Centos7.3部署LVS負載均衡

原創 clx263393281 2018-09-12 06:22

LVS是Linux Virtual Server的簡寫,意即Linux虛擬服務器,是一個虛擬的服務器集羣系統。本項目在1998年5月由章文嵩博士成立,是中國國內最早出現的自由軟件項目之一。LVS 簡單工作原理:用戶請求LVS VIP,LVS根據轉發方式和算法,將請求轉發後端服務器,後端服務器接受到請求,返回給用戶。對用戶來說,看不到WEB後端具體的應用。LVS轉發方式有三種,分別是NAT、DR、TUN模式,常用算法:RR、LC、WRR、WLC模式等(RR爲輪詢模式,LC爲最少連接模式)LVS NAT原理:用戶請求LVS到達director,director將請求的報文的目標地址改成後端的realserver地址,同時將報文的目標端口也改成後端選定的realserver相應端口,最後將報文發送到realserver,realserver將數據返給director,director再把數據發送給用戶。(兩次請求都經過director,所以訪問大的話,director會成爲瓶頸)LVS DR原理:用戶請求LVS到達director,director將請求的報文的目標MAC地址改成後端的realserver MAC地址,目標IP爲VIP(不變),源IP爲用戶IP地址(保持不變),然後Director將報文發送到realserver,realserver檢測到目標爲自己本地IP,如果在同一個網段,然後將請求直接返給用戶。如果用戶跟realserver不在一個網段,則通過網關返回用戶。(此種轉發效率最高)LVS TUN原理:跟LVS DR類似,也是改變封裝MAC地址,多了一層隧道加密。實施環境複雜,比LVS DR模式效率略低。

實驗環境:兩臺服務器部署,IP地址爲:192.168.10.30、192.168.10.31 VIP:192.168.10.32
[root@server ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)

[root@lvs ~]# yum install ipvsadm keepalived -y
[root@lvs ~]# ipvsadm -version //查看IPVS版本信息
[root@lvs ~]# ipvsadm -Ln //查看LVS轉發列表
[root@lvs ~]# ipvsadm -Ln --timeout //查看LVS的超時時間
[root@lvs ~]# ipvsadm --set 5 10 10 //修改LVS對轉發過的請求超時時間

LVS存在分設與合設,分設就是服務器單獨安裝LVS,合設就是跟業務網元一起安裝在相同服務器上,合設時需要注意25%的機率會出現調度跟業務流出現死循環,需要在iptables裏面對入流做標記過濾。
1. 分設主備配置示例:
[root@lvs ~]# vim /etc/keepalived/keepalived.conf //主用

! Configuration File for keepalived

global_defs {
router_id LVS_Master
}

vrrp_instance VI_WEB {
state MASTER
interface bond0
virtual_router_id 110
priority 200
advert_int 3
authentication {
auth_type PASS
auth_pass 1212
}
virtual_ipaddress {
192.168.10.32
}
}

virtual_server 192.168.10.32 80 {
delay_loop 6
lb_algo lc
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.10.23 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.24 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.25 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.26 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}

[root@lvs ~]# vim /etc/keepalived/keepalived.conf //備用

! Configuration File for keepalived

global_defs {
router_id LVS_Backup
}

vrrp_instance VI_WEB {
state BACKUP
interface bond0
virtual_router_id 110
priority 120
advert_int 3
authentication {
auth_type PASS
auth_pass 1212
}
virtual_ipaddress {
192.168.10.32
}
}

virtual_server 192.168.10.32 80 {
delay_loop 6
lb_algo lc
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.10.23 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.24 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.25 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.26 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}

2. 合設主備配置示例:

[root@lvs~]# vim /etc/sysconfig/iptables //主用(寫備用LVS的MAC)

*mangle
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -d 192.168.10.32/32 -p tcp -m tcp --dport 80 -m mac ! --mac-source 0c:c4:7a:82:dc:ce -j MARK --set-xmark 0x3
-A INPUT -d 224.0.0.18 -i bond0 -j ACCEPT
COMMIT

[root@lvs ~]# vim /etc/keepalived/keepalived.conf //主用

! Configuration File for keepalived

global_defs {
router_id LVS_Master
}

vrrp_instance VI_WEB {
state MASTER
interface bond0
virtual_router_id 110
priority 200
advert_int 3
authentication {
auth_type PASS
auth_pass 1212
}
virtual_ipaddress {
192.168.10.32
}
}

virtual_server fwmark 3 {
delay_loop 6
lb_algo lc
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.10.23 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.24 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.25 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.26 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}

