lvs负载均衡
目录
一、简介
LVS(Linux Virtual Server)即Linux虚拟服务器,是由章文嵩博士主导的开源负载均衡项目,目前LVS已经被集成到Linux内核模块中。在Linux内核中实现了基于IP的数据请求负载均衡调度方案,终端互联网用户从外部访问公司的负载均衡服务器,终端用户的Web请求会发送给LVS调度器,调度器根据自己预设的算法决定将该请求发送给后端的某台Web服务器,比如,轮询算法可以将外部的请求平均分发给后端的所有服务器,终端用户访问LVS调度器虽然会被转发到后端真实的服务器,但如果真实服务器连接的是相同的存储,提供的服务也是相同的服务,最终用户不管是访问哪台真实服务器,得到的服务内容都是一样的,整个集群对用户而言都是透明的。最后根据LVS工作模式的不同,真实服务器会选择不同的方式将用户需要的数据发送到终端用户,LVS工作模式分为NAT模式、TUN模式、以及DR模式。
二、工作模式
1、NAT模式:
通过网络地址转换实现的虚拟服务器
大并发访问时,调度器的性能成为瓶颈
2、DR模式
直接使用路由技术实现虚拟服务器
节点服务器需要配置VIP,注意MAC地址广播
3、TUN模式
通过隧道方式实现虚拟服务
三、调度算法
1. 静态调度算法
1、轮询调度rr
均等的对待每一台服务器,不管服务器上的实际连接数和系统负载
2、加权论调wrr
调度器可以自动问询真实服务器的负载情况,并动态调整权值
3、源地址散列调度算法 sh
与目标地址散列调度算法类似,但它是根据源地址散列算法进行静态分配固定的服务器资源。
4、目标地址散列调度算法 dh
该算法是根据目标 IP 地址通过散列函数将目标 IP 与服务器建立映射关系,出现服务器不可用或负载过高的情况下,发往该目标 IP 的请求会固定发给该服务器。
2. 动态调度算法
5、最少链接 lc
动态地将网络请求调度到已建立的连接数最少的服务器上
如果集群真实的服务器具有相近的系统性能,采用该算法可以较好的实现负载均衡
6、 加权最少链接 wlc
调度器可以自动问询真实服务器的负载情况,并动态调整权值
带权重的谁不干活就给谁分配,机器配置好的权重高
7、 基于局部性的最少连接调度算法 lblc
这个算法是请求数据包的目标 IP 地址的一种调度算法,该算法先根据请求的目标 IP 地址寻找最近的该目标 IP 地址所有使用的服务器,如果这台服务器依然可用,并且有能力处理该请求,调度器会尽量选择相同的服务器,否则会继续选择其它可行的服务器
8、 复杂的基于局部性最少的连接算法 lblcr
记录的不是要给目标 IP 与一台服务器之间的连接记录,它会维护一个目标 IP 到一组服务器之间的映射关系,防止单点服务器负载过高。
9、最少期望延迟 sed
不考虑非活动链接,谁的权重大,优先选择权重大的服务器来接收请求,但权重大的机器会比较忙
10、 永不排队 nq
无需队列,如果有realserver的连接数为0就直接分配过去
部署
部署lvs-nat模式的httpd负载集群
| 主机名 | 作用 | IP/DIP | VIP |
| DR | LVS服务器 | 192.168.78.144 | 192.168.65.10 |
| RS1 | apache服务器1 | 192.168.78.151 | 网关为DR网关 |
| RS2 | apache服务器2 | 192.168.78.153 | 网关为DR网关 |
| Client | 客户端(测试) | 192.168.78.155 | 客户端不需要VIP |
DR配置:
//关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//添加一块网卡,设置仅主机模式
//设置网卡ip
[root@DR ~]# nmcli connection modify Wired\ connection\ 1 con-name ens37 ipv4.addresses 192.168.65.10/24 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@DR ~]# nmcli con up ens37
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@DR ~]# ip a | grep ens37
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.65.10/24 brd 192.168.65.255 scope global noprefixroute ens37
//开启转发功能
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
······
Complete!
