目录
一、简述lvs四种集群特点及使用场景
lvs-nat(Network Address Translation):#DNAT目标网络地址转换
本质是多目标IP的DNAT,通过把请求报文的目标IP和目标PORT修改成RS的RIP和PORT来实现调度。
特点:
1、RIP和DIP应在同一个IP网络,且应使用私网地址; RS的网关要指向DIP;
2、请求报文和响应报文都必须经由Director转发, Director易于成为系统瓶颈;
3、支持端口映射,可修改请求报文的目标PORT;
4、VS必须是Linux系统, RS可以是任意OS系统;
lvs-dr(Direct Routing):#直接路由
应用最广泛,通过为请求报文重新封装一个MAC首部进行转发,源MAC是DIP的接口MAC,目标MAC是RS的RIP的接口MAC;源IP、PORT,目标IP、PORT不变。
特点:
1、RS和VS都配置VIP;
2、需要确保前端路由器将报文转发到VS的RIP上(一般通过在RS上修改arp通告及应答级别的内核参数实现);
3、RS的RIP可以使用私网地址,也可以是公网地址; RIP与DIP在同一IP网络;RIP的网关不能指向DIP,以确保响应报文不会经由VS,而由RS直接发往Client;
4、RS和VS要在同一个物理网络;
5、不支持端口映射; #过程中只改数据链路层MAC地址
6、RS可使用大多数OS系统;
lvs-tun(Tunnel): #隧道
转发方式:不修改请求报文的IP首部(源IP为CIP,目标IP为VIP),而在原IP报文之外再封装一个IP首部(源IP是DIP,目标IP是RIP),将报文发往挑选出的目标RS; RS直接响应给客户端(源IP是VIP,目标IP是CIP)。
1、DIP, VIP, RIP都应该是公网地址;
2、请求报文要经由VS,但响应不经由VS,所以RS的网关一般不能指向DIP;
3、不支持端口映射;
4、RS的OS须支持隧道功能;
lvs-fullnat(SNAT+DNAT):
通过同时修改请求报文的源IP地址和目标IP地址进行转发。
1、VIP是公网地址, RIP和DIP是私网地址,未必在同一IP网络,但必须要能通信;
2、RS收到的请求报文源地址是DIP,因此,只需响应给DIP;但Director还要将其发往Client;
3、请求和响应报文都经由Director;
4、支持端口映射;
注意:此类型kernel默认不支持
|
| VS/NAT | VS/TUN | VS/DR |
| Server | any | Tunneling | Non-arp device |
| server network | private | LAN/WAN | LAN |
| server number | low (10~20) | High (100) | High (100) |
| server gateway | load balancer | own router | Own router |
二、描述LVS-DR工作原理,并配置实现。
VIP和DIP不同网段,路由器启2个接口
地址规划信息:
客户端:
IP(eth0):192.168.8.66
GW:192.168.8.77
路由:
VMNET0(eth1):192.168.8.77
VMNET8(eth0):10.0.0.100
VS:
DIP(eth0):192.168.44.37
VIP(lo:1):10.10.10.10
GW(eth0):10.0.0.100
RS:
RIP1(eth0):192.168.44.17
RIP2(eth0):192.168.44.27
VIP(lo:1):10.10.10.10
GW(eth0):10.0.0.100
route配置:
#开启IP转发功能
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
systemctl -pRS配置:
#安装httpd服务
yum install -y httpd
systemctl start httpd
systemctl enable httpd
#配置测试页面
echo "192.168.44.17 RS1" >/var/www/html
echo "192.168.44.27 RS2" >/var/www/html
#限制响应和通告级别
echo "net.ipv4.conf.all.arp_ignore = 1">>/etc/sysctl.conf
echo "net.ipv4.conf.lo.arp_ignore = 1">>/etc/sysctl.conf
echo "net.ipv4.conf.all.arp_announce = 2">>/etc/sysctl.conf
echo "net.ipv4.conf.lo.arp_announce = 2">>/etc/sysctl.conf
sysctl -p
#VIP配置
临时配置:
ifconfig lo:1 10.10.10.10 netmask 255.255.255.0
永久配置:
cat >/etc/sysconfig/network-scripts/ifcfg-lo:1 <<EOF
DEVICE=lo:1
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.10.10.10
NETMASK=255.255.255.0
EOFVS配置:
#安装lvs工具包
yum install -y ipvsadm
systemctl start ipvsadm
systemctl enable ipvsadm
#VIP配置
临时配置
ifconfig lo:1 10.10.10.10 netmask 255.255.255.0
永久配置
cat >/etc/sysconfig/network-scripts/ifcfg-lo:1 <<EOF
DEVICE=lo:1
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.10.10.10
NETMASK=255.255.255.0
EOFLVS策略配置:
#清空防火墙策略
iptables -F
#添加lvs策略
ipvsadm -A -t 10.10.10.10:80 -s wrr
ipvsadm -a -t 10.10.10.10:80 -r 192.168.44.17 -g -w 1
ipvsadm -a -t 10.10.10.10:80 -r 192.168.44.27 -g -w 1
#永久保存规则
ipvsadm-save > /etc/sysconfig/ipvsadm测试结果如下:
三、实现LVS+Keepalived高可用。
地址规划信息:
客户端:
IP(eth0):192.168.8.66
GW:192.168.8.77
路由:
VMNET0(eth1):192.168.8.77
VMNET8(eth0):192.168.44.7
VS:
DIP1(eth0):192.168.44.37
DIP2(eth0):192.168.44.47
VIP(eth0:1):192.168.44.100
GW(eth0):192.168.44.7
RS:
RIP1(eth0):192.168.44.17
RIP2(eth0):192.168.44.27
VIP(eth0:1):192.168.44.100
