DR模式
| 角色 | IP地址 | 备注 |
| LVS负载均衡器 | 192.168.119.132 | VIP:192.168.119.150 ipvsadm |
| http_Real server | 192.168.119.134 | apache |
| http_Real server | 192.168.119.135 | apache |
1、检查两台HTTP server是否正常
web01配置 [root@web01 /]# hostname web01 [root@web01 /]# yum -y install httpd [root@web01 /]# find / -name httpd.conf /etc/httpd/conf/httpd.conf [root@web01 /]# vim /etc/httpd/conf/httpd.conf ServerName www.web01.com:80 [root@web01 /]# cd /var/www/html/ [root@web01 html]# echo "web01_192.168.119.134" > index.html [root@web01 html]# ls index.html [root@web01 html]# cat index.html web01_192.168.119.134 [root@web01 html]# /etc/init.d/httpd start Starting httpd: [ OK ] [root@web01 html]# curl localhost web01_192.168.119.134 web02配置 [root@web02 /]# hostname web02 [root@web02 /]# yum -y install httpd [root@web02 /]# vim /etc/httpd/conf/httpd.conf ServerName www.web02.com:80 [root@web02 /]# echo "web02_192.168.119.135" > /var/www/html/index.html [root@web02 /]# cat /var/www/html/index.html web02_192.168.119.135 [root@web02 /]# /etc/init.d/httpd start Starting httpd: [ OK ] [root@web02 /]# curl localhost web02_192.168.119.135
2、下载软件
[root@lvs /]# hostname lvs [root@lvs /]# uname -r 2.6.32-431.el6.x86_64
这里我们使用的2.6版本,并且注意内核是2.6版本的,如果你的版本是6.X版本的话,那么可以使用2.6版本
[root@lvs /]# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
3、安装需要的依赖包
[root@lvs /]# yum -y install kernel-devel gcc gcc-c++ libnl* libpopt* popt-static
4、创建一个软链接,防止后面编译安装ipvsadm时找不到系统内核
[root@lvs /]# ln -s /usr/src/kernels/2.6.32-642.4.2.el6.x86_64/ /usr/src/linux
5、编译安装
[root@lvs /]# tar zxf ipvsadm-1.26.tar.gz [root@lvs /]# cd ipvsadm-1.26 [root@lvs ipvsadm-1.26]# make [root@lvs ipvsadm-1.26]# make install [root@lvs ipvsadm-1.26]# lsmod | grep ip_vs 把ipvs模块加载进系统,需要我们执行ipvsadm命令才会加载进去 或者modprobe ip_vs。 [root@lvs ipvsadm-1.26]# modprobe ip_vs [root@lvs ipvsadm-1.26]# lsmod | grep ip_vs ip_vs 125220 0 libcrc32c 1246 1 ip_vs ipv6 317340 142 ip_vs,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
6、配置lvs
- 负载均衡器上配置VIP地址
[root@lvs ipvsadm-1.26]# ifconfig eth0:0 192.168.119.150/24 [root@lvs ipvsadm-1.26]# route add -host 192.168.119.150 dev eth0
- 配置LVS、添加Real server节点
[root@lvs ipvsadm-1.26]# ipvsadm --help ipvsadm v1.26 2008/5/15 (compiled with popt and IPVS v1.2.1) Usage: ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]] [-M netmask] [--pe persistence_engine] ipvsadm -D -t|u|f service-address ipvsadm -C ipvsadm -R ipvsadm -S [-n] ipvsadm -a|e -t|u|f service-address -r server-address [options] ipvsadm -d -t|u|f service-address -r server-address ipvsadm -L|l [options] ipvsadm -Z [-t|u|f service-address] ipvsadm --set tcp tcpfin udp ipvsadm --start-daemon state [--mcast-interface interface] [--syncid sid] ipvsadm --stop-daemon state ipvsadm -h Commands: Either long or short options are allowed. --add-service -A add virtual service with options --edit-service -E edit virtual service with options --delete-service -D delete virtual service --clear -C clear the whole table --restore -R restore rules from stdin --save -S save rules to stdout --add-server -a add real server with options --edit-server -e edit real server with options --delete-server -d delete real server --list -L|-l list the table --zero -Z zero counters in a service or all services --set tcp tcpfin udp set connection timeout values --start-daemon start connection sync daemon --stop-daemon stop connection sync daemon --help -h display this help message Options: --tcp-service -t service-address service-address is host[:port] --udp-service -u service-address