lVS(nat模式)+keepalived搭建

　　关于网上lvs+keepalived的文章很多，但是多数都是DR模式的方案，对于 nat模式的并不多见，因此，在此写一份nat模式的文章，仅供分享也当笔记保存。
　　网络拓扑结构：

　　现在的Linux系统内核都是支持lvs的，所以我们直接可以用yum安装ipvsadm
　　yum 源的替换，将系统的yum源替换成163的yum源
　　[root@localhost ~]# cd /etc/yum.repos.d/
　　[root@localhost yum.repos.d]# ls
　　centos-163.repo  rhel-source.repo.bak
　　[root@localhost yum.repos.d]# vim centos-163.repo
#mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
#additional packages that may be useful
[extras]
name=CentOS-6 - Extras - 163.com
baseurl=http://mirrors.163.com/centos/6/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-6 - Plus - 163.com
baseurl=http://mirrors.163.com/centos/6/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
#contrib - packages by Centos Users
[contrib]
name=CentOS-6 - Contrib - 163.com
baseurl=http://mirrors.163.com/centos/6/contrib/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6　　LVS软件的安装
　　[root@localhost yum.repos.d]# yum install ipvsadm -y
　　开启路由转发功能
　　[root@localhost yum.repos.d]# vim /etc/sysctl.conf
　　将net.ipv4.ip_forward = 0改成net.ipv4.ip_forward = 1
　　使配置生效
　　[root@localhost yum.repos.d]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_local_port_range = 1024 65000
　　关闭系统自带防火墙和selinux策略
　　[root@localhost yum.repos.d]# iptables -F
　　Chain INPUT (policy ACCEPT)
　　target     prot opt source               destination
　　Chain FORWARD (policy ACCEPT)
　　target     prot opt source               destination
　　Chain OUTPUT (policy ACCEPT)
　　target     prot opt source               destination
　　[root@localhost yum.repos.d]# iptables -t nat -F
　　Chain PREROUTING (policy ACCEPT)
　　target     prot opt source               destination
　　Chain POSTROUTING (policy ACCEPT)
　　target     prot opt source               destination
　　Chain OUTPUT (policy ACCEPT)
　　target     prot opt source               destination
　　[root@localhost yum.repos.d]# setenforce 0
　　keepalived安装和配置
　　由于nat模式的realserver的网关为负载服务器的IP。所以做主备的时候，网关也要能跟随外网VIP的切换一同切换，在这里，我们将定义一个vrrp组，一个inside_network,一个outside_network. inside_network的VIP作为RealServer网关地址，outside_network的VIP作为外网访问地址
[root@localhostyum.repos.d]#wget http://www.keepalived.org/software/keepalived-1.2.4.tar.gz
[root@localhostyum.repos.d]# tar xf keepalived-1.2.4.tar.gz
[root@localhostyum.repos.d]# yum install gcc*  openssl*  popt-devel  libnl*
[root@localhostyum.repos.d]# cd keepalived-1.2.4
[root@localhost keepalived-1.2.4]# ./configure  prefix=/usr/local/keepalived
[root@localhost keepalived-1.2.4]# make;make install
[root@localhost keepalived-1.2.4]# cd /usr/local/keepalived/etc/keepalived
[root@localhost keepalived-1.2.4]# cp keepalived.conf  keepalived.conf_bak
[root@localhost keepalived-1.2.4]#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig
[root@localhost keepalived]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived
global_defs {
notification_email {
hehui0816@163.com  #主备切换时候收邮件的地址,一行一个
847616606@163.com      
    }
notification_email_from   #指定邮件的来源
smtp_server 127.0.0.1    #使用本地邮件服务器
smtp_connect_timeout 30   #指定邮件连接超时时间
router_id LVS_MASTER      #指定router_id标识符 ，主备的可以相同，也可以不相同
}
vrrp_syncv_group SWJ {    #定义一个虚拟路由组  
group {
inside_network
outside_network
}
}
vrrp_instance outside_network {
state MASTER   #设置主lvs负载为master ，备用的为BACKUP
interface eth0  #设置VIP的绑定网卡
track_interface {  #定义额外的监听网卡，只要其中一个网卡出现故障就会发生主备切换
# eth0
eth1
}
lvs_sync_daemon_inteface eth0   #设置lvs监听网卡
virtual_router_id 100           #设置虚拟路由ID号，同一组主备的ID号要一样
priority 100             #设置优先级，MASTER的优先级要比BACKUP的高
advert_int 1             #设置vrrp检测时间，默认为1S
authentication {         #设置认证信息，主备要一样
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.204.172.2/26           #设置外网VIP
}
}
vrrp_instance inside_network {
state MASTER
interface eth1
track_interface {
eth0
# eth1
}
lvs_sync_daemon_inteface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.21/24      #设置网关地址为内网VIP
}
}
virtual_server 10.204.172.2 9912 {  #设置策略 vip+端口
delay_loop 6
lb_algo rr   # 设置策略，在这里为轮询模式，也可以设置为wrr或其他
lb_kind NAT  #设置为NAT模式，DR模式换为DR即可
nat_mask 255.255.255.192
#persistence_timeout 50 # 此处注释，不然在50s里面访问的都是同一台后端服务器
protocol TCP
real_server 192.168.1.32 9912 {  #设置真实服务器IP+端口
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 9912  #设置连接端口
}
}
real_server 192.168.1.31 9912 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 9912
}
}
}
　　配置好了之后启动keepalived服务
[root@localhost ~]# /etc/init.d/keepalived restart
Stopping keepalived: [  OK  ]
Starting keepalived: [  OK  ]
查看主lvs的IP



查看备用lvs的IP





查看lvs负载：





查看日志







模拟主设备出现故障，ifdown eth0 或者将keepalived服务关闭
会发现VIP都会切换到备用负载上面去。


通过访问都能正常转发：