浮動IP地址:
一個網卡是可以添加多個IP的。
就是多個主機工作在 同一個集群中,即兩台主機以上。每台機器除了自己的實IP外,會設置一個浮動IP,浮動IP與主機的服務(HTTP服務/郵箱服務)綁在一起的。即應用服務在哪台機器上啟動,浮動IP也在這台機器上激活,這台機器看上去就有兩個IP地址。對於客戶端它只需訪問浮動IP即可。
即使主機端的機器由於故障發生切換,客戶端只要連接上浮動IP,就可以找到主機端的服務。
好處就是一旦其中一台機器不能工作了,可以很快的將服務切換到另外一台主機上。提高系統的冗余性。
當業務比較繁忙時候,可以通過float IP在主機之間實現負載均衡。
實際實現可能會用到ARP欺騙技術來解決MAC地址的問題。
--------------------------------------------------
在做雙機的時候,設定的一個IP,通過訪問這個IP,具體到后台哪台機器,由系統指定。浮動IP是隨資源一起走的。
其實就是由軟件根據具體情況把該IP設置在某一台機器上,對外提供服務為了避免因為一台機器宕機而導致不能對外提供服務,致使業務中斷,使用兩台機器進行提供服務,但是用戶怎么知道自己使用哪個IP進行連接呢?使用其中的一個,如果這個宕機了,就仍然會中斷服務。於是就使用一個ha軟件,其根據主機情況,指定一個IP在兩台主機中的任何一個,如果一台主機宕掉了,就把這個IP自動切換到另外一台機器上,這樣用戶仍然只需要使用這個IP,任何一台主機掛掉了,都不會導致服務中斷.說白了,就是這個IP可以根據具體情況,自動的在不同的N台機器間進行設置。
浮動IP,顧名思義就是飄渺不定的IP,這個IP地址可以漂浮在任一一台主機上,但是IP地址本身數字不會發生變化!一般的集群軟件都會使用浮動IP對外服務,對用戶也是透明的。
---------------------
作者:雁城布衣
來源:CSDN
原文:https://blog.csdn.net/xtank_nie/article/details/47000537
版權聲明:本文為博主原創文章,轉載請附上博文鏈接!
=============================
源地址:https://www.1and1.com/digitalguide/server/know-how/what-is-a-floating-ip/
What is a floating IP?
什么是浮動IP
The internet – plainly put – consists of many computers connected by cables, fiber optic cables, and wireless receivers. They exchange data based on a common ‘language'. This common standard is known as the Internet Protocol (IP). Data is arranged in such a way that computers, which understand the common protocol, can interpret it.
因特網簡單來說說是許多計算機由電纜、光纖、無線接收器連接組成的網絡。網絡中設備間數據交互是通過IP協議進行,數據以IP封裝其他計算根據協議才能解析數據。
An IP address, also referred to as an 'IP', makes digital devices detectable in a network. It is a crucial prerequisite so that electronic data packets can be delivered reliably. The devices communicate with one another, for example, over the internet. The IP address ensures that data from the sender reaches the correct recipient – for example, from a web browser to a web server or vice versa. An IP address can be assigned to both single and multiple devices at the same time. Likewise, a single device can have multiple IP addresses at the same time.
IP地址簡稱IP,數字設備以此作為身份標識,才能被其他設備發現和識別。IP地址是設備間交互數據的先決條件。IP地址保證數據的發送者發出的數據能正確到相應的接收者,反之也是如此。一個IP地址可分配多個設備,一個設備也可擁有多個IP。
However, in order to be able to understand exactly what a floating IP is, you first need to know the difference between dynamic and static IP addresses.
為了更好的弄明白什么是浮動IP,首先需要搞明靜態IP和動態IP之間的區別。
Contents
1. Dynamic IP
2. Static IP
3. Floating IP – definition
4. How is a floating IP generated?
5. When are floating IPs used?
6. Failover and switchover
7. What advantages does a floating IP offer?
Dynamic IP
動態IP
When a computer connects to the internet, in most cases the Internet Service Provider (ISP) assigns a dynamic IP address to it. Dynamic IP addresses are the most cost-effective standard for users and providers. They are characterized by the fact that they are only assigned temporarily and change after a certain time, which is either fixed (e.g. for 24 hours), or is irregular. The user then receives a new dynamic IP address for their computer from the respective internet service provider and the previous address will then be signed to a different user.
