一. NAT(VS/NAT)简介:
Virtual Server via Network Address Translation: 在一组real_server服务器前有一个Director,它们是通过Switch/HUB相连接的。这些服务器提供相同的网络服务、相同的内容,即不管请求被发送到后台哪一台RealServer,执行结果是一样的。服务的内容可以复制到每台RealServer的本地硬盘上,可以通过网络文件系统(如NFS)共享,也可以通过一个分布式文件系统来提供。所有的RealServer只需要将自己的网关指向Director即可。客户端可以是任意操作系统,但此方式下,一个Director能够带动的RealServer比较有限。在VS/NAT的方式下,Director也可以兼为一台RealServer。
实验环境:
1.硬件环境
- Server1:充当LVS服务器
双网卡:
(DIP)172.25.71.1
(VIP)172.25.254.1 //和物理主机在统一网段 - Server2、Server3充当两个Realserver
单网卡:
server2:(RIP)172.25.71.2/24
server3:(RIP)172.25.71.3/24
2.软件环境:
- 搭建LVS集群只需要在Director服务器上安装ipvsadmin工具可使用RedHat自带的rpm包进行安装
- 版本:ipvsadm.x86_64 0:1.26-2.el6
二. 实验
1. 配置DirectorServer服务器:
Server1:
1.添加两块网卡:
2.添加VIP
[root@server1 ~]# yum install ipvsadm -y //安装服务
[root@server1 ~]# ip addr add 172.25.254.1/24 dev eth1 //添加VIP
[root@server1 ~]# ip addr //查看
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:a0:aa:94 brd ff:ff:ff:ff:ff:ff
inet 172.25.71.1/24 brd 172.25.71.255 scope global eth0
inet 172.25.71.100/24 scope global eth0
inet6 fe80::5054:ff:fea0:aa94/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 //VIP
link/ether 52:54:00:3e:ff:a3 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.1/24 scope global eth1
3.开启本地路由转发
[root@server1 ~]# cat /proc/sys/net/ipv4/ip_forward //查看本地路由功能
0 (1:开启 , 0:关闭)
[root@server1 ~]# vim /etc/sysctl.conf //开启本地路由转发
net.ipv4.ip_forward = 1 //将0更改为1即可
[root@server1 ~]# sysctl -p //重新加载配置文件
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
2. 配置RealServer服务器
Server2:
1.配置ip和网关:
[root@server2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
//网关为server1的ip
[root@server2 ~]# /etc/init.d/network restart //重启网络
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 172.25.71.2 is already in use for device eth0...
[ OK ]
2.配置apache
[root@server2 ~]# /etc/init.d/httpd start //开启apache
Starting httpd: httpd: Could not reliably determine the server fully qualified domain name, using 172.25.71.2 for ServerName
[ OK ]
[root@server2 ~]# netstat -antle //查看端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 8137
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 8362
tcp 0 0 172.25.71.2:22 172.25.71.250:45586 ESTABLISHED 0 8632
tcp 0 0 :::80 :::* LISTEN 0 9128
tcp 0 0 :::22 :::* LISTEN 0 8139
tcp 0 0 ::1:25 :::* LISTEN 0 8364
[root@server2~]#echo "www.westos.com-server2" > /var/www/html/index.html
//给web服务提供网页界面
[root@server2 ~]# iptables -F //清除防火墙策略
[root@server2 ~]# curl http://localhost //测试访问本地web
www.westos.com -server2
Server3:
1.配置ip和网关
[root@server3 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@server3 ~]# /etc/init.d/network restart //重启网络
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 172.25.71.3 is already in use for device eth0...
