lvs负载均衡
lvs简介
LVS(Linux Virtual Server)即Linux虚拟服务器,是由章文嵩博士主导的开源负载均衡项目,目前LVS已经被集成到Linux内核模块中。在Linux内核中实现了基于IP的数据请求负载均衡调度方案,终端互联网用户从外部访问公司的负载均衡服务器,终端用户的Web请求会发送给LVS调度器,调度器根据自己预设的算法决定将该请求发送给后端的某台Web服务器
工作结构
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-jB0zlSKB-1664436830982)(C:\Users\kang\AppData\Roaming\Typora\typora-user-images\image-20220927085352567.png)]
LVS三种工作模式及原理
NAT模式:
通过网络地址转换实现的虚拟服务器
大并发访问时,调度器的性能成为瓶颈
DR模式
直接使用路由技术实现虚拟服务器
节点服务器需要配置VIP,注意MAC地址广播
TUN模式
通过隧道方式实现虚拟服务
NAT模式
这个是通过网络地址转换的方法来实现调度的,首先调度器(LB)接收到客户的请求数据包时(请求的目的IP为VIP),根据调度算法决定将请求发送给哪个后端的真实服务器(RS)。然后调度就把客户端发送的请求数据包的目标IP地址及端口改成后端真实服务器的IP地址(RIP),这样真实服务器(RS)就能够接收到客户的请求数据包了。真实服务器响应完请求后,查看默认路由(NAT模式下我们需要把RS的默认路由设置为LB服务器。)把响应后的数据包发送给LB,LB再接收到响应包后,把包的源地址改成虚拟地址(VIP)然后发送回给客户端。
注意事项:
在NAT模式中,Real Server的网关必须指向LVS,否则报文无法送达客户端。
特点:
1.NAT技术将请求的报文和响应的报文都需要通过LB进行地址改写,因此网站访问量比较大的时候LB负载均衡调度器有比较大的瓶颈,一般要求是10-20台节点。
2.只需在LB上配置一个公网ip地址就可以了.
3.每台内部的realserver服务器的网关地址必须是调度器LB的内网地址。
4.NAT模式支持对IP地址和端口进行转换。即用户请求的端口和真实的服务器的端口可以不一致。
NAT模式的优点:
集群中的物理服务器可以使用任何支持tcp/ip的操作系统,只有负载均衡调度器需要一个合法的IP地址。
NAT模式的缺点:
扩展性有限。当服务节点(普通PC服务器)增长过多时,负载均衡器将成为整个系统的瓶颈,因为所有的请求包和答应包的流向斗经过负载均衡器。当服务器节点过多时,大量的数据包都交汇在负载均衡器那,数度就就会变慢。
NAT模式实验
环境需求:
主机名 | 主机作用 | IP/DIP | VIP |
---|---|---|---|
DR | LVS服务器(DR) | 192.168.171.13 | 172.25.0.100 |
RS1 | apache服务器1(RS) | 192.168.171.133 | 网关为DR网关 |
RS2 | apache服务器2(RS) | 192.168.171.142 | 网关为DR网关 |
client | 客户端 (用于测试) | 192.168.171.141 | 客户端不需要VIP |
//关闭DR防火墙selinux
[root@DR ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//添加一块仅主机模式的网卡
[root@DR ~]# nmcli con show
NAME UUID TYPE DEVI>
ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet ens3>
Wired connection 1 5939e1d3-99d7-3b68-a249-765104f661d7 ethernet ens3>
//然后在修改ip172.25.0.100网段为172.25.0.255方便区分
[root@DR ~]# nmcli connection modify Wired\ connection\ 1 con-name ens37 ipv4.addresses 172.25.0.100/24 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@DR ~]# nmcli connection up ens37
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@DR ~]# ip a | grep ens37
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 172.25.0.100/24 brd 172.25.0.255 scope global noprefixroute ens37
[root@DR ~]#
//开启转发功能
[root@DR ~]# vi /etc/sysctl.conf
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@DR ~]#
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 172.25.0.100:80 -s rr
[root@DR ~]# ipvsadm -a -t 172.25.0.100:80 -r 192.168.171.133:80 -m
[root@DR ~]# ipvsadm -a -t 172.25.0.100:80 -r 192.168.171.142:80 -m
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.0.100:80 rr
-> 192.168.171.133:80 Masq 1 0 0
-> 192.168.171.142:80 Masq 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm.service
[root@DR ~]# systemctl enable ipvsadm.service
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
[root@DR ~]#
RS1配置
//关闭防火墙selinux
[root@RS1 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@RS1 ~]# setenforce 0
//这里把RS1的网关指向DR的VIP
[root@RS1 ~]# nmcli connection modify ens33 ipv4.addresses 192.168.171.133/24 ipv4.gateway 172.25.0.100 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@RS1 ~]# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
//配置好yum源,然后安装httpd,然后配置好网站首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" >/var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
RS2配置
//关闭防火墙selinux
