lvs负载均衡

已于 2022-09-29 21:55:46 修改
阅读量251 收藏
点赞数
文章标签: lvs 负载均衡 linux
于 2022-09-29 13:53:42 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_62469712/article/details/127103757
版权
主机名称网卡信息(ens160为nat、ens192为仅主机)安装应用系统
Client客户端192.168.64.134centos8
DR192.168.64.128ipvsadmcentos8
RS1192.168.64.129httpdcentos8
RS2192.168.64.130httpdcentos8
[root@RS1 ~]# mount /dev/cdrom /mnt/
mount: /mnt: WARNING: device write-protected, mounted read-only.
[root@RS1 ~]# mount /dev/sr0 /media
[root@DR ~]# cd /etc/yum.repos.d/
[root@DR yum.repos.d]# ls
cys.repo
[root@DR yum.repos.d]# vim cys.repo 

[BaseOS]
name=baseos
baseurl=file:///media/BaseOS				//指定挂载的目录下的BaseOS 以及AppStream目录
gpgcheck=0				//即不校验
enabled=1				// 启用该镜像
gpgkey=file:///etc/pki/rpm.gpg/RPM-GPG-KEY-centosofficial
[AppStream]
name=appstream
baseurl=file:///media/AppStream
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm.gpg/RPM-GPG-KEY-centosofficial
[root@RS1 ~]# yum makecache

DR、RS1、RS2三台主机都关闭防火墙和selinux

[root@DR ~]# systemctl stop firewalld
[root@DR ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# 
[root@DR ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled


[root@RS1 ~]# systemctl stop firewalld
[root@RS1 ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# 
[root@RS1 ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled


[root@RS2 ~]# systemctl stop firewalld
[root@RS2 ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# 
[root@RS2 ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

2、配置ip信息
在这里插入图片描述

DR:
添加ens33网卡信息仅主机

[root@DR ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=192.168.64.128
PREFIX=24
GATEWAY=192.168.64.254
DNS1=8.8.8.8

DR仅主机:

[root@DR ~]# nmcli connection show
NAME                UUID                                  TYPE      >
ens33               c96bc909-188e-ec64-3a96-6a90982b08ad  ethernet  >
Wired connection 1  8a9db67c-11f8-30cd-9aa4-f3688b237893  ethernet  >
[root@DR ~]# nmcli connection add con-name ens192 ifname ens37 type ethernet 
Connection 'ens192' (207e3e1b-7adf-4ac1-8940-87e566a48380) successfully added.
[root@DR ~]# nmcli connection modify ens192 ipv4.addresses 192.168.226.128/24 ipv4.method manual connection.autoconnect yes
[root@DR ~]# nmcli connection up ens192 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)
[root@DR ~]# nmcli connection show
NAME                UUID                                  TYPE      >
ens33               c96bc909-188e-ec64-3a96-6a90982b08ad  ethernet  >
ens192              207e3e1b-7adf-4ac1-8940-87e566a48380  ethernet  >
Wired connection 1  8a9db67c-11f8-30cd-9aa4-f3688b237893  ethernet  >
[root@DR ~]#

RS1:

[root@RS1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 
IPADDR=192.168.64.129
PREFIX=24
GATEWAY=192.168.64.128
DNS1=8.8.8.8
[root@RS1 ~]# systemctl restart NetworkManager
[root@RS1 ~]# nmcli connection up ens33 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

RS2:

[root@RS2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=192.168.64.130
PREFIX=24
GATEWAY=192.168.64.128
DNS1=8.8.8.8
[root@RS2 ~]# systemctl restart NetworkManager
[root@RS2 ~]# nmcli connection up ens33 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@RS2 ~]#

挂载

[root@RS1 ~]# mount /dev/cdrom /mnt/
mount: /mnt: WARNING: device write-protected, mounted read-only.

