LVS+Keepalive

一、常用的負載均衡軟件：

Nginx  應用層負載

LVS      網絡層負載

HAProxy  應用層負載

常用的負載均衡硬件：

F5 、Netscale

二、LVS的四種工作模式

1）VS/NAT模式（Network address translation）

通過NAT轉換表進行負載，收包和回包都需要查表

2）VS/TUN模式（tunneling）

給數據包打上IP頭

3）DR模式（Direct routing）

給數據包打上MAC頭

4）fulnat

雙重NAT轉換

三、LVS的配置（NAT模式）

三臺主機，一臺作爲負載轉發（dir），兩臺作爲業務（rs）

hostname dir

loginout

hostname rs1

loginout

hostname rs2

loginout

===============dir配置

yum install ipvsadm -y
#dir上安裝ipvsadm包
vim /usr/local/sbin/lvs_nat.sh
#! /bin/bash# director 服務器上開啓路由轉發功能: echo 1 > /proc/sys/net/ipv4/ip_forward # 關閉icmp的重定向echo 0 > /proc/sys/net/ipv4/conf/all/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/default/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/eth0/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
# director 設置nat防火牆
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.2.0/24  -j MASQUERADE   #設置內網網段
# director設置ipvsadm
IPVSADM='/sbin/ipvsadm'
$IPVSADM -C
$IPVSADM -A -t 192.168.1.200:80 -s rr  
$IPVSADM -a -t 192.168.1.200:80 -r 192.168.2.1:80 -m        
$IPVSADM -a -t 192.168.1.200:80 -r 192.168.2.2:80 -m 
/bin/bash /usr/local/sbin/lvs_nat.sh
#執行腳本
ipvsadm -ln   
#查看虛擬轉發表
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.200:80 rr
  -> 192.168.2.1:80               Masq    1      0          0         
  -> 192.168.2.2:80               Masq    1      0          0

====================rs配置

yum install nginx -y
#rs服務器上都安裝nginx作爲測試
echo "111master" > /usr/share/nginx/html/index.html 
yum install nginx -y
echo "222slave" > /usr/share/nginx/html/index.html 
[root@dir ~]# curl 192.168.1.200:80
111master
[root@dir ~]# curl 192.168.1.200:80
222slave
[root@dir ~]# curl 192.168.1.200:80
111master
[root@dir ~]# curl 192.168.1.200:80
222slave

測試成功

四、LVS的配置（DR模式）

ipvsadm -C   
ipvsadm -ln
iptables -t nat -F
#清空規則
rs網關不指向dir，三臺主機在同一網段，比較浪費公網IP，四個IP
vim /usr/local/sbin/lvs_dr.sh
#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ipv=/sbin/ipvsadm
vip=192.168.1.205
rs1=192.168.1.201
rs2=192.168.1.202
ifconfig eth0:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev eth0:0
$ipv -C
$ipv -A -t $vip:80 -s rr 
$ipv -a -t $vip:80 -r $rs1:80 -g -w 1
$ipv -a -t $vip:80 -r $rs2:80 -g -w 1
/bin/bash /usr/local/sbin/lvs_dr.sh            #執行腳本
ipvsadm -ln         #查看規則

====================兩臺上rs配置

#! /bin/bash
vip=192.168.1.205
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
/bin/bash  /usr/local/sbin/lvs_dr_rs.sh

測試：最好再開一臺Linux，瀏覽器有緩存

五、LVS+keepalived

兩臺作爲keepalived，一主一從，dir和rs2做主從keepalive
[root@dir ~]# ipvsadm -C 
#清空規則
yum install -y keepalived ipvsadm 
#dir和rs2安裝
cp  /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak 
>  /etc/keepalived/keepalived.conf
vim  /etc/keepalived/keepalived.conf
#dir上編譯配置文件
vrrp_instance VI_1 {
    state MASTER   #備用服務器上爲 BACKUP
    interface eth0
    virtual_router_id 51
    priority 100  #備用服務器上爲90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.205
    }
}
virtual_server 192.168.1.205 80 {
    delay_loop 6                  #(每隔10秒查詢realserver狀態)
    lb_algo wlc                  #(lvs 算法)
    lb_kind DR                  #(Direct Route)
    persistence_timeout 60        #(同一IP的連接60秒內被分配到同一臺realserver)
    protocol TCP                #(用TCP協議檢查realserver狀態)
    real_server 192.168.1.201 80 {
        weight 100               #(權重)
        TCP_CHECK {
        connect_timeout 10       #(10秒無響應超時)
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
real_server 192.168.1.202 80 {
        weight 100
        TCP_CHECK {
        connect_timeout 10
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
     }
}
/etc/init.d/keepalived start                       #啓動
正在啓動 keepalived：                                      [確定]
ip add                                                       #查看虛擬IP是否啓動
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:e2:dc:da brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.200/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.205/32 scope global eth0
    inet6 fe80::20c:29ff:fee2:dcda/64 scope link 
       valid_lft forever preferred_lft forever

===================從keeplived配置

cp  /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak 
>  /etc/keepalived/keepalived.conf
vim  /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
    state BACKUP   #備用服務器上爲 BACKUP
    interface eth0
    virtual_router_id 51
    priority 90  #備用服務器上爲90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.205
    }
}
virtual_server 192.168.1.205 80 {
    delay_loop 6                  #(每隔10秒查詢realserver狀態)
    lb_algo wlc                  #(lvs 算法)
    lb_kind DR                  #(Direct Route)
    persistence_timeout 60        #(同一IP的連接60秒內被分配到同一臺realserver)
    protocol TCP                #(用TCP協議檢查realserver狀態)
    real_server 192.168.1.201 80 {
        weight 100               #(權重)
        TCP_CHECK {
        connect_timeout 10       #(10秒無響應超時)
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
real_server 192.168.1.202 80 {
        weight 100
        TCP_CHECK {
        connect_timeout 10
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
     }
}
/etc/init.d/keepalived start         
/etc/init.d/ipvsadm start
=====================
啓動兩臺rs的Nginx服務，若下面規則缺少，查看Iptables是否關閉
[root@dir ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.205:80 wlc persistent 60
  -> 192.168.1.201:80             Route   100    0          0         
  -> 192.168.1.202:80             Route   100    0          0

    

成功

宕機測試：

關閉rs1的業務網卡

[root@dir ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.205:80 wlc persistent 60
  -> 192.168.1.202:80             Route   100    0          0         
再開啓
[root@dir ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.205:80 wlc persistent 60
  -> 192.168.1.201:80             Route   100    0          0         
  -> 192.168.1.202:80             Route   100    0          0

   

keeplived高可用測試

/etc/init.d/keepalived stop       #關閉主
 [root@rs2 ~]# ipvsadm -ln              
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.205:80 wlc persistent 60
  -> 192.168.1.201:80             Route   100    0          0         
  -> 192.168.1.202:80             Local   100    0          0

 

成功