【LVS】负载均衡集群

q989 · 发表于 2019-1-3 13:23:27

　　LVS (Linux Virtual Server)是一种集群(Cluster)技术，采用IP负载均衡技术和基于内容请求分发技术。LVS可以实现LINUX平台下的简单负载均衡。
　　其中LVS/NAT是一种最简单的方式，所有的RealServer只需要将自己的网关指向Director即可。
　　

　　LVS负载均衡的NAT模式

　　一、实验准备

　　在VMware Workstation虚拟机环境下，准备三台服务器，一台作为director, 两台作为real server。
　　二、网络配置

　　director需要配置两块网卡，一块（eth0）与real server连接的内网，另外一块（eth1）连接到公网。

　　配置参考如下：
　　director：eth0 192.168.20.28/24 （内网）

　　eth1 192.168.1.33/24 （外网）
　　real server1：eth0 192.168.20.138
　　real server2：eth0 192.168.20.250
　　这三台服务器在192.168.20.0/24能互相通信

　　

　　实现方法：
　　1、虚拟机网络模式选择【自定义VMnet1】，在这里的LVS-NAT实验中需要设置director的eth0和两台real server的eth0为自定义VMnet1模式，而director的eth1则设置为桥接模式，可以直接使用外网。

　　2、客户机Windows机器上VMnet1的IP设置，设置成与LVS的三台服务器eth0的IP在同一个网段，目的是为了能与三台LVS服务器通信，方便做试验

　　3、具体配置如下，real server1、2的网关均指向192.168.20.28

　　director：
DEVICE=eth0（内网）
HWADDR=00:0C:29:92:99:4D
TYPE=Ethernet
UUID=5c49f4f6-154d-43cd-ab8c-d84df2838d01
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.20.28
NETMASK=255.255.255.0DEVICE=eth1（外网）
HWADDR=00:0c:29:92:99:57
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.33
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1　　real server1：
DEVICE=eth0
HWADDR=00:0C:29:BE:49:72
TYPE=Ethernet
UUID=2e41da17-945e-4ce8-9646-178ce035984e
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.20.138
NETMASK=255.255.255.0
GATEWAY=192.168.20.28　　real server2：
DEVICE=eth0
HWADDR=00:0C:29:8B:40:4A
TYPE=Ethernet
UUID=00ac2932-56ea-434f-b3e2-b6499d552879
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.20.250
NETMASK=255.255.255.0
GATEWAY=192.168.20.28　　

　　三、LVS/NAT 配置
　　1、安装epel扩展源、nginx（测试用）（nginx在real server下安装）

　　wget http://mirrors.sohu.com/fedora-epel/6/i386/epel-release-6-8.noarch.rpm
　　[root@realserver1 ~]# yum -y install nginx

　　2、测试页面
　　[root@realserver1 ~]# echo "sr1-192.168.20.138" >/usr/share/nginx/html/index.html
　　[root@realserver2 ~]# echo "sr2-192.168.20.250" >/usr/share/nginx/html/index.html
　　

　　3、Director 下安装ipvsadm
　　[root@director ~]# yum -y install ipvsadm
　　

　　4、配置ipvsadm，创建/usr/local/sbin/lvs_nat.sh脚本

#! /bin/bash
# director 服务器上开启路由转发功能
echo 1 > /proc/sys/net/ipv4/ip_forward
# 关闭icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
# director 设置nat防火墙
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.20.0/24  -j MASQUERADE
# director设置ipvsadm
IPVSADM='/sbin/ipvsadm'
$IPVSADM -C
$IPVSADM -A -t 192.168.1.33:80 -s
wrr （wrr表示加权轮和以下-w2 -w1对应，表示20.138权值为2，则调度到服务器
20.138
的请求会是服务器20.250的两倍）
$IPVSADM -a -t 192.168.1.33:80 -r 192.168.20.138:80 -m
-w 2
$IPVSADM -a -t 192.168.1.33:80 -r 192.168.20.250:80 -m
-w 1　　

　　

　　LVS的调度算法：轮叫调度(Round Robin)(简称rr) ,加权轮叫(Weighted Round Robin)(简称wrr),最少链接(least connection)(LC),加权最少链接(Weighted Least Connections)(WLC) 等
　　

