LVS 实验

目录

LVS DR

doc2_1.png

图1  示意图

lvs 192.168.0.1

1.安装编译时可能要用的库
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype \
freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel \
bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 \
krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap \
openldap-clients openldap-servers perl perl-devel libc-client-devel

2.安装内核,安装后重启,并用 uname -r 查看是否使用了新内核
yum install kernel
yum install kernel-devel 
uname -r

3.安装 ipvsadm
mkdir -p /data/soft
cd /data/soft
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz
tar xvf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
ln -sv /usr/src/kernels/2.6.32-431.11.2.el6.x86_64 /usr/src/linux
make && make install
#查看是否加载好模块
lsmod | grep ip_vs
#编写脚本
[root@localhost lvs]# cat /usr/local/lvs/LvsDR 
#!/bin/sh 
VIP=192.168.0.254 
RIP1=192.168.0.2 
RIP2=192.168.0.3
/etc/rc.d/init.d/functions 
case "$1" in 
start) 
echo "start LVS of DirectorServer" 
#Set the Virtual IP Address 
/sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask 255.255.255.255 up 
/sbin/route add -host $VIP dev eth0:1 
#Clear IPVS Table 
/sbin/ipvsadm -C 
#Set Lvs 
/sbin/ipvsadm -A -t $VIP:80 -s rr 
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g 
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g 
#Run Lvs 
/sbin/ipvsadm 
;; 
stop) 
echo "close LVS Directorserver" 
/sbin/ipvsadm -C 
;; 
*) 
echo "Usage: $0 {start|stop}" 
exit 1 
esac

web1 192.168.0.2

#编写脚本
#简单解释一下这个配置,因为需要建立 socket 连接,所以本地
#必须配置 VIP,但是不能相应 arp 请求,所以需要这样配置
[root@localhost lvs]# cat /usr/local/lvs/realserver 
#!/bin/sh 
VIP=192.168.0.254
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up 
#如果是访问 VIP 的请求,路由到 lo:0 设备上
/sbin/route add -host $VIP dev lo:0 
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore 
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce 
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore 
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce 
sysctl -p

web2 192.168.0.3

#编写脚本
[root@localhost lvs]# cat /usr/local/lvs/realserver 
#!/bin/sh  
VIP=192.168.0.254
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up 
/sbin/route add -host $VIP dev lo:0 
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore 
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce 
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore 
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce 
sysctl -p

总结

lvs ./LvsDR start
web1 ./realserver 
web2 ./realserver 
启动 apache 
访问: 
http://192.168.0.254
#访问的时候 web1,web2 轮流出现,如该停掉 web1 则只会访问到 web2,反之亦然。
#web 上 netstat 看可以看到 VIP:port-getway:port 这样的 socekt
#lvs 上看不见 socekt,lvs 转发数据包时直接通过修改数据包的 mac 地址实现,不需要建立 socket 连接这也是 lvs 非常高性能的一个原因

LVS DR+HA

doc2_2.png

图2  示意图

LVS 192.168.56.106

#!/bin/sh 
VIP=192.168.56.254 
RIP1=192.168.56.101 
RIP2=192.168.56.103
/etc/rc.d/init.d/functions 
case "$1" in 
start) 
echo "start LVS of DirectorServer" 
#Set the Virtual IP Address 
/sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask 255.255.255.255 up 
/sbin/route add -host $VIP dev eth0:1 
#Clear IPVS Table 
/sbin/ipvsadm -C 
#Set Lvs 
/sbin/ipvsadm -A -t $VIP:80 -s rr 
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g 
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g 
#Run Lvs 
/sbin/ipvsadm 
;; 
stop) 
echo "close LVS Directorserver" 
/sbin/ipvsadm -C 
;; 
*) 
echo "Usage: $0 {start|stop}" 
exit 1 
esac

HA1 192.168.56.101

LVS 配置

#!/bin/sh  
VIP=192.168.56.254
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p

HA 配置

global
        maxconn         10000
        stats socket    /var/run/haproxy.stat mode 600 level admin
        log             127.0.0.1 local0
        uid             200
        gid             200
        chroot          /var/empty
        daemon
frontend public
        #bind            192.168.1.10:80 name clear
        bind            192.168.56.254:80 name clear
        #bind            192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
        mode            http
        log             global
        option          httplog
        option          dontlognull
        monitor-uri     /monitoruri
        maxconn         8000
        timeout client  30s

        #stats uri       /admin/stats
        #use_backend     static if { hdr_beg(host) -i img }
        #use_backend     static if { path_beg /img /css   }
        default_backend dynamic
backend dynamic
        mode            http
        balance         roundrobin
        retries         2
        option redispatch
        timeout connect 5s
        timeout server  30s
        timeout queue   30s
        #option httpchk  HEAD /login.php
        #cookie          DYNSRV insert indirect nocache
        fullconn        4000 # the servers will be used at full load above this number of connections
        server          dynsrv1 192.168.56.105:80 minconn 50 maxconn 500 cookie s1 check inter 1000
        server          dynsrv2 192.168.56.107:80 minconn 50 maxconn 500 cookie s2 check inter 1000

