|
|
持久连接即是不考虑LVS的转发方法,确保所有来自同一个用户的连接转发到同一个RealServer上。
使用的选项:
ipvsadm -p timeout超时时间间隔(秒钟)默认300秒 电商网站给用户多长时间的连接持久,根据统计的用户黏性做判断。一般3600、7200秒都是可取范围。
持久连接类型:
1.PCC(persistent client connector,持久用户连接)同一个用户所有的请求在超时范围之内都被定位到同一个RealServer上,这个时候在指定端口的时候使用的是0端口,就是所有的请求都转发出去。
2.PPC(persistent port connector)用户的所有请求在超时范围内按照端口定位到不同的RS上。
3.防火墙标记:把相关联的端口在防火墙上打上同样的标记,用户在访问两个相关联的服务的时候,就会定位到同一个RealServer上。
4.FTP connection:由于ftp使用的是两个端口号,所以需要单独列出来。FTP Connections (FTP连接,在被动模式下控制连接端口21,数据连接大于1024随机端口,主动模式数据连接20端口)
4.1、FTP服务器被动模式下要把数据连接端口限定在一定范围内;10001-15000
4.2、将这5000个端口与21端口做成姻亲关系,打上同一个防火墙标记
4.3、将这种协议开放
实验一:PCC 持久用户连接
[root@director ~]# ipvsadm –lcn #查看当前持久连接模板中信息
IPVS connection entries
pro expire state source virtual destination
[root@director ~]# service ipvsadm start
ipvsadm: Clearing the current IPVS table: [ OK ]
ipvsadm: Applying IPVS configuration: [ OK ]
[root@director ~]# ipvsadm –ln #查看ipvs配置
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.6:80 rr
-> 192.168.1.8:80 Route 1 0 0
-> 192.168.1.7:80 Route 1 0 0
[root@director ~]# hwclock -s #--systohc 系统时间同步硬件时间,各节点时间同步
[root@rip1 ~]# hwclock -s
[root@rip2 ~]# hwclock -s
[root@director ~]# ipvsadm –C #清空ipvs表
[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
Director配置IP地址
[root@director ~]# ifconfig eth0 192.168.1.3/24 up
[root@director ~]# ifconfig eth0:1 192.168.1.6 broadcast 192.168.1.6 netmask 255.255.255.255 up
[root@director ~]# route add -host 192.168.1.6 dev eth0:1
[root@director ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
Director配置 ipvs
[root@director ~]# ipvsadm -A -t 192.168.1.6:0 -s wrr -p 1000
-t tcp 端口0 -s 调度算法 wrr加权轮调 默认wlc 加权最少连接 -p 超时1000s
[root@director ~]# ipvsadm -a -t 192.168.1.6:0 -r 192.168.1.7 -g -w 100
-r realserver -g gateway网关模型省略dr -w 权重
[root@director ~]# ipvsadm -a -t 192.168.1.6:0 -r 192.168.1.8 -g -w 200
[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.6:0 wrr persistent 1000
-> 192.168.1.8:0 Route 200 0 0
-> 192.168.1.7:0 Route 100 0 0
RealServer1 配置arp广播规则,再配IP
[root@rip1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rip1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rip1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rip1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rip1 ~]# ifconfig eth0 192.168.1.7/24
[root@rip1 ~]# ifconfig lo:0 192.168.1.6 broadcast 192.168.1.6 netmask 255.255.255.255 up
[root@rip1 ~]# route add -host 192.168.1.6 dev lo:0
[root@rip1 ~]# yum -y install httpd
[root@rip1 ~]# echo "web1" > /var/www/html/index.html
[root@rip1 ~]# service httpd start
RealServer2 配置arp广播规则,再配IP
[root@rip2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rip2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rip2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rip2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rip2 ~]# ifconfig eth0 192.168.1.8/24
[root@rip2 ~]# ifconfig lo:0 192.168.1.6 broadcast 192.168.1.6 netmask 255.255.255.255 up
[root@rip2 ~]# route add -host 192.168.1.6 dev lo:0
[root@rip2 ~]# yum -y install httpd
[root@rip2 ~]# echo "web2" > /var/www/html/index.html
[root@rip2 ~]# service httpd start
Director检查ipvs
[root@director ~]# ipvsadm –ln #检查ipvs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.6:0 wrr persistent 1000
-> 192.168.1.8:0 Route 200 0 6
-> 192.168.1.7:0 Route 100 0 0
wrr 哪个realserver的权重大,就多连接哪个。 持续连接1000秒。
打开IE http:// 192.168.1.6, 显示web2, 多刷新几次一直持续连接在web2
[root@director ~]# ipvsadm –lcn #检查持续连接情况
