lvs定义nat,dr高可用
Lvs 术语:
director/real server
IP:
VIP:虚拟ip
DIP:转发ip
RIP:各个real serverIP
CIP:客户端ip
Ipvs:ip vertual server
Lvs类型:
Lvs-nat:地址转换:natwork addresstranslayion
lvs-dr:直接路由:Direct routing
Lvs-tun:隧道:Tunning
Nat类型:
我们的各个rS应该使用私有地址,RS的网关必须指向DIP
请求和相应都要经过Director,所以容易成为性能瓶颈
支持端口映射,RS可以使用任意OS
Dr模型的特性(在同一个机房):
保证前段路由将目标地址为VIP的报文统统发往Directory,不是RS
解决方案:
A:静态路由地址绑定,(要有路由操作权限)
B:aprtables
C:修改RS上的内核参数,将RS上的VIP配置在lo接口别名上,限制1其不能响应对VIP地址解析请求
RS:可以使用私有地址,也可以使用公网地址
RS跟Directory必须在同一个物理网段中
请求报文必须经过Directory,响应报文必须不经过
不支持端口映射
RS可以使大多数常见的OS
Tun模型类型(ip隧道):
Dip Rip 必须是公网地址。
Lvs scheduler:
Grep -i ‘VS’ /boot/config-version(版本号)
静态方法:仅仅根据调度方法本省进行的调度
rr:round robin:轮询,轮叫
Wrr:加权轮询
sh:sourc hashing:源地址hash,
Dh:目标地址hash
动态方法:仅仅根据算法及各个RS当前的负载状况进行调度
lc:least connection:最少连接
Overhead=ACtion*256+inactive
wlc加权最少连接
Overhead=(ACtion*256+inactive)/weight
sed ;shortest expection delay:就是wlc的加强版,有权重大的先负责请求
Overhead=(ACtion+1)*256/weight
nqnever queue:有权重自上而下依次先响应请求,在按权重轮询
Lblc:locality-base least connection
Lblc: 带复制的lblc
Nat配置:
dIP:172.16.149.97
VIP:10.0.0.1
Rip:10.0.0.2
Rip:10.0.0.3
配置时间同步,基于主机名的解析,
1:ntpdate 172.16.0.1
2:vim/etc/hosts
10.0.0.2 www.han.com han
10.0.0.3 www.jin.com jin
前段directory上安装:yum install -y ipvsadm
我们的配置解释:我们需要一个directory需要配置两个网络适配器,分别为eth0:172.16.249.97eth1: 10.0.0.1
Ifconfig eth0172.16.249.97/16 up
Ifconfig eth110.0.0.1/24 up
在相互ping通
在吧各个RIP的网关指向10.0.0.1
Route add default gw 10.0.0.1
配置上各个ip:
Ifconfig eth0 10.0.0.2/24 up
Ifconfig eth0 10.0.0.3/24 up
配置nat模型:
定义集群服务 为集群添加各个RS
ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p ] [-M netmask] [--pe persistence_engine]
-t|u|f:协议类型tcpudpf:防火墙标记
-s:调度器(算法)
Server-address:对于-t|u 就是一个VIP:port
想一个已经存在的集群添加一个RS:ipvsadm -a|e -t|u|f service-address -r server-address
-a:添加-e:修改
【optiios】
-w:权重 -m:模型
1:ipvsadm -A-t 172.16.249.97:80-s rr
2:ipvsadm -a -t 172.16.249.97:80 -r 10.0.0.2 -m
3:ipvsadm -a -t 172.16.249.97:80 -r 10.0.0.3 -m
还要打开路由转发功能:# echo 1 > /proc/sys/net/ipv4/ip_forward
要是想要永久生效:修改此配置文件
列出已经定义的集群服务及RS:ipvsadm -L -n
修改集群服务方法:
1:删除集群在定义
2:修改集群服务
Ipvsadm - E -t 172.16.249.97:80 -s wrr
修改上述的集群为wrr类型的集群服务
修改各个RS的:
Ipvsadm -e -t 172.16.249.97:80 -r 10.0.0.2 -m -w 2
(修改10.0.0.2这个RS的权重为2)
删除一个RS:
指明从哪个集群服务上删除那个RS:
:ipvsadm -d -t|u|f service-address -r server-address
删除集群服务:
ipvsadm -D -t|u|f service-address
清空整个集群服务:
Ipvsadm -C
保存规则方法:
Ipvsadm -S > 保存位置
或者:service ipvsadm save也可以保存:位置/etc/sysconfig/ipvsadm
让其配置重新生效:ipvsadm -R < /保存位置
Dr模型的建立(在同一个网段):
Directory:
Eth0:DIP(172.16.249.1) eth0:0 VIP(172.16.249.2)
RS1:
Eth0:RIP172.16.249.3 lo:0 VIP172.16.249.2
RS2:
Eth0:RIP172.16.249.4 lo:0:VIP172.16.249.2
Directory:DIPVIP
RS:RIPVIP
RS配置内核参数:
Arp_ignore:如何响应接收ARP地址请求,默认0 , 1表示仅仅在请求的地址配置在请求报文的接口进行响应
Arp_announce:如何通告本地地址,默认0,2表示仅仅通过直连的接口的地址
前提配置:
所以在各个RS上要配置:
# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
RS1:
1:ifconfig eth0 172.16.249.3/16 up
2:router add default gw 172.16.0.1
3:ifconfig lo:0 172.16.249.2netmask255.255.255.255 broadcast 172.16.249.2 up
4:route add -host 172.16.249.2 dev lo:0
Rs2:
1:ifconfig eth0 172.16.249.4/16 up
2:router add default gw 172.16.0.1
3:ifconfig lo:0 172.16.249.2netmask255.255.255.255 broadcast 172.16.249.2 up
4:route add -host 172.16.249.2 dev lo:0
