实验环境rhel6.5: 注意配置yum源

server6 172.25.35.7 Load Balance

server8 172.25.35.8 Realserver1

server9 172.25.35.9 Realserver2
[root@server6 ~]# yum install -y ipcsadm
[root@server6 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@server6 ~]# ipvsadm -A -t 172.25.35.100:80 -s rr 加策略
[root@server6 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.35.100:http rr
[root@server6 ~]# ipvsadm -a -t 172.25.35.100:80 -r 172.25.35.8:80 -g
[root@server6 ~]# ipvsadm -a -t 172.25.35.100:80 -r 172.25.35.9:80 -g
[root@server6 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.35.100:http rr
-> server6:http Local 1 0 0
-> server8:http Route 1 0 0
-> server9:http Route 1 0 0
不小心添加server6上去:
[root@server6 ~]# ipvsadm -d -t 172.25.35.100:80 -r 172.25.35.6:80 删除
[root@server6 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.35.100:http rr
-> server8:http Route 1 0 0
-> server9:http Route 1 0 0
[root@server6 ~]# /etc/init.d/ipvsadm status 查看状态
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.35.100:80 rr
-> 172.25.35.8:80 Route 1 0 0
-> 172.25.35.9:80 Route 1 0 0
[root@server6 ~]# ipvsadm -ln 查看
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.35.100:80 rr
-> 172.25.35.8:80 Route 1 0 0
-> 172.25.35.9:80 Route 1 0 0
[root@server6 ~]# ipvsadm -C 清除rules
[root@server6 ~]# /etc/init.d/ipvsadm save 保存策略
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [确定]
[root@server6 ~]# ip addr add 172.25.35.100/24 dev eth0
加vip地址
server8.9 开httpd 加vip
[root@server8 ~]# ip addr add 172.25.35.100/32 dev eth0
[root@server9 ~]# ip addr add 172.25.35.100/32 dev eth0
[root@server6 ~]# /etc/init.d/ipvsadm start
物理机测试:
[root@localhost ~]# for i in {1..20};do curl 172.25.35.100;done

server8


server 9


server8


server 9


server8


server 9


server8


server 9


server8


server 9


server8


server 9


server8


server 9


server8


server 9


server8


server 9


server8


server 9


[root@server8 ~]# yum install -y arptables_jf 安装服务
[root@server8 ~]# arptables -A IN -d 172.25.35.100 -j DROP
172.25.35.100 进不来
[root@server8 ~]# arptables -A OUT -s 172.25.35.100 -j mangle --mangle-ip-s 172.25.35.8
广播自己172.25.35.100
[root@server8 ~]# /etc/init.d/arptables_jf save
将当前规则保存到 /etc/sysconfig/arptables: [确定]
[root@server8 ~]# arptables -nL
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP 0.0.0.0/0 172.25.35.100 00/00 00/00 any 0000/0000 0000/0000 0000/0000

Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.35.100 0.0.0.0/0 00/00 00/00 any 0000/0000 0000/0000 0000/0000 --mangle-ip-s 172.25.35.8

Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
[root@server9 ~]# arptables -A IN -d 172.25.35.100 -j DROP
[root@server9 ~]# arptables -A OUT -s 172.25.35.100 -j mangle --mangle-ip-s 172.25.35.9
[root@server9 ~]# /etc/init.d/arptables_jf save
将当前规则保存到 /etc/sysconfig/arptables: [确定]
[root@server9 ~]# arptables -nL
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP 0.0.0.0/0 172.25.35.100 00/00 00/00 any 0000/0000 0000/0000 0000/0000

Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.35.100 0.0.0.0/0 00/00 00/00 any 0000/0000 0000/0000 0000/0000 --mangle-ip-s 172.25.35.9

Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
客户端测试,通过mac地址得知vip来自server6
[root@localhost ~]# arp -an |grep 100
? (172.25.35.100) at 52:54:00:b8:61:df [ether] on br0
当某一个realserver出现问题时,就会出现问题
模拟问题
[root@server8 ~]# /etc/init.d/httpd stop
停止 httpd: [确定]
[root@localhost ~]# for i in {1..20};do curl 172.25.35.100;done
curl: (7) Failed connect to 172.25.35.100:80; 拒绝连接

server 9


curl: (7) Failed connect to 172.25.35.100:80; 拒绝连接
健康检查:
[root@server6 ~]# yum install -y ldirectord-3.9.5-3.1.x86_64.rpm
[root@server6 ~]# rpm -ql ldirectord
/etc/ha.d
/etc/ha.d/resource.d
/etc/ha.d/resource.d/ldirectord
/etc/init.d/ldirectord
/etc/logrotate.d/ldirectord
/usr/lib/ocf/resource.d/heartbeat/ldirectord
/usr/sbin/ldirectord
/usr/share/doc/ldirectord-3.9.5
/usr/share/doc/ldirectord-3.9.5/COPYING
/usr/share/doc/ldirectord-3.9.5/ldirectord.cf
/usr/share/man/man8/ldirectord.8.gz
[root@server6 ~]# cp /usr/share/doc/ldirectord-3.9.5/ldirectord.cf /etc/ha.d/ 拷贝系统文件
[root@server6 ~]# cd /etc/ha.d/
[root@server6 ha.d]# ls
ldirectord.cf resource.d shellfuncs
[root@server6 ha.d]# vim ldirectord.cf
lvs_第1张图片
关掉之前的ipvsadm,防止影响,再开启ldirectord

[root@server6 ha.d]# /etc/init.d/ipvsadm stop
[root@server6 ha.d]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@server6 ha.d]# /etc/init.d/ldirectord start
Starting ldirectord... success
root@server6 ha.d]# ipvsadm -Ln 原先的策略参数
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.35.100:80 rr
-> 172.25.35.8:80 Route 1 0 0
-> 172.25.35.9:80 Route 1 0 0

此刻在客户端访问时,只要有一台realserver正常工作,客户端的访问就不会受到影响
[root@server8 ~]# /etc/init.d/httpd stop
[root@localhost ~]# for i in {1..20};do curl 172.25.35.100;done

server 9


server 9


server 9


server 9


[root@server8 ~]# /etc/init.d/httpd start
[root@localhost ~]# for i in {1..20};do curl 172.25.35.100;done

server8


server 9


server8


server 9


server8


server 9