DR模式
| 角色 | IP地址 | 備注 |
| LVS負載均衡器 | 192.168.119.132 | VIP:192.168.119.150 ipvsadm |
| http_Real server | 192.168.119.134 | apache |
| http_Real server | 192.168.119.135 | apache |
1、檢查兩台HTTP server是否正常
web01配置 [root@web01 /]# hostname web01 [root@web01 /]# yum -y install httpd [root@web01 /]# find / -name httpd.conf /etc/httpd/conf/httpd.conf [root@web01 /]# vim /etc/httpd/conf/httpd.conf ServerName www.web01.com:80 [root@web01 /]# cd /var/www/html/ [root@web01 html]# echo "web01_192.168.119.134" > index.html [root@web01 html]# ls index.html [root@web01 html]# cat index.html web01_192.168.119.134 [root@web01 html]# /etc/init.d/httpd start Starting httpd: [ OK ] [root@web01 html]# curl localhost web01_192.168.119.134 web02配置 [root@web02 /]# hostname web02 [root@web02 /]# yum -y install httpd [root@web02 /]# vim /etc/httpd/conf/httpd.conf ServerName www.web02.com:80 [root@web02 /]# echo "web02_192.168.119.135" > /var/www/html/index.html [root@web02 /]# cat /var/www/html/index.html web02_192.168.119.135 [root@web02 /]# /etc/init.d/httpd start Starting httpd: [ OK ] [root@web02 /]# curl localhost web02_192.168.119.135
2、下載軟件
[root@lvs /]# hostname lvs [root@lvs /]# uname -r 2.6.32-431.el6.x86_64
這里我們使用的2.6版本,並且注意內核是2.6版本的,如果你的版本是6.X版本的話,那么可以使用2.6版本
[root@lvs /]# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
3、安裝需要的依賴包
[root@lvs /]# yum -y install kernel-devel gcc gcc-c++ libnl* libpopt* popt-static
4、創建一個軟鏈接,防止后面編譯安裝ipvsadm時找不到系統內核
[root@lvs /]# ln -s /usr/src/kernels/2.6.32-642.4.2.el6.x86_64/ /usr/src/linux
5、編譯安裝
[root@lvs /]# tar zxf ipvsadm-1.26.tar.gz [root@lvs /]# cd ipvsadm-1.26 [root@lvs ipvsadm-1.26]# make [root@lvs ipvsadm-1.26]# make install [root@lvs ipvsadm-1.26]# lsmod | grep ip_vs 把ipvs模塊加載進系統,需要我們執行ipvsadm命令才會加載進去 或者modprobe ip_vs。 [root@lvs ipvsadm-1.26]# modprobe ip_vs [root@lvs ipvsadm-1.26]# lsmod | grep ip_vs ip_vs 125220 0 libcrc32c 1246 1 ip_vs ipv6 317340 142 ip_vs,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
6、配置lvs
- 負載均衡器上配置VIP地址
[root@lvs ipvsadm-1.26]# ifconfig eth0:0 192.168.119.150/24 [root@lvs ipvsadm-1.26]# route add -host 192.168.119.150 dev eth0
- 配置LVS、添加Real server節點
[root@lvs ipvsadm-1.26]# ipvsadm --help ipvsadm v1.26 2008/5/15 (compiled with popt and IPVS v1.2.1) Usage: ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]] [-M netmask] [--pe persistence_engine] ipvsadm -D -t|u|f service-address ipvsadm -C ipvsadm -R ipvsadm -S [-n] ipvsadm -a|e -t|u|f service-address -r server-address [options] ipvsadm -d -t|u|f service-address -r server-address ipvsadm -L|l [options] ipvsadm -Z [-t|u|f service-address] ipvsadm --set tcp tcpfin udp ipvsadm --start-daemon state [--mcast-interface interface] [--syncid sid] ipvsadm --stop-daemon state ipvsadm -h Commands: Either long or short options are allowed. --add-service -A add virtual service with options --edit-service -E edit virtual service with options --delete-service -D delete virtual service --clear -C clear the whole table --restore -R restore rules from stdin --save -S save rules to stdout --add-server -a add real server with options --edit-server -e edit real server with options --delete-server -d delete real server --list -L|-l list the table --zero -Z zero counters in a service or all services --set tcp tcpfin udp set connection timeout values --start-daemon start connection sync daemon --stop-daemon stop connection sync daemon --help -h display this help message Options: --tcp-service -t service-address service-address is host[:port] --udp-service -u service-address service-address is host[:port] --fwmark-service -f fwmark fwmark is an integer greater than zero --ipv6 -6 fwmark entry uses IPv6 --scheduler -s scheduler one of rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq, the