Directory:
1:ifconfig eth0 172.16.249.1/16 up
2:ifconfig eth0:0 172.16.249.2/16 up
3:ipvsadm -A -t 172.16.249.2:80 -swlc
4:ipvsadm -a -t 172.16.249.2:80 -r 172.16.249.3 -g -w 1
5::ipvsadm -a -t 172.16.249.2:80 -r 172.16.249.4 -g -w 1
当让我们的RIP和VIP不在同一个网段:中间加一个路由设备
Dirtory脚本:
Director脚本:
#!/bin/bash
#
# LVS script for VS/DR
#
. /etc/rc.d/init.d/functions
#
VIP=192.168.0.210
RIP1=192.168.0.221
RIP2=192.168.0.222
PORT=80
#
case "$1" in
start)
/sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev eth0:1
# Since this is the Director we must be able to forward packets
echo 1 > /proc/sys/net/ipv4/ip_forward
# Clear all iptables rules.
/sbin/iptables -F
# Reset iptables counters.
/sbin/iptables -Z
# Clear all ipvsadm rules/services.
/sbin/ipvsadm -C
# Add an IP virtual service for VIP 192.168.0.219 port 80
# In this recipe, we will use the round-robin scheduling method.
# In production, however, you should use a weighted, dynamic scheduling method.
/sbin/ipvsadm -A -t $VIP:80 -s wlc
# Now direct packets for this VIP to
# the real server IP (RIP) inside the cluster
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -g -w 1
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -g -w 2
/bin/touch /var/lock/subsys/ipvsadm &> /dev/null
;;
stop)
# Stop forwarding packets
echo 0 > /proc/sys/net/ipv4/ip_forward
# Reset ipvsadm
/sbin/ipvsadm -C
# Bring down the VIP interface
/sbin/ifconfig eth0:1 down
/sbin/route del $VIP
/bin/rm -f /var/lock/subsys/ipvsadm
echo "ipvs is stopped..."
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ]; then
echo "ipvsadm is stopped ..."
else
echo "ipvs is running ..."
ipvsadm -L -n
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
;;
Esac
Realserver脚本:
RealServer脚本:
#!/bin/bash
#
# Script to start LVS DR real server.
# description: LVS DR real server
#
./etc/rc.d/init.d/functions
VIP=192.168.0.219
host=`/bin/hostname`
case "$1" in
start)
# Start LVS-DR real server on this machine.
/sbin/ifconfig lo down
/sbin/ifconfig lo up
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
;;
stop)
# Stop LVS-DR real server loopback device(s).
/sbin/ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR real server Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
但是在工作时常用DR模型;
DR:将请求的报文的目标MAC设定为挑选的RS的MAC地址
NAT:将请求报文的目标ip地址改为挑选的RS的ip地址,RS网关指向DIP
TUN:在原有的ip报文之外再次封装IP首部
防火墙标记的nat模型:
上述的前提配置配置好,
1:iptables -t mangle -A PREROUTING -t tcp -d 172.16.249.97 --dport 80 -j MARK --set-mark 10
2:ipvsadm -A -f 10 -s rr
3:ipvsadm -a -f 10 -r 10.0.0.3 -m -w 1
4::ipvsadm -a -f 10 -r 10.0.0.4 -m -w 2
持久连接的类型:
Pcc:在基于tcp或udp定义集群服饰,器端口为0,格式为VIP:0 表示任何一种来自用户的请求,统统转发到后端RS,基于持久连接时,来自同一个client所有的请求都转发到同一个RS、
-p:持久连接的时间
案例:
3:ipvsadm -A -t 172.16.249.2:0 -swlc -p 360
4:ipvsadm -a -t 172.16.249.2:0 -r 10.0.0.3 -g -w 2
5::ipvsadm -a -t 172.16.249.2:0 -r 10.0.0.4 -g -w 1
PPC: 持久机制但服务单独调度
案例:
3:ipvsadm -A -t 172.16.249.2:80 -srr -p 360
4:ipvsadm -a -t 172.16.249.2:80 -r 10.0.0.3 -m -w 1
5::ipvsadm -a -t 172.16.249.2:80 -r 10.0.0.4 -m -w 1
6:ipvsadm -A -t 172.16.249.2:22 -srr -p 360
7:ipvsadm -a -t 172.16.249.2:22 -r 10.0.0.3 -m -w 1
8:ipvsadm -a -t 172.16.249.2:22 -r 10.0.0.4 -m -w 1
PFM: 单幅务调度、可以通过防火墙将多个协议定义为一个服务
页:
[1]