LVS实战
1.LVS NAT模式 http&https实战
主机 | IP |
---|---|
DR | 192.168.30.251/24 |
DR VIP | 192.168.31.131/24 |
zyy(模拟外网主机) | 192.168.31.130/24 |
HTTP1 | 192.168.30.253/24 |
HTTP2 | 192.168.30.254/224 |
http
1.DR开启IP转发
[root@zyy180 ~]# vim /etc/sysctl.conf
[root@zyy180 ~]# sysctl -p
net.ipv4.ip_forward = 1
DR网卡信息
[root@DR ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:50:dc:de brd ff:ff:ff:ff:ff:ff
inet 192.168.30.251/24 brd 192.168.30.255 scope global dynamic ens33
valid_lft 1665sec preferred_lft 1665sec
inet6 fe80::7551:797b:c67c:10a0/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:50:dc:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.31.131/24 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe50:dce8/64 scope link
valid_lft forever preferred_lft forever
2.RS上将服务启动
[root@RS1 html]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::80 :::*
[root@localhost html]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::80 :::*
3.RS上路由信息(都要指向DR)
[root@http1 html]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.30.251 0.0.0.0 UG 100 0 0 ens33
192.168.30.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@http2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.30.251 0.0.0.0 UG 100 0 0 ens33
192.168.30.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
4. DR LVS配置
[root@DR ~]# ipvsadm -A -t 192.168.31.131:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.31.131:80 -r 192.168.30.253 -m
[root@DR ~]# ipvsadm -a -t 192.168.31.131:80 -r 192.168.30.254 -m
5.测试
[root@zyy ~]# curl http://192.168.31.131
2
[root@zyy ~]# curl http://192.168.31.131
1
https
1.RS上将https配置好
[root@http1 html]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 :::443 :::*
[root@http2 conf.d]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 :::443 :::*
2.DR配置
[root@DR ~]# ipvsadm -A -t 192.168.30.131:443 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.30.131:443 -r 192.168.30.253 -m
[root@DR ~]# ipvsadm -a -t 192.168.30.131:443 -r 192.168.30.254 -m
3.查看
[root@DR ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.30.131:443 rr
-> 192.168.30.253:443 Masq 1 0 0
-> 192.168.30.254:443 Masq 1 0 0
TCP 192.168.31.131:80 rr
-> 192.168.30.253:80 Masq 1 0 0
-> 192.168.30.254:80 Masq 1 0 0
2.LVS DB模式 http&https实战
项目 | Value |
---|---|
DR | 192.168.30.251/24 |
VIP | 192.168.30.160/32 |
RS1 | 192.168.30.238/24 |
RS2 | 192.168.30.239/24 |
http
1.安装ipvsadm
[root@DR ~]# yum -y install ipvsadm
2.DR配置VIP
[root@DR ~]# route addr add 192.168.30.160/32 dev lo
[root@DR ~]# route add -host 192.168.30.160/32 dev lo
3.在RS1上修改网卡内核参数
[root@RS1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
4.RS1上配置VIP
[root@RS1 ~]# ip addr add 192.168.30.160/32 dev lo
[root@RS1 ~]# route add -host 192.168.30.160/32 dev lo
在RS2上修改网卡内核参数
[root@RS2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
RS2上配置VIP
[root@RS2 ~]# ip addr add 192.168.30.160/32 dev lo
[root@RS2 ~]# route add -host 192.168.30.160/32 dev lo
5.arp查看
[root@DR ~]# arp -a
? (192.168.30.238) at 00:0c:29:e2:be:9a [ether] on ens33
? (192.168.30.239) at 00:0c:29:c8:03:9e [ether] on ens33
6.DR上配置LVS
[root@DR ~]# ipvsadm -A -t 192.168.30.160:80 -s wrr
[root@DR ~]# ipvsadm -a -t 192.168.30.160:80 -r 192.168.30.238:80 -g
[root@DR ~]# ipvsadm -a -t 192.168.30.160:80 -r 192.168.30.239:80 -g
[root@DR ~]# ipvsadm -S > /etc/sysconfig/ipvsadm
7.查看
[root@DR ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.30.160:80 wrr
-> 192.168.30.238:80 Route 1 0 0
-> 192.168.30.239:80 Route 1 0 0
https
1.将https配置好
2.DR配置LVS
[root@DR ~]# ipvsadm -A -t 192.168.30.160:443 -s wrr
[root@DR ~]# ipvsadm -a -t 192.168.30.160:443 -r 192.168.30.238:443 -g
[root@DR ~]# ipvsadm -a -t 192.168.30.160:443 -r 192.168.30.239:443 -g
