CDN:内容分发网络,避开网络上影响数据传输速度和稳定的环节,使传输更快更稳定。
实验环境:3台虚拟机(一台做varnish服务器,其余为服务器)+一台真机(作为客户端),系统均为rhel6.5
实验原理:
client –>varnish –> server ,用户通过varnish主机去访问server,如果varnish有客户需要的资源,则返回给客户,若没有,则去server去取资源,然后存入varnish,这样提高了访问速度,降低了server的压力。
实验步骤:
一、varnish服务器:
1、yum install gcc varnish-3.0.5-1.el6.x86_64.rpm varnish-libs-3.0.5-1.el6.x86_64.rpm -y #安装软件
2、vim /etc/sysconfig/varnish
60 VARNISH_LISTEN_PORT=80 #更改默认端口
95 VARNISH_TTL=120 #缓存保留时间3、vim /etc/varnish/default.vcl
backend default { #配置后端服务器
.host = “172.25.34.2”; #设置为虚拟机2的ip地址
.port = “80”;
}sub vcl_deliver { #查看缓存命中情况
if (obj.hits > 0) {
set resp.http.X-Cache = “HIT from westos cache”;
}
else {
set resp.http.X-Cache = “MISS from westos cache”;
}
return (deliver);
}4、/etc/init.d/varnish restart #重启服务
server2:
1、yum install httpd -y
2、写个html文件并发布
client:
1、vim /etc/hosts
虚拟机1ip www.xinhao.com #作解析
client测试:
(1)ping www.xinhao.com #会显示虚拟机1的IP
(2)curl -I www.xinhao.com
在varnish服务器可以通过varnishadm命令清空缓存:
varnishadm ban.url .*$ #清除所有
vanishadm ban.url /index.html #清除 index.html 页面缓存varnishadm ban.url /admin/$ #清除 admin 目录缓存
varnish服务器高可用:
1、vim /etc/varinsh/default.vcl
backend web1 {
.host = “172.25.34.2”;
.port = “80”;
}backend web2 {
.host = “172.25.34.3”;
.port = “80”;
}director lb round-robin{ #轮转调度算法
{.backend = web1;}
{.backend = web2;}
}sub vcl_recv { #控制接收
if (req.http.host ~ “^(www.)?xinhao.com”) {
set req.http.host = “www.xinhao.com”;
set req.backend = lb;
return (pass); #不做缓存,正式不会这么做,此处方便测试
} elsif (req.http.host ~ “^bbs.xinhao.com”) {
set req.backend = web2;
} else {error 404 “westos cache”;
}
}2、/etc/init.d/varnish restart
server3:
1、安装http服务
2、修改配置文件:
vim /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.xinhao.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /www
ServerName bbs.xinhao.com
</VirtualHost>
3、mkdir /www
4、vim /www/index.html
5、/etc/init.d/httpd restart
client测试
varnish推送服务
varnish服务器:
1、yum install -y httpd php unzip
2、vim /etc/http/conf/httpd.conf #varnish服务占用了80端口,因此需要更改
Listen 80803、/etc/init.d/httpd start
4、解压bansys并放到http发布目录5、vim /var/www/html/config.php
<?php
//可定义多个主机列表
$var_group1 = array(
'host' => array('172.25.34.1'), #设定推送的主机信息
'port' => '80',
);
//varnish群组定义
//对主机列表进行绑定
$VAR_CLUSTER = array(
'www.hoahao.com' => $var_group1,
);
//varnish版本
//2.x和3.x推送命令不一样
$VAR_VERSION = "3";
?>
6、/etc/init.d/httpd restart
7、vim /etc/varnish/default.vcl
acl xinhao{ #设置规则,设定可以推送的人和推送对象
“127.0.0.1”;
“172.25.34.0”/24;
}
sub vcl_recv {
if (req.request == “BAN”) { #判断访问对象是否在白名单
if (!client.ip ~ xinhao) {
error 405 “Not allowed.”;
}
ban(“req.url ~ ” + req.url);
error 200 “ban added”;
}
if (req.http.host ~ “^(www.)?haohao.com”) {
set req.http.host = “www.xinhao.com”;
set req.backend = lb;
} elsif (req.http.host ~ “^bbs.haohao.com”) {
set req.backend = web2;
} else {error 404 “westos cache”;
}
}8、/etc/init.d/varnish reload
client测试:
www.haohao.com:8080
进入推送页面 选http服务即可推送成功
/index.html
curl www.haohao.com/index.html
注意每推送一次,varnish服务器则会到后台服务器拿一次数据,因为设置的是轮转调度算法,所以可以看出明显的不同。
二、实际应用中会在varnish服务器设置负载均衡策略(TUN/NAT/DR),下面将基于 ldirectord将实现负载均衡策略
网络模型实质:4层模型的实质是转发,7层模型的实质是代理
DR-lvs 基于4层模型: #适用于CDN节点
常用:lvs==linux virtual server
varnish:
1、配置yum仓库: #默认的yum仓库包为镜象中server文件中,因此需要手动添加
vim /etc/yum.repos.d/yum.repo
[server]
name=server
gpgcheck=0
baseurl=http://172.25.34.250/rhel6.5
enable=1[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.34.250/rhel6.5/LoadBalancer
gpgcheck=0[HighAvailability]
name=HighAvailability
baseurl=http://172.25.34.250/rhel6.5/HighAvailability
gpgcheck=0[ResilientStorage]
name=ResilientStorage
baseurl=http://172.25.34.250/rhel6.5/ResilientStorage
gpgcheck=0[ScalableFileSystem]
name=ScalableFileSystem
baseurl=http://172.25.34.250/rhel6.5/ScalableFileSystem
gpgcheck=02、yum install ipvsadm -y #内核层面生效的策略