當一個計算機接入到互聯網,網絡服務接入商會分配一個動態IP給這台計算機。動態IP對用戶和接入商來說都是最經濟的。動態IP是不固定的,過一段時間會變。過一段時間用戶的電腦會收到一個新的IP地址,原來的IP地址有可以已經分配給了別的電腦。
Static IP
靜態IP
A static IP, on the other hand, is a fixed address and is permanently assigned to a device. Static IP addresses are found mainly in the web server or e-mail server area, or wherever offers or website content must be accessible via a fixed URL , so that users or processes can (re)find them without any problems. Computers in a network or peripheral devices (such as printers) have fixed IPs, so that the individual devices within the network can easily communicate with one another.
從一個方面來說,靜態IP是 一個固定的IP地址,被永久的分配給一個設備。靜態IP多用於Web服務器或者電子郵件服務器或者一個網站。這些網站通過一個固定的URL進行訪問,用戶可以通過URL找到IP地址。在一個網絡中的計算機或者外圍設備都有固定的IP,這樣設備間才能很容易的交互數據。
So that users don’t have to remember complex numbers, it’s possible to assign a domain name to a static IP address e.g. www.example.org. The numerical IP, the 'connection number' of a device in the network, is therefore translated into a name that can easily be remembered. This is generally only reserved for static IPs. It doesn’t make much sense for dynamic IPs since the user changes so frequently.
給一個靜態IP分配域名后,用戶就不需要記住復雜的IP地址。使用域名IP地址被轉成了容易記憶的名字。域名一般只用於靜態IP,因動態IP頻繁變動使用域名意義不大。
Floating IP – definition
浮動IP
A floating IP is usually a public, routable IP address that is not automatically assigned to an entity. Instead, a project owner assigns them to one or more entities temporarily. The respective entity has an automatically assigned, static IP for communication between instances in a private, non-routable network area, as well as via a manually assigned floating IP. This makes the entity’s services outside a cloud or network recognizable and therefore achievable.
一個浮動IP通常是一個公開的、可以路由到的IP地址,並且不會自動分配給實體設備。項目管理者臨時分配動態IP到一個或者多個實體設備。這個實體設備有自動分配的靜態IP用於內部網間設備的通訊。這個內部網使用私有地址,這些私有地址不能被路由到。通過浮動IP內網實體的服務才能被外網識別和訪問。
In appropriately configured failover scenarios, an IP 'floats' to another active unit in the network so that it can take on the function of a dormant entity without a time delay, and can then answer incoming requests.
在一個配置好浮點IP的切換場景是,IP地址飄到網絡中的另一台設備。新設備無延遲的接替當掉的設備,並對外提供服務。
How is a floating IP generated?
浮點IP是如何產生的?
Users obtain floating IPs for their projects from different pools that the system administrator configures and provides as server resources. As soon as a user receives a floating IP, they become the 'owner'. They can assign it to an entity, remove it, and then assign it to another at any time. Even if an entity is terminated, the user does not 'lose' the associated floating IP. It remains as a resource and can still be assigned to another entity when needed.
用戶從系統管理員配置的資源池中為他們的項目獲取IP地址。一旦用戶獲取一個浮動IP,就擁有了這個IP。他可以分配這個IP到一個計算實體,或者在任一時間移除分配給其他設備。就算設備關機,用戶還擁有他屬於他的浮動IP。浮動IP就像一種資源,當需要時可以分配給其他設備。
A major reason for using several parallel floating IP pools is that each pool can be operated by another internet service provider or can also be assigned by other external networks. This ensures that the connectivity or availability is maintainable even if an internet service provider should fail due to a malfunction.
使用多個平行的浮動IP主要是為了防止當其中的一個不可能用時使用其他地址以保證服務的正常可用。
When are floating IPs used?
什么時候會用浮動IP
Maximum availability is one of the key factors in every production environment. In the communication network, however, a single error can cause applications to fail. Developers do sleep better knowing that their applications are designed to withstand any conceivable error scenarios. The goal is to provide a highly available piece of infrastructure with minimal downtime.
最大的可用性是浮動IP在生產環境中使用的一個關鍵因素。在網絡中,單個錯誤可能會導致應用的不可用。如果系統能成功應對任何可以想到的應用場景,開發人員就可以安枕無憂。浮動IP的目標就最小當機下提供高可用的基礎設施。
A floating IP can serve as a flexible load balancing address, helping to balance peak loads by distributing incoming network traffic to different network nodes. Network nodes are devices which connect two (or more) transmission paths of a telecommunication network. As with a computer that distributes workflows across multiple processors, load balancing also handles large amounts of simultaneous requests or more complex calculations by splitting the load across multiple parallel systems.