　　5、开启nat服务
[root@director ~]# sh /usr/local/sbin/lvs_nat.sh

[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port          Forward Weight ActiveConn InActConn
TCP  192.168.1.33:80 wrr
  -> 192.168.20.138:80          Masq 2    0       0
  -> 192.168.20.250:80          Masq 1    0       0　　

　　6、测试LVS/NAT，由于sr1的权值为2，所以响应的请求为sr1的两倍

[root@director ~]# curl 192.168.1.33
sr2-192.168.20.250
[root@director ~]# curl 192.168.1.33
sr1-192.168.20.138
[root@director ~]# curl 192.168.1.33
sr1-192.168.20.138
[root@director ~]# curl 192.168.1.33
sr2-192.168.20.250
[root@director ~]# curl 192.168.1.33
sr1-192.168.20.138
[root@director ~]# curl 192.168.1.33
sr1-192.168.20.138
[root@director ~]# curl 192.168.1.33
sr2-192.168.20.250　　在windows下访问

　　

　　LVS负载均衡的DR模式配置
　　

　　[root@director ~]# ipvsadm -C
[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port          Forward Weight ActiveConn InActConn
[root@director ~]# iptables -t nat -F
一、网络配置
　　director：eth0

DEVICE=eth0
HWADDR=00:0C:29:92:99:4D
TYPE=Ethernet
UUID=5c49f4f6-154d-43cd-ab8c-d84df2838d01
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.28
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1DEVICE=eth0:0
HWADDR=00:0c:29:92:99:57
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.200
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1　　realserver1：eth0
DEVICE=eth0
HWADDR=00:0C:29:BE:49:72
TYPE=Ethernet
UUID=2e41da17-945e-4ce8-9646-178ce035984e
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.138
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1　　

　　realserver2：eth0
DEVICE=eth0
HWADDR=00:0C:29:8B:40:4A
TYPE=Ethernet
UUID=00ac2932-56ea-434f-b3e2-b6499d552879
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.250
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1　　

　　二、LVS/DR 配置
　　1、Director配置
　　[root@director ~]# vim /usr/local/sbin/lvs_dr.sh

#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ipv=/sbin/ipvsadm
vip=192.168.1.200
rs1=192.168.1.138
rs2=192.168.1.250
ifconfig eth0:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev eth0:0
$ipv -C
$ipv -A -t $vip:80 -s rr
$ipv -a -t $vip:80 -r $rs1:80 -g -w 1
$ipv -a -t $vip:80 -r $rs2:80 -g -w 1　　

　　

　　执行脚本：
[root@director ~]# sh /usr/local/sbin/lvs_dr.sh

[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port          Forward Weight ActiveConn InActConn
TCP  192.168.1.200:80 rr
  -> 192.168.1.138:80          Route 1    0       0
  -> 192.168.1.250:80          Route 1    0       0[root@director ~]# ifconfig eth0:0
eth0:0 Link encap:Ethernet  HWaddr 00:0C:29:92:99:4D
      inet addr:192.168.1.200  Bcast:192.168.1.200  Mask:255.255.255.255
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1　　2、在两台realserver配置
　　[root@realserver1 ~]# vim /usr/local/sbin/lvs_dr_rs.sh

　　#! /bin/bash
vip=192.168.1.200
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

　　执行脚本：
[root@realserver1 ~]# sh /usr/local/sbin/lvs_dr_rs.sh
[root@realserver2 ~]# sh /usr/local/sbin/lvs_dr_rs.sh　　[root@realserver1 ~]# ifconfig lo:0
lo:0    Link encap:Local Loopback
      inet addr:192.168.1.200  Mask:255.255.255.255
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
[root@realserver2 ~]# ifconfig lo:0
lo:0    Link encap:Local Loopback
      inet addr:192.168.1.200  Mask:255.255.255.255
      UP LOOPBACK RUNNING  MTU:16436  Metric:1

　　

　　3、测试，在第四台机器上访问

[root@sh ~]# curl 192.168.1.200
sr2-192.168.20.250
[root@sh ~]# curl 192.168.1.200
sr1-192.168.20.138
[root@sh ~]# curl 192.168.1.200
sr2-192.168.20.250
[root@sh ~]# curl 192.168.1.200
sr1-192.168.20.138
[root@sh ~]# curl 192.168.1.200
sr2-192.168.20.250　　[root@sh ~]# elinks 192.168.1.200

　　

