环境:4台全新的虚拟机,均使用rhel7.6.
LVS(Linux Virtual Server)即Linux虚拟服务器,是由章文嵩博士主导的开源负载均衡项目,目前LVS已经被集成到Linux内核模块中。该项目在Linux内核中实现了基于IP的数据请求负载均衡调度方案。
LVS没有健康检查,也就是检查不了服务器是不是启动。
[root@server1 ~]# yum install ipvsadm -y
这是用户端用来写LVS策略的,在1安装此软件,用来负载均衡后面的2和3
[root@server2 ~]# yum install httpd -y
[root@server2 ~]# systemctl start httpd.service
在2和3安装并开启阿帕齐
[root@server2 ~]# cd /var/www/html/
[root@server2 html]# echo server2 > index.html
[root@server2 html]# curl localhost
server2
在2和3分别编写默认发布文件
[root@server1 ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.12:80 -g
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.13:80 -g
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 rr
-> 172.25.254.12:80 Route 1 0 0
-> 172.25.254.13:80 Route 1 0 0
-A 添加,-t tcp协议 172.25.254.100:80是一个没有被占用的IP的80端口,rr 轮较,-g直连
这就是创建的虚拟服务。
[root@server1 ~]# ip addr add 172.25.254.100/24 dev eth0
创建一个vip(虚拟IP)100。这一步应该放在一开始做
[root@westos Desktop]# curl 172.25.254.100
^C
[root@westos Desktop]# curl 172.25.254.100
^C
[root@westos Desktop]# curl 172.25.254.100
^C
[root@westos Desktop]# curl 172.25.254.100
^C
[root@westos Desktop]# curl 172.25.254.100
^C
在宿主机链接100试试,再在1上查看一下有没有访问的记录
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 rr
-> 172.25.254.12:80 Route 1 0 2
-> 172.25.254.13:80 Route 1 0 3
刚好curl了五次,调度器也均衡的分给了2和3
但是为什么没有curl成功会卡?
这是因为TCP三次握手没有成功,调度器认为走错路了,此时应该在2和3上也加上这个VIP
[root@server2 ~]# ip addr add 172.25.254.100/32 dev eth0
此时再次尝试
[root@westos Desktop]# curl 172.25.254.100
server2
[root@westos Desktop]# curl 172.25.254.100
server3
[root@westos Desktop]# curl 172.25.254.100
server2
[root@westos Desktop]# curl 172.25.254.100
server3
[root@westos Desktop]# curl 172.25.254.100
server2
[root@westos Desktop]# curl 172.25.254.100
server3
此时再次查看
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 rr
-> 172.25.254.12:80 Route 1 0 3
-> 172.25.254.13:80 Route 1 0 3
均衡的调度到了2和3,而且都curl成功了,但是此时有新的问题
[root@westos Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:18:f0:30 [ether] on br0
[root@westos Desktop]# arp -d 172.25.254.100
[root@westos Desktop]# arp -an | grep 100
[root@westos Desktop]# ping 172.25.254.100
PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.548 ms
^C
--- 172.25.254.100 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.548/0.548/0.548/0.000 ms
[root@westos Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:1c:e4:ae [ether] on br0
[root@westos Desktop]# curl 172.25.254.100
server2
[root@westos Desktop]# curl 172.25.254.100
server2
[root@westos Desktop]# curl 172.25.254.100
server2
[root@westos Desktop]# curl 172.25.254.100
server2
[root@westos Desktop]# curl 172.25.254.100
server2
删除之前记录的IP,重新ping一次,发现再去访问的话只能访问到2,这是2的mac地址,还是调度器的问题,再次尝试一下
[root@westos Desktop]# arp -d 172.25.254.100
[root@westos Desktop]# ping 172.25.254.100
PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.421 ms
^C
--- 172.25.254.100 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.421/0.421/0.421/0.000 ms
[root@westos Desktop]# curl 172.25.254.100
server3
[root@westos Desktop]# curl 172.25.254.100
server3
[root@westos Desktop]# curl 172.25.254.100
server3
[root@westos Desktop]# curl 172.25.254.100
server3
[root@westos Desktop]# curl 172.25.254.100
server3
又成只识别3的mac地址了
这是因为在一个vlan里有同一个VIP,ip地址冲突,谁先响应缓存谁,但是这是不正常的,负载均衡就没有意义了
有两种解决方法,第一个是在内核中禁用arp协议
第二个是红帽的办法叫做arp防火墙
[root@server2 ~]# yum install arptables -y
在2和3分别安装此软件
[root@server2 ~]# arptables -A INPUT -d 172.25.254.100 -j DROP
[root@server2 ~]# arptables -A OUTPUT -s 172.25.254.100 -j mangle --mangle-ip-s 172.25.254.12
[root@server2 ~]# arptables-save > /etc/sysconfig/arptables
输入100时,丢弃掉,输出100时,转为12
把这个策略储存到sysconfig中
[root@server2 ~]# cat /etc/sysconfig/arptables
*filter
:INPUT ACCEPT
:OUTPUT ACCEPT
:FORWARD ACCEPT
-A INPUT -j DROP -d 172.25.254.100
-A OUTPUT -j mangle -s 172.25.254.100 --mangle-ip-s 172.25.254.12
[root@server2 ~]# arptables -F
[root@server2 ~]# arptables -L
Chain INPUT (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
[root@server2 ~]# systemctl restart arptables.service
[root@server2 ~]# arptables -nL
Chain INPUT (policy ACCEPT)
-j DROP -d 172.25.254.100
Chain OUTPUT (policy ACCEPT)
-j mangle -s 172.25.254.100 --mangle-ip-s 172.25.254.12
Chain FORWARD (policy ACCEPT)
-F表示刷新,把此策略SCP一份给3,做同样操作,在3中要修改一下,改称254.13
[root@server3 ~]# arptables -nL
Chain INPUT (policy ACCEPT)
-j DROP -d 172.25.254.100
Chain OUTPUT (policy ACCEPT)
-j mangle -s 172.25.254.100 --mangle-ip-s 172.25.254.13
Chain FORWARD (policy ACCEPT)
[root@chihao Desktop]# curl 172.25.254.100
server2
[root@chihao Desktop]# curl 172.25.254.100
server3
[root@chihao Desktop]# curl 172.25.254.100
server2
[root@chihao Desktop]# curl 172.25.254.100
server3
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 rr
-> 172.25.254.12:80 Route 1 0 2
-> 172.25.254.13:80 Route 1 0 2
此时调度器恢复正常,这就是lvs的dr模式