3、后端RS1和RS2部署WEB服务器

[root@RS1 yum.repos.d]# dnf -y install httpd
[root@RS1 ~]# echo RS1 > /var/www/html/index.html
[root@RS1 ~]# systemctl restart httpd
[root@RS1 ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS1 ~]#

RS2:

[root@RS2 ~]# dnf -y install httpd
[root@RS2 ~]# echo RS1 > /var/www/html/index.html
[root@RS2 ~]# systemctl restart httpd
[root@RS2 ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS2 ~]#

配置好之后查看一下

[root@RS1 ~]# curl http://192.168.64.129
RS1
[root@RS1 ~]# curl http://192.168.64.130
RS1
[root@RS1 ~]#

配置DR
(1)开启IP转发功能

[root@DR ~]# vim /etc/sysctl.conf 
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@DR ~]#

(2)安装ipvsadm并添加规则

[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.226.128:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.226.128:80 -r 192.168.64.129:80 -m[root@DR ~]# ipvsadm -a -t 192.168.226.128:80 -r 192.168.64.130:80 -m 
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.226.128:80 rr
  -> 192.168.64.129:80            Masq    1      0          0         
  -> 192.168.64.130:80            Masq    1      0          0         
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# cat /etc/sysconfig/ipvsadm
-A -t 192.168.226.128:80 -s rr
-a -t 192.168.226.128:80 -r 192.168.64.129:80 -m -w 1
-a -t 192.168.226.128:80 -r 192.168.64.130:80 -m -w 1
[root@DR ~]# 
[root@DR ~]# systemctl restart ipvsadm.service 
[root@DR ~]# systemctl enable ipvsadm.service 
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
[root@DR ~]#

客户端测试
//配置好ip信息
测试:

[root@client ~]# curl http://192.168.226.128
RS1
[root@client ~]# curl http://192.168.226.128
RS2
[root@client ~]# curl http://192.168.226.128
RS1
[root@client ~]# curl http://192.168.226.128
RS2
[root@client ~]# curl http://192.168.226.128
RS1
[root@client ~]# curl http://192.168.226.128
RS2

配置lvs-nat模式的httpd负载集群—https
//在DR中生成一对密钥

[root@DR ~]# mkdir -p /etc/pki/CA/private
[root@DR ~]# cd /etc/pki/CA/
[root@DR CA]# ls
private
[root@DR CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
..........................+++++
e is 65537 (0x010001)
[root@DR CA]# ls private/
cakey.pem
[root@DR CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtflKlF7icJrikN+DY9B2
XK7E+7eOwKv+CCaf21NbRQlHRMlQE+w6lGhhSXrrezywTbzMjgIipkKcI8eB1+re
VrggDLAbAlc93FjI0C0oAk8C91jeSNgZ6DQxt3eHzgO714txmfRMEZjsrr/nl1WW
F3r8suxed/KY82vzJTxnYR3jfH4EP+c/avuVvFfclxBVYAVLAw1f2eKWQIWiP0Pc
TZd8518E0+/lJTubghcZfgWQGs7nDUsu0vSE7iBFlCyva/vvsrVcLPYoG5PFZt14
EijwNt9SBx1l0cF15nu3fQm9YGJn52lT5UX+trTWDthwbEnn62vt0uGtNrT8QG/H
GQIDAQAB
-----END PUBLIC KEY-----
[root@DR CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 1024
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:RUNTIME
Organizational Unit Name (eg, section) []:LINUX
Common Name (eg, your name or your server's hostname) []:CYS
Email Address []:cys@example.com
[root@DR CA]# 
[root@DR CA]#  touch index.txt && echo 01 > serial

在RS1中生成证书签署请求,并发送给CA

[root@RS1 ~]# cd /etc/httpd/
[root@RS1 httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run  state
[root@RS1 httpd]# mkdir  ssl
[root@RS1 httpd]# cd ssl/
[root@RS1 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
........................................+++++
..............................................................+++++
e is 65537 (0x010001)

[root@RS1 ssl]# openssl req -new -key httpd.key -days 1024 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:RUNTIME
Organizational Unit Name (eg, section) []:LINUX
Common Name (eg, your name or your server's hostname) []:CYS
Email Address []:cys@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@RS1 ssl]# 
[root@RS1 ssl]# ls
httpd.csr  httpd.key

