lvs-dr+keepalived是linux下的经典负载均衡解决方案,因其配置简单、性能优越而广受欢迎,dr是基于二层mac地址的转发,real server收到请求后直接响应客户机,所以这种架构的效率很高,不过要求lvs server和real server在同一个物理网段内,就是在同一个交换机下,架构图如下:
keepalived是保证一个lvs server失效以后启用备份lvs server的,我给我的配置方案如下:
lvs server1 10.20.3.74
lvs server2 10.20.3.76
realserver1 10.20.3.93
realserver2 10.20.3.94
virtual IP 10.20.3.78
一、lvs server配置
安装keepalived和ipvsadm 1.24
#ln -s /usr/src/kernels/2.6.18-53.el5PAE-i686/ /usr/src/linux 这一步很重要,要不然会编译报错
#tar zxvf keepalived-1.2.2.tar.gz
#cd keepalived-1.2.2
#./configure && make && make install
#cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
#cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
#mkdir /etc/keepalived
#cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
#cp /usr/local/sbin/keepalived /usr/sbin/
#tar zxvf ipvsadm1.24.tar.gz
#cd ipvsadm1.24
#./configure && make && make install
安装keepalived 时,configure完成是这样的
Keepalived configuration
------------------------
Keepalived version : 1.2.2
Compiler : gcc
Compiler flags : -g -O2 -DETHERTYPE_IPV6=0x86dd
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
Use VRRP Framework : Yes
Use Debug flags : No
如果要用到lvs的话,use ipvs framework必须是yes的
/usr/include/stdint.h:41: error: conflicting types for ‘int64_t’
编译keepalived-1.2.2,执行make时出现错误。这个错误出现的原因可能是头文件linux/types.h和sys/types.h的int64_t、u_int64_t定义有冲突,头文件linux/types.h在定义int64_t等时没有防止重复定义,而sys/types.h头文件在定义int64_t等时是有防止重复定义的措施的。
vim keepalived/libipvs-2.6/ip_vs.h,将#include <sys/types.h> (其中包含了linux/types.h)放到所有头文件的前面,问题解决
编辑/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# notification_email {
# dingjun@sinatay.com
# }
# notification_email_from localhost@lvs-server1
# smtp_server 127.0.0.1
# smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER #lvs server2改成 state BACKUP
interface eth0
virtual_router_id 51
priority 200 #lvs server2改成 priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.20.3.78
}
}
virtual_server 10.20.3.78 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.20.3.93 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.20.3.94 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
启动keepalived,#service keepalived start
Starting keepalived: [ OK ]
# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.20.3.78:http wlc persistent 50
-> 10.20.3.94:http Route 1 0 0
-> 10.20.3.93:http Route 1 0 0
以上输出表示配置成功
#ping 10.20.3.78
PING 10.20.3.78 (10.20.3.78) 56(84) bytes of data.
64 bytes from 10.20.3.78: icmp_seq=1 ttl=64 time=0.043 ms
64 bytes from 10.20.3.78: icmp_seq=2 ttl=64 time=0.042 ms
通了,表示地址正常
二、real server配置
real server增加一个启动脚本即可,不需要安装任何软件,我的如下
/usr/sbin/realserver.sh
#!/bin/bash
# description: config realserver lo and apply noarp
VIP=10.20.3.78
sh /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
route del $VIP >/dev/null 2>&1
ifconfig lo:0 down
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
放到/usr/sbin下赋予执行权限,在/etc/rc.local增加一行随机启动sh /etc/sbin/realserver.sh
ifconfig可以看到多了一个接口
lo:0 Link encap:Local Loopback
inet addr:10.20.3.78 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
这里说一下,dr模式是不能进行端口转换的,就是你访问lvs server的80端口,就转到real server的80端口,如果你想要实现端口的转换,可以在real server上门配置iptables实现,如要实现80转到8001端口,命令: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8001
三、验证
访问10.20.3.78,如果能转到10.20.3.93/94上,即表示配置成功
四、疑问
还有些朋友觉得好像没有用到ipvsadm,那么是不是可以不装。绝对不行的,keepalived算是ipvsadm的一个套件,所以一定是要安装的。