[root@lvs~]# vim /etc/sysconfig/iptables //備用(寫主用LVS的MAC)

*mangle
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -d 192.168.10.32/32 -p tcp -m tcp --dport 80 -m mac ! --mac-source 0c:c4:7a:82:dc:cf -j MARK --set-xmark 0x4
-A INPUT -d 224.0.0.18 -i bond0 -j ACCEPT
COMMIT

[root@lvs ~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
router_id LVS_Backup
}

vrrp_instance VI_WEB {
state BACKUP
interface bond0
virtual_router_id 110
priority 120
advert_int 3
authentication {
auth_type PASS
auth_pass 1212
}
virtual_ipaddress {
192.168.10.32
}
}

virtual_server fwmark 4 {
delay_loop 6
lb_algo lc
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.10.23 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.24 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.25 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.26 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}

[root@lvs ~]# systemctl enable keepalived && systemctl start keepalived
[root@lvs ~]# systemctl list-unit-files | grep keepalived
[root@lvs ~]# tail -f /var/log/messages

如上設置,LVS 主備配置完畢,接下來需要在realserver配置LVS VIP,爲什麼要在realserver綁定VIP呢?客戶端訪問director的VIP,director接收請求,將通過相應的算法將請求轉發給相應的realserver。在轉發的過程中,會修改請求包的目的mac地址,目的ip地址不變。Realserver接收請求,並直接響應客戶端。這時便出現一個問題,director此時與realserver位於同一個網絡中,當director直接將請求轉發給realserver時,realserver檢測到該請求包的目的ip是vip而並非自己,便會丟棄,而不會響應。爲了解決這個問題,所以需要在所有Realserver上都配上VIP。爲什麼一定要配置在lo接口上呢?在realserver上的lo口配置VIP,這樣限制了VIP不會在物理交換機上產生MAC地址表,從而避免IP衝突。
[root@realserver ~]# vim /usr/bin/realserver.sh

#! /bin/bash
#description: Config realserver lo and apply noarp
LVS_VIP=192.168.10.32
case "$1" in
start)
ifconfig lo:0 $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/bond0/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/bond0/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
exit 0
;;
stop)
ifconfig lo:0 down
route del $EPG_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/bond0/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/bond0/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
exit 1
;;
status)

Status of LVS-DR real server.

    islothere=`/sbin/ifconfig lo:0 | grep $LVS_VIP`
    isrothere=`netstat -rn | grep "lo:0" | grep $LVS_VIP`
    if [ ! "$islothere" -o ! "isrothere" ];then
        # Either the route or the lo:0 device
        echo "LVS-DR real server Stopped."
    else
        echo "LVS-DR Running."
    fi

;;
*)

Invalid entry.

    echo "$0: Usage: $0 {start|status|stop}"
    exit 1

;;
esac

[root@realserver ~]# chmod +x /usr/bin/realserver.sh
[root@realserver ~]# sh /usr/bin/realserver.sh start

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

部署遠程協助項目小感

lhs8609 2019-02-23 13:43:30

組策略之(2)-------部署Bginfo軟件,桌面顯示用戶端信息

czq2008sky 2019-02-23 13:38:34

ISA2004標準版在windows03中的部署和簡單配置

coinking 2019-02-23 13:34:58

wsus3.0部署

coinking 2019-02-23 13:34:58

Windows server 2008利用WDS 部署(一)

菜鳥小苗 2019-02-23 13:31:29

WSUS3.0部署

zhanglong0123 2019-02-23 13:29:47

新生力量Windows2008額外域控制器的部署!

chengcai 2019-02-23 13:08:35

wsus3.0 安裝與部署

chengcai 2019-02-23 13:08:35

部署KVM虛擬化平臺

孫瑞瑞 2019-02-23 00:43:25

LVS(Linux Virtual Server)三種負載均衡模型和十種調度的簡單介紹

譕淚寳唄 2019-02-23 13:29:17

集羣LVS DR詳解及配置

335729167 2019-02-23 13:00:44

LVS

宏光 2019-02-23 12:59:26

LVS負載均衡羣集

孫瑞瑞 2019-02-23 00:43:25

LVS+Keepalived高可用羣集

孫瑞瑞 2019-02-23 00:43:25

2018-4-11 16周1次課 LVS DR模式搭建、keepalived + LVS

alexis7gunner 2019-02-23 00:41:20