(一)
在Linux下用LVS和Ipvsadm做Web负载均衡,本例子用的操作系统是:rhel6.5;LVS是在linux操作系统基础上建立虚拟服务器,实现服务节点之间的负载均衡。它是基于linux内核实现的,2.6.X内核默认集成了lvs模块,LVS常用负载均衡的实现是基于ip协议的,所以一般称为IPVS。
那么首先需要检查下操作系统是否已经集成了LVS:
[root@server1 varnish]# grep -i "ip_vs" /boot/config-2.6.32-431.el6.x86_64
CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IP_VS_PE_SIP=m
则说明已经有了LVS,就不需要重新编译安装了,如果是其它Linux系统,没有内置LVS的,也可以到网上搜索下安装,也不是很复杂。
接下来需要安装ipvsadm:
[root@server1 varnish]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
安装成功
主机环境:
rhel6.5 selinux and iptables disabled
Load Balance: 172.25.79.1(server1)
Virtual IP:172.25.79.100
Gateway:172.25.79.1
Realserver1:172.25.79.2 (server2)
Realserver2:172.25.79.3(server3)
物理机内网 : 172.25.79.250
配置 ipvsadm
先要配置好yum源:
server1: 172.25.79.1
[root@server1 ~]# cat /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.79.250/rhel6.5
gpgcheck=0
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.79.250/rhel6.5/LoadBalancer
gpgcheck=0
[ResilientStorage]
name=ResilientStorage
baseurl=http://172.25.79.250/rhel6.5/ResilientStorage
gpgcheck=0
[ScalableFileSystem]
name=ScalableFileSystem
baseurl=http://172.25.79.250/rhel6.5/ScalableFileSystem
gpgcheck=0
[HighAvailability]
name=HighAvailability
baseurl=http://172.25.79.250/rhel6.5/HighAvailability
gpgcheck=0
安装ipvsadm
[root@server1 ~]# yum install -y ipvsadm
#编辑策略
[root@server1 ~]# ipvsadm -A -t 172.25.79.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.79.100:80 -r 172.25.79.2:80 -g
[root@server1 ~]# ipvsadm -a -t 172.25.20.100:80 -r 172.25.79.3:80 -g
#保存策略
[root@server1 ~]# /etc/init.d/ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [ OK ]
#查看策略
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.79.100:http rr
-> server2:http Route 1 0 0
-> server3:http Route 1 0 0
添加VIP
##在所有的服务器上添加VIP,
[root@server1 ~]# ip addr add 172.25.79.100/24 dev eth0
[root@server2 ~]# ip addr add 172.25.79.100/24 dev eth0
[root@server3 ~]# ip addr add 172.25.79.100/24 dev eth
注意:dr模式需要rs与vs的ip在同一网段(vlan)
在real server2 3 上抑制ARP
server2 – apache
[root@server2 ~]# yum install -y httpd
[root@server2 ~]# cat /var/www/html/index.html
<h1>www.westos.org from server2 </h1>
[root@server2 ~]# /etc/init.d/httpd start
##为arptables网络的用户控制过滤的守护进程
[root@server2 ~]# yum install -y arptables_jf
[root@server2 ~]# arptables -A IN -d 172.25.79.100 -j DROP
[root@server2 ~]# arptables -A OUT -s 172.25.20.100 -j mangle --mangle-ip-s 172.25.79.2
[root@server2 ~]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
server3 – apache
[root@server3 ~]# yum install -y httpd
[root@server3 ~]# cat /var/www/html/index.html
<h1>www.westos.com from server3 </h1>
[root@server3 ~]# /etc/init.d/httpd start
##为arptables网络的用户控制过滤的守护进程
[root@server3 ~]# yum install -y arptables_jf
[root@server3 ~]# arptables -A IN -d 172.25.79.100 -j DROP
[root@server3 ~]# arptables -A OUT -s 172.25.79.100 -j mangle --mangle-ip-s 172.25.79.3
[root@server3 ~]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
arptables用法举例:
将源是aaaa,目的是cccc的请求包发给bbbb
arptables -A OUT -s aaaa ! -d cccc -j mangle --mangle-ip-s bbbb
arptables解答:
http://www.bubuko.com/infodetail-1625510.html
物理机测试
realserver 不宕机时,rs2 rs3轮询:
[root@niub network-scripts]# curl 172.25.79.100
www.westos.com server3
[root@niub network-scripts]# curl 172.25.79.100
www.westos.com server2
[root@niub network-scripts]# curl 172.25.79.100
www.westos.com server3
[root@niub network-scripts]# curl 172.25.79.100
www.westos.com server2
当realserver 2 宕机测试:
[root@niub network-scripts]# curl 172.25.79.100
www.westos.com server3
[root@niub network-scripts]# curl 172.25.79.100
curl: (7) Failed connect to 172.25.79.100:80; Connection refused
[root@niub network-scripts]# curl 172.25.79.100
www.westos.com server3
[root@niub network-scripts]# curl 172.25.79.100
curl: (7) Failed connect to 172.25.79.100:80; Connection refused
说明lvs不能检测后端健康状况!只是单纯的做了调度,只是‘傻傻‘的调度!
而且,在主机端查看arp缓存,发现172。25。79。100 对应的是vs的网卡地址:
##真机
[root@niub network-scripts]# arp -an |grep 100
? (172.25.79.100) at 52:54:00:f5:88:b8 [ether] on br0
##server上(vs):
[root@server1 yum.repos.d]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:f5:88:b8 brd ff:ff:ff:ff:ff:ff
inet 172.25.79.1/24 brd 172.25.79.255 scope global eth0
**inet 172.25.79.100/24 scope global secondary eth0**
inet6 fe80::5054:ff:fef5:88b8/64 scope link
valid_lft forever preferred_lft forever
这也就可以解释前面我们将server2 3 的arp协议抑制了!