LVS是Linux Virtual Server的简写,意即Linux虚拟服务器,是一个虚拟的服务器集群系统。
我们定义一些名词缩写: 早期的小型运营商使用的LVS:
隐藏VIP方法:对外隐藏,对内可见 : kernel parameter: 目标mac地址为全F,交换机触发广播 /proc/sys/net/ipv4/conf/*IF*/ arp_ignore: 定义接收到ARP请求时的响应级别; 0:只要本地配置的有相应地址,就给予响应; 1:仅在请求的目标(MAC)地址配置请求到达的接口上的时候,才给予响应;
arp_announce:定义将自己地址向外通告时的通告级别; 0:将本地任何接口上的任何地址向外通告; 1:试图仅向目标网络通告与其网络匹配的地址; 2:仅向与本地接口上地址匹配的网络进行通告;
将VIP配置在环回接口lo上
四种静态调度方法: rr: 轮叫调度(Round-Robin Scheduling) wrr:加权轮叫调度(Weighted Round-Robin Scheduling) dh: 目标地址散列调度(Destination Hashing Scheduling) sh:源地址散列调度(Source Hashing Scheduling)
动态调度方法: lc: 最小连接调度(Least-Connection Scheduling) wlc: 加权最小连接调度(Weighted Least-Connection Scheduling) sed: 最短期望延迟 nq: never queue LBLC: 基于局部性的最少链接(Locality-Based Least Connections Scheduling) DH: LBLCR:带复制的基于局部性最少链接(Locality-Based Least Connections with Replication Scheduling)
ipvs内核模块 yum install ipvsadm -y
管理集群服务
添加:-A -t|u|f service-address [-s scheduler] -t: TCP协议的集群 -u: UDP协议的集群 service-address: IP:PORT -f: FWM: 防火墙标记 service-address: Mark Number 修改:-E 删除:-D -t|u|f service-address例如,ipvsadm -A -t 192.168.9.100:80 -s rr
管理集群服务中的RS
添加:-a -t|u|f service-address -r server-address [-g|i|m] [-w weight] -t|u|f service-address:事先定义好的某集群服务 -r server-address: 某RS的地址,在NAT模型中,可使用IP:PORT实现端口映射; [-g|i|m]: LVS类型 -g: DR -i: TUN -m: NAT [-w weight]: 定义服务器权重 修改:-e 删除:-d -t|u|f service-address -r server-address # ipvsadm -a -t 172.16.100.1:80 -r 192.168.10.8 –g # ipvsadm -a -t 172.16.100.1:80 -r 192.168.10.9 -g 查看 -L|l -n: 数字格式显示主机地址和端口 --stats:统计数据 --rate: 速率 --timeout: 显示tcp、tcpfin和udp的会话超时时长 -:c 显示当前的ipvs连接状况 删除所有集群服务 -C:清空ipvs规则 保存规则,下次重启电脑还可以使用 -S # ipvsadm -S > /path/to/somefile 载入此前的规则: -R # ipvsadm -R < /path/form/somefileDR模型(直接路由模型) 操作流程:
LVS: node01: ifconfig eth0:8 192.168.150.100/24 node02~node03: 1)修改内核: echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce 2)设置隐藏的vip: ifconfig lo:3 192.168.150.100 netmask 255.255.255.255 RS中的服务: node02~node03: yum install httpd -y service httpd start vi /var/www/html/index.html from 192.168.150.1x LVS服务配置 node01: yum install ipvsadm ipvsadm -A -t 192.168.150.100:80 -s rr ipvsadm -a -t 192.168.150.100:80 -r 192.168.150.12 -g -w 1 ipvsadm -a -t 192.168.150.100:80 -r 192.168.150.13 -g -w 1 ipvsadm -ln 验证: 浏览器访问 192.168.150.100 看到负载 疯狂F5 node01: netstat -natp 结论看不到socket连接 node02~node03: netstat -natp 结论看到很多的socket连接 node01: ipvsadm -lnc 查看偷窥记录本 TCP 00:57 FIN_WAIT 192.168.150.1:51587 192.168.150.100:80 192.168.150.12:80 FIN_WAIT: 连接过,偷窥了所有的包 SYN_RECV: 基本上lvs都记录了,证明lvs没事,一定是后边网络层出问题 keepalived实验: 主机: node01~node04 node01: ipvsadm -C ifconfig eth0:8 down ---------------------------- node01,node04: yum install keepalived ipvsadm -y 配置: cd /etc/keepalived/ cp keepalived.conf keepalived.conf.bak vi keepalived.conf node01: vrrp:虚拟路由冗余协议! vrrp_instance VI_1 { state MASTER // node04 BACKUP interface eth0 virtual_router_id 51 priority 100 // node04 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.150.100/24 dev eth0 label eth0:3 } } virtual_server 192.168.150.100 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 0 protocol TCP real_server 192.168.150.12 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.150.13 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } scp ./keepalived.conf root@node04:`pwd`