LVS+KEEPALIVED+NAT详解
相信大家对LVS+ KEEPALIVED已经很熟悉了。LVS即LinuxVirtualServer;KEEPALIVED是为LVS设计的,主要提供了VRRP功能,解决静态路由的单点故障的问题,并且还能够检测每个服务节点的健康状态,当出现故障节点,keepalived能够剔除该节点,当故障节点回复后,又能够重新加入集群。本实验是LVS+KEEPALIVED+NAT模式,在企业里这种模式用的比较少,适合小的访问量。正因如此,此方面的正式文档比较少,这也是我写此博客的原因。NAT模式所有的数据量都需要通过LD,所以LD得负载比较大,为减少LD的负载,可以选择使用TUN模式。
实验架构简图如下:
LD:
station1 :外网IPeth0 172.16.1.11
内网IPeth1 192.168.1.11
Station2:外网 IP eth0 172.16.1.12
内网:IPeth1 192.168.1.12
浮动IP172.16.1.100
网关浮动IP192.168.1.254
Realserver: Apache1 192.168.1.13
Apache2 192.168.1.14
下面开始进行配置:
在station1上
打开路由功能。
安装keepalived-1.2.7
[*]yum -y install gcc make openssl-devel openssl net-snmp net-snmp-devel popt popt-devel
[*]
[*] ./configure --prefix=/usr/local/keepalived –enable-snmp
[*]
[*] make && make install
[*] ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
[*] ln -s /usr/local/keepalived/etc/keepalived.conf /etc/keepalived.conf
修改主配置文件:
[*]! Configuration File for keepalived
[*]
[*]global_defs {
[*] router_id KL_HOST1
[*]}
[*]
[*]vrrp_instance VI_1 {
[*] state BACKUP
[*] interface eth0
[*] virtual_router_id 51
[*] priority 150
[*] nopreempt
[*] advert_int 1
[*] authentication {
[*] auth_type PASS
[*] auth_pass 1111
[*] }
[*] virtual_ipaddress {
[*] 172.16.1.100/24
[*] }
[*]}
[*]
[*]vrrp_instance VI_2 {
[*] state BACKUP
[*] interface eth1
[*] nopreempt
[*] virtual_router_id 52
[*] priority 150
[*] advert_int 1
[*] authentication {
[*] auth_type PASS
[*] auth_pass 2222
[*] }
[*] virtual_ipaddress {
[*] 192.168.1.254/24
[*] }
[*]}
[*]vrrp_sync_group VG_1 {
[*] group {
[*] VI_1
[*] VI_2
[*] }
[*]}
[*]
[*]virtual_server 172.16.1.100 80 {
[*] delay_loop 6
[*] lb_algo rr
[*] lb_kind NAT
[*] nat_mask 255.255.255.0
[*] persistence_timeout 50
[*] protocol TCP
[*]
[*]# sorry_server 192.168.200.200 1358
[*]
[*] real_server 192.168.1.13 80 {
[*] weight 1
[*] HTTP_GET {
[*] url {
[*] path /urltest/test.html
[*] digest 37dba1d9a3c103df127b4e957c9de188
[*] }
[*] connect_timeout 3
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] }
[*] }
[*]
[*] real_server 192.168.1.14 80 {
[*] weight 2
[*] HTTP_GET {
[*] url {
[*] path /urltest/test.html
[*] digest 37dba1d9a3c103df127b4e957c9de188
[*] }
[*] connect_timeout 3
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] }
[*] }
[*]}
这里面的md5值是使用如下命令生成的。
[*]/usr/local/keepalived/bin/genhash -s 192.168.1.14 -p 80 -u /urltest/test.html
防火墙配置:
[*][root@station1 tmp]# iptables -L -n
[*]Chain INPUT (policy ACCEPT)
[*]target prot opt source destination
[*]ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
[*]ACCEPT 112 -- 0.0.0.0/0 0.0.0.0/0
[*]ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[*]ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
[*]ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
[*]ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
[*]REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
[*]
[*]Chain FORWARD (policy ACCEPT)
[*]target prot opt source destination
[*]
[*]Chain OUTPUT (policy ACCEPT)
[*]target prot opt source destination
[*][root@station1 tmp]# iptables -L -n -t nat
[*]Chain PREROUTING (policy ACCEPT)
[*]target prot opt source destination
[*]
[*]Chain POSTROUTING (policy ACCEPT)
[*]target prot opt source destination
[*]MASQUERADEall -- 192.168.1.0/24 0.0.0.0/0
[*]
[*]Chain OUTPUT (policy ACCEPT)
[*]target prot opt source destination
[*][root@station1 tmp]#
在station2操作
打开路由功能
安装keepalived-1.2.7
[*]yum -y install gcc make openssl-devel openssl net-snmp net-snmp-devel popt popt-devel
[*]
[*] ./configure --prefix=/usr/local/keepalived –enable-snmp
[*]
[*] make && make install
[*] ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
[*] ln -s /usr/local/keepalived/etc/keepalived.conf /etc/keepalived.conf
修改主配置文件:
[*]! Configuration File for keepalived
[*]
[*]global_defs {
[*] router_id KL_HOST2
[*]}
[*]
[*]vrrp_instance VI_1 {
[*] state BACKUP
[*] interface eth0
[*] virtual_router_id 51
[*] priority 100
[*] advert_int 1
[*] authentication {
[*] auth_type PASS
[*] auth_pass 1111
[*] }
[*] virtual_ipaddress {
[*] 172.16.1.100/24
[*] }
[*]}
[*]
[*]vrrp_instance VI_2 {
[*] state BACKUP
[*] interface eth1
[*] virtual_router_id 52
[*] priority 100
[*] advert_int 1
[*] authentication {
[*] auth_type PASS
[*] auth_pass 2222
[*] }
[*] virtual_ipaddress {
[*] 192.168.1.254/24
[*] }
[*]}
[*]vrrp_sync_group VG_1 {
[*] group {
[*] VI_1
[*] VI_2
[*] }
[*]}
[*]
[*]virtual_server 172.16.1.100 80 {
[*] delay_loop 6
[*] lb_algo rr
[*] lb_kind NAT
[*] nat_mask 255.255.255.0
[*] persistence_timeout 50
[*] protocol TCP
[*]
[*]# sorry_server 192.168.200.200 1358
[*]
[*] real_server 192.168.1.13 80 {
[*] weight 1
[*] HTTP_GET {
[*] url {
[*] path /urltest/test.html
[*] digest 37dba1d9a3c103df127b4e957c9de188
[*] }
[*] connect_timeout 3
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] }
[*] }
[*]
[*] real_server 192.168.1.14 80 {
[*] weight 2
[*] HTTP_GET {
[*] url {
[*] path /urltest/test.html
[*] digest 37dba1d9a3c103df127b4e957c9de188
[*] }
[*] connect_timeout 3
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] }
[*] }
[*]}
station2的防火墙和station1的完全一样
apache2和apache1上做如下相同配置
[*]yum -y install httpd
[*]mkdir /var/www/html/urltest/
[*]echo “this is a test page” > /var/www/html/urltest/test.html
[*]
[*]iptables -I INPUT -p tcp –dport 80 -j ACCEPT
[*]service iptables save
[*]service httpd start
[*]chkconfig httpd on
所有配置已经完成
在staiton1和station2上开启keepalived服务
[*]keepalived -f /etc/keepalived.conf
[*]echo “keepalived -f /etc/keepalived.conf” >> /etc/rc.local
试keepalived的vrrp功能和集群功能都没有任何问题!
页:
[1]