Cisco 基本NAT和DR结构的LVS集群构建
LVS3.PNG(7.39 KB)http://blog.51cto.com/cisco130/51cto.com/uploads/allimg/110204/2316015303-0.jpg
上面的例子中,我暂时没有添加备份LVS Router,而只是通过一个主LVS Router来充当调度器。
配置步骤如下:
首先配置网络参数:
在LVS Router上的基本参数:
# ifconfig | grep inet
inetaddr:192.168.1.10Bcast:192.168.1.255Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe08:a162/64 Scope:Link
inet addr:10.0.0.10Bcast:10.0.255.255Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fe08:a16c/64 Scope:Link
# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
# sysctl –p
在Real Server上的基本参数:
第一台:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Advanced Micro Devices 79c970
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:b2:60:a5
IPADDR=10.0.0.100
NETMASK=255.255.0.0
GATEWAY=10.0.0.254
第二台:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Advanced Micro Devices 79c970
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:b2:60:a5
IPADDR=10.0.0.200
NETMASK=255.255.0.0
GATEWAY=10.0.0.254
然后在LVS Router上安装piranha工具:
# rpm -ihv ipvsadm-1.24.8.1.i386.rpm
# rpm -ihv piranha-0.8.4-7.el5.i386.rpm
完成之后为piranha-gui设置密码并启动服务:
# /usr/sbin/piranha-passwd
New Password:
Verify:
Updating password for user piranha
# service piranha-gui restart
Shutting down piranha-gui:
Starting piranha-gui:
# chkconfig piranha-gui on
完成之后进入图形界面并在浏览器中输入:http://localhost:3636,输入用户名:piranha和刚才定义的密码,即可进入 piranha configuration tool的配置界面:
在该界面中第一个要设置的地方是CONTROL/MONITORING,在该界面中将MONITOR中的选项:
Auto update勾选上,Update Interval将自动定义为10s,在服务没有启动之前LVS ROUTING TABLE和LVSPROCESS都不可见。完成之后选择Update information now。
在该界面的第二个要设置的地方是GLOBAL SETTINGS,在该界面中:
Primary server public IP:192.168.1.10 (真实外部地址)
Primary server private IP:10.0.0.10 (真实内部地址)
Use network type: NAT (LVS方式)
NAT Router IP: 10.0.0.254 (内部浮动IP)
NAT Router MASK: 255.255.0.0 (内部浮动掩码)
NAT Router Device: eth1:1 (运行浮动IP的设备)
选择接受配置
在该界面的第三个要设置的地方是REDUNDANCY,在该界面中:
由于没有在这个结构中加入冗余配置,所以可以将其DISABLE掉或者将其设置为ENABLE但是保持配置为空。在该例子中我的配置为空:
Redundant server public IP: 0.0.0.0
Redundant server private IP:
Heartbeat Interval (seconds): 6
Assume dead after (seconds): 18
Heartbeat runs on port: 539
Monitor NIC links for failure: 不勾选
选择接受配置
在该界面的第四个要设置的地方是VIRTUAL SERVERS:
每一个Virtual Servers代表所提供的一种服务,由于目前只有一种服务HTTP,所以选择ADD在提示中输入下面的信息:
Name: HTTP
Application port: 80
Protocal: TCP
Virtual Server Address: 192.168.1.250
Virtual IP Network Mask: 255.255.255.0
Firewall Mark:
Device: eth0:1
Re-entry Time: 15
Service Timeout: 6
Quiesce: No
Load Monitor Tool: none
Scheduling: Weighted least-connections --加权最小连接法(默认)
Persistence:
Persistence Network Mask: Unused
选择接受,并开启服务
在该界面的第五个要设置的地方是REAL SERVERS:
Name: localhost.localdomain
Address: 10.0.0.100
Weighted: 1
Name: localhost.localdomain
Address: 10.0.0.200
Weighted: 1
选择接受,并开启服务
在该界面的第六个要设置的地方是MONITORING SCRIPTS,保持默认即可
完成之后确认所有的配置都已经保存,这个LVS基本上就配置完成。最后的工作是在LVS的Router上启动主服务:
# service pulse start
# chkconfig pulse on
这个时候可以看到eth0:1和eth1:1已经自动建立:
# ifconfig
eth0:1 Link encap:EthernetHWaddr 00:0C:29:08:A1:62
inetaddr:192.168.1.250Bcast:192.168.1.255Mask:255.255.255.0
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
eth1:1 Link encap:EthernetHWaddr 00:0C:29:08:A1:6C
