LVS + Keepalived之三大模式
======================================================================================
NAT模式:
======================================================================================
一、仅lvs服务器端安装
yum install ipvsadm openssl-devel popt popt-devel libnl-devel
cd /opt/src/
tar xzvf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure
make && make install
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
修改/etc/keepalived/keepalived.conf文件
[root@WEB ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
123@123.com
}
notification_email_from 123@123.com
smtp_server mail.123.com
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
88.88.88.88
}
}
vrrp_instance LAN_GATEWAY {
state MASTER
interface eth1
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.88
}
}
virtual_server 88.88.88.88 80 {
delay_loop 6
lb_algo lc
#lb_kind DR
#lb_kind TUN
lb_kind NAT
persistence_timeout 60
protocol TCP
real_server 192.168.1.18 80 {
weight 3
TCP_CHECK {
connect_timeout 30
nb_get_retry 3
delay_before_retry 2
connect_port 80
}
}
real_server 192.168.1.68 80 {
weight 3
TCP_CHECK {
connect_timeout 30
nb_get_retry 3
delay_before_retry 2
connect_port 80
}
}
}
[root@WEB ~]#
[root@WEB ~]# service ipvsadm start
[root@WEB ~]# service keepalived start
注意:
echo "1" > /proc/sys/net/ipv4/ip_forward
二、实际服务器端的操作
将网关设置为lanvip的地址192.168.1.88
三、lvs查看
ipvsadm -ln
ipvsadm -lnc
ipvsadm -l -n --stats
调度算法:rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq
======================================================================================
TUN模式:
======================================================================================
一、仅lvs服务器端安装
yum install ipvsadm openssl-devel popt popt-devel libnl-devel
cd /opt/src/
tar xzvf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure
make && make install
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
修改/etc/keepalived/keepalived.conf文件
[root@WEB ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
123@123.com
}
notification_email_from 123@123.com
smtp_server mail.123.com
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.88
}
}
virtual_server 192.168.1.88 80 {
delay_loop 6
lb_algo lc
lb_kind TUN
persistence_timeout 60
protocol TCP
real_server 192.168.2.18 80 {
weight 3
TCP_CHECK {
connect_timeout 30
nb_get_retry 3
delay_before_retry 2
connect_port 80
}
}
real_server 192.168.3.68 80 {
weight 3
TCP_CHECK {
connect_timeout 30
nb_get_retry 3
delay_before_retry 2
connect_port 80
}
}
}
[root@WEB ~]#
[root@WEB ~]# service ipvsadm start
[root@WEB ~]# service keepalived start
注意:
打开转发或关闭,dr/tun模式无影响
echo "1" > /proc/sys/net/ipv4/ip_forward
二、实际服务器端的操作
[root@]# cat /usr/local/vip_tun.sh
#!/bin/bash
#srcipt to start LVS TUN realserver
VIP=192.168.1.88
case "$1" in
start)
#start LVS-TUN real server on this machine
echo 1 >/proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo 2 >/proc/sys/net/ipv4/conf/tunl0/arp_announce
echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
echo 0 >/proc/sys/net/ipv4/conf/tunl0/rp_filter
echo 0 >/proc/sys/net/ipv4/conf/all/rp_filter
sysctl -p >/dev/null 2>&1
/sbin/modprobe ipip
/sbin/ifconfig tunl0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev tunl0
/sbin/ifconfig eth0 mtu 1440
;;
stop)
#stop lvs-TUN real server loopback device
echo 0 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/tunl0/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/tunl0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
/sbin/ifconfig tunl0 down
/sbin/modprobe -r ipip
/sbin/ifconfig eth0 mtu 1500
;;
status)
islothere='/sbin/ifconfig tunl0 |grep $VIP'
isrothere='netstat -rn |grep "tunl0"|grep $VIP'
if [ ! "$islothere" -o ! "$isrothere" ];then
echo "LVS-TUN real server stopped"
else echo "LVS-TUN Running"
fi
;;
*)
echo "$0: Usage: $0 {start|stop|status}"
exit 1
;;
esac
[root@localhost ~]# /usr/local/vip.sh start|stop|status
三、lvs查看
ipvsadm -ln
ipvsadm -lnc
ipvsadm -l -n --stats
调度算法:rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq
======================================================================================
DR模式:
======================================================================================
一、仅lvs服务器端安装
yum install ipvsadm openssl-devel popt popt-devel libnl-devel
cd /opt/src/
tar xzvf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure
make && make install
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
修改/etc/keepalived/keepalived.conf文件
[root@WEB ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
123@123.com
}
notification_email_from 123@123.com
smtp_server mail.123.com
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.88
}
}
virtual_server 192.168.1.88 80 {
delay_loop 6
lb_algo lc
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.1.18 80 {
weight 3
TCP_CHECK {
connect_timeout 30
nb_get_retry 3
delay_before_retry 2
connect_port 80
}
}
real_server 192.168.1.68 80 {
weight 3
TCP_CHECK {
connect_timeout 30
nb_get_retry 3
delay_before_retry 2
connect_port 80
}
}
}
[root@WEB ~]#
[root@WEB ~]# service ipvsadm start
[root@WEB ~]# service keepalived start
注意:
打开转发或关闭,dr/tun模式无影响
echo "1" > /proc/sys/net/ipv4/ip_forward
二、实际服务器端的操作
[root@localhost ~]# cat /usr/local/vip.sh
#!/bin/bash
# Script to start LVS DR real server.
# description: LVS DR real server
. /etc/rc.d/init.d/functions
VIP=192.168.1.88
#host=`/bin/hostname`
case "$1" in
start)
# Start LVS-DR real server on this machine.
/sbin/ifconfig lo down
/sbin/ifconfig lo up
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add $VIP dev lo:0
;;
stop)
# Stop LVS-DR real server loopback device(s).
/sbin/ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR real server Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
[root@localhost ~]# /usr/local/vip.sh start|stop|status
三、lvs查看
ipvsadm -ln
ipvsadm -lnc
ipvsadm -l -n --stats
调度算法:rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq
注意:
1.TUN模式使用的IP都要是公网IP.
2.VIP的port要和后端realserver的port保持一致,但是不会影响VIP本机的port被其他服务使用.
转载自:http://www.gaizaoren.com/archives/998
附加:
LVS可以使用iptables同时做多个服务的负载均衡并实现持久化连接,使用iptables对包打上标签之后再进行匹配处理。配置如下:
