搭建LVS/NAT案例
实验拓扑图:
操作流程:
Director Server : 192.168.4.50 pc50
安装并启用ipvsadm
创建虚拟服务器
向虚拟服务器上加入节点
Real Server : 192.168.4.51 pc51 192.168.4.52 pc52
配置WEB 服务器
Clinet : 192.168.2.253 pc253
连接虚拟服务器测试
具体步骤:
环境准备:
配置yum源
# service iptables stop //关闭防火墙
# chkconfig iptables off //关闭开机自启
# setenforce 0 //设置SELinux 为宽松模式
网站服务器 pc51 / pc52 :
# yum -y install httpd
[root@pc51 ~]# echo '192.168.4.51' > /var/www/html/test.html
[root@pc52 ~]# echo "192.168.4.52" > /var/www/html/test.html
# service httpd start
# chkconfig httpd on
# yum -y install elinks
[root@pc51 ~]# elinks --dump http://localhost/test.html
192.168.4.51
[root@pc52 ~]# elinks --dump http://localhost/test.html
192.168.4.52
配置分发器 pc50:
# mount /dev/cdrom /mnt/
//安装 ipvsadm rpm 包在光盘挂载文件下的LoadBalancer目录下
#cd /mnt/LoadBalancer/
#yum -y install ipvsadm-1.26-4.el6.x86_64.rpm
//开启内核的路由转发功能
# sed -i '7s/0/1/' /etc/sysctl.conf
# sed -n '7p' /etc/sysctl.conf
net.ipv4.ip_forward = 1
网站服务器 pc51 / pc52 :
指定网关地址 192.168.4.50
# route -n//查看路由
# route add default gw 192.168.4.50//临时配置网关 网卡重启后生效
//永久配置网关
# vim /etc/sysconfig/network-scripts/ifcfg-eth0
# sed -n '7p' /etc/sysconfig/network-scripts/ifcfg-eth0
GATEWAY=192.168.4.50
# ifdown eth0 ; ifup eth0 //重新加载网卡
客户端 192.168.2.253 配置
指定网关地址 192.168.2.50 :
# vim /etc/sysconfig/network-scripts/ifcfg-eth1
# sed -n '7p' /etc/sysconfig/network-scripts/ifcfg-eth1
GATEWAY=192.168.2.50
# ifdown eth1 ; ifup eth1
# ping -c 2 192.168.4.51
PING 192.168.4.51 (192.168.4.51) 56(84) bytes of data.
64 bytes from 192.168.4.51: icmp_seq=1 ttl=63 time=0.322 ms
64 bytes from 192.168.4.51: icmp_seq=2 ttl=63 time=0.503 ms
--- 192.168.4.51 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.322/0.412/0.503/0.092 ms
# yum -y install elinks
配置分发器 pc50 :
# yum -y install ipvsadm-1.26-4.el6.x86_64.rpm
# rpm -q ipvsadm
ipvsadm-1.26-4.el6.x86_64
添加虚拟服务
# ipvsadm -L //查看 IPVS
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
# ipvsadm -A -t 192.168.2.50:80 -s rr//添加虚拟服务 调度算法为Round Robin
# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.2.50:http rr
# ipvsadm -Ln //- n 数字显示
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.2.50:80 rr
//向虚拟服务器中加入节点
# ipvsadm -a -t 192.168.2.50:80 -r 192.168.4.51:80 -m
# ipvsadm -a -t 192.168.2.50:80 -r 192.168.4.52:80 -m
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.2.50:80 rr
-> 192.168.4.51:80 Masq 1 0 0
-> 192.168.4.52:80 Masq 1 0 0
# /etc/init.d/ipvsadm save//使配置永久生效
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [确定]
# cat /etc/sysconfig/ipvsadm
-A -t 192.168.2.50:80 -s rr
-a -t 192.168.2.50:80 -r 192.168.4.51:80 -m -w 1
-a -t 192.168.2.50:80 -r 192.168.4.52:80 -m -w 1
客户端测试
# elinks --dump http://192.168.2.50/test.html
192.168.4.51
# elinks --dump http://192.168.2.50/test.html
192.168.4.52
//客户端 轮询到不同的后端真实服务器
[root@pc50 ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.2.50:80 2 10 10 846 1098
-> 192.168.4.51:80 1 5 5 423 549
-> 192.168.4.52:80 1 5 5 423 549
模拟pc51 web服务故障:
[root@pc51 ~]# service httpd stop
[root@pc50 ~]# ipvsadm -Z
//客户端测试
# elinks --dump http://192.168.2.50/test.html
192.168.4.52
# elinks --dump http://192.168.2.50/test.html
192.168.4.52
[root@pc50 ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.2.50:80 3 11 11 906 1138
-> 192.168.4.51:80 1 1 1 60 40
-> 192.168.4.52:80 2 10 10 846 1098
会发现 LVS/NAT 单点故障时 并不能健康性检查
可以 编写一个脚本 监测两台Real Server 的服务 是否正常 如果监测到故障 将对应的服务在调度服务器 停掉
使用周期性计划任务 定时运行监测脚本 到达 健康检查的目的