Î ºÎÇϺлêµÈ´Ù.
´ÙÀ½°ú °¥ÀÌ À§¿¡¼ ¼³¸íÇÑ Å×ÀÌºí ±ÔÄ¢À» ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.
ippfvsadm -A -t 202.103.106.5:80 -R 202.103.107.2 -w 1 ippfvsadm -A -t 202.103.106.5:80 -R 202.103.106.3 -w 2
ipvsadm -A -t 202.103.106.5:80 -s wlc ipvsadm -a -t 202.103.106.5:80 -R 202.103.107.2 -i -w 1 ipvsadm -a -t 202.103.106.5:80 -R 202.103.106.3 -i -w 2
´ÙÀ½Àº ÅͳθµÀ» ÀÌ¿ë °¡»ó ¼¹ö¸¦ ½ÇÇèÇÑ ¿¹Á¦ÀÌ´Ù. ¼³Á¤Àº ´ÙÀ½°ú °°´Ù. ÀÌ°Ç ÀÌ ±ÛÀ» º¸´Â »ç¶÷µé¿¡°Ô ÇϳªÀÇ ½Ç¸¶¸®¸¦ Áֱ⠹ٶõ´Ù. ºÎÇÏ ºÐ»ê¼¹öÀº 172.26.20.111 ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ°í ½ÇÁ¦ ¼¹ö´Â 172.26.112ÀÌ´Ù. °¡»ó IP ÁÖ¼Ò´Â 172.26.20.110 ÀÌ´Ù. ÀÌ ¿¹Á¦¿¡¼ "telnet 172.26.20.110"À» ÇÏ¸é ½ÇÁ¦ ¼¹ö¿¡ Á¢¼ÓÇÒ °ÍÀÌ´Ù.
The load balancer (LinuxDirector), kernel 2.0.36
ifconfig eth0 172.26.20.111 netmask 255.255.255.0 broadcast 172.26.20.255 up route add -net 172.26.20.0 netmask 255.255.255.0 dev eth0 ifconfig eth0:0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up route add -host 172.26.20.110 dev eth0:0 ippfvsadm -A -t 172.26.20.110:23 -R 172.26.20.112
The real server 1, kernel 2.0.36 (IP forwarding enabled)
ifconfig eth0 172.26.20.112 netmask 255.255.255.0 broadcast 172.26.20.255 up route add -net 172.26.20.0 netmask 255.255.255.0 dev eth0 ifconfig tunl0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up route add -host 172.26.20.110 dev tunl0
The load balancer (LinuxDirector), kernel 2.2.14
ifconfig eth0 172.26.20.111 netmask 255.255.255.0 broadcast 172.26.20.255 up route add -net 172.26.20.0 netmask 255.255.255.0 dev eth0 ifconfig eth0:0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up route add -host 172.26.20.110 dev eth0:0 echo 1 > /proc/sys/net/ipv4/ip_forward ipvsadm -A -t 172.26.20.110:23 -s wlc ipvsadm -a -t 172.26.20.110:23 -r 172.26.20.112 -i
The real server 1, kernel 2.0.36 (IP forwarding enabled)
ifconfig eth0 172.26.20.112 netmask 255.255.255.0 broadcast 172.26.20.255 up route add -net 172.26.20.0 netmask 255.255.255.0 dev eth0 ifconfig tunl0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up route add -host 172.26.20.110 dev tunl0
IP ÅͳθµÀ» ÀÌ¿ëÇÑ °¡»ó ¼¹ö¿¡ ´ëÇÑ ´õ ÀÚ¼¼ÇÑ ¼³Á¤ ¿¹Á¦ÀÌ´Ù. °ø°£À» Àý¾àÇϱâ À§ÇØ, Áß¿äÇÑ ¸í·É¸¸ »ç¿ëÇßÀ¸¸ç ±×´ÙÁö Áß¿äÇÏÁö ¾ÊÀº ¸í·ÉÀº Á¦¿ÜÇß´Ù.
The load balancer (LinuxDirector), kernel 2.2.14
echo 1 > /proc/sys/net/ipv4/ip_forward ipvsadm -A -t 172.26.20.110:23 -s wlc ipvsadm -a -t 172.26.20.110:23 -r 172.26.20.112 -i
The real server 1, kernel 2.2.14
echo 1 > /proc/sys/net/ipv4/ip_forward # insert it if it is compiled as module insmod ipip ifconfig tunl0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up route add -host 172.26.20.110 dev tunl0 echo 1 > /proc/sys/net/ipv4/conf/all/hidden echo 1 > /proc/sys/net/ipv4/conf/tunl0/hidden
Ä¿³Î 2.2´Â ÇϳªÀÇ ÅͳΠµð¹ÙÀ̽º tunl0¸¸ °¡Áö°í Àֱ⠶§¹®¿¡ ÀÌ ¼³Á¤¿¡¼´Â ÇϳªÀÇ °¡»ó IP(VIP)¸¸ °¡Áú ¼ö ÀÖ´Ù. ´ÙÁß VIP¸¦ À§ÇØ, tunl0 µð¹ÙÀ̽º¸¦ ¿Ã¸®°í(up), tunnel/dummy/loopback µð¹ÙÀ̽ºÀÇ ¾Ë¸®¾Æ½º¸¦ ÀÌ¿ëÇØ À̸¦ ¼³Á¤ÇÑ ´ÙÀ½ µð¹ÙÀ̽º¸¦ °¨Ãá´Ù. ´ÙÀ½ ¿¹Á¦¸¦ º¸ÀÚ:
echo 1 > /proc/sys/net/ipv4/ip_forward # insert it if it is compiled as module insmod ipip ifconfig tunl0 up ifconfig dummy0 up echo 1 > /proc/sys/net/ipv4/conf/all/hidden echo 1 > /proc/sys/net/ipv4/conf/dummy0/hidden ifconfig dummy0:0 172.26.20.110 up route add -host 172.26.20.110 dev dummy0:0 ifconfig dummy0:1 <Another-VIP> up ...
ºÎÇϺл꼹öÀÇ ¼³Á¤Àº À§ ¿¹Á¦¿Í °°´Ù. Ä¿³Î 2.2.x¸¦ °¡Áö°í ¿î¿µÇÏ´Â ¸®¾ó ¼¹ö´Â ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÒ ¼ö ÀÖ´Ù:
echo 1 > /proc/sys/net/ipv4/ip_forward # insert it if it is compiled as module insmod ipip ifconfig tunl0 up ipchains -A input -j REDIRECT 23 -d 172.26.20.110 23 -p tcp ...
Created on: 1998/11/29