DR模式:
server1(lvs)
yum install ipvsadm -y
[root@server1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@server1 ~]# ipvsadm -A -t 172.25.34.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.34.100:80 -r 172.25.34.4:80 -g
[root@server1 ~]# ipvsadm -a -t 172.25.34.100:80 -r 172.25.34.3:80 -g
[root@server1 html]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.34.100:80 rr
-> 172.25.34.3:80 Route 1 0 0
-> 172.25.34.4:80 Route 1 0 0
[root@server1 ~]# ip addr add 172.25.34.100/32 dev eth0
[root@server1 ~]# yum install httpd -y
[root@server1 ~]# cd /var/www/html/
[root@server1 html]# vim index.html
lvs
[root@server1 html]# systemctl restart httpd
sever2
[root@server2 ~]# ip addr add 172.25.34.100/32 dev eth0
[root@server2 ~]# yum install httpd -y
[root@server2 ~]# cd /var/www/html/
[root@server2 html]# vim index.html
server2
[root@server2 html]# systemctl restart httpd
server3
[root@server2 ~]# ip addr add 172.25.34.100/32 dev eth0
[root@server2 ~]# yum install httpd -y
[root@server2 ~]# cd /var/www/html/
[root@server2 html]# vim index.html
server3
[root@server2 html]# systemctl restart httpd
客户端:
[root@foundation34 ~]# curl 172.25.34.100
server3
[root@foundation34 ~]# curl 172.25.34.100
server3
[root@foundation34 ~]# curl 172.25.34.100
server3
[root@foundation34 ~]# arp -an | grep 172.25.34.100
? (172.25.34.100) at 52:54:00:46:c9:9d [ether] on br0
server3上:
[root@server3 html]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:46:c9:9d brd ff:ff:ff:ff:ff:ff
inet 172.25.34.4/24 brd 172.25.34.255 scope global eth0
valid_lft forever preferred_lft forever
inet 172.25.34.100/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe46:c99d/64 scope link
valid_lft forever preferred_lft forever
改进:
server2
[root@server2 html]# yum install arptables -y
[root@server2 html]# arptables -A INPUT -d 172.25.34.100 -j DROP
[root@server2 html]# arptables -A OUTPUT -s 172.25.34.100 -j mangle --mangle-ip-s 172.25.34.3
server3
[root@server2 html]# yum install arptables -y
[root@server2 html]# arptables -A INPUT -d 172.25.34.100 -j DROP
[root@server2 html]# arptables -A OUTPUT -s 172.25.34.100 -j mangle --mangle-ip-s 172.25.34.4
客户端:
root@foundation34 ~]# curl 172.25.34.100
server3
[root@foundation34 ~]# curl 172.25.34.100
server2
[root@foundation34 ~]# curl 172.25.34.100
server3
[root@foundation34 ~]# curl 172.25.34.100
server2
权重轮询:
server1(lvs)
[root@server1 html]# ipvsadm -C
[root@server1 html]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@server1 html]# ipvsadm -A -t 172.25.34.100:80 -s wrr
[root@server1 html]# ipvsadm -a -t 172.25.34.100:80 -r 172.25.34.3 -g -w 2
[root@server1 html]# ipvsadm -a -t 172.25.34.100:80 -r 172.25.34.4 -g -w 1
[root@server1 html]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.34.100:80 wrr
-> 172.25.34.3:80 Route 2 0 0
-> 172.25.34.4:80 Route 1 0 0
客户端:
[root@foundation34 ~]# curl 172.25.34.100
[root@foundation34 ~]# curl 172.25.34.100
server3
[root@foundation34 ~]# curl 172.25.34.100
server2
[root@foundation34 ~]# curl 172.25.34.100
server2
[root@foundation34 ~]# curl 172.25.34.100
server3
[root@foundation34 ~]# curl 172.25.34.100
server2
[root@foundation34 ~]# curl 172.25.34.100
server2
智能健康检查
server3(lvs)
[root@server1 yum.repos.d]# yum install ldirectord-3.9.5-3.1.x86_64.rpm
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
No package ldirectord-3.9.5-3.1.x86_64.rpm available.
Error: Nothing to do
[root@server1 yum.repos.d]# vim rhel.repo
[rhel7.3]
name=rhel7.3
baseurl=http://172.25.34.250/iso/
gpgcheck=0
[HighAvailability]
name=HighAvailability
baseurl=http://172.25.34.250/iso/addons/HighAvailability
gpgcheck=0
[root@server1 ~]# rpm -pql ldirectord-3.9.5-3.1.x86_64.rpm
warning: ldirectord-3.9.5-3.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 7b709911: NOKEY
/etc/ha.d
/etc/ha.d/resource.d
/etc/ha.d/resource.d/ldirectord
/etc/init.d/ldirectord
/etc/logrotate.d/ldirectord
/usr/lib/ocf/resource.d/heartbeat/ldirectord
/usr/sbin/ldirectord
/usr/share/doc/ldirectord-3.9.5
/usr/share/doc/ldirectord-3.9.5/COPYING
/usr/share/doc/ldirectord-3.9.5/ldirectord.cf
/usr/share/man/man8/ldirectord.8.gz
[root@server1 ~]# cd /etc/ha.d
[root@server1 ha.d]# ls
resource.d shellfuncs
[root@server1 ha.d]# cp /usr/share/doc/ldirectord-3.9.5/ldirectord.cf .
