lvs dr keepalive

Lvs linux virtual server linux虚拟服务器,是个网络第四层的负载均衡群集的调度器,是个软件实现。lvs实现在linux内核中,其模块名为ipvs,用户管理命令为ipvsadm(rpm软件包ipvsadm提供),ipvs工作在netfilerinput链上,有经过input链的且符合定义群集服务的流量,强行改变其方向,根据调度算法调度到响应real server上去。

Lvs类型有四种:

1.nat 2.dr 3.tun 4.fullnat

Lvs-Nat主要特点:1.vip为公网地址,diprip为私网地址,且diprip必须在同一个物理网络里,且每个real server节点的网关必须指向dip. 2. Cip的请求报文及rip的响应报文都经过director,所以director很容易成为网络瓶颈。3.nat 其实就是多目标的dnat,所以支持端口映射。4.director主机的操作系统一般为linux,real server 主机操作系统,可以为提供群集服务的任何操作系统。

Lvs-Dr的主要特点:1. Vip为公网的地址,diprip可以是公网地址,也可以是私网地址。2.cip的请求报文经过director调度,但rip的响应报文不经过director,real server的网关一定不能指向dir,所以此种调度方式,效率极高。

3.由于调度时通过修改mac地址进行,不修改第三,四层信息,所以不支持端口映射。4.diprip必须在同一个物理网络里。5.director的操作系统一般为linux,real server 的操作系统,必须支持lo网卡别名,管理arp响应级别和通告级别的机制。

Tun的主要特点:1. Vip dip rip都是公网地址2.不修改报文的ip首部,而是在client 的请求报文之外再封装一个ip首部 ,源ipdip,目标iprip 3.rs的网关一定不能指向dip 4.不支持端口映射5.rs必须支持隧道功能。

Lvs-Fullnat 的主要特点:1.同时修改请求报文的源ip,目标ip cip改为dip, vip改为rip,因此directorrs可以用路由器分割跨网,其他特点以lvs-nat一样。

Lvs scheduler十种调度方法:

根据其调度时是否考虑个各RS当前的负载状态,可分为静态和动态调度方法:

根据算法本身静态调度有四种:

1. rr---简单的轮循调度,起点公平

2. Wrr-----加权重的轮循调度,根据权重比例来轮循调度

3. Sh----原地址hash 根据原地址生成一个原地址hash表进行调度,在记录的有效的时间内,相同原地址始终发往同一个real server ,可以在第四层进行会话绑定。

4. Dh ----目标地址hash,一般用在正向代理,根据相同目标地址始终发往同一个real server.

根据RS的实时的负载进行动态调度有六种:

1.lc------最少连接 谁连接最少,最先被选中。计算方法:Overhead=activeconns*256 +inactivconns

2.Wlc--加权重的最少连接数,计算方法:Overhead=(activeconns*256+inactivconns)/weighted

3.Sed--最短的期望延迟,让性能最好的real server 来响应。计算方法:Overhead=(activeconns+1)*256/weighted

4.Nq:nerver queue 不能出现有real server 有队列,而有的real server 无请求。

5.LbLC:动态的dh算法。Locality-based least connections 基于本地的最少连接

6.LBLCRLBLC with Replication

十种算法的默认算法是wlc

四种lvs类型的默认类型是dr

 

 

 

Lvs dr keepalive  实现一个高可用的lvs 的基于web服务的群集实验

实验环境:

四台主机: 两台主机centos7.2A centos7.2B 做基于keepAlived 高可用的Lvs dr

另两台主机:centos6.7A centos6.7B 各做一个网站

在网段172.16.0.0/16网络已有dhcp server  172.16.0.1/16172.16.0.0网段的)

Ntp server 172.16.0.1

Centos7.2A 一块网卡 桥接模式 ip 172.16.254.79/16

Centos7.2B  一块网卡 桥接模式 ip 172.16.250.205/16

Cenots6.7A 一块网卡 桥接模式 ip 172.16.251.237/16

Centos 6.7B 一块网卡 桥接模式 ip 172.16.251.178/16

为了做实验的方便,关闭掉所有主机的防火墙及selinux

Centos7.2A centos7.2B systemctl stop firewalld  setenforce 0

Centoos6.7A centos6.7B service iptables stop    setenforce 0

 