[ OK ]
2. 配置apache
[root@server3 ~]# /etc/init.d/httpd start //开启apache
Starting httpd: httpd: Could not reliably determine the server fully qualified domain name, using 172.25.71.3 for ServerName
[ OK ]
[root@server3 ~]# netstat -antle //查看监听端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 8138
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 8359
tcp 0 0 172.25.71.3:22 172.25.71.250:51515 ESTABLISHED 0 8633
tcp 0 0 :::80 :::* LISTEN 0 9184
tcp 0 0 :::22 :::* LISTEN 0 8140
tcp 0 0 ::1:25 :::* LISTEN 0 8361
[root@server3 ~]# echo "www.westos.com -server3" > /var/www/html/index.html
//给web服务提供网页界面
[root@server2 ~]# iptables -F //清除防火墙策略
[root@server3 ~]# curl http://localhost //测试访问本地web
www.westos.com -server3
3.配置Director,并将RealServer加入集群服务
1.server1测试是否可以访问两个realserver
[root@server1 ~]# curl http://172.25.71.2
www.westos.com -server2
[root@server1 ~]# curl http://172.25.71.3
www.westos.com -server3
2. 将RealServer加入Web集群服务 (这里使用rr调度算法)
[ Ipvsadm基本命令用法 ]
管理集群服务:
添加:
-A -t|u|f service-address [-s scheduler]
-t: TCP协议的集群
-u: UDP协议的集群
service-address: IP:PORT
-f: FWM: 防火墙标记
service-address: Mark Number
修改: -E
删除: -D -t|u|f service-address
管理集群服务中的RealServer:
添加:
-a -t|u|f service-address -r server-address [-g|i|m] [-w weight]
-t|u|f service-address:事先定义好的某集群服务
-r server-address: 某RS的地址,在NAT模型中,可使用IP:PORT实现端口映射;
-g: DR
-i: TUN
-m: NAT
修改: -e
删除: -d -t|u|f service-address -r server-address
集群服务后续管理:
查看:
-L|l
-n: 数字格式显示主机地址和端口
–stats:统计数据
–rate: 速率
–timeout: 显示tcp、tcpfin和udp的会话超时时长
-c: 显示当前的ipvs连接状况
例:ipvsadm -L -n –stats
删除所有集群服务
-C:清空ipvs规则
例:ipvsadm -C
保存规则 :-S
例: ipvsadm -S > /etc/sysconfig/ipvsadm
载入此前的规则: -R
例:ipvsadm -R < /etc/sysconfig/ipvsadm
[root@server1 ~]# ipvsadm -A -t 172.25.254.1:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.254.1:80 -r 172.25.71.2 -m -w 2
[root@server1 ~]# ipvsadm -a -t 172.25.254.1:80 -r 172.25.71.3 -m -w 1
//此处的-w指定权重是没有意义的,因为我们使用的为rr调度算法(轮叫),不过你也可以指定,后边我们改变算法时就不用重新定义了.
server1:
[root@server1 ~]# ipvsadm -ln //查看ipvsadm状态信息
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.1:80 rr
-> 172.25.71.2:80 Masq 2 0 0
-> 172.25.71.3:80 Masq 1 0 0
4.测试web集群服务rr算法
物理机:
[root@foundation71 ~]# curl http://172.25.254.1
www.westos.com -server3
[root@foundation71 ~]# curl http://172.25.254.1
www.westos.com -server2 //实现论叫
Server1:
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.1:80 rr
-> 172.25.71.2:80 Masq 2 0 2
-> 172.25.71.3:80 Masq 1 0 2
//查看论叫次数相同
5.更改为wrr调度算法(加权循环算法)
Server1:
[root@server1 ~]# ipvsadm -E -t 172.25.254.1:80 -s wrr
//用-E选项来修改为调度算法为wrr,那么前边-w选项指定RealServer的权重就生效了,那么我们就不用再对RealServer重新指定了
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.1:80 wrr //权重算法
-> 172.25.71.2:80 Masq 2 0 0
-> 172.25.71.3:80 Masq 1 0 0
物理机:
[root@foundation71 ~]# curl http://172.25.254.1
www.westos.com -server2
[root@foundation71 ~]# curl http://172.25.254.1
www.westos.com -server2
[root@foundation71 ~]# curl http://172.25.254.1
www.westos.com -server3
[root@foundation71 ~]# curl http://172.25.254.1
www.westos.com -server2
[root@foundation71 ~]# curl http://172.25.254.1
www.westos.com -server2
[root@foundation71 ~]# curl http://172.25.254.1
www.westos.com -server3
server1:
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.1:80 wrr
-> 172.25.71.2:80 Masq 2 0 6
-> 172.25.71.3:80 Masq 1 0 3
//此处访问那么算法就根据我们指定了RS1权重为2,RS2的权重为1,那么最后我们访问的结果为刷新两次访问RS1,一次访问RS2,按照这个比例访问。