NAT模式/DR模式的LVS搭建

NAT模式LVS搭建

IP	主机名	备注
内网：192.168.117.14 公网：192.168.174.128	keepalived-master	调度器
192.168.117.16	web_server1	web服务器1
192.168.117.17	web_server2	web服务器2

1.为调度器添加一块仅主机模式的网卡

2.将两台web服务器的网关更改为调度器的内网IP（以web服务器1为例）

[root@web_server1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
GATEWAY=192.168.117.14

3.进入调度器，安装ipvsadm

[root@keepalived-master ~]# yum install -y ipvsadm

4.编写LVS脚本

[root@keepalived-master ~]# vim /usr/local/sbin/lvs.sh
#! /bin/bash

echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/sbin/ipvsadm -C
/usr/sbin/ipvsadm -A -t 192.168.174.128:80 -s wlc
/usr/sbin/ipvsadm -a -t 192.168.174.128:80 -r 192.168.117.16:8081 -m -w 1
/usr/sbin/ipvsadm -a -t 192.168.174.128:80 -r 192.168.117.17:8081 -m -w 1

5.执行LVS脚本，关闭http服务以免影响实验效果

[root@keepalived-master ~]# sh /usr/local/sbin/lvs.sh
[root@keepalived-master ~]# systemctl stop httpd

6.在调度器上测试能否访问两台web服务器

[root@keepalived-master ~]# curl 192.168.117.16:8081 |head -n5
=====================================这是ecshop1=======================================
--<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
:<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta name="Generator" content="ECSHOP v2.7.3" />

[root@keepalived-master ~]# curl 192.168.117.17:8081 |head -n5
-------------------------------------这是ecshop2---------------------------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Generator" content="ECSHOP v2.7.3" />

7.测试：浏览器访问调度器的公网IP

DR模式LVS搭建

IP	主机名	备注
192.168.117.14	keepalived-master	调度器
192.168.117.16	web_server1	web服务器1
192.168.117.17	web_server2	web服务器2
192.168.117.100		VIP

1.调度器上创建脚本

[root@keepalived-master ~]# vim /usr/local/sbin/lvs_dr.sh
#!/bin/bash

echo 1 > /proc/sys/net/ipv4/ip_forward
ifconfig ens33:0 192.168.117.100 broadcast 192.168.117.100 netmask 255.255.255.255 up
route add -host 192.168.117.100 dev ens33:0
/usr/sbin/ipvsadm -C
/usr/sbin/ipvsadm -A -t 192.168.117.100:8081 -s rr
/usr/sbin/ipvsadm -a -t 192.168.117.100:8081 -r 192.168.117.16:8081 -g -w 1
/usr/sbin/ipvsadm -a -t 192.168.117.100:8081 -r 192.168.117.17:8081 -g -w 1

2.两台web服务器创建脚本（内容完全一样，以web服务器1为例）

[root@web_server1 ~]# vim /usr/local/sbin/lvs_dr.sh

#!/bin/bash

ifconfig lo:0 192.168.117.100 broadcast 192.168.117.100 netmask 255.255.255.255 up
route add -host 192.168.117.100 lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce

3.三台主机分别执行脚本

[root@keepalived-master ~]# sh /usr/local/sbin/lvs_dr.sh
[root@web_server1 ~]# sh /usr/local/sbin/lvs_dr.sh
[root@web_server2 ~]# sh /usr/local/sbin/lvs_dr.sh

4.浏览器访问VIP测试

Keepalived+LVS

IP	主机名	备注
192.168.117.14	keepalived-master	调度器1
192.168.117.15	keepalived-slaver	调度器2
192.168.117.16	web_server1	web服务器1
192.168.117.17	web_server2	web服务器2
192.168.117.100		VIP

1.两台调度器清空ipvsadm规则，重启网络服务，避免影响实验

# ipvsadm -C
# systemctl restart network

2.分别编辑两台调度器上的keepalived配置文件（添加的内容一样）

# vim /etc/keepalived/keepalived.conf  //删除vrrp_instance VI_1段后的配置，添加如下内容
virtual_server 192.168.117.100 8081 {
    delay_loop 10                //每隔10秒查询web服务器状态
    lb_algo rr                   //rr算法
    lb_kind DR                   //DR模式
    protocol TCP                 //使用TCP协议检查web服务器状态
    real_server 192.168.117.16 8081 {
        weight 1               //权重
        TCP_CHECK {
        connect_timeout 10       //超时时间
        nb_get_retry 3           //重连次数
        delay_before_retry 3     //重连时间间隔
        }
    }
    real_server 192.168.117.17 8081 {
        weight 1
        TCP_CHECK {
        connect_timeout 10
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

3.分别在两台web服务器上执行DR模式的脚本

# sh /usr/local/sbin/lvs_dr.sh

4.分别重启两台调度器的keepalived服务

# systemctl restart keepalived

5.在任一调度器上查看连接数

# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.117.100:8081 rr
  -> 192.168.117.16:8081          Route   1      0          3         
  -> 192.168.117.17:8081          Route   1      0          3

6.浏览器测试，发现VIP无法正常访问

解决方法：
将keepalived配置文件中的vrrp_strict一行注释掉，此行意为严格遵守vrrp协议，会自动添加iptables规则导致VIP无法访问

7.重新加载keepalived服务即可正常访问