一、常用的負載均衡軟件:
Nginx 應用層負載
LVS 網絡層負載
HAProxy 應用層負載
常用的負載均衡硬件:
F5 、Netscale
二、LVS的四種工作模式
1)VS/NAT模式(Network address translation)
通過NAT轉換表進行負載,收包和回包都需要查表
2)VS/TUN模式(tunneling)
給數據包打上IP頭
3)DR模式(Direct routing)
給數據包打上MAC頭
4)fulnat
雙重NAT轉換
三、LVS的配置(NAT模式)
三臺主機,一臺作爲負載轉發(dir),兩臺作爲業務(rs)
hostname dir
loginout
hostname rs1
loginout
hostname rs2
loginout
===============dir配置
yum install ipvsadm -y #dir上安裝ipvsadm包 vim /usr/local/sbin/lvs_nat.sh #! /bin/bash# director 服務器上開啓路由轉發功能: echo 1 > /proc/sys/net/ipv4/ip_forward # 關閉icmp的重定向echo 0 > /proc/sys/net/ipv4/conf/all/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/default/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/eth0/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects # director 設置nat防火牆 iptables -t nat -F iptables -t nat -X iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE #設置內網網段 # director設置ipvsadm IPVSADM='/sbin/ipvsadm' $IPVSADM -C $IPVSADM -A -t 192.168.1.200:80 -s rr $IPVSADM -a -t 192.168.1.200:80 -r 192.168.2.1:80 -m $IPVSADM -a -t 192.168.1.200:80 -r 192.168.2.2:80 -m /bin/bash /usr/local/sbin/lvs_nat.sh #執行腳本 ipvsadm -ln #查看虛擬轉發表 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.200:80 rr -> 192.168.2.1:80 Masq 1 0 0 -> 192.168.2.2:80 Masq 1 0 0
====================rs配置
yum install nginx -y #rs服務器上都安裝nginx作爲測試 echo "111master" > /usr/share/nginx/html/index.html yum install nginx -y echo "222slave" > /usr/share/nginx/html/index.html [root@dir ~]# curl 192.168.1.200:80 111master [root@dir ~]# curl 192.168.1.200:80 222slave [root@dir ~]# curl 192.168.1.200:80 111master [root@dir ~]# curl 192.168.1.200:80 222slave
測試成功
四、LVS的配置(DR模式)
ipvsadm -C ipvsadm -ln iptables -t nat -F #清空規則 rs網關不指向dir,三臺主機在同一網段,比較浪費公網IP,四個IP vim /usr/local/sbin/lvs_dr.sh #! /bin/bash echo 1 > /proc/sys/net/ipv4/ip_forward ipv=/sbin/ipvsadm vip=192.168.1.205 rs1=192.168.1.201 rs2=192.168.1.202 ifconfig eth0:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip dev eth0:0 $ipv -C $ipv -A -t $vip:80 -s rr $ipv -a -t $vip:80 -r $rs1:80 -g -w 1 $ipv -a -t $vip:80 -r $rs2:80 -g -w 1 /bin/bash /usr/local/sbin/lvs_dr.sh #執行腳本 ipvsadm -ln #查看規則
====================兩臺上rs配置
#! /bin/bash vip=192.168.1.205 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce /bin/bash /usr/local/sbin/lvs_dr_rs.sh
測試:最好再開一臺Linux,瀏覽器有緩存
五、LVS+keepalived
兩臺作爲keepalived,一主一從,dir和rs2做主從keepalive [root@dir ~]# ipvsadm -C #清空規則 yum install -y keepalived ipvsadm #dir和rs2安裝 cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak > /etc/keepalived/keepalived.conf vim /etc/keepalived/keepalived.conf #dir上編譯配置文件 vrrp_instance VI_1 { state MASTER #備用服務器上爲 BACKUP interface eth0 virtual_router_id 51 priority 100 #備用服務器上爲90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.205 } } virtual_server 192.168.1.205 80 { delay_loop 6 #(每隔10秒查詢realserver狀態) lb_algo wlc #(lvs 算法) lb_kind DR #(Direct Route) persistence_timeout 60 #(同一IP的連接60秒內被分配到同一臺realserver) protocol TCP #(用TCP協議檢查realserver狀態) real_server 192.168.1.201 80 { weight 100 #(權重) TCP_CHECK { connect_timeout 10 #(10秒無響應超時) nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.1.202 80 { weight 100 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } /etc/init.d/keepalived start #啓動 正在啓動 keepalived: [確定] ip add #查看虛擬IP是否啓動 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:e2:dc:da brd ff:ff:ff:ff:ff:ff inet 192.168.1.200/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.205/32 scope global eth0 inet6 fe80::20c:29ff:fee2:dcda/64 scope link valid_lft forever preferred_lft forever
===================從keeplived配置
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak > /etc/keepalived/keepalived.conf vim /etc/keepalived/keepalived.conf vrrp_instance VI_1 { state BACKUP #備用服務器上爲 BACKUP interface eth0 virtual_router_id 51 priority 90 #備用服務器上爲90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.205 } } virtual_server 192.168.1.205 80 { delay_loop 6 #(每隔10秒查詢realserver狀態) lb_algo wlc #(lvs 算法) lb_kind DR #(Direct Route) persistence_timeout 60 #(同一IP的連接60秒內被分配到同一臺realserver) protocol TCP #(用TCP協議檢查realserver狀態) real_server 192.168.1.201 80 { weight 100 #(權重) TCP_CHECK { connect_timeout 10 #(10秒無響應超時) nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.1.202 80 { weight 100 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } /etc/init.d/keepalived start /etc/init.d/ipvsadm start ===================== 啓動兩臺rs的Nginx服務,若下面規則缺少,查看Iptables是否關閉 [root@dir ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.205:80 wlc persistent 60 -> 192.168.1.201:80 Route 100 0 0 -> 192.168.1.202:80 Route 100 0 0
成功
宕機測試:
關閉rs1的業務網卡
[root@dir ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.205:80 wlc persistent 60 -> 192.168.1.202:80 Route 100 0 0 再開啓 [root@dir ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.205:80 wlc persistent 60 -> 192.168.1.201:80 Route 100 0 0 -> 192.168.1.202:80 Route 100 0 0
keeplived高可用測試
/etc/init.d/keepalived stop #關閉主 [root@rs2 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.205:80 wlc persistent 60 -> 192.168.1.201:80 Route 100 0 0 -> 192.168.1.202:80 Local 100 0 0
成功