LVS 简单应用
LVS 简单应用
以下master主机为172.16.1.134,VIP地址为172.16.1.111,后端RS1为172.16.1.135,RS2为172.16.1.136.
NAT模式
- 开启调度器VS主机的包转发功能(CentOS7默认为关闭状态)
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf && sysctl -p- 创建一个LVS-NAT集群
# 在master主机上ipvsadm -A -t 172.16.1.134:80 -s rr- 添加后端RealServer
ipvsadm -a -t 172.16.1.134:80 -m -r 172.16.1.135:80 ipvsadm -a -t 172.16.1.134:80 -m -r 172.16.1.136:80- 查看集群状态
[root@master ~]\# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.16.1.134:80 rr -> 172.16.1.135:80 Masq 1 0 0 -> 172.16.1.136:80 Masq 1 0 0- 保存ipvs当前规则到指定文件
ipvsadm-save -n > /etc/sysconfig/ipvsadm- 测试
[root@master ~]\# while true; do curl 172.16.1.134 ; sleep 1; done<h1>Backend RS1</h1><h1>Backend RS2</h1><h1>Backend RS1</h1><h1>Backend RS2</h1><h1>Backend RS1</h1><h1>Backend RS2</h1><h1>Backend RS1</h1><h1>Backend RS2</h1><h1>Backend RS1</h1><h1>Backend RS2</h1>- 修改调度算法和后端RS权重
ipvsadm -E -t 172.16.1.134:80 -s wrr # 修改调度算法为wrr ipvsadm -e -t 172.16.1.134:80 -m -r 172.16.1.135:80 -w 2 # RS1权重改为2 ipvsadm -e -t 172.16.1.134:80 -m -r 172.16.1.136:80 -w 1 # RS2权重改为1DR模式
- 配置LVS-master主机,脚本如下
#!/bin/bashvip='172.16.1.111'iface='ens33:1'mask='255.255.255.255'port='80'rs1='172.16.1.135'rs2='172.16.1.136'scheduler='rr'type='-g'
case $1 instart) ifconfig $iface $vip netmask $mask broadcast $vip up iptables -F
ipvsadm -A -t ${vip}:${port} -s $scheduler ipvsadm -a -t ${vip}:${port} -r ${rs1} $type ipvsadm -a -t ${vip}:${port} -r ${rs2} $type echo "The LVS Server is Ready!" ;;stop) ipvsadm -C ifconfig $iface down echo "The LVS Server is STOPPED!" ;;*) echo "Usage: $(basename $0) start|stop" exit 1 ;;esac- 配置后端RS,脚本如下
#!/bin/bashvip='172.16.1.111'mask='255.255.255.255'dev='lo:1'
case $1 instart) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce # ifconfig $dev $vip netmask $mask ip addr add $vip/32 label lo:1 dev lo #route add -host $vip dev $dev echo "The RS Server is Ready!" ;;stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo "The RS Server is Canceled!" ;;*) echo "Usage: $(basename $0) start|stop" exit 1 ;;esac- 客户机测试
suofeiya@suofeiya-15ISK:~$ while true; do curl 172.16.1.111; sleep 1 ; done<h1>Backend RS2</h1><h1>Backend RS1</h1><h1>Backend RS2</h1><h1>Backend RS1</h1><h1>Backend RS2</h1><h1>Backend RS1</h1><h1>Backend RS2</h1>TUN模式
- 添加IP隧道模块
[root@master ~]\# modprobe ipip[root@master ~]\# ip a show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:00:55:c3 brd ff:ff:ff:ff:ff:ff inet 172.16.1.134/24 brd 172.16.1.255 scope global noprefixroute dynamic ens33 valid_lft 1131sec preferred_lft 1131sec inet6 fe80::20c:29ff:fe00:55c3/64 scope link valid_lft forever preferred_lft forever3: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 link/ipip 0.0.0.0 brd 0.0.0.0- 添加VIP地址到
tunl0网卡上
[root@master ~]\# ip addr add 172.16.1.111/32 dev tunl0- 添加并查看规则
[root@master ~]\# ipvsadm -A -t 172.16.1.111:80 -s rr[root@master ~]\# ipvsadm -a -t 172.16.1.111:80 -r 172.16.1.134:80 -i[root@master ~]\# ipvsadm -a -t 172.16.1.111:80 -r 172.16.1.135:80 -i[root@master ~]\# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.16.1.111:80 rr -> 172.16.1.134:80 Tunnel 1 0 0 -> 172.16.1.135:80 Tunnel 1 0 0- 后端RS
[root@node01 ~]\# modprobe ipip[root@node01 ~]\# ip addr add 172.16.1.111/32 dev tunl0
[root@node02 ~]\# modprobe ipip[root@node02 ~]\# ip addr add 172.16.1.111/32 dev tunl0- 激活各节点隧道模式
[root@master ~]\# ip link set up tunl0[root@node01 ~]\# ip link set up tunl0[root@node02 ~]\# ip link set up tunl0- 关闭内核相关功能及对数据包的校验(以node01节点为例,node02节点一样)
为了防止web服务器不认识发来的拆包后的源ip把数据包给丢掉,导致web服务器丢包,客户端访问不到数据,因为隧道模式实现的是不同网段的主机进行通信,如果信息要从服务端返回到客户端时,由于客户端和服务端不在同一个网段,数据根本出不去,所以我们需要关闭数据校验.
查看相关内核参数:
[root@node01 ~]\# sysctl -a | grep rp_filternet.ipv4.conf.all.arp_filter = 0net.ipv4.conf.all.rp_filter = 1net.ipv4.conf.default.arp_filter = 0net.ipv4.conf.default.rp_filter = 1net.ipv4.conf.ens33.arp_filter = 0net.ipv4.conf.ens33.rp_filter = 1net.ipv4.conf.lo.arp_filter = 0net.ipv4.conf.lo.rp_filter = 0net.ipv4.conf.tunl0.arp_filter = 0net.ipv4.conf.tunl0.rp_filter = 1sysctl: reading key "net.ipv6.conf.all.stable_secret"sysctl: reading key "net.ipv6.conf.default.stable_secret"sysctl: reading key "net.ipv6.conf.ens33.stable_secret"sysctl: reading key "net.ipv6.conf.lo.stable_secret"sysctl: reading key "net.ipv6.conf.tunl0.stable_secret"关闭:
[root@node01 ~]\# cat >> /etc/sysctl.conf << EOF> net.ipv4.conf.all.rp_filter=0> net.ipv4.conf.default.rp_filter=0> net.ipv4.conf.ens33.rp_filter=0> net.ipv4.conf.tunl0.rp_filter=0> EOF# 使配置生效[root@node01 ~]\# sysctl -p- 测试
suofeiya@suofeiya-15ISK:~$ while true; do curl 172.16.1.111; sleep 1 ; done<h1>Backend RS2</h1><h1>Backend RS1</h1><h1>Backend RS2</h1><h1>Backend RS1</h1><h1>Backend RS2</h1>