一、常用的负载均衡软件:
Nginx 应用层负载
LVS 网络层负载
HAProxy 应用层负载
常用的负载均衡硬件:
F5 、Netscale
二、LVS的四种工作模式
1)VS/NAT模式(Network address translation)
通过NAT转换表进行负载,收包和回包都需要查表
2)VS/TUN模式(tunneling)
给数据包打上IP头
3)DR模式(Direct routing)
给数据包打上MAC头
4)fulnat
双重NAT转换
三、LVS的配置(NAT模式)
三台主机,一台作为负载转发(dir),两台作为业务(rs)
hostname dir
loginout
hostname rs1
loginout
hostname rs2
loginout
===============dir配置
yum install ipvsadm -y #dir上安装ipvsadm包 vim /usr/local/sbin/lvs_nat.sh #! /bin/bash# director 服务器上开启路由转发功能: echo 1 > /proc/sys/net/ipv4/ip_forward # 关闭icmp的重定向echo 0 > /proc/sys/net/ipv4/conf/all/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/default/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/eth0/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects # director 设置nat防火墙 iptables -t nat -F iptables -t nat -X iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE #设置内网网段 # director设置ipvsadm IPVSADM='/sbin/ipvsadm' $IPVSADM -C $IPVSADM -A -t 192.168.1.200:80 -s rr $IPVSADM -a -t 192.168.1.200:80 -r 192.168.2.1:80 -m $IPVSADM -a -t 192.168.1.200:80 -r 192.168.2.2:80 -m /bin/bash /usr/local/sbin/lvs_nat.sh #执行脚本 ipvsadm -ln #查看虚拟转发表 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.200:80 rr -> 192.168.2.1:80 Masq 1 0 0 -> 192.168.2.2:80 Masq 1 0 0
====================rs配置
yum install nginx -y #rs服务器上都安装nginx作为测试 echo "111master" > /usr/share/nginx/html/index.html yum install nginx -y echo "222slave" > /usr/share/nginx/html/index.html [root@dir ~]# curl 192.168.1.200:80 111master [root@dir ~]# curl 192.168.1.200:80 222slave [root@dir ~]# curl 192.168.1.200:80 111master [root@dir ~]# curl 192.168.1.200:80 222slave
测试成功
四、LVS的配置(DR模式)
ipvsadm -C ipvsadm -ln iptables -t nat -F #清空规则 rs网关不指向dir,三台主机在同一网段,比较浪费公网IP,四个IP vim /usr/local/sbin/lvs_dr.sh #! /bin/bash echo 1 > /proc/sys/net/ipv4/ip_forward ipv=/sbin/ipvsadm vip=192.168.1.205 rs1=192.168.1.201 rs2=192.168.1.202 ifconfig eth0:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip dev eth0:0 $ipv -C $ipv -A -t $vip:80 -s rr $ipv -a -t $vip:80 -r $rs1:80 -g -w 1 $ipv -a -t $vip:80 -r $rs2:80 -g -w 1 /bin/bash /usr/local/sbin/lvs_dr.sh #执行脚本 ipvsadm -ln #查看规则
====================两台上rs配置
#! /bin/bash vip=192.168.1.205 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce /bin/bash /usr/local/sbin/lvs_dr_rs.sh
测试:最好再开一台Linux,浏览器有缓存
五、LVS+keepalived
两台作为keepalived,一主一从,dir和rs2做主从keepalive
[root@dir ~]# ipvsadm -C
#清空规则
yum install -y keepalived ipvsadm
#dir和rs2安装
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
> /etc/keepalived/keepalived.conf
vim /etc/keepalived/keepalived.conf
#dir上编译配置文件
vrrp_instance VI_1 {
state MASTER #备用服务器上为 BACKUP
interface eth0
virtual_router_id 51
priority 100 #备用服务器上为90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.205
}
}
virtual_server 192.168.1.205 80 {
delay_loop 6 #(每隔10秒查询realserver状态)
lb_algo wlc #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 60 #(同一IP的连接60秒内被分配到同一台realserver)
protocol TCP #(用TCP协议检查realserver状态)
real_server 192.168.1.201 80 {
weight 100 #(权重)
TCP_CHECK {
connect_timeout 10 #(10秒无响应超时)
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.202 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
/etc/init.d/keepalived start #启动
正在启动 keepalived: [确定]
ip add #查看虚拟IP是否启动
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:e2:dc:da brd ff:ff:ff:ff:ff:ff
inet 192.168.1.200/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.205/32 scope global eth0
inet6 fe80::20c:29ff:fee2:dcda/64 scope link
valid_lft forever preferred_lft forever
===================从keeplived配置
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
> /etc/keepalived/keepalived.conf
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #备用服务器上为 BACKUP
interface eth0
virtual_router_id 51
priority 90 #备用服务器上为90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.205
}
}
virtual_server 192.168.1.205 80 {
delay_loop 6 #(每隔10秒查询realserver状态)
lb_algo wlc #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 60 #(同一IP的连接60秒内被分配到同一台realserver)
protocol TCP #(用TCP协议检查realserver状态)
real_server 192.168.1.201 80 {
weight 100 #(权重)
TCP_CHECK {
connect_timeout 10 #(10秒无响应超时)
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.202 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
/etc/init.d/keepalived start
/etc/init.d/ipvsadm start
=====================
启动两台rs的Nginx服务,若下面规则缺少,查看Iptables是否关闭
[root@dir ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.205:80 wlc persistent 60
-> 192.168.1.201:80 Route 100 0 0
-> 192.168.1.202:80 Route 100 0 0
成功
宕机测试:
关闭rs1的业务网卡
[root@dir ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.205:80 wlc persistent 60 -> 192.168.1.202:80 Route 100 0 0 再开启 [root@dir ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.205:80 wlc persistent 60 -> 192.168.1.201:80 Route 100 0 0 -> 192.168.1.202:80 Route 100 0 0
keeplived高可用测试
/etc/init.d/keepalived stop #关闭主 [root@rs2 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.205:80 wlc persistent 60 -> 192.168.1.201:80 Route 100 0 0 -> 192.168.1.202:80 Local 100 0 0
成功