LVS负载调度NAT及DR教程
导读
LVS相关原理
LVS的组成:
IPVS(kernel内核空间):运行在内核空间(LVS核心组件)
IPVSADM(User用户空间):运行在用户空间,管理集群服务的命令工具
LVS的原理:根据用户请求的套接字判断,分流至真是服务器的工作模块
LVS工作方式
工作模式
LVS – DR 模式
工作逻辑图
模式特点
集群节点,必须在一个网络中
真是服务器网关指向路由器
RIP既可以是私网地址,又可以是公网地址
负载调度器只负责入站请求
大大减轻负载调度器压力,支持更多的服务器节点
LVS —NAT 模式
模式特点
集群节点,必须在一个网络中
真是服务器必须将网关指向负载调度器
RIP通常都是私有IP,仅用于各个集群节点通信
负载调度器必须位于客户端和真是服务器之间,充当网关
支持端口映射
负载调度器操作系统必须是Linux,真是服务器可以使用任意系统
LVS –TUN模式
工作逻辑图
模式特点
集群节点不必位于同一个物理网络单必须都拥有公网ip(或都可以被路由)
真实服务器不能将网关指向负载调度器
RIP必须是公网地址
负载调度器只负责入站请求
不支持端口映射功能
发送方和接收方必须支持隧道功能
LVS集群构建
LVS-DR模式集群构建
实验架构图
C本机 10.10.10.240 Centos6.9 Diectory 10.10.10.11 10.10.10.100 Centos6.9 RS1 10.10.10.12 vip:10.10.10.100 Centos6.9 RS2 10.10.10.13 vip:10.10.10.100
每台机器都是两块网卡
基础环境搭建
三台服务器都需要配置
[root@localhost ~]# service iptables stop [root@localhost ~]# setenforce 0 [root@localhost ~]# mkdir /media/cdrom/ [root@localhost ~]# mount /dev/cdrom /media/cdrom/ [root@localhost ~]# mount /dev/mapper/VolGroup-lv_root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0") /dev/sda1 on /boot type ext4 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) /dev/sr0 on /media/cdrom type iso9660 (ro) [root@localhost ~]# cd /etc/yum.repos.d/ [root@localhost yum.repos.d]# mkdir a [root@localhost yum.repos.d]# mv *.repo a [root@localhost yum.repos.d]# mv ./a/CentOS-Media.repo . [root@localhost yum.repos.d]# ls a CentOS-Media.repo [root@localhost yum.repos.d]# vim CentOS-Media.repo [root@localhost yum.repos.d]# cat CentOS-Media.repo [c6-media] name=CentOS-$releasever - Media baseurl=file:///media/cdrom/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 [root@localhost yum.repos.d]# yum clean all 已加载插件:fastestmirror, refresh-packagekit, security Cleaning repos: c6-media 清理一切 Cleaning up list of fastest mirrors [root@localhost yum.repos.d]# yum -y install gcc gcc-c++ lrzsz [root@localhost yum.repos.d]# shutdown -h now 关机拍快照 重启操作 Service NetworkManager stop 关闭网卡守护进程(如果系统没有安装图形化界面不用敲)
负载调度器配置
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp ifcfg-eth0 ifcfg-eth0:0 [root@localhost network-scripts]# vim !$ vim ifcfg-eth0:0 [root@localhost network-scripts]# cat ifcfg-eth0:0 DEVICE=eth0:0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static USERCTL=no IPADDR=10.10.10.100 NETWASK=255.255.255.0 [root@localhost network-scripts]# ifup ifcfg-eth0:0 [root@localhost network-scripts]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:83:47:26 inet addr:10.10.10.11 Bcast:10.255.255.255 Mask:255.0.0.0 inet6 addr: fe80::20c:29ff:fe83:4726/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1867 errors:0 dropped:0 overruns:0 frame:0 TX packets:1101 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:167678 (163.7 KiB) TX bytes:133877 (130.7 KiB) eth0:0 Link encap:Ethernet HWaddr 00:0C:29:83:47:26 inet addr:10.10.10.100 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:808 (808.0 b) TX bytes:808 (808.0 b) [root@localhost ~]# vim /etc/sysctl.conf //关闭网卡重定向 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 //加在最下面 net.ipv4.conf.eth0.send_redirects = 0 [root@localhost ~]# sysctl -p [root@localhost ~]# modprobe ip_vs //重载ipvs模块 WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/. (警告:配置文件/etc已弃用/modprobe.conf文件,所有配置文件都属于/etc/modprobe.d/。) [root@localhost ~]# mv /etc/modprobe.conf /etc/modprobe.d/oprofile.conf //解决方法 [root@localhost ~]# modprobe ip_vs //重新输入 [root@localhost ~]# yum -y install ipvsadm //安装ipvsadm Ipvsadm -v //查看当前ipvs集群内容 Ipvsadm -A -t 虚拟IP:80 -s rr //添加ipvsTCP集群rr轮询 Ipvsadm -a -t 虚拟ip:80 -r 网站1:80 -g //添加ipvsadm 集群子节点 Ipvsadm -a -t 虚拟ip:80 -r 网站1:80 -g Ipvsadm -Ln Service ipvsadm save //保存ipvs集群内容至文件,进行持久化存储 Chkconfig ipvsadm on //设置开机自启 root@localhost ~]# service ipvsadm start ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [确定] ipvsadm: Clearing the current IPVS table: [确定] ipvsadm: Applying IPVS configuration: [确定] [root@localhost ~]# ipvsadm -v ipvsadm v1.26 2008/5/15 (compiled with popt and IPVS v1.2.1) [root@localhost ~]# ipvsadm -A -t 10.10.10.100:80 -s rr [root@localhost ~]# ipvsadm -A -t 10.10.10.100:80 -s rr [root@localhost ~]# ipvsadm -a -t 10.10.10.100:80 -r 10.10.10.12:80 -g [root@localhost ~]# ipvsadm -a -t 10.10.10.100:80 -r 10.10.10.13:80 -g [root@localhost ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.10.10.100:80 rr -> 10.10.10.12:80 Route 1 0 0 -> 10.10.10.13:80 Route 1 0 0 [root@localhost ~]# service ipvsadm save ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [确定] [root@localhost ~]# chkconfig ipvsadm on
真是服务器配置
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 [root@localhost network-scripts]# vim !$ [root@localhost network-scripts]# cat ifcfg-lo:0 DEVICE=lo:0 IPADDR=10.10.10.100 NETMASK=255.255.255.255 NETWORK=127.0.0.0 # If you're having problems with gated making 127.0.0.0/8 a martian, # you can change this to something else (255.255.255.255, for example) BROADCAST=127.255.255.255 ONBOOT=yes NAME=loopback [root@localhost network-scripts]# ifup ifcfg-lo:0 [root@localhost network-scripts]# ifcfonfig -bash: ifcfonfig: command not found [root@localhost network-scripts]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:94:BF:BA inet addr:10.10.10.12 Bcast:10.255.255.255 Mask:255.0.0.0 inet6 addr: fe80::20c:29ff:fe94:bfba/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:595 errors:0 dropped:0 overruns:0 frame:0 TX packets:369 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:54345 (53.0 KiB) TX bytes:43419 (42.4 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) lo:0 Link encap:Local Loopback inet addr:10.10.10.100 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:65536 Metric:1 [root@localhost ~]# vim /etc/sysctl.conf //关闭对应ARP响应功能 net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.arp_announce=2 net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.default.arp_announce=2 net.ipv4.conf.lo.arp_ignore=1 net.ipv4.conf.lo.arp_announce=2 [root@localhost ~]# sysctl -p [root@localhost ~]# route add -host 10.10.10.100 dev lo:0 //添加路由记录访问VIP交给lo:0网卡接受 [root@localhost ~]# service httpd start 正在启动 httpd:httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName [确定] [root@localhost ~]# echo "11111" > /var/www/html/index.html [root@localhost ~]# curl localhost 11111 [root@localhost etc]# curl localhost (R2 改成”2222”) 222222
访问10.10.10.100
NAT-模式集群构建
架构图
网络环境搭建
设配器更改
网络是适配器 > 打开VMware Network Adapter VMnet1 > 属性ipv4 > 高级添加20.20.20.22
负载配置
[root@localhost network-scripts]# cat ifcfg-eth0 DEVICE=eth0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static USERCTL=no IPADDR=20.20.20.11 NETWASK=255.255.255.0 [root@localhost network-scripts]# cat ifcfg-eth1 DEVICE=eth1 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static USERCTL=no IPADDR=10.10.10.11 NETWASK=255.255.255.0 [root@localhost network-scripts]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:83:47:26 inet addr:20.20.20.11 Bcast:20.255.255.255 Mask:255.0.0.0 inet6 addr: fe80::20c:29ff:fe83:4726/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4038 errors:0 dropped:0 overruns:0 frame:0 TX packets:2410 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:367452 (358.8 KiB) TX bytes:305533 (298.3 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:83:47:30 inet addr:10.10.10.11 Bcast:10.255.255.255 Mask:255.0.0.0 inet6 addr: fe80::20c:29ff:fe83:4730/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:259 errors:0 dropped:0 overruns:0 frame:0 TX packets:193 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:23538 (22.9 KiB) TX bytes:29920 (29.2 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:808 (808.0 b) TX bytes:808 (808.0 b) [root@localhost ~]# service NetworkManager stop //R1 R2 都需要操作 [root@localhost ~]# chkconfig NetworkManager off //R1 R2 都需要操作 安装ipvsadm [root@localhost ~]# mount /dev/cdrom /media/cdrom/ [root@localhost ~]# yum -y install ipvsadm [root@localhost ~]# vim /etc/sysctl.conf net.ipv4.ip_forward = 1 //forward=1 开启路由转发功能 [root@localhost ~]# sysctl -p [root@localhost ~]# service iptables start //开启防火墙 [root@localhost ~]# chkconfig iptables on //开机启动 [root@localhost ~]# iptables -F //清空防火墙策略 [root@localhost ~]# iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j SNAT --to-source 20.20.20.11 //添加防火墙记录,当源地址是内网网段,并且出口网卡为eth0的时候进行snat的转换,转换源地址为外网卡地址。 [root@localhost ~]# iptables -t nat -L // 查看记录是否保存成功 Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 10.10.10.0/24 anywhere to:20.20.20.11 Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@localhost ~]# ipvsadm -A -t 20.20.20.11:80 -s rr //添加ipvsadm TCP集群 [root@localhost ~]# ipvsadm -a -t 20.20.20.11:80 -r 10.10.10.12:80 -m //添加ipvsadm 节点 [root@localhost ~]# ipvsadm -a -t 20.20.20.11:80 -r 10.10.10.13:8080 -m [root@localhost ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 20.20.20.11:80 rr -> 10.10.10.12:80 Masq 1 0 0 -> 10.10.10.13:80 Masq 1 0 0 [root@localhost ~]# service ipvsadm save //保存ipvs集群设置到文件进行持久化 ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [确定] [root@localhost ~]# chkconfig ipvsadm on
真是服务器:两台基本相似
在这里把服务器的网关指向负载调度器 10.10.10.11/24
[root@localhost ~]# echo "GATEWAY=10.10.10.11" >> /etc/sysconfig/network-scripts/ifcfg-eth0 [root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static USERCTL=no IPADDR=10.10.10.12 NETWASK=255.255.255.0 GATEWAY=10.10.10.11 [root@localhost ~]# route -n //这里查看去任何地方都交给10.10.10.11 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 0.0.0.0 10.10.10.11 0.0.0.0 UG 0 0 0 eth0 [root@localhost ~]# service httpd start [root@localhost ~]# echo "111111111" >> /var/www/html/index.html [root@localhost ~]# vim /etc/httpd/conf/httpd.conf Listen 8080 //R2服务器操作端口改为8080 [root@localhost ~]# service httpd restart //重启httpd [root@localhost ~]# curl localhost //R1操作 111111111 [root@localhost ~]# curl localhost:8080 //R2操作 222222222222222
验证实验是否成功
访问20.20.20.11
[root@localhost ~]# ipvsadm -Ln --stats IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 20.20.20.11:80 36 158 150 17311 12657 -> 10.10.10.12:80 12 62 56 7498 5692 -> 10.10.10.13:8080
LVS-NAT模式负责出站和入站
评论(0)
