一、LVS介绍
1、介绍
LVS是Linux Virtual Server的简写,是linux虚拟的服务器集群系统,可以在unix/linux平台下实现负载均衡集群功能,由章文嵩博士组织成立,是国内出现最早的自由软件之一。
LVS项目介绍 http://www.linuxvirtualserver.org/zh/lvs1.html LVS集群的体系结构 http://www.linuxvirtualserver.org/zh/lvs2.html LVS集群中的IP负载均衡技术 http://www.linuxvirtualserver.org/zh/lvs3.html LVS集群的负载调度 http://www.linuxvirtualserver.org/zh/lvs4.html
2、LVS特性
①真正实现负载调度的工具是IPVS,工作在linux内核层面。
②LVS自带的IPVS管理工具是ipvsadm。
③keepalived实现管理IPVS及对负载均衡器的高可用。
3、LVS——DR模式工作原理
4、LVS集群其它模式
①DR直接路由模式(重点掌握)
②NAT
③TUN隧道模式
④FULLNAT
5、LVS应用场景
日PV1000-2000W或者并发请求1W以下的都可以使用Nginx,超过的话使用LVS,大型门户网站,电商网站需要用到
二、手工配置LVS
1、环境
[root@lb01 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@lb01 ~]# uname -r 3.10.0-327.el7.x86_64 [root@lb01 ~]# getenforce Disabled [root@lb01 ~]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) [root@lb01 ~]# hostname -I 10.0.0.5 172.16.1.5
2、安装ipvsadm管理工具
①检测是否安装
[root@lb01 ~]# lsmod |grep ip_vs
②安装ipvsadm
yum -y install ipvsadm
③检查并激活lvs
[root@lb01 ~]# ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn [root@lb01 ~]# lsmod |grep ip_vs ip_vs 140944 0 nf_conntrack 105745 1 ip_vs libcrc32c 12644 2 xfs,ip_vs
3、配置LVS负载均衡(lb01操作)
ip addr add 10.0.0.3/24 dev eth0 #在eth0网卡绑定VIP地址 ipvsadm -C #清除当前所有LVS规则 ipvsadm --set 30 5 60 #设置tcp、tcpfin、udp链接超时时间 ipvsadm -A -t 10.0.0.3:80 -s wrr -p 20 #添加虚拟服务(-A) ipvsadm -a -t 10.0.0.3:80 -r 10.0.0.7:80 -g -w 1 #将虚拟服务关联到真实服务上(-a) ipvsadm -a -t 10.0.0.3:80 -r 10.0.0.8:80 -g -w 1 #将虚拟服务关联到真实服务上(-a) ipvsadm -ln #查看配置结果
-C 清空整个表 -A 添加一个虚拟服务 -t 指定一个地址,一定是ip+端口 -s 调度算法 -a 添加一个real server -m NAT模式 -g DR模式,默认 -d 删除一个real server -p 会话保持功能 -w 权重 -i tunnel模式
4、web服务器操作(web01、web02)
①在lo网卡绑定VIP地址
ip addr add 10.0.0.3/32 dev lo
②修改内核参数抑制ARP响应
cat >>/etc/sysctl.conf<<EOF net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 EOF sysctl -p
5、在lb02上面测试
[root@lb02 ~]# curl 10.0.0.3 web02 [root@lb02 ~]# curl 10.0.0.3 web02 [root@lb02 ~]# curl 10.0.0.3 web02 [root@lb02 ~]# curl 10.0.0.3 web02 [root@lb02 ~]# curl 10.0.0.3 web02 [root@lb02 ~]# curl 10.0.0.3 web01 [root@lb02 ~]# curl 10.0.0.3 web01
三、Keepalived配合LVS实现高可用负载均衡
1、安装Keepalived
yum -y install keepalived
2、配置keepalived管理LVS
|
global_defs { router_id LVS_01 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 } } virtual_server 10.0.0.3 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 10.0.0.7 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.8 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } |
global_defs { router_id LVS_02 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 } } virtual_server 10.0.0.3 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 10.0.0.7 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.8 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } |
3、测试keepalived高可用,故障转移
①停掉lb01的keepalvied
[root@lb01 ~]# systemctl stop keepalived.service [root@lb01 ~]# curl 10.0.0.3 web01
②停掉lb02的keepalvied
[root@lb02 ~]# systemctl stop keepalived.service [root@lb02 ~]# curl 10.0.0.3 web01
4、测试Keepalived对后端节点的健康检查功能
①web后端正常时状态
[root@lb01 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.3:80 wrr persistent 50 -> 10.0.0.7:80 Route 1 0 0 -> 10.0.0.8:80 Route 1 0 0
②web后端节点宕机或者服务关闭时(此处关闭了web01)
[root@lb01 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.3:80 wrr persistent 50 -> 10.0.0.7:80 Route 1 0 0
5、Keepalived+LVS多实例配置
①lb01
global_defs { router_id LVS_01 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 } } vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 2222 } virtual_ipaddress { 10.0.0.4/24 } } virtual_server 10.0.0.3 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 10.0.0.7 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.8 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } virtual_server 10.0.0.4 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 10.0.0.7 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.8 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
②lb02
global_defs { router_id LVS_02 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 } } vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 52 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 2222 } virtual_ipaddress { 10.0.0.4/24 } } virtual_server 10.0.0.3 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 10.0.0.7 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.8 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } virtual_server 10.0.0.4 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 10.0.0.7 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.8 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }