简介:
LVS是Linux Virtual Server的简写,意即Linux虚拟服务器,是一个虚拟的服务器集群系统。
lvs有三种工作模式NAT(地址转换),IP Tunneling(IP隧道)、Direct Routing(直接路由)。工作效率最低的是NAT模式,但NAT模式可以用于各种系统,各种环境的负载均衡,只需要一个公网ip即可实现IP Tunneling模式调度器将连接分发到不同的后端real server,然后由real server处理请求直接相应给用户,大大提高了调度器的调度效率,后端real server没有物理位置和逻辑关系的限制,后端real server可以在Lan/Wlan,但是后端real server必须支持IP隧道协议.DR(Direct Routing)是效率最高的,与IP Tunneling类似,都是处理一般连接,将请求给后端real server,然后由real server处理请求直接相应给用户,Direct Routing与IP Tunneling相比,没有IP封装的开销,但由于采用物理层,所以DR模式的调度器和后端real server必须在一个物理网段里,中间不能过路由器(也就是一个交换机相连)。
方案准备(Centos7):
| 名称 |
IP |
| Master:Lvs+keepalived |
10.0.0.128/24 (Centos7-1) |
| Backup:Lvs+keepalived | 10.0.0.131/24 (Centos7-4) |
| web1(real-server) |
10.0.0.129/24 (web1) |
| web2(real-server) | 10.0.0.130/24 (web2) |
方案实施:
一.配置LVS服务器
①相同处。
-
配置虚拟ip.#要是不想每次重启都无效,可以写到网卡里面。
[root@Centos7-1 ~]# ifconfig ens33:0 10.0.0.200 broadcast 10.0.0.200 netmask 255.255.255.255 up
-
添加发送到这个数据包的路由.
[root@Centos7-1 ~]# route add -host 10.0.0.200 dev enss33:0
-
开启路由转发.
[root@Centos7-1 ~]# echo "1" >/proc/sys/net/ipv4/ip_forward
[root@Centos7-1 ~]# sysctl -p
net.ipv4.ip_forward = 1 -
配置策略.
[root@Centos7-1 ~]# ipvsadm -A -t 10.0.0.200:80 -s rr
[root@Centos7-1 ~]# ipvsadm -a -t 10.0.0.200:80 -r 10.0.0.129:80 -g
[root@Centos7-1 ~]# ipvsadm -a -t 10.0.0.200:80 -r 10.0.0.130:80 -g
[root@Centos7-1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.200:80 rr
-> 10.0.0.129:80 Route 1 0 0
-> 10.0.0.130:80 Route 1 0 0
#-s :指定调度算法 rr为轮询
#-r :指定后端服务器
#-g :指定LVS 的工作模式为直接路由模式(也是LVS 默认的模式)
②不相同。
-
配置keepalived配置文件
Master:
[root@Centos7-1 ~]#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
#指定keepalived在发生切换时需要发送email到的对象
root@localhost
}
notification_email_from keepalived@localhost
#指定发件人
smtp_server 127.0.0.1
#指定smtp服务器地址
smtp_connect_timeout 30
#指定smtp连接超时时间
router_id node1
#运行keepalived机器的一个标识
vrrp_mcast_group4 224.0.100.19
}
vrrp_instance VI_1 {
state MASTER
#指定哪个为master,那个哪为backup
interface ens33
#设置实例绑定的网卡
virtual_router_id 17
#VPID标记
priority 100
#优先级,高优先级竞选为master
advert_int 1
#检查间隔,默认1秒
authentication {
auth_type PASS
#认证方式
auth_pass 123456
#认证密码
}
virtual_ipaddress {
10.0.0.200 dev ens33
#设置vip
}
}
Backup:
[root@Centos7-1 ~]#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.19} vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 17 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 10.0.0.200 dev ens33 }}
二.配置Web服务器(Real-server).
①.相同处.
-
配置虚拟ip.
