LVS
LVS是Linux Virtual Server的简写,意即Linux虚拟服务器,是一个虚拟的服务器集群系统。
我们定义一些名词缩写:
早期的小型运营商使用的LVS:
隐藏的Virtual IP 配置原理
隐藏VIP方法:对外隐藏,对内可见 :
kernel parameter:
目标mac地址为全F,交换机触发广播
/proc/sys/net/ipv4/conf/*IF*/
arp_ignore: 定义接收到ARP请求时的响应级别;
0:只要本地配置的有相应地址,就给予响应;
1:仅在请求的目标(MAC)地址配置请求到达的接口上的时候,才给予响应;
arp_announce:定义将自己地址向外通告时的通告级别;
0:将本地任何接口上的任何地址向外通告;
1:试图仅向目标网络通告与其网络匹配的地址;
2:仅向与本地接口上地址匹配的网络进行通告;
将VIP配置在环回接口lo上
负载均衡调度方法
四种静态调度方法:
rr: 轮叫调度(Round-Robin Scheduling)
wrr:加权轮叫调度(Weighted Round-Robin Scheduling)
dh: 目标地址散列调度(Destination Hashing Scheduling)
sh:源地址散列调度(Source Hashing Scheduling)
动态调度方法:
lc: 最小连接调度(Least-Connection Scheduling)
wlc: 加权最小连接调度(Weighted Least-Connection Scheduling)
sed: 最短期望延迟
nq: never queue
LBLC: 基于局部性的最少链接(Locality-Based Least Connections Scheduling)
DH:
LBLCR:带复制的基于局部性最少链接(Locality-Based Least Connections with Replication Scheduling)
LVS在Linux中自带的ipvs内核模块
ipvs内核模块
yum install ipvsadm -y
管理集群服务
添加:-A -t|u|f service-address [-s scheduler]
-t: TCP协议的集群
-u: UDP协议的集群
service-address: IP:PORT
-f: FWM: 防火墙标记
service-address: Mark Number
修改:-E
删除:-D -t|u|f service-address
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
例如,ipvsadm -A -t 192.168.9.100:80 -s rr
管理集群服务中的RS
添加:-a -t|u|f service-address -r server-address [-g|i|m] [-w weight]
-t|u|f service-address:事先定义好的某集群服务
-r server-address: 某RS的地址,在NAT模型中,可使用IP:PORT实现端口映射;
[-g|i|m]: LVS类型
-g: DR
-i: TUN
-m: NAT
[-w weight]: 定义服务器权重
修改:-e
删除:-d -t|u|f service-address -r server-address
# ipvsadm -a -t 172.16.100.1:80 -r 192.168.10.8 –g
# ipvsadm -a -t 172.16.100.1:80 -r 192.168.10.9 -g
查看
-L|l
-n: 数字格式显示主机地址和端口
--stats:统计数据
--rate: 速率
--timeout: 显示tcp、tcpfin和udp的会话超时时长
-:c 显示当前的ipvs连接状况
删除所有集群服务
-C:清空ipvs规则
保存规则,下次重启电脑还可以使用
-S
# ipvsadm -S > /path/to/somefile
载入此前的规则:
-R
# ipvsadm -R < /path/form/somefile
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
实验手册
DR模型(直接路由模型)
操作流程:
LVS:
node01:
ifconfig eth0:8 192.168.150.100/24
node02~node03:
1)修改内核:
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
2)设置隐藏的vip:
ifconfig lo:3 192.168.150.100 netmask 255.255.255.255
RS中的服务:
node02~node03:
yum install httpd -y
service httpd start
vi /var/www/html/index.html
from 192.168.150.1x
LVS服务配置
node01:
yum install ipvsadm
ipvsadm -A -t 192.168.150.100:80 -s rr
ipvsadm -a -t 192.168.150.100:80 -r 192.168.150.12 -g -w 1
ipvsadm -a -t 192.168.150.100:80 -r 192.168.150.13 -g -w 1
ipvsadm -ln
验证:
浏览器访问 192.168.150.100 看到负载 疯狂F5
node01:
netstat -natp 结论看不到socket连接
node02~node03:
netstat -natp 结论看到很多的socket连接
node01:
ipvsadm -lnc 查看偷窥记录本
TCP 00:57 FIN_WAIT 192.168.150.1:51587 192.168.150.100:80 192.168.150.12:80
FIN_WAIT: 连接过,偷窥了所有的包
SYN_RECV: 基本上lvs都记录了,证明lvs没事,一定是后边网络层出问题
keepalived实验:
主机: node01~node04
node01:
ipvsadm -C
ifconfig eth0:8 down
––––––––––––––
node01,node04:
yum install keepalived ipvsadm -y
配置:
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vi keepalived.conf
node01:
vrrp:虚拟路由冗余协议!
vrrp_instance VI_1 {
state MASTER // node04 BACKUP
interface eth0
virtual_router_id 51
priority 100 // node04 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.150.100/24 dev eth0 label eth0:3
}
}
virtual_server 192.168.150.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 0
protocol TCP
real_server <span class="token number">192.168</span><span class="token number">.150</span><span class="token number">.12</span> <span class="token number">80</span> <span class="token punctuation">{<!-- --></span>
weight <span class="token number">1</span>
HTTP_GET <span class="token punctuation">{<!-- --></span>
url <span class="token punctuation">{<!-- --></span>
path <span class="token operator">/</span>
status_code <span class="token number">200</span>
<span class="token punctuation">}</span>
connect_timeout <span class="token number">3</span>
nb_get_retry <span class="token number">3</span>
delay_before_retry <span class="token number">3</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
real_server <span class="token number">192.168</span><span class="token number">.150</span><span class="token number">.13</span> <span class="token number">80</span> <span class="token punctuation">{<!-- --></span>
weight <span class="token number">1</span>
HTTP_GET <span class="token punctuation">{<!-- --></span>
url <span class="token punctuation">{<!-- --></span>
path <span class="token operator">/</span>
status_code <span class="token number">200</span>
<span class="token punctuation">}</span>
connect_timeout <span class="token number">3</span>
nb_get_retry <span class="token number">3</span>
delay_before_retry <span class="token number">3</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
scp <span class="token punctuation">.</span><span class="token operator">/</span>keepalived<span class="token punctuation">.</span>conf root@node04<span class="token punctuation">:</span>`pwd`
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104