inet addr:10.0.0.254Bcast:10.0.255.255Mask:255.255.0.0
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
Interrupt:19 Base address:0x2080
并且相关服务也开启了:
# service ipvsadm status
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddresshttp://blog.51cto.com/cisco130/51cto.com/uploads/allimg/110204/23160132F-1.jpgort Scheduler Flags
-> RemoteAddresshttp://blog.51cto.com/cisco130/51cto.com/uploads/allimg/110204/23160163Y-2.jpgort Forward Weight ActiveConnInActConn
TCP192.168.1.250:80 wlc
-> 10.0.0.200:80 Masq 1 0 0
-> 10.0.0.100:80 Masq 1 0 15
# ps -ef | grep nanny
root 361435960 23:09 ? 00:00:03 /usr/sbin/nanny -c -h10.0.0.100 -p 80 -s GET /
HTTP/1.0\r\n\r\n -x HTTP -a 15 -I /sbin/ipvsadm -t 6 -w 1 -V192.168.1.250 -M m -U none --lvs
root 361535960 23:09 ? 00:00:03 /usr/sbin/nanny -c -h10.0.0.200 -p 80 -s GET /
HTTP/1.0\r\n\r\n -x HTTP -a 15 -I /sbin/ipvsadm -t 6 -w 1 -V192.168.1.250 -M m -U none --lvs
root 407836320 23:56 pts/1 00:00:00 grep nanny
同时开启两台真实服务器上的http服务,并在两台主机上的服务目录中分别建立同样的测试页面。
# chkconfig httpd on
# service httpd start
现在通过在客户端上访问LVS服务器进行测试:http://192.168.1.250, 可以看到real server给出了页面。
这个时候piranha configuration tool界面刷新之后看到的当前ROUTER TABLE信息已经发生了改变:
CURRENT LVS ROUTING TABLE
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddresshttp://blog.51cto.com/cisco130/51cto.com/uploads/allimg/110204/2316015X5-3.jpgort Scheduler Flags
-> RemoteAddresshttp://blog.51cto.com/cisco130/51cto.com/uploads/allimg/110204/231601I57-4.jpgort Forward Weight ActiveConn InActConn
TCP 192.168.1.250:80 wlc
-> 10.0.0.200:80 Masq 1 0 0
-> 10.0.0.100:80 Masq 1 0 0
而在当前LVS进程列表中也出现了内容:
CURRENT LVS PROCESSES
root 3678 0.0 0.1 1880 332 ? Ss 22:09 0:00 pulse
root 3702 0.0 0.2 1872 596 ? Ss 22:10 0:00 /usr/sbin/lvsd --nofork -c/etc/sysconfig/ha/lvs.cf
root 3720 0.0 0.2 1852 628 ? Ss 22:10 0:00 /usr/sbin/nanny -c -h10.0.0.100 -p 80 -s GET / HTTP/1.0\r\n\r\n
-x HTTP -a 15 -I /sbin/ipvsadm -t 6 -w 1 -V 192.168.1.250 -M m -U none--lvs
root 3721 0.0 0.2 1852 628 ? Ss 22:10 0:00 /usr/sbin/nanny -c -h10.0.0.200 -p 80 -s GET / HTTP/1.0\r\n\r\n
-x HTTP -a 15 -I /sbin/ipvsadm -t 6 -w 1 -V 192.168.1.250 -M m -U none--lvs
而在数次刷新页面之后就可以看到CURRENT LVS ROUTING TABLE的内容有所更新:
# cat lvs
CURRENT LVS ROUTING TABLE
IP Virtual Server version 1.2.1 (size=4096)
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddresshttp://blog.51cto.com/cisco130/51cto.com/uploads/allimg/110204/2316015614-5.jpgort Scheduler Flags
-> RemoteAddresshttp://blog.51cto.com/cisco130/51cto.com/uploads/allimg/110204/2316013C8-6.jpgort Forward Weight ActiveConn InActConn
TCP 192.168.1.250:80 wlc
-> 10.0.0.200:80 Masq 1 0 7
-> 10.0.0.100:80 Masq 1 0 6
也就是说访问量被平均分配到了两台主机上,如果我们找另外一个客户端做简单的压力测试:
命令:# ab -c 1000 -n 100000 http://192.168.1.250/index.html
获得的LVS ROUTING TABLE如下:
# cat Desktop/lvs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddresshttp://blog.51cto.com/cisco130/51cto.com/uploads/allimg/110204/2316014364-7.jpgort Scheduler Flags
-> RemoteAddresshttp://blog.51cto.com/cisco130/51cto.com/uploads/allimg/110204/23160153T-8.jpgort Forward Weight ActiveConn InActConn
TCP 192.168.1.250:80 wlc
-> 10.0.0.200:80 Masq 1 0 317