service-address is host[:port] --fwmark-service -f fwmark fwmark is an integer greater than zero --ipv6 -6 fwmark entry uses IPv6 --scheduler -s scheduler one of rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq, the default scheduler is wlc. --pe engine alternate persistence engine may be sip, not set by default. --persistent -p [timeout] persistent service --netmask -M netmask persistent granularity mask --real-server -r server-address server-address is host (and port) --gatewaying -g gatewaying (direct routing) (default) --ipip -i ipip encapsulation (tunneling) --masquerading -m masquerading (NAT) --weight -w weight capacity of real server --u-threshold -x uthreshold upper threshold of connections --l-threshold -y lthreshold lower threshold of connections --mcast-interface interface multicast interface for connection sync --syncid sid syncid for connection sync (default=255) --connection -c output of current IPVS connections --timeout output of timeout (tcp tcpfin udp) --daemon output of daemon information --stats output of statistics information --rate output of rate information --exact expand numbers (display exact values) --thresholds output of thresholds information --persistent-conn output of persistent connection info --nosort disable sorting output of service/server entries --sort does nothing, for backwards compatibility --ops -o one-packet scheduling --numeric -n numeric output of addresses and ports [root@lvs ipvsadm-1.26]# ipvsadm -C #清空原有配置 [root@lvs ipvsadm-1.26]# ipvsadm -A -t 192.168.119.150:80 -s rr -p 20 #指定VIP [root@lvs ipvsadm-1.26]# ipvsadm -a -t 192.168.119.150:80 -r 192.168.119.134:80 -g -w 1 #rs节点 [root@lvs ipvsadm-1.26]# ipvsadm -a -t 192.168.119.150:80 -r 192.168.119.135:80 -g -w 1 #rs节点 [root@lvs ipvsadm-1.26]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.119.150:80 rr persistent 20 -> 192.168.119.134:80 Route 10 0 0 -> 192.168.119.135:80 Route 10 0 0
7、real server节点配置
- 添加lo端口的VIP
[root@web01 /]# ifconfig lo 192.168.119.150/32 up [root@web01 /]# route add -host 192.168.119.150 dev lo
- ARP抑制
[root@web01 /]# ifconfig lo 192.168.119.150/32 up [root@web01 /]# route add -host 192.168.119.150 dev lo [root@web01 /]# echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore [root@web01 /]# echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce [root@web01 /]# echo "1">/proc/sys/net/ipv4/conf/all/arp_announce [root@web01 /]# echo "2">/proc/sys/net/ipv4/conf/all/arp_announce web02段配置 [root@web02 /]# ifconfig lo 192.168.119.150/32 up [root@web02 /]# route add -host 192.168.119.150 dev lo [root@web02 /]# echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore [root@web02 /]# echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce [root@web02 /]# echo "1">/proc/sys/net/ipv4/conf/all/arp_announce [root@web02 /]# echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
arp抑制技术参数说明
arp_ignore
0-(默认值):回应任何网络接口上对任何本地IP地址的ARP查询请求。
1-只回答目标IP地址是来访问网络接口笨的地址的ARP查询请求
2-只回答目标IP地址是来访问网络接口本地地址的ARP查询请求,且来访IP必须在该网络接口的子网段内。
3-不回应网络界面的ARP请求,而只对设置的唯一和连接地址做出回应。
4-7-保留未使用
8-不回应所有(本地地址)的ARP查询。
arp_announce
对网络接口上,本地IP地址的发出的,ARP回应,做出相应级别的限制:
确定不同程度的限制,宣布对来自本地源IP地址发出ARP请求的接口
0-(默认)在任意网络接口(eth0,eth1,lo)上的任何本地地址
1-尽量避免不在该网络接口子网段的本地地址做出ARP回应,当发起ARP请求的源IP地址是被设置应该经由路由达到此网络接口的时候很有用。此时会检查来访IP是否为所有接口上的子网段内IP之一。如果该来访IP不属于各个网络接口上的子网段内,那么将采用级别2的方式进行处理
2-对查询目标使用最适当的本地地址,在此模式下将忽略这个Ip数据包的源地址并尝试选择能与该地址通信的本地地址,首要是选择所有的网络接口的子网中外出访问子网中包含该目标IP地址的本地地址。如果没有合适的地址被发现,将选择当前的发送网络接口或其他的有可能接受到该ARP回应的网络接口来进行发送。限制了使用本地的VIP地址作为优先的网络接口。
8、测试
在前面加上watch可以动态的查看ipvsadm的会话分配。watch ipvsadm -L -n.
关闭所有主机的防火墙或开放相应的端口
[root@lvs ipvsadm-1.26]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@web01 /]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@web02 /]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ]
使用多个不同的主机访问192.168.119.150 使用watch ipvsadm -L -n查看ipvsadm的会话分配 [root@lvs ipvsadm-1.26]# watch ipvsadm -L -n
上面的配置 重启服务器后会失效 可写成脚本方便管理
LVS 负载均衡器脚本
[root@lvs /]# vim /usr/local/sbin/ipvs #!/bin/bash PORT=80 VIP=192.168.119.150 RIP=( 192.168.119.134 192.168.119.135 ) start(){ ifconfig eth0:0 $VIP/24 up route add -host $VIP dev eth0 ipvsadm -C ipvsadm -A -t $VIP:$PORT -s rr -p 20 for ((i=0;i<${#RIP[*]};i++)) do ipvsadm -a -t $VIP:$PORT -r ${RIP[$i]}:$PORT -g -w 1 done } stop(){ ipvsadm -C ifconfig eth0:0 down route del -host $VIP dev eth0 } case "$1" in start) start echo "ipvs is start" ;; stop) stop echo "ipvs is stop" ;; restart) stop echo "ipvs is stop" start echo "ipvs is start" ;; *) echo "usage:$0 {start|stop|restart}" esac 测试脚本 [root@lvs /]# ipvs stop ipvs is stop [root@lvs /]# ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:21:BC:27 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 [root@lvs /]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn [root@lvs /]# ipvs start ipvs is start [root@lvs /]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.119.150:80 rr persistent 20 -> 192.168.119.134:80 Route 1 0 0 -> 192.168.119.135:80 Route 1 0 0 [root@lvs /]# ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:21:BC:27 inet addr:192.168.119.150 Bcast:192.168.119.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Real Server脚本
#!/bin/bash VIP=192.168.119.150 PORT=80 case "$1" in start) ifconfig eth0:0 $VIP/32 up route add -host $VIP dev eth0 echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce echo "1">/proc/sys/net/ipv4/conf/all/arp_announce echo "2">/proc/sys/net/ipv4/conf/all/arp_announce echo "start LVS of REALServer IP" ;; stop) ifconfig eth0:0 $VIP/32 down route del -host $VIP dev eth0 echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce echo "0">/proc/sys/net/ipv4/conf/all/arp_announce echo "0">/proc/sys/net/ipv4/conf/all/arp_announce echo "stop LVS OF REALServer" ;; *) echo "Usage: $0 {start|stop}" esac 测试脚本 [root@web02 /]# ipvs_client.sh start start LVS of REALServer IP [root@web02 /]# ipvs_client.sh stop stop LVS OF REALServer [root@web02 /]# ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:09:8E:31 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 [root@web02 /]# ipvs_client.sh start start LVS of REALServer IP [root@web02 /]# ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:09:8E:31 inet addr:192.168.119.150 Bcast:255.255.255.255 Mask:0.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1