3.查看
[root@DR ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.30.160:80 wrr
-> 192.168.30.238:80 Route 1 0 0
-> 192.168.30.239:80 Route 1 0 0
TCP 192.168.30.160:443 wrr
-> 192.168.30.238:443 Route 1 0 0
3.LVS DB模式 mysql实战
项目 | Value |
---|---|
DR(LVS服务器) | 192.168.30.151/24 |
VIP | 192.168.31.131/24 |
zyy(模拟外网主机) | 192.168.31.130/24 |
mysql1 | 192.168.30.245/24 |
mysql2 | 192.168.30.246/24 |
网卡信息
[root@DR ~]# ip a
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:50:dc:de brd ff:ff:ff:ff:ff:ff
inet 192.168.30.151/24 brd 192.168.30.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::7551:797b:c67c:10a0/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:50:dc:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.31.131/24 brd 192.168.31.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe50:dce8/64 scope link
valid_lft forever preferred_lft forever
[root@zyy ~]# ip a
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:16:68:bd brd ff:ff:ff:ff:ff:ff
inet 192.168.31.130/24 brd 192.168.31.255 scope global dynamic ens33
valid_lft 1183sec preferred_lft 1183sec
inet6 fe80::990a:de68:e2a2:ab1d/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:16:68:c7 brd ff:ff:ff:ff:ff:ff
[root@mysql1 ~]# ip a
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:e2:be:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.30.245/24 brd 192.168.30.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::def9:ed60:13e2:5273/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:e2:be:a4 brd ff:ff:ff:ff:ff:ff
inet 192.168.31.131/24 brd 192.168.31.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:bea4/64 scope link
valid_lft forever preferred_lft forever
[root@mysql2 ~]# ip a
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c8:03:9e brd ff:ff:ff:ff:ff:ff
inet 192.168.30.246/24 brd 192.168.30.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::b115:abb6:c786:a261/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::def9:ed60:13e2:5273/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c8:03:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.31.131/24 brd 192.168.31.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fec8:3a8/64 scope link
valid_lft forever preferred_lft forever
配置
1.将mysql安装
[root@mysql1 ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 :::22 :::*
[root@mysql2 ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 :::22 :::*
2.mysql1配置数据库
MariaDB [(none)]> grant all on *.* to 'zyy'@'%' identified by '1' ; ##让任何人都可以登录数据库
MariaDB [(none)]> create database RS1; ##为了试验效果
3.配置内核参数
[root@mysql1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
4,mysql1路由器信息
[root@mysql1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.30.1 0.0.0.0 UG 100 0 0 ens33
0.0.0.0 192.168.31.131 0.0.0.0 UG 101 0 0 ens37
192.168.30.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.31.0 0.0.0.0 255.255.255.0 U 100 0 0 ens37
##mysql2配置与mysql1相同
MariaDB [(none)]> grant all on *.* to 'zyy'@'%' identified by '1' ;
MariaDB [(none)]> create database RS2;
[root@mysql2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@mysql2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.30.1 0.0.0.0 UG 100 0 0 ens33
0.0.0.0 192.168.31.131 0.0.0.0 UG 101 0 0 ens37
192.168.30.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.31.0 0.0.0.0 255.255.255.0 U 100 0 0 ens37
5.DR配置LVS
[root@DR ~]# ipvsadm -A -t 192.168.31.131:3306 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.31.131:3306 -r 192.168.30.245 -g
[root@DR ~]# ipvsadm -a -t 192.168.31.131:3306 -r 192.168.30.246 -g
6.查看
[root@DR ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.31.131:3306 rr
-> 192.168.30.245:3306 Route 1 0 0
-> 192.168.30.246:3306 Route 1 0 0
在模式外网主机上测试