-> 10.0.0.100:80 Masq 1 0 1007
由于采用的是加权最小连接算法,所以负载不可能均分到两台服务器上。
此时配置文件的内容:
# cat /etc/sysconfig/ha/lvs.cf
serial_no = 67
primary = 192.168.1.10
primary_private = 10.0.0.10
service = lvs
backup_active = 1
backup = 0.0.0.0
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = 10.0.0.254 eth1:1
nat_nmask = 255.255.0.0
debug_level = NONE
monitor_links = 0
virtual HTTP {
active = 1
address = 192.168.1.250 eth0:1
vip_nmask = 255.255.255.0
port = 80
send = "GET / HTTP/1.0\r\n\r\n"
expect = "HTTP"
use_regex = 0
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server localhost.localdomain {
address = 10.0.0.100
active = 1
weight = 1
}
server localhost.localdomain {
address = 10.0.0.200
active = 1
weight = 1
}
}
实验到此成功。
现在我将这个实验的结构稍微做一下扩展,按照红帽所推荐的方案在结构中加入一备份 LVS ruoter,该备份LVSrouter的真实外网IP地址是192.168.1.20,真实内网IP是10.0.0.20。
按照上述的结构完成基本的网络配置:
# ifconfig | grep inet
inetaddr:192.168.1.20Bcast:192.168.1.255Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fecb:dd0b/64 Scope:Link
inet addr:10.0.0.20Bcast:10.0.255.255Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fecb:dd15/64 Scope:Link
开启IP转发:
# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
安装lvs相关软件包并进行基本配置:
# rpm -ihv ipvsadm-1.24.8.1.i386.rpm
# rpm -ihv piranha-0.8.4-7.el5.i386.rpm
完成之后为piranha-gui设置密码并启动服务:
# /usr/sbin/piranha-passwd
New Password:
Verify:
Updating password for user piranha
# service piranha-gui restart
Shutting down piranha-gui:
Starting piranha-gui:
# chkconfig piranha-gui on
这里我偷了一个懒,因为不想再向第一台LVS Router那样一个一个通过piranha configurationtool配置参数,所以用scp将lvs.cf同步过来,并且开启服务:
# service pulse start
# chkconfig pulse on
完成之后进入图形界面,在浏览器中登录piranha configuration tools,需要修改的地方实际上有两处:
在该界面的第三个要设置的地方REDUNDANCY添加冗余配置:
Redundant server public IP: 192.168.1.20
Redundant server private IP: 10.0.0.20
Heartbeat Interval (seconds): 6
Assume dead after (seconds): 18
Heartbeat runs on port: 539
Monitor NIC links for failure: 不勾选
选择接受配置
另外在第一台LVS Router上也要做这方面的定义。
在该界面的第二个要设置的地方是GLOBAL SETTINGS,在该界面中:
Primary server public IP: 192.168.2.10 (真实外部地址)
Primary server private IP:10.0.0.20 (真实内部地址)
Use network type: NAT (LVS方式)
NAT Router IP: 10.0.0.254 (内部浮动IP)
NAT Router MASK: 255.255.0.0 (内部浮动掩码)
NAT Router Device: eth1:1 (运行浮动IP的设备)
选择接受配置
这样的话,配置文件的内容为:
# cat /etc/sysconfig/ha/lvs.cf
serial_no = 73
primary = 192.168.1.20
primary_private = 10.0.0.20
service = lvs
backup_active = 1
backup = 192.168.1.20
backup_private = 10.0.0.20
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = 10.0.0.254 eth1:1
nat_nmask = 255.255.0.0
debug_level = NONE
monitor_links = 0
virtual HTTP {
active = 1
address = 192.168.1.250 eth0:1
vip_nmask = 255.255.255.0
port = 80
send = "GET / HTTP/1.0rnrn"
expect = "HTTP"
use_regex = 0
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server localhost.localdomain {
address = 10.0.0.100
active = 1
weight = 1
}
server localhost.localdomain {
address = 10.0.0.200
active = 1
weight = 1
}
}
测试的方法很简单,第一台LVS Router现在是primary,那么正常情况下他提供服务,而备份lvs router开启pulse进程对第一台状态进行监控。现在将第一台LVS Router关闭,在短时间内客户端访问虚拟服务器将受到影响。但是在大概十秒左右的时间就可以访问成功,此时可以看到备份LVS Router已经成为primary并提供服务。如果此时再将已经关闭的第一台LVS Router开启,那么他将再次成为主LVS Router。
页:
[1]