LVS(nat)+keepalived
拓扑图:
实验环境:
linux环境最多只能拥有一台网关服务器,所有将外网省略,环境如下
client:10.0.0.1/8
lvs-master
外网网卡: 10.0.0.2/8 GW:10.0.0.1 VIP:10.0.0.100
内网网卡:192.168.10.11/24 GW:192.168.10.100 VIP:192.168.10.100
内网网卡:192.168.10.11 GW:192.168.10.100
内网网卡:192.168.10.11 GW:192.168.10.100
lvs-slave:
外网网卡:10.0.0.3/8 GW:10.0.0.1 VIP: 10.0.0.100
内网网卡: 192.168.10.12/24 GW:192.168.10.100 VIP: 192.168.10.100
web1: 192.168.10.3/24 GW:192.168.10.100
web2: 192.168.10.33/24 GW:192.168.10.100
一、client服务器
配置网卡
二、LVS-Master服务器
外网网卡的网关,是客户机的IP地址
内网网卡的网关,是LVS-vrrp的虚拟IP
1、配置外网网卡
IPADDR=10.0.0.2
NETMASK=255.0.0.0
GATEWAY=10.0.0.1
2、配置内网网卡
IPADDR=192.168.10.11
NETMASK=255.255.255.0
GATEWAY=192.168.10.100
3、安装ipvsadm工具
[root@localhost ~]# yum -y install ipvsadm
[root@localhost ~]# modprobe ip_vs
4、安装keepalived
解决依赖关系
[root@localhost ~]# yum -y install openssl-devel \
popt-devel \
ipvsadm \
libnl-devel \
gcc kernel-devel \
tar包编译安装
[root@localhost ~]# tar zxvf keepalived-2.0.18.tar.gz -C /usr/src
[root@localhost ~]# cd /usr/src/keepalived-2.0.18
[root@localhost ~]# ./configure \
--prefix=/ \
--with-kernels-dir=/usr/src/kernels \
--sysconf=/etc \
make && make install
修改配置文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state 'MASTER' #主角色
interface 'ens37' #外网网卡
virtual_router_id 51
priority '100' #优先级
'nopreempt'
strict_mode true
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
'10.0.0.100 dev ens37'' #外网VIP
}
}
vrrp_instance VI_2 {
state 'MASTER' #主角色
interface 'ens33' #内网网卡
virtual_router_id 51
priority '100'
'nopreempt'
strict_mode true
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
'192.168.10.100 dev ens33' #内网VIP
}
}
virtual_server '10.0.0.100 80' {
delay_loop 6
lb_algo rr
lb_kind 'NAT'
persistence_timeout 0
protocol TCP
real_server '192.168.10.3 80' { #后端真实web服务器
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
retry 3
delay_before_retry 3
}
}
real_server '192.168.10.33 80'{ #后端真实web服务器
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
retry3
delay_before_retry 3
}
}
}
三、LVS-Slave服务器
外网网卡的网关,是客户机的IP地址
内网网卡的网关,是LVS-vrrp的虚拟IP
1、配置外网网卡
IPADDR=10.0.0.3
NETMASK=255.0.0.0
GATEWAY=10.0.0.1
2、配置内网网卡
IPADDR=192.168.10.12
NETMASK=255.255.255.0
GATEWAY=192.168.10.100
3、安装ipvsadm工具
[root@localhost ~]# yum -y install ipvsadm
[root@localhost ~]# modprobe ip_vs
4、安装keepalived
解决依赖关系
[root@localhost ~]# yum -y install openssl-devel \
popt-devel \
ipvsadm \
libnl-devel \
gcc kernel-devel \
tar包编译安装
[root@localhost ~]# tar zxvf keepalived-2.0.18.tar.gz -C /usr/src
[root@localhost ~]# cd /usr/src/keepalived-2.0.18
[root@localhost ~]# ./configure \
--prefix=/ \
--with-kernels-dir=/usr/src/kernels \
--sysconf=/etc \
make && make install
修改配置文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state 'BACKUP' #备用角色
interface 'ens37' #外网网卡
virtual_router_id 51
priority '90' #优先级
'nopreempt'
strict_mode true
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
'10.0.0.100 dev ens37' #外网VIP
}
}
vrrp_instance 'VI_2' {
state 'BACKUP' #备用角色
interface 'ens33' #内网网卡
virtual_router_id 51
priority '90' #优先级
nopreempt
strict_mode true
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
'192.168.10.100 dev ens33' #内网VIP
}
}
virtual_server '10.0.0.100 80' {
delay_loop 6
lb_algo rr
lb_kind 'NAT'
persistence_timeout 0
protocol TCP
real_server '192.168.10.3 80' { #后端真实web服务器
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
retry 3
delay_before_retry 3
}
}
real_server '192.168.10.33 80' { #后端真实web服务器
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
retry3
delay_before_retry 3
}
}
}
四、开启keepalived服务器
[root@localhost keepalived]# systemctl start keepalived
验证是否成功开启LVS
ipvsadm -Ln
验证是否开启 keepalived
ip a
五、搭建WEB服务器 ( 所有web相同执行)
1.安装httpd服务
2.配置网卡
3.设置路由条目,指向外网VIP地址
[root@localhost ~]# route add -host 10.0.0.100 dev ens33
六、关防火墙验证
firefox 10.0.0.100