lvs+keepalived实现lvs nat模式热备配置
lvs nat模式LB热备配置网上几乎找不到相关文档,找到几个但都不靠谱,做LB主备切换时都会出现问题,无奈方案之急需,自己参考研究半天,终于用lva+keepalived获得成功,现分享一下
环境:centos 5.5 x_64
两个外部请求VIP:
VIP=192.168.1.210(对外服务端口80)
VIP2=192.168.1.220(对外服务端口80)
内部VIP(作为realserver的网关)
NVIP=192.168.10.210
主LB IP配置
eth0:192.168.1.211(外网)
eht1:192.168.10.211(内网)
备LB IP配置
eth0:192.168.1.212(外网)
eht1:192.168.10.212(内网)
两个real server IP配置
eth1:192.168.10.213(real server 1)
eht1:192.168.10.214(real server 2)
配置步骤:
1.安装ipvsadm和keepalived(主备调试器LB都安装)
yum install kernel-devel gcc openssl-devel
ln -s /usr/src/kernels/2.6.18-194.el5-x86_64/ /usr/src/linux
tar zxvf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
make
make install
tar zxvf keepalived-1.1.20.tar.gz
cd keepalived-1.1.20
./configure
make
make install
将keepalived加入系统服务中
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
chkconfig --add keepalived
chkconfig keepalived on
2.主备LB上打开路由转发功能
echo "1">/proc/sys/net/ipv4/ip_forward
3. 主备LB上分别配置keepalived
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server mail.domob.cn
smtp_connect_timeout 30
router_id
LVS_1 #备LB此处改为LVS_2,主备LB此处id最好不要一样
}
vrrp_instance VI_1 {
state
MASTER #备为BACKUP
interface eth0
virtual_router_id
51 #实验时主备LB不能成功切换时把此值改一下
priority
100 #备为99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.210
192.168.1.220
}
}
!配置内网虚IP
vrrp_instance LAN_GATEWAY {
state MASTER
#备LB配置为BACKUP
interface eth1
virtual_router_id
62 #此处值和上面不要一样
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.210
}
}
!第一个VIP配置
virtual_server 192.168.1.210 80{
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.10.213 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.10.214 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
!第二个VIP
virtual_server 192.168.1.220 80{
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.10.213 8080 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 8080
}
}
real_server 192.168.10.214 8080 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 8080
}
}
}
4.real server上配置
分别将两个real server 网关设置成NIP
route add default gw 192.168.10.210
route –n进行验证
5.realserver上配置两个应用,分别占用80和8080端口,并启动服务
6.分别启动LVS主备中keepalived服务
Service keepalived start
7.测试
a.正常情况,只有主LB转发请求,
用ipvsadm –l和ipvsadm –lcn查看
b.手动造成主LB故障(手动down keepalived进程或down外网口)
请求会转移到LB备上,再手动恢复LB主,请求会转回来
c.realserver 应用随便down一个,外网请求都正常