在DR中查看

[root@DR ~]# ls
anaconda-ks.cfg  httpd.csr

CA签署证书并发给RS1

[root@DR ~]# mkdir /etc/pki/CA/newcerts
[root@DR ~]# openssl ca -in httpd.csr -out httpd.crt -days 1024
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Sep 29 05:47:12 2022 GMT
            Not After : Jul 19 05:47:12 2025 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = RUNTIME
            organizationalUnitName    = LINUX
            commonName                = CYS
            emailAddress              = cys@example.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                82:D5:F2:54:FA:B9:9C:ED:B7:CB:F0:D3:14:B5:99:17:B0:0D:77:D7
            X509v3 Authority Key Identifier: 
                keyid:E6:76:86:AC:5E:72:AE:BC:61:86:88:67:80:9E:EE:1F:2F:AF:05:12

Certificate is to be certified until Jul 19 05:47:12 2025 GMT (1024 days)
Sign the certificate? [y/n]:y    


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@DR ~]#

将CA签署的证书httpd.crt和服务器的证书cacert.pem发送给RS1

[root@DR ~]# scp httpd.crt root@192.168.64.129:/etc/httpd/ssl
The authenticity of host '192.168.64.129 (192.168.64.129)' can't be established.
ECDSA key fingerprint is SHA256:wwFm8Hgm+WWr8IS/U4pesqpYm2efZVb2wQSBz0uJ1mw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.64.129' (ECDSA) to the list of known hosts.
root@192.168.64.129's password: 
httpd.crt                          100% 4539     2.9MB/s   00:00    
[root@DR ~]# scp /etc/pki/CA/cacert.pem root@192.168.64.129:/etc/httpd/ssl
root@192.168.64.129's password: 
cacert.pem                         100% 1383   826.3KB/s   00:00    
[root@DR ~]#

RS2配置https

[root@RS2 ~]# yum -y install mod_ssl
[root@RS2 ~]# mkdir /etc/httpd/ssl

RS1中把RS1的证书和密钥发送给RS2

[root@RS1 ~]# cd /etc/httpd/ssl/
[root@RS1 ssl]# ls
cacert.pem  httpd.crt  httpd.csr  httpd.key
[root@RS1 ssl]# scp cacert.pem httpd.crt httpd.key root@192.168.64.130:/etc/httpd/ssl
root@192.168.64.130's password: 
cacert.pem                         100% 1383   843.7KB/s   00:00    
httpd.crt                          100% 4539     4.9MB/s   00:00    
httpd.key                          100% 1679     2.2MB/s   00:00    
[root@RS1 ssl]#

在RS1中修改https的配置文件

[root@RS1 ~]# cd /etc/httpd/conf.d/
[root@RS1 conf.d]# vim ssl.conf
#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
#   require an ECC certificate which can also be configured in
#   parallel.
SSLCertificateFile /etc/httpd/ssl/httpd.crt			//修改

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key		//修改
#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/httpd/ssl/cacert.pem			
[root@RS1 conf.d]# systemctl restart httpd

在RS2中修改https的配置文件

[root@RS2 ~]#  vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
SSLCACertificateFile /etc/httpd/ssl/cacert.pem   #把前面的注释删除
[root@RS2 ~]# systemctl restart httpd

在DR中添加规则

[root@DR ~]# ipvsadm -A -t  192.168.226.10:443 -s rr
[root@DR ~]# ipvsadm -a -t  192.168.226.10:443 -r 192.168.64.129 -m
[root@DR ~]# ipvsadm -a -t  192.168.226.10:443 -r 192.168.64.130 -m
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm 
[root@DR ~]# 
[root@DR ~]# systemctl restart ipvsadm.service

客户端测试

[root@Client ~]# curl -k  http://192.168.226.128
RS2
[root@Client ~]# curl -k  http://192.168.226.128
RS1
[root@Client ~]# curl -k  http://192.168.226.128
RS2
[root@Client ~]# curl -k  http://192.168.226.128
RS1

配置lvs-dr模式的httpd负载集群

Lvs服务器(DR)DIP 192.168.64.128VIP 192.168.64.50
Apache服务器(RS1)RIP 192.168.64.129VIP 192.168.64.50
Apache服务器(RS2)RIP 192.168.64.130VIP 192.168.64.50
client客户端IP192.168.64.134

