Centos7下lvs负载均衡lvs-tun模式配置

一、架构

director:172.28.18.69 vip:172.28.18.70

real server1:172.28.18.71

real server2:172.28.18.78

二、两台real server上安装nginx

配置nginx yum源

[root@localhost ~]# vim /etc/yum.repos.d/nginx.repo

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

安装

[root@localhost ~]# yum install -y nginx

查看

[root@localhost ~]# whereis nginx
nginx: /usr/sbin/nginx /usr/lib64/nginx /etc/nginx /usr/share/nginx /usr/share/man/man8/nginx.8.gz
[root@localhost ~]# 

配置文件

查看默认根目录页面地址

[root@localhost ~]# vim /etc/nginx/conf.d/default.conf 

server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

编辑/usr/share/nginx/html/index.html

加上本机IP地址，在测试负载均衡的时候，才知道分发到了哪台real server上

[root@localhost ~]# vim /usr/share/nginx/html/index.html 

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
         35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!-71</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

保存、退出

启动nginx

[root@localhost conf.d]# nginx -c /etc/nginx/nginx.conf

可以显示IP了，同样172.28.18.78的服务器也安装和配置nginx

三、在172.28.18.69上安装ipvsadm

[root@localhost mysql-5.7.26]# yum install -y ipvsadm
已加载插件：fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.huaweicloud.com
 * updates: mirrors.tuna.tsinghua.edu.cn
base                                                                                | 3.6 kB  00:00:00     
extras                                                                              | 3.4 kB  00:00:00     
updates                                                                             | 3.4 kB  00:00:00     
正在解决依赖关系
--> 正在检查事务
---> 软件包 ipvsadm.x86_64.0.1.27-7.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

===========================================================================================================
 Package                  架构                    版本                         源                     大小
===========================================================================================================
正在安装:
 ipvsadm                  x86_64                  1.27-7.el7                   base                   45 k

事务概要
===========================================================================================================
安装  1 软件包

总下载量：45 k
安装大小：75 k
Downloading packages:
ipvsadm-1.27-7.el7.x86_64.rpm                                                       |  45 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
警告：RPM 数据库已被非 yum 程序修改。
** 发现 2 个已存在的 RPM 数据库问题， 'yum check' 输出如下：
2:postfix-2.10.1-7.el7.x86_64 有缺少的需求 libmysqlclient.so.18()(64bit)
2:postfix-2.10.1-7.el7.x86_64 有缺少的需求 libmysqlclient.so.18(libmysqlclient_18)(64bit)
  正在安装    : ipvsadm-1.27-7.el7.x86_64                                                              1/1 
  验证中      : ipvsadm-1.27-7.el7.x86_64                                                              1/1 

已安装:
  ipvsadm.x86_64 0:1.27-7.el7                                                                              

完毕！

四、配置虚拟服务器

[root@director ~]# ipvsadm -A -t 172.28.18.70:80 -s rr

增加一个虚拟服务器 172.28.18.69, -A:增加一个虚拟服务器  -t:tcp协议 -s：分发算法 rr 轮询

五、增加后端实际服务器

[root@director home]# ipvsadm -a -t 172.28.18.70:80 -r 172.28.18.71:80 -i -w 1
[root@director home]# ipvsadm -a -t 172.28.18.70:80 -r 172.28.18.78:80 -i -w 1

-a :增加后端服务器 -t:对应的虚拟服务器IP -r :对应的后端服务器IP -i: lvs-tun模式 -w:权重

六、查看配置规则

[root@director home]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.28.18.70:80 rr
  -> 172.28.18.71:80              Tunnel  1      0          0         
  -> 172.28.18.78:80              Tunnel  1      0          0         

七、设置director分发器的虚拟IP到设备em1:0

[root@director home]# ip addr add 172.28.18.70 dev em1:0

八、在后端服务器上加载ipip模块

加载ipip模块后，就会有默认的tunl0隧道

1、查看是否有tunl0隧道

[root@localhost conf]# lsmod|grep ipip
[root@localhost conf]#

没有ipip模块，加载ipip模块

[root@localhost conf]# modprobe ipip

再查看，有了

[root@localhost conf]# lsmod|grep ipip
ipip                   13465  0 
tunnel4                13252  1 ipip
ip_tunnel              25163  1 ipip

ip a ,查看tunl0也有了

[root@server-1 html]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 90:b1:1c:15:be:09 brd ff:ff:ff:ff:ff:ff
    inet 172.28.18.78/28 brd 172.28.18.79 scope global noprefixroute em1
       valid_lft forever preferred_lft forever
    inet6 fe80::e6fb:2cb7:2743:4720/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: em2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 90:b1:1c:15:be:0a brd ff:ff:ff:ff:ff:ff
    inet 192.168.18.103/24 brd 192.168.18.255 scope global noprefixroute em2
       valid_lft forever preferred_lft forever
    inet6 fe80::3137:91de:1663:a505/64 scope link tentative 
       valid_lft forever preferred_lft forever
4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0

九、在后端服务器上配置虚拟IP绑定tunl0

[root@localhost conf]# ip addr add 172.28.18.70 dev tunl0

十、在后端服务器上配置关闭ARP转发

net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0

[root@localhost conf]# sysctl -p