GW(eth0):192.168.44.7
route配置:
#开启IP转发功能
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
systemctl -pRS配置:
#安装httpd服务
yum install -y httpd
systemctl start httpd
systemctl enable httpd
#配置测试页面
echo "192.168.44.17 RS1" >/var/www/html
echo "192.168.44.27 RS2" >/var/www/html
#限制响应和通告级别
echo "net.ipv4.conf.all.arp_ignore = 1">>/etc/sysctl.conf
echo "net.ipv4.conf.lo.arp_ignore = 1">>/etc/sysctl.conf
echo "net.ipv4.conf.all.arp_announce = 2">>/etc/sysctl.conf
echo "net.ipv4.conf.lo.arp_announce = 2">>/etc/sysctl.conf
sysctl -p
#VIP配置
临时配置
ifconfig eth0:1 192.168.44.100 netmask 255.255.255.0
永久配置
cat >/etc/sysconfig/network-scripts/ifcfg-eth0:1 <<EOF
DEVICE=eth0:1
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.44.100
NETMASK=255.255.255.0
EOFkeepalive安装:
#vs安装keepalive
yum install keepalived ipvsadm -y
cd /etc/keepalived
cp keepalived.conf{,.bak}
#vs基于KEY验证
vs1执行
ssh-keygen
ssh-copy-id vs2
vs2执行
ssh-keygen
ssh-copy-id vs1
#开启keepalive单独日志
注:默认keepalive日志记录在/var/log/messages,可参照以下方法开启单独日志
vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
vim /etc/rsyslog.conf
local6.* /var/log/keepalived.logkeepalive配置:
vim /etc/keepalived/keepalived.conf
vs1配置示例:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #联系方式
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1 #发邮件的地址
smtp_connect_timeout 30
router_id LVS-KA1 #主机名,在另一结点为LVS-KA2
vrrp_mcast_group4 224.0.100.100 #多播配置(交换优先级信息)
}
vrrp_instance VI_1 { #虚拟路由器信息,可以添加多个,在一个里面当主,在另一个里面当从
state MASTER #在另一个结点上为BACKUP
interface eth0 #通过这个接口通告优先级
virtual_router_id 8 #多个节点必须相同
priority 100 #优先级(0~255),在另一个结点上为80
advert_int 1 #通告间隔1s
authentication { #鉴权
auth_type PASS #预共享密钥认证
auth_pass centos
}
virtual_ipaddress {
192.168.44.100/24 dev eth0 label eth0:1
}
track_interface { #配置监控网络接口,一旦出现故障,则转为FAULT状态
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.37.100 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.37.17 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.37.27 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
vs2配置示例:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS-KA2
vrrp_mcast_group4 224.0.100.100
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 8
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass centos
}
virtual_ipaddress {
192.168.44.100/24 dev eth0 label eth0:1
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.44.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.44.17 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.44.27 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
#启动服务
systemctl start keepalived
systemctl enabled keepalivedVS上配置sorry_server:
yum install -y httpd
echo "192.168.44.37 SORRY SERVER1" >/var/www/html
echo "192.168.44.47 SORRY SERVER2" >/var/www/html
systemctl start httpd
systemctl enabled httpd#通知脚本
vim /etc/keepalived/notify.sh
#!/bin/bash
#
contact='root@localhost'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
#vs1和vs2上启动服务获取vip地址
systemctl start keepalived
注:先启动优先级低的vs多播消息获取vip后,再启动优先级高的vs会夺取vip地址
抓多播消息数据包:tcpdump -i eth0 -nn host 224.0.100.100
如下测试:
1、正常RS切换
2、VS1、RS1、RS2服务分别挂掉,VS2的SORRYSERVER2上线
3、VS1服务启动,SORRYSERVER1上线
扫一扫
662
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