HA2 192.168.56.103

LVS 配置

#!/bin/sh  
VIP=192.168.56.254
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p

HA 配置

global
        maxconn         10000
        stats socket    /var/run/haproxy.stat mode 600 level admin
        log             127.0.0.1 local0
        uid             200
        gid             200
        chroot          /var/empty
        daemon
frontend public
        #bind            192.168.1.10:80 name clear
        #bind            192.168.56.103:80 name clear
        bind            192.168.56.254:80 name clear
        #bind            192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
        mode            http
        log             global
        option          httplog
        option          dontlognull
        monitor-uri     /monitoruri
        maxconn         8000
        timeout client  30s

        #stats uri       /admin/stats
        #use_backend     static if { hdr_beg(host) -i img }
        #use_backend     static if { path_beg /img /css   }
        default_backend dynamic
backend dynamic
        mode            http
        balance         roundrobin
        retries         2
        option redispatch
        timeout connect 5s
        timeout server  30s
        timeout queue   30s
        #option httpchk  HEAD /login.php
        #cookie          DYNSRV insert indirect nocache
        fullconn        4000 # the servers will be used at full load above this number of connections
        server          dynsrv1 192.168.56.105:80 minconn 50 maxconn 500 cookie s1 check inter 1000
        server          dynsrv2 192.168.56.107:80 minconn 50 maxconn 500 cookie s2 check inter 1000

WEB1 192.168.56.105

启动 web 服务器

WEB2 192.168.56.107

启动 web 服务器

总结

http://192.168.56.254/admin/stats
这里可以看到 haproxy 的状态
停掉 web1 或 web2 对服务没有影响,依然可以正常提供服务
但是停掉其中一个 HA 对服务是有影响的 LVS 没有后端状态检查,这时可以自己写脚本来检查然后来加载和卸载后端服务。

LVS DR+keepalived+HA

doc2_3.png

图3  示意图

LVS Master 配置

global_defs {
notification_email {
               jimo291@gmail.com    #email 通知
        }
        notification_email_from jimo291@gmail.com
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        router_id LVS1          # 设置 lvs 的 id,在一个网络内应该是唯一的
}
vrrp_sync_group test {           #设置 vrrp 组
group {
        loadbalance
}
}
 
vrrp_instance loadbalance {
        state MASTER       #设置 lvs 的状态,报错 MASTER 和 BACKUP 两种,必须大写
        interface eth0     #设置对外服务的接口
        lvs_sync_daemon_inteface eth0   #设置 lvs 监听的接口
        virtual_router_id 51                     #设置虚拟路由表示
        priority 180            #设置优先级,数值越大,优先级越高
        advert_int 5           #设置同步时间间隔
authentication {                    #设置验证类型和密码
        auth_type PASS
        auth_pass 1111
}
virtual_ipaddress {                #设置 lvs vip
        192.168.1.115
}
}
 
virtual_server 192.168.1.115 80 {
        delay_loop 6          #健康检查时间间隔
        lb_algo rr               #负载均衡调度算法
        lb_kind DR            #负载均衡转发规则
        #persistence_timeout 20  #设置会话保持时间,对 bbs 等很有用
        protocol TCP                #协议
        real_server 192.168.1.105 80 {
        weight 3                #设置权重
        TCP_CHECK {
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
}
}
        real_server 192.168.1.103 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
}
}
        real_server 192.168.1.104 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
}
}
}

LVS Backup 配置

global_defs {
notification_email {
               jimo291@gmail.com
        }
        notification_email_from jimo291@gmail.com
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        router_id LVS2
}
vrrp_sync_group test {
group {
        loadbalance
}
}
 
vrrp_instance loadbalance {
        state BACKUP
        interface eth0
        lvs_sync_daemon_inteface eth0
        virtual_router_id 51
        priority 150
        advert_int 5
authentication {
        auth_type PASS
        auth_pass 1111
}
virtual_ipaddress {
        192.168.1.115
}
}
 
virtual_server 192.168.1.115 80 {
        delay_loop 6
        lb_algo rr
        lb_kind DR
        #persistence_timeout 20
        protocol TCP
        real_server 192.168.1.105 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
}
}
        real_server 192.168.1.103 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
}
}
        real_server 192.168.1.104 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
}
}
}

总结

keepalived 包含了对 LVS 的配置所以不用专卖去配置 LVS 

LVS DR+keepalvied+HA+session 同步

LVS DR+keepalvied+HA+session 同步+mysql 读写分离

LVS NAT

LVS 隧道