[root@web1 ~]# ifconfig ens33:0 10.0.0.200 broadcast 10.0.0.200 netmask 255.255.255.255 up
#(在lvs的DR和TUN模式下,用户的访问请求到达真实服务器后,是直接返回给用户的,而不再经过前端的Director Server,因此,就需要在每个Real server节点上增加虚拟的VIP地址,这样数据才能直接返回给用户,增加VIP地址的操作可以通过上面的命令来实现:)
-
添加发送到这个数据包的路由.
[root@web1 ~]# route add -host 10.0.0.200 dev ens33:0
#(上面的命令表示网络请求地址是10.0.0.200的请求,返回的时候的源地址是ens33:0网卡上配置的地址,这样出口src地址就是绑定这个假VIP地址,就不会引起丢弃这个包。)
-
在Realserver上抑制ARP请求:
[root@node3 ~]# echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
[root@node3 ~]# echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
[root@node3 ~]# echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
[root@node3 ~]# echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
[root@node3 ~]# sysctl -p
#(在回环设备上绑定了一个虚拟IP地址,并设定其子网掩码为255.255.255.255,与Director Server上的虚拟IP保持互通,然后禁止了本机的ARP请求。由于虚拟ip,也就是上面的VIP地址,是Director Server和所有的Real server共享的,如果有ARP请求VIP地址时,Director Server与所有Real server都做应答的话,就会出现问题,因此,需要禁止Real server响应ARP请求。)
#要是不想每次重启都无效,以上配置可以写到网卡里面。
②不同处(网站内容,方便测试).
[root@web1 ~]# echo "web1:10.0.0.129">/web/index.html
[root@web1~]# systemctl start httpd
[root@web2 ~]# echo "web2:10.0.0.130">/web/index.html
[root@web2~]# systemctl start httpd
三.测试.
1.启动master和backup的keepalived服务,因master的priority优先级高,所以vip在 master机器上.
[root@Centos7-1 ~]# systemctl start keepalived
[root@zxb ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:64:e3:62 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.128/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8a1e:39ba:9beb:4aa9/64 scope link
valid_lft forever preferred_lft forever
另起一台机访问.
[root@user ~]# curl 10.0.0.200
web1:10.0.0.129
[root@user ~]# curl 10.0.0.200
web2:10.0.0.130
[root@user ~]# curl 10.0.0.200
web1:10.0.0.129
[root@user ~]# curl 10.0.0.200
web2:10.0.0.130
2.当停止master上的keepalive时,vip会从master转移到backup上.
[root@Centos7-1 ~]# systemctl stop keepalived
[root@Centos7-1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:64:e3:62 brd ff:ff:ff:ff:ff:ff inet 10.0.0.128/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::8a1e:39ba:9beb:4aa9/64 scope link valid_lft forever preferred_lft forever
[root@Centos7-4 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:10:e1:cf brd ff:ff:ff:ff:ff:ff inet 10.0.0.131/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet 10.0.0.200/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::44f2:ef47:efec:8b07/64 scope link valid_lft forever preferred_lft forever3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:10:e1:d9 brd ff:ff:ff:ff:ff:ff
[root@Centos7-4 ~]# cat /var/log/messages |tail -n 5
Oct 22 09:59:37 zxb4 Keepalived_vrrp[33093]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.200Oct 22 09:59:37 zxb4 Keepalived_vrrp[33093]: Sending gratuitous ARP on ens33 for 10.0.0.200Oct 22 09:59:37 zxb4 Keepalived_vrrp[33093]: Sending gratuitous ARP on ens33 for 10.0.0.200Oct 22 09:59:37 zxb4 Keepalived_vrrp[33093]: Sending gratuitous ARP on ens33 for 10.0.0.200Oct 22 09:59:37 zxb4 Keepalived_vrrp[33093]: Sending gratuitous ARP on ens33 for 10.0.0.200
访问.
[root@user ~]# curl 10.0.0.200
web1:10.0.0.129
[root@user ~]# curl 10.0.0.200
web2:10.0.0.130
本文出自 “XiaoBingZ” 博客,请务必保留此出处http://1767340368.blog.51cto.com/13407496/1974990