IPVS connection entries
pro expire state source virtual destination
TCP 01:55 FIN_WAIT 192.168.1.250:33578 192.168.1.6:80 192.168.1.8:80
TCP 01:55 FIN_WAIT 192.168.1.250:33577 192.168.1.6:80 192.168.1.8:80
TCP 01:54 FIN_WAIT 192.168.1.250:33575 192.168.1.6:80 192.168.1.8:80
TCP 01:55 FIN_WAIT 192.168.1.250:33580 192.168.1.6:80 192.168.1.8:80
TCP 01:55 FIN_WAIT 192.168.1.250:33581 192.168.1.6:80 192.168.1.8:80
TCP 16:20 NONE 192.168.1.100:0 192.168.1.6:0 192.168.1.8:0
TCP 01:54 FIN_WAIT 192.168.1.250:33574 192.168.1.6:80 192.168.1.8:80
TCP 01:56 FIN_WAIT 192.168.1.250:33584 192.168.1.6:80 192.168.1.8:80
TCP 01:55 FIN_WAIT 192.168.1.250:33579 192.168.1.6:80 192.168.1.8:80
TCP 01:55 FIN_WAIT 192.168.1.250:33582 192.168.1.6:80 192.168.1.8:80
TCP 16:36 NONE 192.168.1.250:0 192.168.1.6:0 192.168.1.8:0
TCP 01:55 FIN_WAIT 192.168.1.250:33583 192.168.1.6:80 192.168.1.8:80
TCP 01:54 FIN_WAIT 192.168.1.250:33576 192.168.1.6:80 192.168.1.8:80
TCP 00:40 SYN_RECV 192.168.1.100:53407 192.168.1.6:80 192.168.1.8:80
客户端station250
[root@station250 ~]# ab -c 10 -n 1000 http://192.168.1.6/index.html
# -c 并发数 –n 总共请求数
Concurrency Level: 10
Time taken for tests: 0.370147 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 264000 bytes
HTML transferred: 5000 bytes
Requests per second: 2701.63 [#/sec] (mean)
Time per request: 3.701 [ms] (mean)
Time per request: 0.370 [ms] (mean, across all concurrent requests)
Transfer rate: 694.32 [Kbytes/sec] received
[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.6:0 wrr persistent 1000
-> 192.168.1.8:0 Route 200 0 1000 #1000次连接
-> 192.168.1.7:0 Route 100 0 0
[root@director ~]# ipvsadm -lcn
IPVS connection entries
pro expire state source virtual destination
TCP 01:36 FIN_WAIT 192.168.1.250:44898 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:44931 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:44829 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:45554 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:45555 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:45399 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:44756 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:45494 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:45415 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:45016 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:44858 192.168.1.6:80 192.168.1.8:80
TCP 01:36 FIN_WAIT 192.168.1.250:44631 192.168.1.6:80 192.168.1.8:80
验证PCC功能,在Xshell新建页连接director172.16.100.6:22 成功后指向R2 172.16.100.8
所有指向VIP的连接,如论什么端口,直接转发后台realserver R2
[root@rip2 ~]# yum -y install telnet-server
[root@rip2 ~]# chkconfig telnet on
[root@rip2 ~]# service xinetd start
[root@rip2 ~]# netstat -ntlp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10245/httpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3979/sshd
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 12667/xinetd
[root@rip2 ~]# useradd king
[root@rip2 ~]# echo king | passwd --stdin king
[root@rip1 ~]# yum -y install telnet-server
[root@rip1 ~]# chkconfig telnet on
[root@rip1 ~]# service xinetd start
[root@rip1 ~]# netstat -ntlp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10410/httpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3976/sshd
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 12904/xinetd
[root@station250 ~]# telnet 192.168.1.6 #telnet默认不允许root远程登录
Connected to 192.168.1.6 (192.168.1.6).