DR、RS1、RS2三台主机都要配置本地源

RS1和RS2网关修改为DR的ip地址,如果参与实验的主机都是克隆的话需要把网卡当中的UUID删除

DR、RS1、RS2三台主机都关闭防火墙和selinux

[root@DR ~]# systemctl stop firewalld.service 
[root@DR ~]# vim /etc/selinux/config 
[root@DR ~]# 
[root@DR ~]# 
[root@DR ~]# setenforce 0

[root@RS1 ~]# systemctl stop firewalld.service
[root@RS1 ~]# vim /etc/selinux/config
[root@RS1 ~]# 
[root@RS1 ~]# setenforce 0

[root@RS2 ~]# systemctl stop firewalld.service
[root@RS2 ~]# vim /etc/selinux/config
[root@RS2 ~]# 
[root@RS2 ~]# setenforce 0

后端RS1和RS2部署WEB服务器

[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# echo RS1 > /var/www/html/index.html
[root@RS1 ~]# systemctl restart httpd
[root@RS1 ~]#  systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

[root@RS1 ~]# yum -y install httpd
[root@RS2 ~]# echo RS2 > /var/www/html/index.html
[root@RS2 ~]# systemctl restart httpd
[root@RS2 ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

临时添加回环ip生效

[root@DR ~]# ifconfig lo 192.168.64.100 broadcast 192.168.64.100 netmask 255.255.255.255 up
[root@DR ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 192.168.64.100/32 brd 192.168.64.100 scope global lo

永久ip生效
把步骤写入一下文件中,在给执行权限

[root@DR ~]# chmod +x /etc/rc.d/rc.local

//RS上配置arp内核参数
RS1和RS2上都需要操作

 vim /etc/sysctl.conf
#将对应网卡设置为只回应目标IP为自身接口地址的ARP请求
net.ipv4.conf.all.arp_ignore = 1
#将ARP请求的源IP设置为所有接口的IP,也就是RIP
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2

[root@RS1 ~]#  sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS1 ~]# 

[root@RS2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS2 ~]#

//RS上配置VIP
一定要先配置好内核参数,再配置VIP,如果先配置VIP,VIP配置好后会立即通告给所有人,而修改内核参数就是为了不通告。
//LVS服务器的ens160网卡的ip:192.168.100.100作为VIP
两台RS都要做

[root@RS1 ~]# ifconfig lo 192.168.64.100 broadcast 192.168.64.100 netmask 255.255.255.255 up
[root@RS1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 192.168.64.100/32 brd 192.168.64.100 scope global lo

//添加路由信息

[root@RS1 ~]# route add -host 192.168.64.100/32 dev lo
[root@RS1 ~]# 
 
 
[root@RS2 ~]# ifconfig lo 192.168.64.100 broadcast 192.168.64.100 netmask 255.255.255.255 up
[root@RS2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 192.168.64.100/32 brd 192.168.64.100 scope global lo

//添加路由信息

[root@RS2 ~]# route add -host 192.168.64.100/32 dev lo

//添加并保存规则

[root@DR ~]# yum -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.64.100:80 -s rr 
[root@DR ~]# ipvsadm -a -t 192.168.64.100:80 -r 192.168.64.129:80 -g  
[root@DR ~]# ipvsadm -a -t 192.168.64.100:80 -r 192.168.64.130:80 -g  
[root@DR ~]# 
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm.service 
[root@DR ~]# systemctl enable ipvsadm.service 
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
[root@DR ~]#

//客户端验证

 [root@Client ~]# curl http://192.168.64.100
RS2
[root@Client ~]# curl http://192.168.64.100
RS1
[root@Client ~]# curl http://192.168.64.100
RS2
[root@Client ~]# curl http://192.168.64.100
RS1
[root@Client ~]#

TUN模式
DR、RS1、RS2三台主机都要配置本地源

RS1和RS2网关修改为DR的ip地址,如果参与实验的主机都是克隆的话需要把网卡当中的UUID删除

DR:
关闭防火墙和selinux,
修改内核参数,开启IP转发

[root@DR ~]# vim /etc/sysctl.conf 
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@DR ~]# 
[root@DR ~]# yum -y install ipvsadm
[root@DR ~]# ifconfig tunl0 192.168.64.50 broadcast 192.168.64.50 netmask 255.255.255.255 up
[root@DR ~]# ip a
3: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
    inet 192.168.119.50/32 brd 192.168.64.50 scope global tunl0
       valid_lft forever preferred_lft forever

