centos6.4下LVS+keepalived的高可用（LVS/DR模式）

sharpds77

　　LVS负载均衡机制：
　　LVS工作在网络层。相对于其它负载均衡的解决办法，比如DNS域名轮流解析、应用层负载的调度、客户端的调度等，它的效率是非常高的。LVS的通过控制IP来实现负载均衡。IPVS是其具体的实现模块。IPVS的主要作用：安装在Director Server上面，在Director Server虚拟一个对外访问的IP（VIP）。用户访问VIP，到达Director Server，Director Server根据一定的规则选择一个Real Server，处理完成后然后返回给客户端数据。这些步骤产生了一些具体的问题，比如如何选择具体的Real Server，Real Server如果返回给客户端数据等等。IPVS为此有三种机制：
　　1.VS/NAT(Virtual Server via Network Address Translation)，即网络地址翻转技术实现虚拟服务器。当请求来到时，Diretor server上处理的程序将数据报文中的目标地址（即虚拟IP地址）改成具体的某台Real Server,端口也改成Real Server的端口，然后把报文发给Real Server。Real Server处理完数据后，需要返回给Diretor Server，然后Diretor server将数据包中的源地址和源端口改成VIP的地址和端口，最后把数据发送出去。由此可以看出，用户的请求和返回都要经过Diretor Server，如果数据过多，Diretor Server肯定会不堪重负。
　　2.VS/TUN（Virtual Server via IP Tunneling）,即IP隧道技术实现虚拟服务器。它跟VS/NAT基本一样，但是Real server是直接返回数据给客户端，不需要经过Diretor server,这大大降低了Diretor server的压力。
　　3.VS/DR（Virtual Server via Direct Routing），即用直接路由技术实现虚拟服务器。跟前面两种方式，它的报文转发方法有所不同，VS/DR通过改写请求报文的MAC地址，将请求发送到Real Server，而Real Server将响应直接返回给客户，免去了VS/TUN中的IP隧道开销。这种方式是三种负载调度机制中性能最高最好的，但是必须要求Director Server与Real Server都有一块网卡连在同一物理网段上
　　//环境介绍
　　#VS/DR模式下，Direct server在VIP:80端口监听用户请求，改写请求报文的MAC地址，将请求负载到real server上，real server将响应直接返回给用户，因此所有的主机必须在同一个网段，且real server可以直接与用户通信
1.主机配置
DIRECT SERVER:10.10.54.155  
vip:10.10.54.151
DIRECT BACKUP:10.10.54.156
vip:10.10.54.151
real server:10.10.54.222(80) --nginx
real server:10.10.54.226(80) --nginx

　　

　　//软件安装
1.所需软件
ipvsadm-1.26.tar.gz
keepalived-1.2.9.tar.gz
2.安装ipvsadm
shell> yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
shell> tar xvf ipvsadm-1.26.tar.gz
shell> cd ipvsadm-1.26
shell> ./configure && make && make install
3.安装keepalived
shell> yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
shell> tar xvf keepalived-1.2.9.tar.gz
shell> cd keepalived-1.2.9
shell> ./configure && make && make install
shell> ./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc
shell> cp /usr/local/keepalived/sbin/keepalived /sbin/
shell> cp /usr/local/keepalived/bin/genhash /bin/　　//【real server上操作】
1.编辑realserver脚本
shell> vim /etc/init.d/realserver
-----------------------------------------------------
#!/bin/bash
#description:start realserver
#script_name:realserver_config
VIP=10.10.54.151#虚拟IP
source/etc/init.d/functions
case"$1"in
start)
echo"start LVS of realserver."
/sbin/ifconfiglo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo"1"> /proc/sys/net/ipv4/conf/lo/arp_ignore
echo"2"> /proc/sys/net/ipv4/conf/lo/arp_announce
echo"1"> /proc/sys/net/ipv4/conf/all/arp_ignore
echo"2"> /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfiglo:0 down
echo"0"> /proc/sys/net/ipv4/conf/lo/arp_ignore
echo"0"> /proc/sys/net/ipv4/conf/lo/arp_announce
echo"0"> /proc/sys/net/ipv4/conf/all/arp_ignore
echo"0"> /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo"Usage: $0 {start|stop}"
exit1
esac
-----------------------------------------------------------------
2.shell> /etc/init.d/realserverstart　　//【Direct server上操作】
1.[master]修改配置文件
shell> vim /etc/keepalived/keepalived.conf
---------------------------------------------
global_defs {
notification_email {
lij@***.com
}
notification_email_from lij@***.com
smtp_server lij@***.com
smtp_connect_timeout 30
router_id LVS_MASTER2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.10.54.151/24dev eth0 label eth0:1#虚拟IP，用户可见IP
}
}
virtual_server 10.10.54.151 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.10.54.157 80 {#real server上80端口
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.10.54.159 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#查看IPVS表
shell> ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.151:80 rr
-> 10.10.54.157:80 Route 1 0 0
-> 10.10.54.159:80 Route 1 0 0
--------------------------------------------------　　2.【backup server】修改配置文件

---------------------------------------------------
global_defs {
notification_email {
lij@***.com
}
notification_email_from lij@***.com
smtp_server lij@***.com
smtp_connect_timeout 30
router_id LVS_BACKUP #改1
}
vrrp_instance VI_1 {
state MASTER #改2
interface eth0
virtual_router_id 51
priority 80 #改3
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
...
}
#backup上查看IPVS表
shell> ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.151:80 rr
-> 10.10.54.157:80 Route 1 0 0
-> 10.10.54.159:80 Route 1 0 0
-----------------------------------------------　　

　　//telnet 测试负载均衡和故障转移
　　测试负载均衡
1.master 和 backup上启动keepalived
/etc/init.d/keepalived start
2.150主机上telnet VIP
shell> telnet 10.10.54.151 80
Trying 10.10.54.151...
Connected to 10.10.54.151.
Escape character is '^]'.
3.master主机上查看IPVS信息
shell> ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.10.54.151:80 rr
  -> 10.10.54.157:80              Route   1      1          0         
  -> 10.10.54.159:80              Route   1      0          1        
##由上面查看157机子上"ActiveConn"变为1
##重新执行 telnet 10.10.54.151 80 操作后，发现159机子"ActiveConn"变为1
##上面测试结果显示，LVS负载均衡已经成功
测试故障转移是否成功
1.当掉master主机155
shell> /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]
2.backup主机上查看ip信息
shell> ip add list
1: lo:  mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:1f:da:47 brd ff:ff:ff:ff:ff:ff
    inet 10.10.54.156/24 brd 10.10.54.255 scope global eth0
    inet 10.10.54.151/24 scope global secondary eth0:1
    inet6 fe80::a00:27ff:fe1f:da47/64 scope link
       valid_lft forever preferred_lft forever
3: eth1:  mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 08:00:27:ac:b4:36 brd ff:ff:ff:ff:ff:ff
3.测试backup是否可以负载
shell> telnet 10.10.54.151 80
shell> ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.10.54.151:80 rr
  -> 10.10.54.157:80              Route   1      1          0         
  -> 10.10.54.159:80              Route   1      0          0     
##由上面可知，LVS故障转移成功