　　4、更改权值
　　[root@director ~]# vim /usr/local/sbin/lvs_dr.s
#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ipv=/sbin/ipvsadm
vip=192.168.1.200
rs1=192.168.1.138
rs2=192.168.1.250
ifconfig eth0:0 down
ifconfig eth0:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev eth0:0
$ipv -C
$ipv -A -t $vip:80 -s wrr
$ipv -a -t $vip:80 -r $rs1:80 -g -w 2
$ipv -a -t $vip:80 -r $rs2:80 -g -w 1　　

　　

　　[root@director ~]# sh /usr/local/sbin/lvs_dr.sh
[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port          Forward Weight ActiveConn InActConn
TCP  192.168.1.200:80 wrr
  -> 192.168.1.138:80          Route 2    0       9
  -> 192.168.1.250:80          Route 1    0       5　　

　　测试：

[root@sh ~]# curl 192.168.1.200
sr1-192.168.20.138
[root@sh ~]# curl 192.168.1.200
sr1-192.168.20.138
[root@sh ~]# curl 192.168.1.200
sr2-192.168.20.250
[root@sh ~]# curl 192.168.1.200
sr1-192.168.20.138
[root@sh ~]# curl 192.168.1.200
sr1-192.168.20.138
[root@sh ~]# curl 192.168.1.200
sr2-192.168.20.250　　
　　LVS结合Keepalived配置
　　两台director，两台realserver
　　[root@director ~]# ipvsadm -C
　　[root@director ~]# ifconfig eth0:0 down
[root@director network-scripts]# rm -rf ifcfg-eth0:0
　　

　　一、安装keepalived
　　[root@director ~]# yum -y install keepalived

　　

　　二、备用director
　　1、安装ipvsadm、keepalived
　　[root@sh ~]# yum -y install ipvsadm
[root@sh ~]# yum -y install keepalived
　　

　　2、配置keepalived
　　[root@director ~]# vim /etc/keepalived/keepalived.conf
　　vrrp_instance VI_1 {
state MASTER #备用服务器上为 BACKUP
interface eth0
virtual_router_id 51
priority 100  #备用服务器上为90
advert_int 1
authentication {
      auth_type PASS
      auth_pass 1111
}
virtual_ipaddress {
      192.168.1.200
}
}
　　virtual_server 192.168.1.200 80 {
delay_loop 6                #(每隔10秒查询realserver状态)
lb_algo rr                #(lvs 算法)
lb_kind DR                #(Direct Route)
persistence_timeout 0       #(同一IP的连接60秒内被分配到同一台realserver)
protocol TCP             #(用TCP协议检查realserver状态)
real_server 192.168.1.138 80 {
      weight 100             #(权重)
      TCP_CHECK {
      connect_timeout 10    #(10秒无响应超时)
      nb_get_retry 3
      delay_before_retry 3
      connect_port 80
      }
}
real_server 192.168.1.250 80 {
      weight 100
      TCP_CHECK {
      connect_timeout 10
      nb_get_retry 3
      delay_before_retry 3
      connect_port 80
      }
   }
}
　　

　　3、备用director配置keepalived
　　scp到备用director
　　[root@director ~]# yum -y install openssh-clients
[root@director ~]# scp /etc/keepalived/keepalived.conf 192.168.1.218:/etc/keepalived/keepalived.conf
　　

　　[root@sh ~]# vim /etc/keepalived/keepalived.conf
　　vrrp_instance VI_1 {
state BACKUP #备用服务器上为 BACKUP
interface eth0
virtual_router_id 51
    priority 99  #备用服务器上为90
advert_int 1
authentication {
      auth_type PASS
      auth_pass 1111
}
virtual_ipaddress {
      192.168.1.200
}
}
　　virtual_server 192.168.1.200 80 {
delay_loop 6                #(每隔10秒查询realserver状态)
lb_algo rr                #(lvs 算法)
lb_kind DR                #(Direct Route)
persistence_timeout 0       #(同一IP的连接60秒内被分配到同一台realserver)
protocol TCP             #(用TCP协议检查realserver状态)
real_server 192.168.1.138 80 {
      weight 100             #(权重)
      TCP_CHECK {
      connect_timeout 10    #(10秒无响应超时)
      nb_get_retry 3
      delay_before_retry 3
      connect_port 80
      }
}
real_server 192.168.1.250 80 {
      weight 100
      TCP_CHECK {
      connect_timeout 10
      nb_get_retry 3
      delay_before_retry 3
      connect_port 80
      }
   }
}
　　

