centos 7 LVS keepalived nat 配置

 

参考链接

https://www.cnblogs.com/mchina/archive/2012/08/27/2644391.html

https://yq.aliyun.com/articles/38538

vmware虚拟出4台主机，LVS服务器两张网卡，一桥接模式，一张仅主机模式，两台服务器都为仅主机模式。

LVS_master的桥接网卡ip 为192.168.1.196,内网ip:10.0.0.49。

lvs-backup：外网192.168.1.197，内网为::10.0.0.52。

两台web服务器的ip为10.0.0.51,10.0.0.52.

虚拟IP为192.168.1.198，虚拟网关为10.0.0.100
系统版本:CentOS Linux release 7.3.1611 (Core) 

拓扑图：

【1】安装ipvsadm和keepalived

在LVS_master和LVS_backup两台机器上安装ipvsadm和keepalived

[root@localhost ~]# yum install -y  ipvsadm

[root@localhost ~]# yum install -y keepalived

【2】配置主从LVS服务器

a,开户路由转发功能

[root@localhost ~]# vim /etc/sysctl.conf 

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 1

[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1

注意:删除配置文件中的 vrrp_strict,否则会导致不能ping能虚拟出来的VIP和虚拟网关，导致访问服务失败。

b,lvs_master keepalived配置文件

[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     [email protected]
     [email protected]
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_MASTER
   vrrp_skip_check_adv_addr
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.198
        }
}

vrrp_instance LAN_GATEWAY {
        state MASTER
        interface ens37
        virtual_router_id 52
        priority 100
        advert_int 1
        authentication {
                auth_type PASS
                auth_pass 111
        }
        virtual_ipaddress {
                10.0.0.100
        }
}

virtual_server 192.168.1.198 80 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
#    persistence_timeout 50
    protocol TCP

    real_server 10.0.0.51 80 {
        weight 1
        TCP_CHECK {

            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
        }
    }

    real_server 10.0.0.52 80 {
        weight 1
        TCP_CHECK {

            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
        }
    }
}

c,lvs_backup keepalived配置文件

[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     [email protected]
     [email protected]
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_BACK
   vrrp_skip_check_adv_addr
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.198
        }
}

vrrp_instance LAN_GATEWAY {
        state BACKUP
        interface ens37
        virtual_router_id 52
        priority 80
        advert_int 1
        authentication {
                auth_type PASS
                auth_pass 111
        }
        virtual_ipaddress {
                10.0.0.100
        }
}

virtual_server 192.168.1.198 80 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
#    persistence_timeout 50
    protocol TCP

    real_server 10.0.0.51 80 {
        weight 1
        TCP_CHECK {

            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
        }
    }

    real_server 10.0.0.52 80 {
        weight 1
        TCP_CHECK {

            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
        }
    }
}

d,在两台LVS上运行keepalived服务

[root@localhost ~]# systemctl start keepalived

e,配置两台WEB服务

将两台WEB服务器的网关设置成10.0.0.100.

 配置WEB服务略。内容不一样即可，只做简单测试。

【3】结果

a,从局域网中的一台机器ping VIP 192.168.1.198可以ping通。

b,在LVS_master查看

[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.198:80 rr
  -> 10.0.0.51:80                 Masq    1      0          0         
  -> 10.0.0.52:80                 Masq    1      0          0     

 c,ens33 有VIP,ens37下有虚拟网关

[root@localhost ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:76:4b:2d brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.196/24 brd 192.168.1.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.1.198/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe76:4b2d/64 scope link 
       valid_lft forever preferred_lft forever
3: ens37:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:76:4b:37 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.49/24 brd 10.0.0.255 scope global ens37
       valid_lft forever preferred_lft forever
    inet 10.0.0.100/32 scope global ens37
       valid_lft forever preferred_lft forever
    inet6 fe80::3dcf:cdc5:fb91:b4a4/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0:  mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff

d,在WEB1中ping 虚拟网关可以ping通

[root@localhost keepalived]# ping 10.0.0.100
PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data.
64 bytes from 10.0.0.100: icmp_seq=1 ttl=64 time=0.353 ms
64 bytes from 10.0.0.100: icmp_seq=2 ttl=64 time=0.325 ms
64 bytes from 10.0.0.100: icmp_seq=3 ttl=64 time=0.390 ms
64 bytes from 10.0.0.100: icmp_seq=4 ttl=64 time=0.554 ms
64 bytes from 10.0.0.100: icmp_seq=5 ttl=64 time=0.354 ms

e,在LVS_master，使用curl验证

[root@localhost ~]# curl 192.168.1.198
rs1rs1
[root@localhost ~]# curl 192.168.1.198
rs2rs2

f,在局域网中验证

【3】热备验证

1，关闭LVS_master

[root@localhost ~]# shutdown -h now

2，在LVS_backup查看

VIP和虚拟网关自动绑定到LVS_backup上

[root@localhost keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:8a:7a:01 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.197/24 brd 192.168.1.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.1.198/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::8209:4d1d:a7e4:8658/64 scope link 
       valid_lft forever preferred_lft forever
3: ens37:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:8a:7a:0b brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.50/24 brd 10.0.0.255 scope global ens37
       valid_lft forever preferred_lft forever
    inet 192.168.200.131/24 brd 192.168.200.255 scope global dynamic ens37
       valid_lft 1432sec preferred_lft 1432sec
    inet 10.0.0.100/32 scope global ens37
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe8a:7a0b/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0:  mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff

[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.198:80 rr
  -> 10.0.0.51:80                 Masq    1      0          1         
  -> 10.0.0.52:80                 Masq    1      0          1    

局域网上机器仍能正常访问

 关闭WEB1中的web服务

[root@localhost ~]# systemctl stop nginx

 集群中服务只剩下WEB2了。

[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.198:80 rr
  -> 10.0.0.52:80                 Masq    1      0        

开启WEB1中的web服务

[root@localhost ~]# systemctl start nginx

集群中服务又恢复正常

[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.198:80 rr
  -> 10.0.0.51:80                 Masq    1      0          0         
  -> 10.0.0.52:80                 Masq    1      0          0