LB/LVS之KeepAlived总结



lvs+keepalive

keepalive结合LVS三种工作模式（nat dr tuunl）

客户端：192.168.1.1/24 
Director1:192.168.1.2/24   eth1
Director2:192.168.1.2/24   eth1
node1:192.168.1.10/24  vip    loop0:192.168.1.100/32
node2:192.168.2.10/24  vip    loop0:192.168.1.100/32

1.每台写好host文件  做好基本设置
IP, hostname, hosts, iptables, SELinux, ssh trust, ntp 
[root@client1 ~]# cat /etc/hosts
127.0.0.1                    localhost
192.168.122.2      director1.uplook.com director1
192.168.122.3      director2.uplook.com director1
192.168.122.10         node1.uplook.com node1
192.168.122.20         node2.uplook.com node2

2. RS配置
配置好网站服务器，测试所有RS                //为了测试效果，提供不同的页面
node1/2: ip addr add dev lo 192.168.122.100/32    //在lo接口上绑定VIP

方法一：不对VIP的ARP请求响应
 echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore //non-arp
 echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce 

方法二：不对VIP的ARP请求响应
 arptables -A IN -d 192.168.122.100 -j DROP                
 arptables -A OUT -s 192.168.122.100 -j mangle --mangle-ip-s <real_ip> 
 service arptables_jf save                           
 chkconfig arptables_jf on   
 
 3.所有调度器
 yum -y install ipvsadm keepalived
 
源码安装方法
ipvsadm
[root@Director1 ~]# yum -y install ipvsadm kernel-headers kernel-devel openssl-devel popt-devel

KeepAlived
[root@Director1 keepalived-1.2.1]#  ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-358.el6.x86_64/
Keepalived configuration
---------------------------------------------
Keepalived version    : 1.2.1
Compiler                  : gcc
Compiler flags          : -g -O2 -DETHERTYPE_IPV6=0x86dd
Extra Lib                 : -lpopt -lssl -lcrypto
Use IPVS Framework  : Yes
IPVS sync daemon support : Yes
Use VRRP Framework        : Yes
Use Debug flags           : No
[root@Director1 keepalived-1.2.1]# make
[root@Director1 keepalived-1.2.1]# make install

 cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id director1    要唯一
}

vrrp_instance VI_1 {
    state MASTER   备设置为backup
    interface eth1   心跳网卡
    virtual_router_id 80  id号两边一致
    priority 100  优先级  主设置高一些
    advert_int 1   同步时间间隔
    authentication {   认证
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {   设置vip
        192.168.1.100    
    }
}

virtual_server 192.168.1.100 80 {
    delay_loop 6   健康检查时间间隔
    lb_algo rr         负载均衡调度算法
    lb_kind DR       负载均衡转发规则
    nat_mask 255.255.255.0
    #persistence_timeout 50   会话保持
    protocol TCP
    inhibit_on_failure来设置如果服务器健康检查失败,将其weight设置为0,而不是直接从ipvs里面删除.

    real_server 192.168.1.10 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3         表示连接超时时间,这里连接real server的端口超过10秒没有反映,则将realserver踢出lvs,或将权值清0.
            nb_get_retry 3              表示连接的重试次数,这里如果3次都连接失败,则将realserver踢出lvs,或将权值清0.
            delay_before_retry 3    表示每次连接重试的间隔,这里的间隔是3秒.
            connect_port 80           表示连接测试的端口.
            }
        }

    real_server 192.168.1.20 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
            }
        }
}

                    
4. chkconfig keepalived on
    service keepalived start
    tail -f /var/log/messages
    ipvsadm -Ln -c

二、测试
所有分发器和Real Server都正常

主分发器故障及恢复

Real Server故障及恢复

三、Keepalived不抢占
nopreempt  仅针对BACKUP