　　三、director启动keepalived
　　[root@director ~]# /etc/init.d/keepalived start    （主）
Starting keepalived:                                     [  OK  ]
[root@sh ~]# /etc/init.d/keepalived start             （从）
Starting keepalived:                                     [  OK  ]
　　

　　查看ipvsadm状态

　　[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port          Forward Weight ActiveConn InActConn
TCP  192.168.1.200:80 rr
  -> 192.168.1.138:80          Route 100 0       7
  -> 192.168.1.250:80          Route 100 0       16
　　

　　[root@director ~]# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:92:99:4d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.28/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.200/32 scope global eth0
inet6 fe80::20c:29ff:fe92:994d/64 scope link
   valid_lft forever preferred_lft forever

　　四、两台realserver启动dr脚本/usr/local/sbin/lvs_dr_rs.sh

　　[root@realserver1 ~]# sh /usr/local/sbin/lvs_dr_rs.sh
[root@realserver2 ~]# sh /usr/local/sbin/lvs_dr_rs.sh

　　

　　五、测试，在第五台机器上访问vip192.168.1.200

[root@hh ~]# curl 192.168.1.200
sr2-192.168.20.250
[root@hh ~]# curl 192.168.1.200
sr1-192.168.20.138
[root@hh ~]# curl 192.168.1.200
sr2-192.168.20.250
[root@hh ~]# curl 192.168.1.200
sr1-192.168.20.138
[root@hh ~]# curl 192.168.1.200
sr2-192.168.20.250
[root@hh ~]# curl 192.168.1.200
sr1-192.168.20.138
[root@hh ~]# curl 192.168.1.200
sr2-192.168.20.250
[root@hh ~]# curl 192.168.1.200
sr1-192.168.20.138　　nginx的负载均衡集群
　　清除之前的配置

　　[root@director ~]# ipvsadm -C
[root@director ~]# iptables -F
[root@director ~]# /etc/init.d/keepalived stop

　　[root@director ~]# yum -y install nginx

　　[root@director ~]# vim /etc/nginx/conf.d/lb.conf  //配置虚拟主机
　　upstream test {
server 192.168.1.138:80;
server 192.168.1.250:80;
}
   server {
         listen 80;
         server_name www.huangmingming.cn;
         location / {
            proxy_pass    http://test/;
            proxy_set_header Host $host;
#             proxy_set_header X-Real-IP    $remote_addr;
#             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
      }

　　

　　[root@director ~]# netstat -ntlp |grep nginx
tcp       0    0 0.0.0.0:80                0.0.0.0:*                LISTEN    11205/nginx

　　

　　测试：

　　[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr2-192.168.20.250
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr2-192.168.20.250
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr2-192.168.20.250
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138

　　设置权值
　　upstream test {
server 192.168.1.138:80 weight=2;
server 192.168.1.250:80 weight=1;
}
   server {
         listen 80;
         server_name www.huangmingming.cn;
         location / {
            proxy_pass    http://test/;
            proxy_set_header Host $host;
#             proxy_set_header X-Real-IP    $remote_addr;
#             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
      }

　　[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr2-192.168.20.250
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr2-192.168.20.250

　　[root@realserver2 ~]# nginx -s stop

　　[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -xlocalhost:80 www.huangmingming.cn
sr1-192.168.20.138
　　

　　[root@realserver2 ~]# nginx

　　[root@director ~]# curl -x192.168.1.28:80 www.huangmingming.cn
sr2-192.168.20.250
[root@director ~]# curl -x192.168.1.28:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -x192.168.1.28:80 www.huangmingming.cn
sr1-192.168.20.138
[root@director ~]# curl -x192.168.1.28:80 www.huangmingming.cn
sr2-192.168.20.250

　　

　　

账号		自动登录	找回密码
密码			立即注册

wirelessnetview好用的无线分析工具

亿图图示专家(EDraw Max) V7.9 中文破解版

zabbix3.4.1安装部署+微信推送信息+大屏显

Red Hat OpenShift I: Containers & Kubern

2025 年，C++ 还能“硬核”多久？

RH199 RHCSA Rapid Track

Red Hat RHCE 8 (EX294) Cert Guide

[经验分享] 【LVS】负载均衡集群

浏览过的版块

扫码加入运维网微信交流群