[root@server1 ha.d]# ls
ldirectord.cf resource.d shellfuncs
[root@server1 ha.d]# vim ldirectord.cf
25 virtual=172.25.34.100:80
26 real=172.25.34.3:80 gate
27 real=172.25.34.4:80 gate
28 fallback=127.0.0.1:80 gate
29 service=http
30 scheduler=rr
31 #persistent=600
32 #netmask=255.255.255.255
33 protocol=tcp
34 checktype=negotiate
35 checkport=80
36 request="index.html"
37 #receive="Test Page"
38 #virtualhost=www.x.y.z
[root@server1 ha.d]# ipvsadm -C
[root@server1 ha.d]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@server1 ha.d]# systemctl restart ldirectord
[root@server1 ha.d]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.34.100:80 rr
-> 172.25.34.3:80 Route 1 0 0
-> 172.25.34.4:80 Route 1 0 0
客户端:
[root@foundation34 addons]# curl 172.25.34.100
server3
[root@foundation34 addons]# curl 172.25.34.100
server2
停掉server2的httpd服务(模拟故障出现)
[root@foundation34 addons]# curl 172.25.34.100
server3
[root@foundation34 addons]# curl 172.25.34.100
server3
[root@foundation34 addons]# curl 172.25.34.100
server3
停掉server3的httpd服务
[root@foundation34 addons]# curl 172.25.34.100
lvs
[root@foundation34 addons]# curl 172.25.34.100
lvs
[root@foundation34 addons]# curl 172.25.34.100
lvs
lvs+keepalived(keepalived集群中保证集群高可用的管理软件,自带对后台的健康检查功能)
server1(主lvs)
[root@server1 keepalived]# ip addr del 172.25.34.100/32 dev eth0
[root@server1 keepalived]# systemctl stop ldirectord
[root@server1 keepalived]# systemctl disable ldirectord
[root@server1 ~]# tar zxf keepalived-2.0.6.tar.gz
[root@server1 ~]# ls
keepalived-2.0.6 ldirectord-3.9.5-3.1.x86_64.rpm
keepalived-2.0.6.tar.gz
[root@server1 ~]# cd keepalived-2.0.6
[root@server1 keepalived-2.0.6]# yum install gcc openssl-devel -y
[root@server1 keepalived-2.0.6]# ./configure --prefix=/usr/local/keepalived --with-init=systemd
[root@server1 keepalived-2.0.6]# make && make install
[root@server1 keepalived]# cd /usr/local/keepalived/
[root@server1 keepalived]# ls
bin etc sbin share
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/ /sbin/
[root@server1 keepalived]# cd /etc/keepalived/
[root@server1 keepalived]# ls
keepalived.conf samples
[root@server1 keepalived]# vim keepalived.conf
[root@server1 keepalived]# ipvsadm -C
[root@server1 keepalived]# systemctl restart keepalived
[root@server1 keepalived]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.34.100:http rr
-> server3:http Route 1 0 0
-> server4:http Route 1 0 0
[root@server1 keepalived]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:f0:fb:f2 brd ff:ff:ff:ff:ff:ff
inet 172.25.34.2/24 brd 172.25.34.255 scope global eth0
valid_lft forever preferred_lft forever
inet 172.25.34.100/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fef0:fbf2/64 scope link
valid_lft forever preferred_lft forever
server0(备份的lvs)
TUN隧道模式:
server1(lvs)
[root@server1 keepalived]# systemctl stop keepalived
[root@server1 keepalived]# modprobe ipip
[root@server1 keepalived]# ip addr add 172.25.34.100/24 dev tunl0
[root@server1 keepalived]# ip addr show tun10
3: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
inet 172.25.34.100/24 scope global tunl0
valid_lft forever preferred_lft forever
[root@server1 ftp]# ip link set up tunl0
[root@server1 keepalived]# sysctl -a | grep rp_filter
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.tunl0.arp_filter = 0
net.ipv4.conf.tunl0.rp_filter = 1
[root@server1 ftp]# sysctl -w net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.all.rp_filter = 0
[root@server1 ftp]# sysctl -w net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.rp_filter = 0
[root@server1 ftp]# sysctl -w net.ipv4.conf.eth0.rp_filter=0
net.ipv4.conf.eth0.rp_filter = 0
[root@server1 ftp]# sysctl -w net.ipv4.conf.tunl0.rp_filter=0
net.ipv4.conf.tunl0.rp_filter = 0
[root@server1 ftp]# sysctl -a |grep rp_filter
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.tunl0.arp_filter = 0
net.ipv4.conf.tunl0.rp_filter = 0
[root@server1 ftp]# sysctl -p
[root@server1 keepalived]# ipvsadm -A -t 172.25.34.100:80 -s rr[root@server1 keepalived]# ipvsadm -a -t 172.25.34.100:80 -r 172.25.34.3:80 -i
[root@server1 keepalived]# ipvsadm -a -t 172.25.34.100:80 -r 172.25.34.4:80 -i
[root@server1 keepalived]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP server1:http rr
-> server3:http Tunnel 1 0 0
-> server4:http Tunnel 1 0 0
server3
客户端:
[root@foundation34 ~]# curl 172.25.34.100
server2
[root@foundation34 ~]# curl 172.25.34.100
server3
[root@foundation34 ~]# curl 172.25.34.100
server2
[root@foundation34 ~]# curl 172.25.34.100
server3