LVS+Keepalive

标签：director   network   address   服务器   数据包   

一、常用的负载均衡软件：

Nginx  应用层负载

LVS      网络层负载

HAProxy  应用层负载

常用的负载均衡硬件：

F5 、Netscale

二、LVS的四种工作模式

1）VS/NAT模式（Network address translation）

通过NAT转换表进行负载，收包和回包都需要查表

2）VS/TUN模式（tunneling）

给数据包打上IP头

3）DR模式（Direct routing）

给数据包打上MAC头

4）fulnat

双重NAT转换

三、LVS的配置（NAT模式）

三台主机，一台作为负载转发（dir），两台作为业务（rs）

hostname dir

loginout

hostname rs1

loginout

hostname rs2

loginout

===============dir配置

yum install ipvsadm -y
#dir上安装ipvsadm包
vim /usr/local/sbin/lvs_nat.sh
#! /bin/bash# director 服务器上开启路由转发功能: echo 1 > /proc/sys/net/ipv4/ip_forward # 关闭icmp的重定向echo 0 > /proc/sys/net/ipv4/conf/all/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/default/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/eth0/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
# director 设置nat防火墙
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.2.0/24  -j MASQUERADE   #设置内网网段
# director设置ipvsadm
IPVSADM=‘/sbin/ipvsadm‘
$IPVSADM -C
$IPVSADM -A -t 192.168.1.200:80 -s rr  
$IPVSADM -a -t 192.168.1.200:80 -r 192.168.2.1:80 -m        
$IPVSADM -a -t 192.168.1.200:80 -r 192.168.2.2:80 -m 
/bin/bash /usr/local/sbin/lvs_nat.sh
#执行脚本
ipvsadm -ln   
#查看虚拟转发表
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.200:80 rr
  -> 192.168.2.1:80               Masq    1      0          0         
  -> 192.168.2.2:80               Masq    1      0          0

====================rs配置

yum install nginx -y
#rs服务器上都安装nginx作为测试
echo "111master" > /usr/share/nginx/html/index.html 
yum install nginx -y
echo "222slave" > /usr/share/nginx/html/index.html 
[root@dir ~]# curl 192.168.1.200:80
111master
[root@dir ~]# curl 192.168.1.200:80
222slave
[root@dir ~]# curl 192.168.1.200:80
111master
[root@dir ~]# curl 192.168.1.200:80
222slave

测试成功

四、LVS的配置（DR模式）

ipvsadm -C   
ipvsadm -ln
iptables -t nat -F
#清空规则
rs网关不指向dir，三台主机在同一网段，比较浪费公网IP，四个IP
vim /usr/local/sbin/lvs_dr.sh
#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ipv=/sbin/ipvsadm
vip=192.168.1.205
rs1=192.168.1.201
rs2=192.168.1.202
ifconfig eth0:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev eth0:0
$ipv -C
$ipv -A -t $vip:80 -s rr 
$ipv -a -t $vip:80 -r $rs1:80 -g -w 1
$ipv -a -t $vip:80 -r $rs2:80 -g -w 1
/bin/bash /usr/local/sbin/lvs_dr.sh            #执行脚本
ipvsadm -ln         #查看规则

====================两台上rs配置

#! /bin/bash
vip=192.168.1.205
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
/bin/bash  /usr/local/sbin/lvs_dr_rs.sh

测试：最好再开一台Linux，浏览器有缓存

五、LVS+keepalived

两台作为keepalived，一主一从，dir和rs2做主从keepalive
[root@dir ~]# ipvsadm -C 
#清空规则
yum install -y keepalived ipvsadm 
#dir和rs2安装
cp  /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak 
>  /etc/keepalived/keepalived.conf
vim  /etc/keepalived/keepalived.conf
#dir上编译配置文件
vrrp_instance VI_1 {
    state MASTER   #备用服务器上为 BACKUP
    interface eth0
    virtual_router_id 51
    priority 100  #备用服务器上为90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.205
    }
}
virtual_server 192.168.1.205 80 {
    delay_loop 6                  #(每隔10秒查询realserver状态)
    lb_algo wlc                  #(lvs 算法)
    lb_kind DR                  #(Direct Route)
    persistence_timeout 60        #(同一IP的连接60秒内被分配到同一台realserver)
    protocol TCP                #(用TCP协议检查realserver状态)
    real_server 192.168.1.201 80 {
        weight 100               #(权重)
        TCP_CHECK {
        connect_timeout 10       #(10秒无响应超时)
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
real_server 192.168.1.202 80 {
        weight 100
        TCP_CHECK {
        connect_timeout 10
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
     }
}
/etc/init.d/keepalived start                       #启动
正在启动 keepalived：                                      [确定]
ip add                                                       #查看虚拟IP是否启动
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:e2:dc:da brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.200/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.205/32 scope global eth0
    inet6 fe80::20c:29ff:fee2:dcda/64 scope link 
       valid_lft forever preferred_lft forever

===================从keeplived配置

cp  /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak 
>  /etc/keepalived/keepalived.conf
vim  /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
    state BACKUP   #备用服务器上为 BACKUP
    interface eth0
    virtual_router_id 51
    priority 90  #备用服务器上为90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.205
    }
}
virtual_server 192.168.1.205 80 {
    delay_loop 6                  #(每隔10秒查询realserver状态)
    lb_algo wlc                  #(lvs 算法)
    lb_kind DR                  #(Direct Route)
    persistence_timeout 60        #(同一IP的连接60秒内被分配到同一台realserver)
    protocol TCP                #(用TCP协议检查realserver状态)
    real_server 192.168.1.201 80 {
        weight 100               #(权重)
        TCP_CHECK {
        connect_timeout 10       #(10秒无响应超时)
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
real_server 192.168.1.202 80 {
        weight 100
        TCP_CHECK {
        connect_timeout 10
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
     }
}
/etc/init.d/keepalived start         
/etc/init.d/ipvsadm start
=====================
启动两台rs的Nginx服务，若下面规则缺少，查看Iptables是否关闭
[root@dir ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.205:80 wlc persistent 60
  -> 192.168.1.201:80             Route   100    0          0         
  -> 192.168.1.202:80             Route   100    0          0

成功

宕机测试：

关闭rs1的业务网卡

[root@dir ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.205:80 wlc persistent 60
  -> 192.168.1.202:80             Route   100    0          0         
再开启
[root@dir ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.205:80 wlc persistent 60
  -> 192.168.1.201:80             Route   100    0          0         
  -> 192.168.1.202:80             Route   100    0          0

keeplived高可用测试

/etc/init.d/keepalived stop       #关闭主
 [root@rs2 ~]# ipvsadm -ln              
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.205:80 wlc persistent 60
  -> 192.168.1.201:80             Route   100    0          0         
  -> 192.168.1.202:80             Local   100    0          0

成功

本文出自 “卫斯理” 博客，请务必保留此出处http://szk5043.blog.51cto.com/8456440/1891336

LVS+Keepalive

标签：director   network   address   服务器   数据包   

原文地址：http://szk5043.blog.51cto.com/8456440/1891336