服务器IP地址
名称 | 网络接口 | IP地址 |
---|---|---|
lvs | eth2 | 192.168.1.113 |
lvs | eth1 | 192.168.139.142 |
web1 | eth0 | 192.168.139.144 |
web2 | eth0 | 192.168.139.129 |
web3 | eth0 | 192.168.139.131 |
ipvsadm命令详解
ipvsadm 选项 服务器地址 -s 算法
ipvsadm 选项 服务器地址 -r 真实服务器地址 [工作模式] [ 权重]
header 1 | header 2 |
---|---|
-A | 添加一个虚拟服务,使用IP地址、端口号,协议来唯一定义一个虚拟服务 |
-E | 编辑一个虚拟服务 |
-D | 删除一个虚拟服务 |
-C | 清空虚拟服务表 |
-R | 从标准输入中还原虚拟服务规则 |
-S | 保存虚拟服务规则值标准输出,输出的规则可以使用-R导入还原 |
-a | 在虚拟服务中添加一台真实服务器 |
-e | 在虚拟服务中编辑一台真实服务器 |
-d | 在虚拟服务中删除一台真实服务器 |
-L | 显示虚拟服务列表 |
-t | 使用TCP服务,该参数后需要跟主机与端口信息 |
-u | 使用udp服务,该参数后需要跟主机与端口信息 |
-s | 指定lvs的的调度算法 |
-r | 设置真实服务器IP地址与端口信息 |
-g | 设置lvs工作模式为DR直接路由模式 |
-i | 设置lvs工作模式为TUN隧道模式 |
-m | 设置lvs工作模式为NAT地址转换模式 |
-w | 指定服务器的权重 |
-c | 连接状态,配合-L使用 |
-n | 数字格式输出 |
LVS负载均衡调度算法
header 1 | header 2 |
---|---|
轮询调度 | RR |
加权轮询 | WRR |
最小连接调度 | LC |
加权最小连接 | WLC |
基于局部性最少的连接 | lblc |
带复制的基于局部性最少的连接 | lblcr |
目标地址散列调度 | DH |
源地址散列调度 | SH |
虚拟服务实例一
添加一个虚拟服务
ipvsadm -A -t 192.168.1.113:80 -s rr
ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.129:80 -m
ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.131:80 -m
ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.144:80 -m
查看lvs路由规则表
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.113:80 rr
-> 192.168.139.129:80 Masq 1 0 0
-> 192.168.139.131:80 Masq 1 0 0
-> 192.168.139.144:80 Masq 1 0 0
查看目前ipvs调度状态
# ipvsadm -Lnc
删除为虚拟服务提供web功能的真实服务器
# ipvsadm -d -t 192.168.1.113:80 -r 192.168.139.144:80
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.113:80 rr
-> 192.168.139.129:80 Masq 1 0 0
-> 192.168.139.131:80 Masq 1 0 0
虚拟服务规则表备份与还原
# ipvsadm -S > /tmp/ip_vs.bak ##备份规则表
# ls -l /tmp/ip_vs.bak
-rw-r--r-- 1 root root 202 Jun 7 20:51 /tmp/ip_vs.bak
# ipvsadm -C ##清空规则表
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
#
# ipvsadm -R < /tmp/ip_vs.bak ## 从文件恢复
[root@centos6 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.113:80 rr
-> 192.168.139.129:80 Masq 1 0 0
-> 192.168.139.131:80 Masq 1 0 0
-> 192.168.139.144:80 Masq 1 0 0
修改虚拟服务的调度算法
# ipvsadm -E -t 192.168.1.113:80 -s wrr
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.113:80 wrr
-> 192.168.139.129:80 Masq 1 0 0
-> 192.168.139.131:80 Masq 1 0 0
-> 192.168.139.144:80 Masq 1 0 0
虚拟服务实例二
DR模式,wrr
# ipvsadm -A -t 192.168.1.113:80 -s wrr
# ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.129:80 -g -w 1
# ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.144:80 -g -w 2
# ipvsadm -e -t 192.168.1.113:80 -r 192.168.139.131:80 -g -w 3
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.113:80 wrr
-> 192.168.139.129:80 Route 1 0 0
-> 192.168.139.131:80 Route 3 0 0
-> 192.168.139.144:80 Route 2 0 0
NAT模式实验
原理
1 关闭iptables和selinux
2 编写执行脚本
#!/bin/bash
# director 服务器上开启路由转发功能:
echo 1 > /proc/sys/net/ipv4/ip_forward
# 关闭 icmp 的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
# director 设置 nat 防火墙
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t nat -A POSTROUTING -s 192.168.139.0/24 -j MASQUERADE
#这部分是针对回报更改源ip地址的
# director 设置 ipvsadm
IPVSADM='/sbin/ipvsadm'
$IPVSADM -C
$IPVSADM -A -t 192.168.1.199:80 -s rr
$IPVSADM -a -t 192.168.1.199:80 -r 192.168.139.254:80 -m
#这部分是针对发包更改目标地址的
$IPVSADM -a -t 192.168.1.199:80 -r 192.168.139.253:80 -m
$IPVSADM -a -t 192.168.1.199:80 -r 192.168.139.252:80 -m
3更改所有realserver的网关为lvs的ip
4测试
测试脚本
# -*- coding: utf-8 -*-
import requests
import time
def getHTMLText(url):
try:
r = requests.get(url)
r.raise_for_status()
r.encoding = r.apparent_encoding
#return r.text
return r.text
except:
return '产生异常'
if __name__ == "__main__":
url = "http://192.168.1.199/"
for i in range(1000):
time.sleep(2)
print(getHTMLText(url) + time.ctime())
tupdump监控的包的时间
tcpdump -nn -i eth0 tcp and port 80 and src host 192.168.1.106
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:44:44.674731 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [S], seq 2841949030, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
22:44:44.675656 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [.], ack 1384177409, win 2053, length 0
22:44:44.675736 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [P.], seq 0:144, ack 1, win 2053, length 144
22:44:44.677485 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [.], ack 290, win 2052, length 0
22:44:44.678669 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [F.], seq 144, ack 290, win 2052, length 0
22:44:46.698341 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [S], seq 692870389, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
22:44:46.700948 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [.], ack 2177794250, win 256, length 0
22:44:46.701147 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [P.], seq 0:144, ack 1, win 256, length 144
22:44:46.704619 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [.], ack 290, win 255, length 0
22:44:46.707583 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [F.], seq 144, ack 290, win 255, length 0
22:44:48.724503 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [S], seq 1622299946, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
22:44:48.727207 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [.], ack 2671677042, win 256, length 0
22:44:48.727433 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [P.], seq 0:144, ack 1, win 256, length 144
22:44:48.731488 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [.], ack 290, win 255, length 0
22:44:48.735640 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [F.], seq 144, ack 290, win 255, length 0
python脚本执行结果的输出时间
web3:192.168.139.252
Wed Jun 7 22:44:44 2017
web2:192.168.139.253
Wed Jun 7 22:44:46 2017
web1:192.168.139.254
Wed Jun 7 22:44:48 2017
web3:192.168.139.252
通过时间对比,显示时间是相同的。