浮動IP可以用於靈活的負載均衡地址,用於高峰時的負載均衡,分流訪問流量到不同的網絡節點。網絡節點是連接到兩個或者多個通訊網絡。就像一台電腦分配工作流到不同的處理器,負載均衡大量並發的請求或者復雜的計算分配到並行系統中。
Failover and switchover
故障恢復和地址切換
If a primary load balancer or a central application server in a cluster fails on one side, a floating IP can be immediately assigned a redundant application server or a secondary load balancer in a correspondingly configured system. The IP 'floats' to the active unit, which immediately carries out the desired processes. An unplanned change between network services is referred to as 'failover'. This kind of protection is especially recommended for critical applications.
如果一個主要的負載均衡器或者集群中一個主要的業務服務器當掉,浮動IP立即被分配到冗余的應用器或者備用的負載均衡器,這些都需要提前配置好。當浮動IP飄到一個活動單元,活動單元立即承擔相應的業務。故障恢復指的是非計划的網絡服務切換。這種特別的保護推薦用於關鍵應用。
A planned change from a primary to a secondary system is referred to as a 'switchover'. The targeted transmission of services is not triggered by errors, but is usually controlled by a system administrator. A classic reason for a switchover is, for example, routine maintenance of the primary or secondary systems where a parallel instance temporarily takes over its function.
一個有計划的從主切換到從,通常被稱為切換。切換不是由故障或者錯誤引起,而是系統管理員操作完成。切換的典型應用場景時,當對一個系統時行例常的維護時,由另一服務接替他的功能。
What advantages does a floating IP offer?
浮動IP優點
One of the main advantages of floating IPs is their flexibility – the free and needs-oriented assignability. Floating IPs are therefore suitable for use in both failover and switchover environments – for example, for performing upgrades of applications or entire sites with minimal downtime. While an upgrade is applied to one entity, another one takes on the traffic. Once the upgrade has been successfully completed, the traffic is redirected to the updated unit.
浮動IP的主要優點是靈活,自由的根據需要分配。浮動IP即適用於故障恢復又適用於服務切換。比如對某個應用或者整個站點的升級,並能保證對業務有最小的影響。當對一個應用升級時,另一個應用分配輸入流量。一旦升級完成,流量會被重新導入到升級節點。
Another advantage: even if several or even many different entities are concealed behind a service being offered, the floating IP appears on the surface to users (who make use of the service) rather than the server’s IP that offers the respective service.
另一個優點是:浮動IP對外提供統一的IP,而不是實際對外提供服務的IP地址。
=============================
ARP欺騙(英語:ARP spoofing)
又稱ARP毒化(ARP poisoning,網上上多譯為ARP病毒)或ARP攻擊,是針對以太網地址解析協議(ARP)的一種攻擊技術。此種攻擊可讓攻擊者獲取局域網上的數據包甚至可篡改數據包,且可讓網上上特定計算機或所有計算機無法正常連線。最早探討ARP欺騙的文章是由Yuri Volobuev所寫的《ARP與ICMP轉向游戲》(ARP and ICMP redirection games)。
原理:
-
攻擊者聆聽局域網上的MAC地址。它只要收到兩台主機洪泛的ARP Request,就可以進行欺騙活動。
-
主機A、B都洪泛了ARP Request.攻擊者現在有了兩台主機的IP、MAC地址,開始攻擊。
-
攻擊者發送一個ARP Reply給主機B,把此包protocol header里的sender IP設為A的IP地址,sender mac設為攻擊者自己的MAC地址。
-
主機B收到ARP Reply后,更新它的ARP表,把主機A的MAC地址(IP_A, MAC_A)改為(IP_A, MAC_C)。
-
當主機B要發送數據包給主機A時,它根據ARP表來封裝數據包的Link報頭,把目的MAC地址設為MAC_C,而非MAC_A。
-
當交換機收到B發送給A的數據包時,根據此包的目的MAC地址(MAC_C)而把數據包轉發給攻擊者C。
-
攻擊者收到數據包后,可以把它存起來后再發送給A,達到偷聽效果。攻擊者也可以篡改數據后才發送數據包給A,造成傷害。