[root@DR ~]# ipvsadm -A -t 192.168.65.10:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.65.10:80 -r 192.168.78.151:80 -m
[root@DR ~]# ipvsadm -a -t 192.168.65.10:80 -r 192.168.78.153:80 -m
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.65.10:80 rr
-> 192.168.78.151:80 Masq 1 0 0
-> 192.168.78.153:80 Masq 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
RS1配置:
//关闭防火墙和selinux
[root@RS1 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//配置IP
[root@RS1 ~]# nmcli con modify ens33 ipv4.addresses 192.168.78.151/24 ipv4.gateway 192.168.65.10 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@RS1 ~]# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
//配置好yum源,安装httpd配置首页
[root@RS1 ~]# dnf install httpd -y
······
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2配置:
//关闭防火墙和selinux
[root@RS2 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//配置IP
[root@RS2 ~]# nmcli connection modify ens33 ipv4.addresses 192.168.78.153/24 ipv4.gateway 192.168.65.10 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@RS2 ~]# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
//配置好yum源,安装httpd配置首页
[root@RS2 ~]# dnf install -y httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
客户端进行测试
[root@Client ~]# curl http://192.168.65.10
RS2
[root@Client ~]# curl http://192.168.65.10
RS1
[root@Client ~]# curl http://192.168.65.10
RS2
[root@Client ~]# curl http://192.168.65.10
RS1部署lvs-dr模式的httpd负载集群
//关闭selinux和防火墙
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//配置lo网卡ip
[root@DR ~]# dnf -y install net-tools
······
[root@DR ~]# ifconfig lo 192.168.78.200/32 broadcast 192.168.78.200 netmask 255.255.255.255 up
[root@DR ~]# ip a | grep lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 192.168.78.200/0 brd 192.168.78.200 scope global lo
//永久生效lo网卡配置
[root@DR ~]# echo "ifconfig lo 192.168.78.200/32 broadcast 192.168.78.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@DR ~]# chmod +x /etc/rc.d/rc.local
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.78.200:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.78.200:80 -r 192.168.103.151:80 -g
[root@DR ~]# ipvsadm -a -t 192.168.78.200:80 -r 192.168.103.153:80 -g
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.78.200:80 rr
-> 192.168.103.151:80 Route 1 0 0
-> 192.168.103.153:80 Route 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
RS1配置:
//关闭防火墙和selinux
[root@RS1 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//RS1上配置内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1 //下面两条是为了保险,其实只需要关闭lo网卡的对外公布apr即可
net.ipv4.conf.all.arp_announce = 2
[root@RS1 ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//配置VIP
[root@RS1 ~]# dnf install -y net-tools
[root@RS1 ~]# ifconfig lo 192.168.78.200/32 broadcast 192.168.78.200 netmask 255.255.255.255 up
//永久生效
[root@RS1 ~]# echo "ifconfig lo 192.168.78.200/32 broadcast 192.168.78.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@RS1 ~]# chmod +x /etc/rc.d/rc.local
//添加路由
[root@RS1 ~]# route add -host 192.168.78.200/32 dev lo
//安装httpd配置首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2配置:
//关闭防火墙和selinux
[root@RS2 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//RS2配置内核参数
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS2 ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//配置VIP
[root@RS2 ~]# dnf install -y net-tools
[root@RS2 ~]# ifconfig lo 192.168.78.200/32 broadcast 192.168.78.200 netmask 255.255.255.255 up
//永久生效
[root@RS2 ~]# echo "ifconfig lo 192.168.78.200/32 broadcast 192.168.78.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@RS2 ~]# chmod +x /etc/rc.d/rc.local
//添加路由
[root@RS2 ~]# route add -host 192.168.78.200/32 dev lo
//安装httpd配置首页
[root@RS2 ~]# dnf install -y httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
客户端测试
[root@Client ~]# curl 192.168.78.200
RS1
[root@Client ~]# curl 192.168.78.200
RS2
[root@Client ~]# curl 192.168.78.200
RS1
[root@Client ~]# curl 192.168.78.200
RS2部署lvs-tun模式的httpd负载集群
DR配置:
//关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//修改内核参数
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
//配置VIP
[root@DR ~]# dnf -y install net-tools
[root@DR ~]# ifconfig tunl0 192.168.78.210 broadcast 192.168.78.210 netmask 255.255.255.255
[root@DR ~]# ip a|grep tunl0
3: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
inet 192.168.78.210/32 brd 192.168.78.210 scope global tunl0
//永久生效
[root@DR ~]# echo "ifconfig tunl0 192.168.78.210 broadcast 192.168.78.210 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@DR ~]# chmod +x /etc/rc.d/rc.local
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.78.210:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.78.210:80 -r 192.168.103.151:80 -i
[root@DR ~]# ipvsadm -a -t 192.168.78.210:80 -r 192.168.103.153:80 -i
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.78.210:80 rr
-> 192.168.103.151:80 Tunnel 1 0 0
-> 192.168.103.153:80 Tunnel 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
RS1配置:
//关闭防火墙和selinux
[root@RS1 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//启用ipip模块,配置VIP
[root@RS1 ~]# dnf -y install net-tools
[root@RS1 ~]# modprobe ipip
[root@RS1 ~]# ifconfig tunl0 192.168.78.210 broadcast 192.168.78.210 netmask 255.255.255.255
[root@RS1 ~]# echo "ifconfig tunl0 192.168.78.210 broadcast 192.168.78.210 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@RS1 ~]# chmod +x /etc/rc.d/rc.local
//修改内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS1 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
//安装httpd配置首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2配置:
//关闭防火墙和selinux
[root@RS2 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//启用ipip模块,配置VIP
[root@RS2 ~]# dnf -y install net-tools
[root@RS2 ~]# modprobe ipip
[root@RS2 ~]# ifconfig tunl0 192.168.78.210 broadcast 192.168.78.210 netmask 255.255.255.255
[root@RS2 ~]# echo "ifconfig tunl0 192.168.78.210 broadcast 192.168.78.210 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@RS2 ~]# chmod +x /etc/rc.d/rc.local
//修改内核参数
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS2 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
//安装httpd配置首页
[root@RS2 ~]# dnf install -y httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
客户端测试:
[root@Client ~]# curl http://192.168.78.210
RS2
[root@Client ~]# curl http://192.168.78.210
RS1
[root@Client ~]# curl http://192.168.78.210
RS2
[root@Client ~]# curl http://192.168.78.210
RS1
2071
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