Vim /etc/keepalived/keepalived.conf

global_defs {

   notification_email {

          root@localhost

   }

   notification_email_from keepalived@localhost

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id router1

   vrrp_mcast_group4 224.10.10.10

}

 

vrrp_instance VI_1 {

    state MASTER

    interface eno16777728

    virtual_router_id 22

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 11112222

    }

    virtual_ipaddress {

        172.16.100.100/32 dev eno16777728 brd 172.16.100.100 label eno16777728:0

}

Notify_master  /scripts/vrrpstatuschange.sh master

Notify_backup  /scripts/vrrpstatuschange.sh backup

Notify_fault  /scripts/vrrpstatuschange.sh fault

 

}

virtual_server 172.16.100.100 80 {

    delay_loop 3

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.0.0

#    persistence_timeout 50

    protocol TCP

    sorry_server 127.0.0.1 80

 

    real_server 172.16.251.237 80 {

        weight 1

        HTTP_GET {

            url {

              path /index.html

            #  digest ff20ad2481f97b1754ef3e12ecd3a9cc

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

     }

    real_server 172.16.251.178 80 {

        weight 1

        HTTP_GET {

            url {

              path /index.html

 #  digest ff20ad2481f97b1754ef3e12ecd3a9cc

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}

Sorry server 网页

Vim /var/www/html/index.html

sorry server centos6.7A

Vim /scripts/vrrpstatuschange.sh

#!/bin/bash

recv='root@localhost'

notify() {

      mailsubject="$(hostname) to be $1,vip floating"

      mailbody="$(date +'%F %T'):vrrp virtual address 172.16.100.100 trans , $(hostname) change to be $1"

      echo "$mailbody" | mail -s "$mailsubject"  $recv

}

case $1 in

master)

     notify master

;;

backup)

      notify backup

;;

fault)

    notify fault

;;

*)

echo "error Usage: $(basename $0) master|backup|fault"

esac

Systemctl start keepalived

 

Ipvsadm -L -n

[root@localhost Desktop]# ipvsadm -L -n

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  172.16.100.100:80 rr

  -> 172.16.251.178:80            Route   1      0          0         

  -> 172.16.251.237:80            Route   1      0          0  

把后面两个网站都关闭:

Service httpd stop

 

Ipvsadm -L -n [root@localhost Desktop]# ipvsadm -L -n

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  172.16.100.100:80 rr

  -> 127.0.0.1:80                 Route   1      0          0    ----- 调度sorry server

Curl http://172.16.100.100

[root@localhost Desktop]# curl http://172.16.100.100

say sorry 7.2A

 

 

 

 

Cenots7.2A  yum -y install ipvsadm keepalived httpd

   ntpdate 172.16.0.1

Sorry server

Vim /var/www/html/index.html

sorry server centos7.2B

Vim /etc/keepalive/keepalived.conf

! Configuration File for keepalived

 

global_defs {

   notification_email {

          root@localhost

   }

   notification_email_from keepalived@localhost

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id router2

   vrrp_mcast_group4 224.10.10.10

}

 

vrrp_instance VI_1 {

    state BACKUP

    interface eno16777728

    virtual_router_id 22

    priority 90

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 11112222

    }

    virtual_ipaddress {

        172.16.100.100/32 dev eno16777728 brd 172.16.100.100 label eno16777728:0

}

Notify_master  /scripts/vrrpstatuschange.sh master

Notify_backup  /scripts/vrrpstatuschange.sh backup

Notify_fault  /scripts/vrrpstatuschange.sh fault

 

}

virtual_server 172.16.100.100 80 {

    delay_loop 3

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.0.0

#    persistence_timeout 50

    protocol TCP

    sorry_server 127.0.0.1 80

 

    real_server 172.16.251.237 80 {

        weight 1

        HTTP_GET {

            url {

              path /index.html

            #  digest ff20ad2481f97b1754ef3e12ecd3a9cc

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

   }

    real_server 172.16.251.178 80 {

        weight 1

                         HTTP_GET {

            url {

              path /index.html

            #  digest ff20ad2481f97b1754ef3e12ecd3a9cc

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}

                           

Vim /scripts/vrrpstatuschange.sh

 

             #!/bin/bash

recv='root@localhost'

notify() {

      mailsubject="$(hostname) to be $1,vip floating"

      mailbody="$(date +'%F %T'):vrrp virtual address 172.16.100.100 trans , $(hostname) change to be $1"

      echo "$mailbody" | mail -s "$mailsubject"  $recv

}

case $1 in

master)

     notify master

;;

backup)

      notify backup

;;

fault)

    notify fault

;;

*)

echo "error Usage: $(basename $0) master|backup|fault"

esac

                                  

 

 

 

Cenots6.7A 配置:

                [root@www ~]# cat /scripts/lvsdr.sh    

#!/bin/bash

vip=172.16.100.100

netmask=255.255.255.255

a=`ifconfig | grep lo:0 | awk '{print $1}'`

case $1 in

enable)

     if [ "$a" == lo:0 ];then

      echo "lvsdr is already enable"

    else

     echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore

     echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

     echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

     echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

     ifconfig lo:0 $vip netmask $netmask  broadcast $vip up

     route add -host $vip dev lo:0

   fi

;;

disable)

     if [  "$a" == lo:0 ] ;then

     echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore

     echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore

     echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce

     echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce

     ifconfig lo:0 down

   else

      echo "lvsdr is already disable"

fi

;;

*)

  echo "error:Usage:$(basename $0)  enable|disable"

;;

Esac

/scirpts/lvsdr.sh enable

显示结果:

                       

Ifconfig

lo:0      Link encap:Local Loopback  

          inet addr:172.16.100.100  Mask:255.255.255.255

          UP LOOPBACK RUNNING  MTU:65536  Metric:1

Route -n

[root@www ~]# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

172.16.100.100  0.0.0.0         255.255.255.255 UH    0      0        0 lo

172.16.0.0      0.0.0.0         255.255.0.0     U     1      0        0 eth0

0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 eth0

网站首页:

Vim /var/www/html/index.html

centos6.7A

 

 

Centos6.7B 配置:               [root@www ~]# cat /scripts/lvsdr.sh    

#!/bin/bash

vip=172.16.100.100

netmask=255.255.255.255

a=`ifconfig | grep lo:0 | awk '{print $1}'`

case $1 in

enable)

     if [ "$a" == lo:0 ];then

      echo "lvsdr is already enable"

    else

     echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore

     echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

     echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

     echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

     ifconfig lo:0 $vip netmask $netmask  broadcast $vip up

     route add -host $vip dev lo:0

   fi

;;

disable)

     if [  "$a" == lo:0 ] ;then

     echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore

     echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore

     echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce

     echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce

     ifconfig lo:0 down

   else

      echo "lvsdr is already disable"

fi

;;

*)

  echo "error:Usage:$(basename $0)  enable|disable"

;;

Esac

/scirpts/lvsdr.sh enable

显示结果:

                       

Ifconfig

lo:0      Link encap:Local Loopback  

          inet addr:172.16.100.100  Mask:255.255.255.255

          UP LOOPBACK RUNNING  MTU:65536  Metric:1

Route -n

[root@www ~]# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

172.16.100.100  0.0.0.0         255.255.255.255 UH    0      0        0 lo

172.16.0.0      0.0.0.0         255.255.0.0     U     1      0        0 eth0

0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 eth0

网站首页:

Vim /var/www/html/index.html

centos6.7B

 

 

访问四个网站:

ocalhost Desktop]# curl http://172.16.254.79

say sorry 7.2A

[root@localhost Desktop]# curl http://172.16.250.205

say sorry 7.2B

[root@localhost Desktop]# curl http://172.16.251.237

centos6.7A

 

[root@localhost Desktop]# curl http://172.16.251.178

centos6.7B

 

centos7.2A 作为lvs master时:

[root@www Desktop]# curl http://172.16.100.100

centos6.7A

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7B

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7A

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7B

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7A

两个站点轮循访问

 

关闭centos6.7A 站点:

Service httpd stop

[root@www Desktop]# curl http://172.16.100.100

centos6.7B

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7B

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7B

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7B

只能访问centos6.7B 站点了

 

centos7.2A keepalvied 关闭:

Systemctl keepalived stop[root@localhost Desktop]# ipvsadm -L -n

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  172.16.100.100:80 rr

  -> 172.16.251.178:80            Route   1      0          0   

 

Centos 7.2B keepalived 开始变成master[root@www Desktop]# curl http://172.16.100.100

centos6.7B

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7B

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7B

 

[root@www Desktop]# curl http://172.16.100.100

centos6.7B

Centos 6.7B 站点照样可以访问:

Keepalived服务达到了lvs dr 高可用。

 

在关闭centos6.7B 的站点

Service httpd stop

 

Centos7.2B

[root@localhost Desktop]# ipvsadm -L -n

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  172.16.100.100:80 rr

  -> 127.0.0.1:80                 Route   1      0          0  

 

 

[root@www Desktop]# curl http://172.16.100.100

say sorry 7.2B

----------------sorry server 访问正常