LVS:Linux Virtual Server,负载调度器,内核集成,章文嵩,阿里的四层SLB(Server LoadBalance)是基于LVS+keepalived实现
lvs集群的类型
- lvs-nat: 修改请求报文的目标IP,多目标IP的DNAT
- lvs-dr: 操纵封装新的MAC地址
- lvs-tun: 在原请求IP报文之外新加一个IP首部
- lvs-fullnat: 修改请求报文的源和目标IP
部署DR模式集群案例
此实验基于rhel9.1配置,且每个实验主机都含有ip配置脚本,后续配置地址,只需根据实验需求自行修改
[root@client ~]# vim /usr/bin/vmset.sh
#!/bin/bash
2 cat > /etc/NetworkManager/system-connections/$1.connection <<EOF
3 [connection]
4 id=$1
5 type=ethernet
6 interface-name=$1
7
8 [ipv4]
9 method=manual
10 address1=$2/24,172.25.254.2
11 dns=8.8.8.8
12 EOF
13
14 chmod 600 /etc/NetworkManager/system-connections/$1.connection
15 nmcli connection reload
16 nmcli connection up $1
client配置(client只需一张nat模式的网卡)
[root@client ~]# cat /etc/NetworkManager/system-connections/eth0.connection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
method=manual
address1=172.25.254.200/24,172.25.254.100
route配置(需要一张nat模式网卡,一张仅主机模式网卡)
[root@route ~]# cat /etc/NetworkManager/system-connections/eth
eth0.connection eth1.connection
[root@route ~]# cat /etc/NetworkManager/system-connections/eth0.connection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
method=manual
address1=172.25.254.100/24,172.25.254.2
dns=8.8.8.8
[root@route ~]# cat /etc/NetworkManager/system-connections/eth1.connection
[connection]
id=eth1
type=ethernet
interface-name=eth1
[ipv4]
method=manual
address1=192.168.0.100/24
#开启路由配置
[root@route ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
[root@route ~]# vim /etc/sysctl.conf---( net.ipv4.ip_forward = 1)将括号内容填写进去
#生效配置
[root@route ~]# sysctl -p
net.ipv4.ip_forward = 1
lvs配置(需要一张仅主机模式网卡)
[root@lvs ~]# cat /etc/NetworkManager/system-connections/eth0.connection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
method=manual
address1=192.168.0.50/24,192.168.0.100
[root@lvs ~]# ip a a 192.168.0.200/32 dev lo
#查看路由
[root@lvs ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
#安装ipvsadm
[root@lvs ~]# yum install ipvsadm -y
#配置ipvsadm之前查看配置
[root@lvs ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
#开始配置
[root@lvs ~]# ipvsadm -A -t 192.168.0.200:80 -s wrr #(-A:添加 -t:tcp服务 -s:指定调度算法(wrr)加权轮询算法)
[root@lvs ~]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.10:80 -g -w 1 #(-a:添加realserver -t:tcp服务 -r:realserver地址 -g:直通路由模式 -w:权重)
[root@lvs ~]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.20:80 -g -w 2
#配置后查看完成的配置
[root@lvs ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.200:80 wrr
-> 192.168.0.10:80 Route 1 0 0
-> 192.168.0.20:80 Route 2 0 0
#查看路由
[root@lvs ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
web服务器配置(需要一张仅主机模式网卡)
#web服务器
[root@web1 ~]# ip a a 192.168.0.200/32 dev lo #开启本地环回
[root@web1 ~]# cat /etc/NetworkManager/system-connections/eth0.connection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
method=manual
address1=192.168.0.10/24,192.168.0.100
#配置apache服务器(前期设定了将网页文件放在/web/html/index.html)
[root@web1 ~]# yum install httpd -y
[root@web1 ~]# echo web1-192.168.0.10 > /web/html/index.html
[root@web1 ~]# systemctl enable --now httpd
#配置realserver使用vip不对外响应
[root@web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
#web2与web1配置相同(ip地址不一样,看上图),此处省略
测试
防火墙标记解决轮询调度问题
前言:借助于防火墙标记来分类报文,而后基于标记定义集群服务:可将多个不同的应用使用同一个集群服务进行调度。
web服务器上移动https模块
lvs服务器配置
#清空测略
[root@lvs conf]# ipvsadm -C
#查看
[root@lvs conf]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
#配置防火墙标记
[root@lvs conf]# iptables -t mangle -A PREROUTING -d 192.168.0.200 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 66
[root@lvs conf]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@lvs conf]# iptables -t mangle -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK tcp -- 0.0.0.0/0 192.168.0.200 multiport dports 80,443 MARK set 0x42
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
#配置测略
[root@lvs conf]# ipvsadm -A -f 66 -s rr #firewall mask 火墙标记,是一个数字
[root@lvs conf]# ipvsadm -a -f 66 -r 192.168.0.10 -g
[root@lvs conf]# ipvsadm -a -f 66 -r 192.168.0.20 -g
[root@lvs conf]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 66 rr
-> 192.168.0.10:0 Route 1 0 0
-> 192.168.0.20:0 Route 1 0 0
web配置
[root@web1 ~]# yum install mod_ssl -y
[root@web1 conf]# systemctl restart httpd
[root@web1 conf]# netstat -antlupe | grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 35393 2263/httpd
tcp6 0 0 :::443 :::* LISTEN 0 35401 2263/httpd
测试