Escape character is '^]'.
CentOS release 5.7 (Final)
Kernel 2.6.18-274.el5 on an i686
login: king
Password: king
[king@rip2 ~]$ exit #连接到192.168.1.6都定向到1.8 rip2
logout
实验二、PPC Persistent port connections (PPC) 持久端口连接,同一用户请求的特定服务定向到同一server.
[root@director ~]# ipvsadm -C
[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@director ~]# ipvsadm -A -t 192.168.1.6:80 -s wlc -p 1000 # 默认 加权最少连接数
[root@director ~]# ipvsadm -A -t 192.168.1.6:23 -s wlc -p 1000
[root@director ~]# ipvsadm -a -t 192.168.1.6:80 -r 192.168.1.7 -g -w 100
[root@director ~]# ipvsadm -a -t 192.168.1.6:23 -r 192.168.1.7 -g -w 100
[root@director ~]# ipvsadm -a -t 192.168.1.6:80 -r 192.168.1.8 -g -w 200
[root@director ~]# ipvsadm -a -t 192.168.1.6:23 -r 192.168.1.8 -g -w 200
打开IE 172.16.100.6 web1
[root@director ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.6:23 wlc persistent 1000
-> 192.168.1.8:23 Route 200 1 0
-> 192.168.1.7:23 Route 100 0 0
TCP 192.168.1.6:80 wlc persistent 1000
-> 192.168.1.8:80 Route 200 0 0
-> 192.168.1.7:80 Route 100 0 0
[root@director ~]# ipvsadm -lcn
IPVS connection entries
pro expire state source virtual destination
TCP 01:20 NONE 192.168.1.100:0 192.168.1.6:80 192.168.1.8:80
TCP 01:29 FIN_WAIT 192.168.1.250:39524 192.168.1.6:23 192.168.1.8:23
TCP 12:04 NONE 192.168.1.250:0 192.168.1.6:23 192.168.1.8:23
TCP 11:05 NONE 192.168.1.250:0 192.168.1.6:80 192.168.1.7:80
[root@rip1 ~]# useradd king
[root@rip1 ~]# echo king | passwd --stdin king
[root@station250 ~]# telnet 192.168.1.6
Connected to 192.168.1.6 (192.168.1.6).
login: king
Password:king
[king@rip2 ~]$ exit
logout
Connection closed by foreign host.
[root@director ~]# ipvsadm -lcn
IPVS connection entries
pro expire state source virtual destination
TCP 01:21 FIN_WAIT 192.168.1.250:43786 192.168.1.6:23 192.168.1.8:23
TCP 15:32 NONE 192.168.1.250:0 192.168.1.6:23 192.168.1.8:23
TCP 08:58 NONE 192.168.1.250:0 192.168.1.6:80 192.168.1.7:80
断开重连,只要在超时范围1000s内,一个用户请求23会一直转发到一台realserver r2
只持续定向一个端口, 同一用户请求的特定服务定向到同一台server.
[root@station250 ~]# telnet 192.168.1.6 80
出现空白,说明连接成功,继续输入下一行
#GET/HTTP/1.1
Trying 192.168.1.6...
Connected to 192.168.1.6 (192.168.1.6).
Escape character is '^]'.
501 Method Not Implemented
Method Not Implemented
to /index.html not supported.
Apache/2.2.3 (CentOS) Server at rip1.example.com Port 80
Connection closed by foreign host.
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2019-1-4 12:44:29
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