[root@RS2 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//这里的网关也要只想DR的vip
[root@RS2 ~]# nmcli connection modify ens33 ipv4.addresses 192.168.171.142/24 ipv4.gateway 172.25.0.100 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@RS2 ~]# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
//配置好yum源,然后安装httpd服务,然后配置好网站首页
[root@RS2 ~]# dnf -y install httpd
测试
//轮询
[root@localhost ~]# curl 192.168.171.200
RS1
[root@localhost ~]# curl 192.168.171.200
RS2
[root@localhost ~]# curl 192.168.171.200
RS1
[root@localhost ~]# curl 192.168.171.200
RS2
[root@localhost ~]#
DR模式
DR模式原理:
DR模式是通过改写请求报文的目标MAC地址,将请求发给真实服务器的,而真实服务器响应后的处理结果直接返回给客户端用户。同TUN模式一样,DR模式可以极大的提高集群系统的伸缩性。而且DR模式没有IP隧道的开销,对集群中的真实服务器也没有必要必须支持IP隧道协议的要求。但是要求调度器LB与真实服务器RS都有一块网卡连接到同一物理网段上,必须在同一个局域网环境。
优点:
VS/DR跟 VS/TUN 方法相同,负载调度器中只负责调度请求,而服务器直接将响应返回给客户,可以极大地提高整个集群系统的吞吐量。
缺点:
要求负载均衡器的网卡必须与物理网卡在一个物理段上,且因为负载均衡器
DR模式实验
环境需求:
主机名 | 主机作用 | IP/DIP | VIP |
---|---|---|---|
DR | LVS服务器(DR) | 192.168.171.13 | lo:192.168.171.200 |
RS1 | apache服务器1(RS) | 192.168.171.142 | lo:192.168.171.200 |
RS2 | apache服务器2(RS) | 192.168…171.133 | lo:192.168.171.200 |
client | 客户端 (用于测试) | 192.168.171.141 | 客户端不需要VIP |
//关闭防火墙selinux
[root@DR ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//下载ifconfig工具包
[root@DR ~]# dnf -y install net-tools
[root@DR ~]# ip a |grep lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 192.168.171.200/0 brd 192.168.171.200 scope global lo
//永久生效lo网卡配置
[root@DR ~]# echo "ifconfig lo 192.168.171.200/32 broadcast 192.168.171.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@DR ~]# chmod +x /etc/rc.d/rc.local
[root@DR ~]#
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.171.200:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.171.200:80 -r 192.168.171.133:80 -g
[root@DR ~]# ipvsadm -a -t 192.168.171.200:80 -r 192.168.171.142:80 -g
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.171.200:80 rr
-> 192.168.171.133:80 Route 1 0 0
-> 192.168.171.142:80 Route 1 0 0
[root@DR ~]#
RS1配置
//关闭防火墙selinux
[root@RS1 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//RS1上配置内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS1 ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//配置VIP
[root@RS1 ~]# dnf -y install net-tools (先安装ifconfig命令)
[root@RS1 ~]# ifconfig lo 192.168.171.200/32 broadcast 192.168.171.200 netmask 255.255.255.255 up
//永久生效lo网卡配置
[root@RS1 ~]# echo "ifconfig lo 192.168.171.200/32 broadcast 192.168.171.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@RS1 ~]# chmod +x /etc/rc.d/rc.local
//添加路由
[root@RS1 ~]# route add -host 192.168.171.200/32 dev lo
[root@RS1 ~]#
//安装httpd服务,然后配置好网站首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
RS2配置
//关闭防火墙selinux
[root@RS2 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//RS2上配置内核参数
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS2 ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//配置VIP
[root@RS2 ~]# dnf -y install net-tools
[root@RS2 ~]# ifconfig lo 192.168.171.200/32 broadcast 192.168.171.200 netmask 255.255.255.255 up
[root@RS2 ~]# echo "ifconfig lo 192.168.171.200/32 broadcast 192.168.171.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@RS2 ~]# chmod +x /etc/rc.d/rc.local
//添加路由
[root@RS2 ~]# route add -host 192.168.171.200/32 dev lo