//RS1和RS2(两台主机操作一样)
关闭防火墙和selinux,部署httpd

//修改内核参数为

[root@RS1 ~]# ifconfig tunl0 192.168.64.50 broadcast 192.168.64.50 netmask 255.255.255.255 up
[root@RS1 ~]# vim /etc/sysctl.conf 
[root@RS1 ~]# 
[root@RS1 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS1 ~]# 

[root@RS2 ~]# ifconfig tunl0 192.168.64.50 broadcast 192.168.64.50 netmask 255.255.255.255 up
[root@RS2 ~]# vim /etc/sysctl.conf
[root@RS2 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS2 ~]#

启用ipip模块

[root@RS1 ~]# modprobe ipip
[root@RS1 ~]# lsmod | grep ipip
ipip                   16384  0
tunnel4                16384  1 ipip
ip_tunnel              28672  1 ipip
[root@RS1 ~]# 

[root@RS2 ~]# modprobe ipip
[root@RS2 ~]# lsmod | grep ipip
ipip                   16384  0
tunnel4                16384  1 ipip
ip_tunnel              28672  1 ipip
[root@RS2 ~]#

DR上添加规则:

[root@DR ~]# ipvsadm -A -t 192.168.64.50:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.64.50:80 -r 192.168.64.130:80 -i
[root@DR ~]# ipvsadm -a -t 192.168.64.50:80 -r 192.168.64.130:80 -i
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm.service 
[root@DR ~]# systemctl enable ipvsadm.service 
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
[root@DR ~]#

客户端验证:

[root@Client ~]# curl http://192.168.64.50
RS2
[root@Client ~]# curl http://192.168.64.50
RS1
[root@Client ~]# curl http://192.168.64.50
RS2
[root@Client ~]# curl http://192.168.64.50
RS1
cy大马猴
关注
LVS负载均衡原理
Firstlucky77的博客
06-16 816
    硬件:F5 BIG-IP,Citrix NetScaler,A10,Array,Redware    软件:Lvs,nginx,haproxy,ats,perlbal,httpd,varnish    基于工作的协议层次划分:      传输层:        lvs没有上线,haproxy3万并发极限(mode-tcp)      应用层        haproxy,nginx,ats,perlbal    可以参考中文官方文档 http://www.linuxvirtualserver.org
lvs负载均衡集群实验.docx
03-18
lvs负载均衡集群实验 lvs负载均衡集群是基于Linux操作系统的高可用性集群解决方案,通过将多个Real Server集成到一个虚拟的IP地址(Virtual IP,VIP)上,来实现对外提供服务的目的。下面将对lvs负载均衡集群的实验...
LVS负载均衡
2201_75444658的博客
09-12 748
什么是LVSLVS的架构;三种负载调度工作模式;负载调度算法;实验
LVS 负载均衡
m0_64431500的博客
08-08 1015
LVSLinux virtual server的缩写,是一个高性能的、开源的负载均衡器,它运行于Linux操作系统之上,用于将网络请求分发给后端服务器集群中的服务器。LVS简单工作原理为用户请求LVS VIP,LVS根据转发方式和算法,将请求转发给后端服务器,后端服务器接收到请求,返回给用户。LVS 体系结构:位于整个集群系统的最前端,由一台或多台负载调度器(Director Server)组成,LVS模块就安装在调度器上。
LVS负载均衡(详细说明)
m0_61885578的博客
08-11 1583
LVSLinux Virtual Server)是一种基于Linux的高性能虚拟服务器集群系统,主要用于实现负载均衡LVS通过Linux内核中的IPVS模块实现了基于IP负载均衡的功能,能够将来自网络的请求分配给后端的多个服务器,从而提供高可用性和伸缩性。这种技术在处理大规模网络请求时尤其有用,例如大型网站和在线服务,能够有效防止单点故障并提升服务的可靠性和性能。LVS的工作原理可以简要概括为“请求分发”和“响应返回”两个主要环节。
LVS负载均衡的搭建
X2683933654的博客
12-19 744
先安装nfs共享文件 (192.168.17.30)nginx节点服务器1(192.168.17.13)nginx节点服务器1(192.168.17.25)使用windows 去ping查看是否可以互通。使用windows 去ping查看是否可以互通。负载均衡器(192.168.17.28)
Lvs负载均衡
m0_73695023的博客
04-24 536
Lvs负载均衡必须会!!!
部署LVS负载均衡集群架构
十七拾的博客
03-06 1827
本文详细介绍如何使用 ipvsadm 工具,以及如何在NAT模式下部署LVS负载均衡,如何在DR模式下部署LVS负载均衡,希望对你有帮助!
LVS负载均衡集群
Liqi23的博客
11-27 548
目录一、集群的含义二、集群类型三、负载均衡集群架构负载均衡的结构四、负载均衡集群工作模式分析五、LVS虚拟服务器LVS的组成及作用六、LVS的负载调度算法LVS与Nginx功能对比LVS-NAT部署架构图 LVS的管理工具(ipvsadm)NAT模式 LVS负载均衡群集部署部署共享存储(NFS服务器:192.168.23.10)​编辑 配置web1,2节点服务器(192.168.23.30、192.168.23.40)配置负载调度器(192.168.23.20) 由多台主机构成,但对外只表现为一个整体负载均
LVS负载均衡群集
Drw_Dcm的博客
09-05 1862
LVS负载均衡群集
Linux&&LVS负载均衡群集
01-09
Linux&&LVS负载均衡群集概念群集的类型负载均衡的分层结构负载均衡的工作模式环境部署(NAT模式)负载调度器部署启动ip_vs模块LVS的负载调度算法使用ipvsadm管理工具NFS共享存储服务使用NFS发布共享资源在客户机中...
lvs负载均衡源码
07-11
LVS负载均衡器的调度算法有很多种,例如轮询(Round Robin)、最少连接(Least Connections)、短连接优先(Shortest Connection First)等,可以根据实际需求选择合适的算法来分配请求。 在“LVS-master”这个...
centos7之LVS-TUNNEL模式
qq_25096749的博客
11-01 316
lvs tunnel
Linux LVS详解
广阔天地,大有作为
11-02 724
LVS通过将客户端的请求分发到多台后端服务器上,从而提高整体服务的处理能力和可靠性。LVS主要有两个组件:IPVS(IP Virtual Server)和LVS-NAT、LVS-DR、LVS-TUN三种工作模式。LVS的整体架构主要包括负载均衡器(Load Balancer)、后端服务器(Real Server)和客户端三部分。客户端的请求首先到达负载均衡器,然后由负载均衡器根据一定的调度算法将请求转发到后端服务器进行处理,处理结果再返回给客户端。输出将显示 LVS 的规则以及每台真实服务器的连接数。
物理验证Calibre LVS Debug案例之通过deleteEmptyModule解决LVS问题
weixin_37584728的博客
11-05 260
物理验证Calibre LVS Debug案例之通过deleteEmptyModule解决LVS问题
虚拟化负载均衡至少需要几台服务器?
最新发布
JttiSEO的博客
11-05 327
负载均衡器至少需要一台服务器来作为负载均衡器,它负责将进入的网络流量分配到后端的多个服务器上。后端服务器至少需要一台以上的服务器作为后端服务器,它们是实际处理请求的服务器。负载均衡器会将流量分配到这些服务器上,以达到负载均衡的目的。- 多台后端服务器:根据实际的工作负载和需求,可能需要多台后端服务器来处理请求,并且也实现了冗余,提高了系统的整体性能和可靠性。- 至少两台负载均衡器:以实现负载均衡器的高可用性。最终的服务器数量取决于应用的需求、预期的流量、系统的容错能力以及业务连续性要求。
Linux LVS负载均衡技术详解
在本文中,我们将深入探讨Linux LVS负载均衡技术和网络OSI七层模型。 首先,LVSLinux Virtual Server)是基于Linux内核的高性能网络负载均衡解决方案,它能够将请求分发到多台服务器,提高系统的可用性和响应速度...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值