一、简述LVS四种集群特点及使用场景
1、LVS-NAT
多目标IP的DNAT,通过将请求报文中的目标地址和目标端口修改为某挑选出的RS的RIP和PORT实现转发
(1) RIP和DIP必须在同一个IP网络,且应该使用私网地址;RS的网关要指向DIP;
(2) 请求报文和响应报文都必须经由Director转发;Director易于成为系统瓶颈;
(3) 支持端口映射,可修改请求报文的目标PORT;
(4) VS必须是Linux系统,RS可以是任意系统;
应用场景:由于配置简单,节省IP的特点,一般用在并发量不大的中小企业;
2、LVS-DR
直接路由;通过为请求报文重新封装一个MAC首部进行转发,源MAC是DIP所在接口的MAC,目标MAC是某挑选出的RS的RIP所在接口的MAC地址;源IP/PORT以及目标IP/PORT均保持不变;
(1) 确保前端路由器将目标IP的VIP的请求报文发往Director;
(a) 在前端网关做静态绑定;
(b) 在RS上使用arptables;
(c) 在RS上修改内核参数以限制arp通告及应答级别;arp_ignore与arp_announce
(2) RS的RIP可以使用私网地址,也可以是公网地址;RIP与DIP在同一IP网络;RIP的网关不指向DIP,以确保响应报文不会经由Director;
(3) RS跟Director要在同一个物理网络;
(4) 请求报文要经由Director,但响应不能经由Director,而是由RS直接发往Client;
(5) 不支持端口映射;
应用场景:并发量非常大的情况下会用到此类型,DR模型的并发处理量能达到硬件级别的能力;
3、LVS-TUN
转发方式:不修改请求报文的IP首部(源IP为CIP,目标IP为VIP),而是在原IP报文之外再封装一个IP首部(源IP是DIP,目标IP是RIP),将报文发往挑选出的目标RS;RS直接响应给客户端(源IP是VIP,目标IP是CIP);
(1) DIP、VIP、RIP都应该是公网地址;
(2) RS的网关不能也不可指向DIP;
(3) 请求报文要经由Director,但响应不能经由Director;
(4) 不支持端口映射;
(5) RS的OS得支持隧道功能;
应用场景:如果环境要求DIP与RIP不在同一物理网络(如灾备)时,就需要用到lvs-tun模型;
4、LVS-FULLNAT
通过同时修改请求报文的源IP地址和目标IP地址进行转发;
(1) VIP是公网地址,RIP和DIP是私网地址,且通常不在同一IP网络;因此,RIP的网关一般不会指向DIP;
(2) RS收到的请求报文源地址是DIP,因此,只能响应给DIP;但Director还要将其发往Client;
(3) 请求和响应报文都经由Director;
(4) 支持端口映射;
应用场景:与lvs-nat类似,解决了跨越网段部署lvs的问题
二、描术LVS-DR工作原理,并配置实现
主机:四台,一台VS服务器,二台RS服务器,一台客户端服务器
网络配置:VS服务器 DIP:192.168.27.7(eth0),RS1服务器RIP:192.168.27.17(eth0),RS2服务器RIP:192.168.27.27(eth0),VIP:192.168.27.100(lo:1),客户端服务器CIP:192.168.27.37(eth1)
软件包:keepalived,ipvsadm,httpd(光盘yum源)
1、在VS服务器上配置
[root@VS ~]# yum install -y ipvsadm
[root@VS ~]# ifconfig eth0:1 192.168.27.100/32
[root@VS ~]# ipvsadm -A -t 192.168.27.100:80 -s wrr
[root@VS ~]# ipvsadm -a -t 192.168.27.100:80 -r 192.168.27.17 -g -w 1
[root@VS ~]# ipvsadm -a -t 192.168.27.100:80 -r 192.168.27.27 -g -w 1
[root@VS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.27.100:80 wrr
-> 192.168.27.17:80 Route 1 0 0
-> 192.168.27.27:80 Route 1 0 0
2、在RS1服务器上配置
[root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@RS1 ~]# ifconfig lo:1 192.168.27.100/32
[root@RS1 ~]# yum install -y httpd
[root@RS1 ~]# echo 192.168.27.17 RS1 > /var/www/html/index.html
[root@RS1 ~]# systemctl start httpd
3、在RS2服务器上配置
[root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@RS2 ~]# ifconfig lo:1 192.168.27.100/32
[root@RS2 ~]# yum install -y httpd
[root@RS2 ~]# echo 192.168.27.27 RS2 > /var/www/html/index.html
[root@RS2 ~]# systemctl start httpd
4、在客户端服务器上测试
[root@client ~]# while true; do curl 192.168.27.100 ;sleep 1; done
192.168.27.17 RS1
192.168.27.27 RS2
192.168.27.17 RS1
192.168.27.27 RS2
192.168.27.17 RS1
192.168.27.27 RS2
192.168.27.17 RS1
192.168.27.27 RS2
三、实现LVS+Keepalived高可用
主机:四台,两台LVS+Keepalived的主备服务器(lvs1:192.168.27.7,lvs2:192.168.27.17),两台RS服务器(RS1:192.168.27.37,RS2:192.168.27.47)
软件包:keepalived,ipvsadm,httpd(光盘yum源)
1、两台LVS+Keepalived的主备服务器安装ipvsadm与keepalived
[root@lvs1 ~]# yum install -y ipvsadm keepalived
[root@lvs2 ~]# yum install -y ipvsadm keepalived
2、 配置keepalived主备与lvs
[root@lvs1 ~]# cp /etc/keepalived/keepalived.conf{,.bak} #先备份
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.27.100 dev eth0 label eth0:1