安装httpd服务,然后配置好网站首页
[root@RS2 ~]# dnf -y install httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
客户端进行测试
//轮询
[root@localhost ~]# curl 192.168.171.200
RS1
[root@localhost ~]# curl 192.168.171.200
RS2
[root@localhost ~]# curl 192.168.171.200
RS1
[root@localhost ~]# curl 192.168.171.200
RS2
[root@localhost ~]#
tun模式
环境需求:
主机名 | 主机作用 | IP/DIP | VIP |
---|---|---|---|
DR | LVS服务器(DR) | 192.168.171.13 | 192.168.171.200 |
RS1 | apache服务器1(RS) | 192.168.171.133 | 192.168.171.200 |
RS2 | apache服务器2(RS) | 192.168.171.142 | 192.168.171.200 |
client | 客户端 (用于测试) | 192.168.171.141 | 客户端不需要VIP |
恢复快照
DR配置
//关闭selinux和防火墙
[root@DR ~]# systemctl disable --now firewalld.service
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//修改内核参数,开启IP转发
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@DR ~]# ifconfig tunl0 192.168.171.200 broadcast 192.168.171.200 netmask 255.255.255.255
[root@DR ~]# ip a |grep tunl0
3: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
inet 192.168.171.200/32 brd 192.168.171.200 scope global tunl0
/永久生效
[root@DR ~]# echo "ifconfig tunl0 192.168.171.200 broadcast 192.168.171.200 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@DR ~]# chmod +x /etc/rc.d/rc.local
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.171.200:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.171.200:80 -r 192.168.171.133:80 -g
[root@DR ~]# ipvsadm -a -t 192.168.171.200:80 -r 192.168.171.142:80 -g
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.171.200:80 rr
-> 192.168.171.133:80 Route 1 0 0
-> 192.168.171.142:80 Route 1 0 0
[root@DR ~]#
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm.service
[root@DR ~]# systemctl enable ipvsadm.service
RS1配置
//关闭selinux和防火墙
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# systemctl disable --now firewalld.service
//启用ipip模块,配置VIP
[root@RS1 ~]# dnf -y install net-tools
[root@RS1 ~]# modprobe ipip
[root@RS1 ~]# ifconfig tunl0 192.168.171.200 broadcast 192.168.171.200 netmask 255.255.255.255
[root@RS1 ~]# echo "ifconfig tunl0 192.168.171.200 broadcast 192.168.171.200 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@RS1 ~]# chmod +x /etc/rc.d/rc.local
//修改内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS1 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
//安装httpd服务,然后配置好网站首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
RS2配置
//关闭selinux和防火墙
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# systemctl disable --now firewalld.service
//启用ipip模块,配置VIP
[root@RS2 ~]# dnf -y install net-tools
[root@RS2 ~]# modprobe ipip
[root@RS2 ~]# ifconfig tunl0 192.168.171.200 broadcast 192.168.171.200 netmask 255.255.255.255
[root@RS1 ~]# echo "ifconfig tunl0 192.168.171.200 broadcast 192.168.171.200 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@RS2 ~]# chmod +x /etc/rc.d/rc.local
//修改内核参数
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS2 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
//安装httpd服务,然后配置好网站首页
[root@RS2 ~]# dnf -y install httpd
[root@RS2 ~]# echo "RS1" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
测试tun(隧道)
//轮询
[root@localhost ~]# curl 192.168.171.200
RS1
[root@localhost ~]# curl 192.168.171.200
RS2
[root@localhost ~]# curl 192.168.171.200
RS1
[root@localhost ~]# curl 192.168.171.200
RS2
[root@localhost ~]#