keepalived+ipvsadm搭建和配置

1.vagrant+virtualbox虚拟环境配置

box地址：https://pan.baidu.com/s/1sl2vVmH   秘钥：qm7z 

相关vagrant操作可以百度，该box为cent6.7版本,nginx,php-fpm已安装,相关配置可以修改以适应自己的环境

Vagrant.configure("2") do |config|

    (1..4).each do |i|

        config.vm.define "node#{i}" do |node|

        # 设置虚拟机的Box
        node.vm.box = "mybox"

        # 设置虚拟机的主机名
        node.vm.hostname="node#{i}"

        # 设置虚拟机的IP
        node.vm.network "private_network", ip: "192.168.59.#{i}"

        # 设置主机与虚拟机的共享目录
        node.vm.synced_folder "E:/vagrant", "/vagrant"

        # VirtaulBox相关配置
        node.vm.provider "virtualbox" do |v|

            # 设置虚拟机的名称
            v.name = "node#{i}"

            # 设置虚拟机的内存大小  
            v.memory = 4096

            # 设置虚拟机的CPU个数
            v.cpus = 1
        end
  
        # 使用shell脚本进行软件安装和配置
      

        end
    end
end

2.ipvsadm和keepalived安装

我的版本：

ipvsadm-1.26.tar.gz

https://pan.baidu.com/s/1o8qWGnK  秘钥：gn7e

keepalived-1.4.0.tar.gz  dnck

https://pan.baidu.com/s/1geDVxqN   秘钥：2nsm

安装依赖 :  yum -y install openssl openssl-devel popt popt-devel libnl-devel kenel-devel

检测ipvs模块是否已安装：lsmod

ipvsadm不需要configure,存在makefile文件所以可以直接make && make install

keepalived：./configure --prefix=/usr/local/keepalived ;make;make install

3.真实服务器配置

VIP客户端LVS_REAL脚本配置

#!/bin/bash
#description : start realserver
VIP=192.168.59.110
#/etc/rc.d/init.d/functions
case "$1" in
start)
echo " start LVS of REALServer"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up

echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac

赋予脚本执行权限:chmod +x lvs_real
启动/停止脚本:lvs_real start /stop

查看VIP是否已生效：ip addr ,注意必须设置在lo网卡，并且VIP可负载均衡器的VIP是一样的。

4.负载配置

把配置目录复制一份到/etc下面： cp -r /usr/local/keepalived/etc/keepalived/ /etc/

MASTER配置：vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   router_id LVS_MASTER
}



vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 51
    priority 150
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.59.110
    }
}

virtual_server 192.168.59.110 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP

    real_server 192.168.59.3 80 {
        weight 100
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.59.4 80 {
        weight 100
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
}

SLAVE配置：vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   router_id LVS_BACKUP
}





vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 100
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.59.110
    }
}

virtual_server 192.168.59.110 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP

    real_server 192.168.59.3 80 {
        weight 100
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.59.4 80 {
        weight 100
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
}

注意：主负载均衡器(MASTER)与备份负载均衡器
（BACKUP）配置文件的差异一共只有 3 处: 全局定义的 route_id、vrrp_instance state 以及vrrp_instance 的优先级 priority。

5.启动服务

启动运行：keepalived -D -f /etc/keepalived/keepalived.conf

相关日志文件：/var/log/message

pkill keepalived 杀死keepalived相关进程

查看负载均衡器情况：ipvsadm 

查看连接状态：ipvsadm -lcn

注意：只有MASTER上才会在eth1上绑定VIP，虽然在SLAVE上运行了,但不会绑定，可以杀死MASTER进程，查看日志发现SLAVE变成了MASTER状态，ip addr查看可以看到在SLAVE上绑定了VIP，如果重启MASTER，SLAVE负载器重新回到SLAVE状态。当某个真实服务不可用是，访问VIP照样可用，可以访问另一个真实后端服务。

即支持 故障隔离和恢复，主备负载

相关配置：

1.在/etc/hosts配置DNS如:      192.168.59.110 local.web.com

2.在/etc/sysctl.conf 配置

net.ipv4.ip_forward = 1

net.ipv4.ip_nonlocal_bind = 1

ipvsadm是用来对LVS的管理

6.笔记

 监听网卡TCP数据包：tcpdump -i eth1 -nn 'tcp'
 

查看TCP连接情况：netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'  


TCP状态：http://blog.csdn.net/zhangdaisylove/article/details/46793567

SYN_SEND :client发送SYN报文,还未收到ACK。
SYN_RECV :server接收到SYN报文,并发送ACK,等待client响应ACK.
ESTABLISHED:client收到server的ACK报文后;server收到client的ACK报文后。
以上三种状态用于三次握手阶段


-------四次撒手阶段状态变化---------
FIN_WAIT1:主动断开连接端(A),发送FIN报文,等待接收被动断开连接端(B端)的ACK。
CLOSE_WAIT：（B端）等待自己数据发送完毕，如果大量CLOSE_WAIT状态的连接数,未主动变成LAST_ACK状态,很可能代码问题,
FIN_WAIT2:A收到(B端)ACK报文,并等待接收FIN报文
LAST_ACK:（B端）从CLOSE_WAIT主动变成此状态,发送FIN报文,等待（A端的）ACK报文
TIME_WAIT:(A端)接收到B的FIN报文后的状态,TIME_WAIT是TCP协议用以保证被重新分配的socket不会受到之前残留的延迟重发报文影响的机制,是必要的逻辑保证。
CLOSED:A端TIME_WAIT状态经过timeout时间后变成CLOSED;B端收到A的ACK报文后变成CLOSED状态。
至此连接断开,socket回收
和TIME_WAIT状态有关的系统参数有一般由3个，
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30