}
}
virtual_server 192.168.27.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.27.27 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.27.37 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
#从节点配置与以上大致一样,只需修改三项
# router_id node1 ----> router_id node2
# state MASTER ----> state BACKUP
# priority 100 ----> priority 80
3、配置RS1与RS2服务器,先安装httpd服务,再配置RS服务器的VIP与内核参数
#RS1
[root@rs1 ~]# yum install -y httpd
[root@rs1 ~]# echo 192.168.27.27 RS1 > /var/www/html/index.html
[root@rs1 ~]# systemctl start httpd
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs1 ~]# ifconfig lo:1 192.168.27.100/32
#RS2
[root@rs2 ~]# yum install -y httpd
[root@rs2 ~]# echo 192.168.27.37 RS1 > /var/www/html/index.html
[root@rs2 ~]# systemctl start httpd
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs2 ~]# ifconfig lo:1 192.168.27.100/32
4、在Keepalived主节点与备节点启动keepalived服务,使用ipvsadm查看LVS集群,并查看VIP的绑定情况
[root@lvs1 ~]# systemctl start keepalived
[root@lvs2 ~]# systemctl start keepalived
[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.27.100:80 wrr
-> 192.168.27.27:80 Route 1 0 0
-> 192.168.27.37:80 Route 1 0 0
[root@lvs1 ~]# ip a |grep 192.168.27.100 #VIP绑定在主节点上
inet 192.168.27.100/32 scope global eth0:1
5、 在客户端测试LVS的调度情况及故障转移情况
[root@client ~]# while true;do curl 192.168.27.100 ;sleep 1;done
192.168.27.27 RS1
192.168.27.37 RS2
192.168.27.27 RS1
192.168.27.37 RS2
192.168.27.27 RS1
192.168.27.37 RS2
192.168.27.27 RS1
192.168.27.37 RS2
...
#下面先测试VS服务器(keepalived)的主备故障转移
[root@lvs1 ~]# systemctl stop keepalived
[root@lvs1 ~]# ip a |grep 192.168.27.100 #主节点上的VIP已转移
[root@lvs2 ~]# ip a |grep 192.168.27.100 #VIP已绑定在备节点上,而且访问也未断
inet 192.168.27.100/32 scope global eth0:1
[root@lvs1 ~]# systemctl start keepalived #重新启动主节点
[root@lvs1 ~]# ip a |grep 192.168.27.100 #主节点又取得VIP
inet 192.168.27.100/32 scope global eth0:1
[root@lvs2 ~]# ip a |grep 192.168.27.100 #备节点VIP已释放
#下面测试RS服务器故障时,lvs的调度情况
#一开始是轮询的调度的,现在关掉RS1的httpd服务
[root@rs1 ~]# systemctl stop httpd
#短暂的失败后,后续的访问全调度给RS2了
[root@client ~]# while true;do curl 192.168.27.100 ;sleep 1;done
192.168.27.27 RS1
192.168.27.37 RS2
192.168.27.27 RS1
192.168.27.37 RS2
curl: (7) Failed connect to 192.168.27.100:80; Connection refused
192.168.27.37 RS2
curl: (7) Failed connect to 192.168.27.100:80; Connection refused
192.168.27.37 RS2
curl: (7) Failed connect to 192.168.27.100:80; Connection refused
192.168.27.37 RS2
curl: (7) Failed connect to 192.168.27.100:80; Connection refused
192.168.27.37 RS2
curl: (7) Failed connect to 192.168.27.100:80; Connection refused
192.168.27.37 RS2
curl: (7) Failed connect to 192.168.27.100:80; Connection refused
192.168.27.37 RS2
192.168.27.37 RS2
#恢复RS1的httpd服务
[root@rs1 ~]# systemctl start httpd
#等RS1重新连接正常后,可以看到后续也参与了调度
[root@client ~]# while true;do curl 192.168.27.100 ;sleep 1;done
192.168.27.37 RS2
192.168.27.37 RS2
192.168.27.37 RS2
192.168.27.37 RS2
192.168.27.37 RS2
192.168.27.37 RS2
192.168.27.37 RS2
192.168.27.37 RS2
192.168.27.37 RS2
192.168.27.27 RS1
192.168.27.37 RS2
192.168.27.27 RS1
192.168.27.37 RS2
192.168.27.27 RS1
192.168.27.37 RS2
...