3、ipvsadm -A -t 172.25.34.100:80 -s rr #添加虚拟服务,并设置轮转调度算法
4、ipvsadm -a -t 172.25.34.100:80 -r 172.25.34.2:80 -g
5、ipvsadm -a -t 172.25.34.100:80 -r 172.25.34.3:80 -g6、/etc/init.d/ipvsadm save #保存策略
7、ip addr add 172.25.34.100/24 dev eth0 #添加虚拟ip
server2:
1、yum install arptables_jf -y #安装arp防火墙
2、ip addr add 172.25.34.100/32 dev eth0 #添加虚拟ip
3、arptables -A IN -d 172.25.34.100 -j DROP #接收虚拟ip的数据
4、arptables -A OUT -s 172.25.34.100 -j mangle –mangle-ip-s 172.25.34.2 #不广播本机的虚拟ip,只广播真实ip,因为vs的虚拟ip和server的虚拟ip是一样的,所以只能让vs响应arp应答
5、/etc/init.d/arptables_jf save
server3:
1、yum install arptables_jf -y
2、ip addr add 172.25.34.100/32 dev eth0
3、arptables -A IN -d 172.25.34.100 -j DROP
4、arptables -A OUT -s 172.25.34.100 -j mangle –mangle-ip-s 172.25.34.3
5、/etc/init.d/arptables_jf save
client测试:
curl 172.25.34.100 #或者添加解析后curl www.xinhao.com
arptables -L #查看策略
arptables -C #清空策略
实际应用中后端服务器可能会由于各种问题出现故障,因此就需要在varnish服务器上作出判断,若一台服务器出现故障,则varnish服务器不再去这台服务器拿数据,而去备份服务器拿数据,这里基于DR:对后端健康检查
varnish服务器:
1、yum install perl ldirectord-3.9.5-3.1.x86_64.rpm -y
2、cp /usr/share/doc/ldirectord-3.9.5/ldirectord.cf /etc/ha.d/
3、vim /etc/ha.d/ldirectord.cf #自动创建Lvs策略virtual=172.25.34.100:80
real=172.25.34.2:80 gate #正常情况去server2拿数据
real=172.25.34.3:80 gate #正常情况去server2拿数据
fallback=127.0.0.1:80 gate #若服务器故障,则在返回本机信息
service=http
scheduler=rr
#persistent=600
#netmask=255.255.255.255
protocol=tcp
checktype=negotiate
checkport=80
request=”index.html”
#receive=”Test Page”
#virtualhost=www.x.y.z
4、/etc/init.d/ipvsadm stop
5、/etc/init.d/ldirectord start
6、vim /etc/http/conf/httpd.conf
Listen 8080
7、rm -rf /var/www/html/*
8、创建新的html文件
9、/etc/init.d/httpd restart
(1)关闭server2或者server3 的http服务然后在client测试:
curl 172.25.34.100 #或者添加解析后curl www.haohao.com
(1)关闭server2和server3 的http服务然后在client测试:
curl 172.25.34.100 #或者添加解析后curl www.haohao.com
三、keepalive+lvs
首先关闭varnish,ldirectord,预防前边的实验带来的影响
其次源码编译安装keepaliced
1、yum install libnl-devel libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm openssl-devel -y
2、./configure –prefix=/usr/local/keepalived –with-init=SYSV
3、make
4、make instaal
5、ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
6、ln -s /usr/local/keepalived/etc/keepalived/ /etc/
7、ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
8、ln -s /usr/local/keepalived/sbin/keepalived /sbin/
9、chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
配置:
10、vim /etc/keeplived/keeplived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #设置发送给谁
}
notification_email_from Alexandre.Cassen@firewall.loc #设置邮件发送
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #主机
interface eth0
virtual_router_id 51
priority 100 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.10 #设置虚拟IP
}
}
virtual_server 172.25.254.10 80 {
delay_loop 6
lb_algo rr #轮转调度
lb_kind DR #DR模型
#persistence_timeout 50
protocol TCP
real_server 172.25.254.122 80 { #后端服务器1IP
weight 1 #权重
TCP_CHECK {
connect_port 80
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 172.25.254.123 80 { #后端服务器2IP
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
11、/etc/init.d/keepalived start
client测试
设置server1的备份机server4实现高可用
server1 :
scp -r /usr/local/keepalived root@172.25.34.4:/usr/local/
因为在server1主机上已经安装过keepalive。所以只需要打包发送过去做好配置即可
server4:
1、配置yum仓库:
2、yum install ipvsadm -y
3、ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
4、ln -s /usr/local/keepalived/etc/keepalived/ /etc/
5、ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
6、ln -s /usr/local/keepalived/sbin/keepalived /sbin/
7、chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
8、vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 34 #id要保持一致
priority 50 #备份机的优先级要小于主的
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.34.100
}
}
9、/etc/init.d/keepalived start
测试;
1、关闭server1的keepalived服务在client测试:
2、关闭server1和server4的keepalived服务在client测试: