查看系统是否支持IPVS功能
[root@nginx ~]# grep -i 'ipvs' /boot/config-2.6.18-308.el5 # IPVS transport protocol load balancing support # IPVS scheduler # IPVS application helper [root@nginx ~]# grep -i 'vs' /boot/config-2.6.18-308.el5 # CONFIG_X86_VSMP is not set CONFIG_IP_VS=m # CONFIG_IP_VS_DEBUG is not set CONFIG_IP_VS_TAB_BITS=12 # IPVS transport protocol load balancing support CONFIG_IP_VS_PROTO_TCP=y CONFIG_IP_VS_PROTO_UDP=y CONFIG_IP_VS_PROTO_ESP=y CONFIG_IP_VS_PROTO_AH=y # IPVS scheduler CONFIG_IP_VS_RR=m CONFIG_IP_VS_WRR=m CONFIG_IP_VS_LC=m CONFIG_IP_VS_WLC=m CONFIG_IP_VS_LBLC=m CONFIG_IP_VS_LBLCR=m CONFIG_IP_VS_DH=m CONFIG_IP_VS_SH=m CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m # IPVS application helper CONFIG_IP_VS_FTP=m CONFIG_SCSI_MVSAS=m CONFIG_MOUSE_VSXXXAA=m CONFIG_MAX_RAW_DEVS=8192
安装ipvsadm
[root@nginx yum.repos.d]# yum install ipvsadm Loaded plugins: katello, product-id, security, subscription-manager Updating certificate-based repositories. Unable to read consumer identity Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package ipvsadm.x86_64 0:1.24-13.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved =========================================================================================================================================== Package Arch Version Repository Size =========================================================================================================================================== Installing: ipvsadm x86_64 1.24-13.el5 Cluster 34 k Transaction Summary =========================================================================================================================================== Install 1 Package(s) Upgrade 0 Package(s) Total download size: 34 k Is this ok [y/N]: y
一、配置不带权重的NAT模式
配置RealServer的IP,指定路由route add -net 128.0.0.0 netmask 255.255.2550 -gw 128.10.10.7。在RS1和RS2上安装httpd的服务,并在主目录中指定index.html。
[root@saltstack1 ~]# ifconfig eth1 Link encap:Ethernet HWaddr 00:50:56:BF:16:DF inet addr:128.10.10.8 Bcast:128.10.10.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:febf:16df/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15733 errors:0 dropped:0 overruns:0 frame:0 TX packets:5082 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1404837 (1.3 MiB) TX bytes:551125 (538.2 KiB) [root@saltstack1 ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 128.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 128.10.10.7 0.0.0.0 UG 0 0 0 eth1
在Director上配置管理集群服务和RealServer。
[root@nginx ~]# ipvsadm -A -t 192.168.144.44:80 -s rr [root@nginx ~]# ipvsadm -a -t 192.168.144.44:80 -r 128.10.10.8 -m [root@nginx ~]# ipvsadm -a -t 192.168.144.44:80 -r 128.10.10.9 -m [root@nginx ~]# ipvsadm -L -n
配置完成即可访问页面,可以在另一台机器上利用ab访问Director。
[root@redhat5 ~]# ab -n 1000 -c 100 http://192.168.144.44/index.html This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0 Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Copyright 2006 The Apache Software Foundation, http://www.apache.org/ Benchmarking 192.168.144.44 (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Completed 600 requests Completed 700 requests Completed 800 requests Completed 900 requests Finished 1000 requests Server Software: Apache/2.2.3 Server Hostname: 192.168.144.44 Server Port: 80 Document Path: /index.html Document Length: 19 bytes Concurrency Level: 100 Time taken for tests: 0.164052 seconds Complete requests: 1000 Failed requests: 0 Write errors: 0 Total transferred: 287000 bytes HTML transferred: 19000 bytes Requests per second: 6095.63 [#/sec] (mean) Time per request: 16.405 [ms] (mean) Time per request: 0.164 [ms] (mean, across all concurrent requests) Transfer rate: 1706.78 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 0 0.9 1 3 Processing: 2 7 1.7 7 12 Waiting: 1 6 1.5 6 11 Total: 3 8 1.6 8 14 WARNING: The median and mean for the initial connection time are not within a normal deviation These results are probably not that reliable. Percentage of the requests served within a certain time (ms) 50% 8 66% 9 75% 9 80% 10 90% 10 95% 11 98% 11 99% 12 100% 14 (longest request)
查看LB的结果:
[root@nginx conf]# ipvsadm -L -n --stats IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 192.168.144.44:80 2153 10768 10714 829842 1180968 -> 128.10.10.9:80 1077 5388 5350 415182 590281 -> 128.10.10.8:80 1076 5380 5364 414660 590687
二、配置带权重的NAT模式
在Director上修改配置
[root@nginx conf]# ipvsadm -E -t 192.168.144.44:80 -s wrr [root@nginx conf]# ipvsadm -e -t 192.168.144.44:80 -r 128.10.10.8 -m -w 1 [root@nginx conf]# ipvsadm -e -t 192.168.144.44:80 -r 128.10.10.9 -m -w 3
利用ab测试
[root@redhat5 ~]# ab -n 10000 -c 1000 http://192.168.144.44/index.html This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0 Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Copyright 2006 The Apache Software Foundation, http://www.apache.org/ Benchmarking 192.168.144.44 (be patient) Completed 1000 requests Completed 2000 requests Completed 3000 requests Completed 4000 requests Completed 5000 requests Completed 6000 requests Completed 7000 requests Completed 8000 requests Completed 9000 requests Finished 10000 requests Server Software: Apache/2.2.3 Server Hostname: 192.168.144.44 Server Port: 80 Document Path: /index.html Document Length: 19 bytes Concurrency Level: 1000 Time taken for tests: 3.244388 seconds Complete requests: 10000 Failed requests: 0 Write errors: 0 Total transferred: 2870000 bytes HTML transferred: 190000 bytes Requests per second: 3082.25 [#/sec] (mean) Time per request: 324.439 [ms] (mean) Time per request: 0.324 [ms] (mean, across all concurrent requests) Transfer rate: 863.65 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 30 290.9 0 3001 Processing: 0 112 437.9 21 3047 Waiting: 0 111 437.9 21 3046 Total: 0 143 524.1 22 3079 Percentage of the requests served within a certain time (ms) 50% 22 66% 23 75% 23 80% 24 90% 54 95% 656 98% 3003 99% 3056 100% 3079 (longest request)
查看IPVS结果:
[root@nginx conf]# ipvsadm -L -n --stats IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 192.168.144.44:80 15622 79622 76600 6055987 8484211 -> 128.10.10.9:80 11179 57362 54470 4394656 6034844 -> 128.10.10.8:80 4443 22260 22130 1661331 2449367
三、配置DR模型,规划如下:
DIP:192.168.144.44 VIP:192.168.144.45 RS1:192.168.144.49 RS2:192.168.144.50
首先在RS上配置IP和路由,因为每台RS上都需要配置VIP,因此需要设置参数arp_ignore和arp_announce,这两个参数的含义如下:
arp_ignore:接收到ARP请求时的响应级别 0:只要本地配置有相应地址就会响应 1:仅仅在目标IP是本地地址并且配置在请求进来的接口上时才进行响应 arp_announce:将自己地址向外通告时的通告级别 0:将本机上的任何接口的任何地址向外通告; 1:试图仅向目标网络通告与其网络匹配的地址; 2:仅向与本地接口上地址匹配的网络进行通告; #echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore #echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore #echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce #echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
配置好这两个参数之后才可以进行IP和路由的配置(如果RS上的VIP和CIP不在同一网段,那么必须通过路由出去)
# ifconfig lo:0 192.168.144.45 netmask 255.255.255.255 broadcast 192.168.144.45 up # route add -host 192.168.144.45 dev lo:0
最后在Director的服务器上配置虚拟IP和路由:
# ifconfig eth0:0 192.168.144.45/24. # route add -host 192.168.144.45 dev eth0:0
然后在Director上设置IPVS的管理集群服务:
ipvsadm -A -t 192.168.144.45:80 -s rr ipvsadm -a -t 192.168.144.45:80 -r 192.168.144.49 -g -w 5 ipvsadm -a -t 192.168.144.45:80 -r 192.168.144.50 -g -w 1
LVS持久连接:
无论使用什么算法,LVS持久连接都能实现在一定时间内,将来自同一客户端请求派发至此前选定的RS。
持久连接模板(内存缓冲区):
每一个客户端以及分配给它的RS的映射关系
ipvsadm -A|E ...-p timeout:
timeout:默认300s
PPC:将来自同一个客户端对同一个集群服务的请求始终定向至此前选定的RS,持久端口连接。
PCC:将来自同一个客户端对所有端口的请求,始终定向至此前选定的RS,持久客户端连接。
PNMPP:持久防火墙标记连接
iptables -t mangle -A PREROUTING -d $VIP -p tcp --dport $ClusterPORT -i $INCARD -j MARK --set-mark $VALUE