NAT模式LVS搭建
IP | 主机名 | 备注 |
---|---|---|
内网:192.168.117.14 公网:192.168.174.128 | keepalived-master | 调度器 |
192.168.117.16 | web_server1 | web服务器1 |
192.168.117.17 | web_server2 | web服务器2 |
1.为调度器添加一块仅主机模式的网卡
2.将两台web服务器的网关更改为调度器的内网IP(以web服务器1为例)
[root@web_server1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
GATEWAY=192.168.117.14
3.进入调度器,安装ipvsadm
[root@keepalived-master ~]# yum install -y ipvsadm
4.编写LVS脚本
[root@keepalived-master ~]# vim /usr/local/sbin/lvs.sh
#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/sbin/ipvsadm -C
/usr/sbin/ipvsadm -A -t 192.168.174.128:80 -s wlc
/usr/sbin/ipvsadm -a -t 192.168.174.128:80 -r 192.168.117.16:8081 -m -w 1
/usr/sbin/ipvsadm -a -t 192.168.174.128:80 -r 192.168.117.17:8081 -m -w 1
5.执行LVS脚本,关闭http服务以免影响实验效果
[root@keepalived-master ~]# sh /usr/local/sbin/lvs.sh
[root@keepalived-master ~]# systemctl stop httpd
6.在调度器上测试能否访问两台web服务器
[root@keepalived-master ~]# curl 192.168.117.16:8081 |head -n5
=====================================这是ecshop1=======================================
--<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
:<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta name="Generator" content="ECSHOP v2.7.3" />
[root@keepalived-master ~]# curl 192.168.117.17:8081 |head -n5
-------------------------------------这是ecshop2---------------------------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Generator" content="ECSHOP v2.7.3" />
7.测试:浏览器访问调度器的公网IP
DR模式LVS搭建
IP | 主机名 | 备注 |
---|---|---|
192.168.117.14 | keepalived-master | 调度器 |
192.168.117.16 | web_server1 | web服务器1 |
192.168.117.17 | web_server2 | web服务器2 |
192.168.117.100 | VIP |
1.调度器上创建脚本
[root@keepalived-master ~]# vim /usr/local/sbin/lvs_dr.sh
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ifconfig ens33:0 192.168.117.100 broadcast 192.168.117.100 netmask 255.255.255.255 up
route add -host 192.168.117.100 dev ens33:0
/usr/sbin/ipvsadm -C
/usr/sbin/ipvsadm -A -t 192.168.117.100:8081 -s rr
/usr/sbin/ipvsadm -a -t 192.168.117.100:8081 -r 192.168.117.16:8081 -g -w 1
/usr/sbin/ipvsadm -a -t 192.168.117.100:8081 -r 192.168.117.17:8081 -g -w 1
2.两台web服务器创建脚本(内容完全一样,以web服务器1为例)
[root@web_server1 ~]# vim /usr/local/sbin/lvs_dr.sh
#!/bin/bash
ifconfig lo:0 192.168.117.100 broadcast 192.168.117.100 netmask 255.255.255.255 up
route add -host 192.168.117.100 lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
3.三台主机分别执行脚本
[root@keepalived-master ~]# sh /usr/local/sbin/lvs_dr.sh
[root@web_server1 ~]# sh /usr/local/sbin/lvs_dr.sh
[root@web_server2 ~]# sh /usr/local/sbin/lvs_dr.sh
4.浏览器访问VIP测试
Keepalived+LVS
IP | 主机名 | 备注 |
---|---|---|
192.168.117.14 | keepalived-master | 调度器1 |
192.168.117.15 | keepalived-slaver | 调度器2 |
192.168.117.16 | web_server1 | web服务器1 |
192.168.117.17 | web_server2 | web服务器2 |
192.168.117.100 | VIP |
1.两台调度器清空ipvsadm规则,重启网络服务,避免影响实验
# ipvsadm -C
# systemctl restart network
2.分别编辑两台调度器上的keepalived配置文件(添加的内容一样)
# vim /etc/keepalived/keepalived.conf //删除vrrp_instance VI_1段后的配置,添加如下内容
virtual_server 192.168.117.100 8081 {
delay_loop 10 //每隔10秒查询web服务器状态
lb_algo rr //rr算法
lb_kind DR //DR模式
protocol TCP //使用TCP协议检查web服务器状态
real_server 192.168.117.16 8081 {
weight 1 //权重
TCP_CHECK {
connect_timeout 10 //超时时间
nb_get_retry 3 //重连次数
delay_before_retry 3 //重连时间间隔
}
}
real_server 192.168.117.17 8081 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
}
}
}
3.分别在两台web服务器上执行DR模式的脚本
# sh /usr/local/sbin/lvs_dr.sh
4.分别重启两台调度器的keepalived服务
# systemctl restart keepalived
5.在任一调度器上查看连接数
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.117.100:8081 rr
-> 192.168.117.16:8081 Route 1 0 3
-> 192.168.117.17:8081 Route 1 0 3
6.浏览器测试,发现VIP无法正常访问
解决方法:
将keepalived配置文件中的vrrp_strict一行注释掉,此行意为严格遵守vrrp协议,会自动添加iptables规则导致VIP无法访问
7.重新加载keepalived服务即可正常访问