default scheduler is wlc. --pe engine alternate persistence engine may be sip, not set by default. --persistent -p [timeout] persistent service --netmask -M netmask persistent granularity mask --real-server -r server-address server-address is host (and port) --gatewaying -g gatewaying (direct routing) (default) --ipip -i ipip encapsulation (tunneling) --masquerading -m masquerading (NAT) --weight -w weight capacity of real server --u-threshold -x uthreshold upper threshold of connections --l-threshold -y lthreshold lower threshold of connections --mcast-interface interface multicast interface for connection sync --syncid sid syncid for connection sync (default=255) --connection -c output of current IPVS connections --timeout output of timeout (tcp tcpfin udp) --daemon output of daemon information --stats output of statistics information --rate output of rate information --exact expand numbers (display exact values) --thresholds output of thresholds information --persistent-conn output of persistent connection info --nosort disable sorting output of service/server entries --sort does nothing, for backwards compatibility --ops -o one-packet scheduling --numeric -n numeric output of addresses and ports [root@lvs ipvsadm-1.26]# ipvsadm -C #清空原有配置 [root@lvs ipvsadm-1.26]# ipvsadm -A -t 192.168.119.150:80 -s rr -p 20 #指定VIP [root@lvs ipvsadm-1.26]# ipvsadm -a -t 192.168.119.150:80 -r 192.168.119.134:80 -g -w 1 #rs節點 [root@lvs ipvsadm-1.26]# ipvsadm -a -t 192.168.119.150:80 -r 192.168.119.135:80 -g -w 1 #rs節點 [root@lvs ipvsadm-1.26]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.119.150:80 rr persistent 20 -> 192.168.119.134:80 Route 10 0 0 -> 192.168.119.135:80 Route 10 0 0
7、real server節點配置
- 添加lo端口的VIP
[root@web01 /]# ifconfig lo 192.168.119.150/32 up [root@web01 /]# route add -host 192.168.119.150 dev lo
- ARP抑制
[root@web01 /]# ifconfig lo 192.168.119.150/32 up [root@web01 /]# route add -host 192.168.119.150 dev lo [root@web01 /]# echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore [root@web01 /]# echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce [root@web01 /]# echo "1">/proc/sys/net/ipv4/conf/all/arp_announce [root@web01 /]# echo "2">/proc/sys/net/ipv4/conf/all/arp_announce web02段配置 [root@web02 /]# ifconfig lo 192.168.119.150/32 up [root@web02 /]# route add -host 192.168.119.150 dev lo [root@web02 /]# echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore [root@web02 /]# echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce [root@web02 /]# echo "1">/proc/sys/net/ipv4/conf/all/arp_announce [root@web02 /]# echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
arp抑制技術參數說明
arp_ignore
0-(默認值):回應任何網絡接口上對任何本地IP地址的ARP查詢請求。
1-只回答目標IP地址是來訪問網絡接口笨的地址的ARP查詢請求
2-只回答目標IP地址是來訪問網絡接口本地地址的ARP查詢請求,且來訪IP必須在該網絡接口的子網段內。
3-不回應網絡界面的ARP請求,而只對設置的唯一和連接地址做出回應。
4-7-保留未使用
8-不回應所有(本地地址)的ARP查詢。
arp_announce
對網絡接口上,本地IP地址的發出的,ARP回應,做出相應級別的限制:
確定不同程度的限制,宣布對來自本地源IP地址發出ARP請求的接口
0-(默認)在任意網絡接口(eth0,eth1,lo)上的任何本地地址
1-盡量避免不在該網絡接口子網段的本地地址做出ARP回應,當發起ARP請求的源IP地址是被設置應該經由路由達到此網絡接口的時候很有用。此時會檢查來訪IP是否為所有接口上的子網段內IP之一。如果該來訪IP不屬於各個網絡接口上的子網段內,那么將采用級別2的方式進行處理
2-對查詢目標使用最適當的本地地址,在此模式下將忽略這個Ip數據包的源地址並嘗試選擇能與該地址通信的本地地址,首要是選擇所有的網絡接口的子網中外出訪問子網中包含該目標IP地址的本地地址。如果沒有合適的地址被發現,將選擇當前的發送網絡接口或其他的有可能接受到該ARP回應的網絡接口來進行發送。限制了使用本地的VIP地址作為優先的網絡接口。
8、測試
在前面加上watch可以動態的查看ipvsadm的會話分配。watch ipvsadm -L -n.
關閉所有主機的防火牆或開放相應的端口
[root@lvs ipvsadm-1.26]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@web01 /]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@web02 /]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ]
使用多個不同的主機訪問192.168.119.150 使用watch ipvsadm -L -n查看ipvsadm的會話分配 [root@lvs ipvsadm-1.26]# watch ipvsadm -L -n
上面的配置 重啟服務器后會失效 可寫成腳本方便管理
LVS 負載均衡器腳本
[root@lvs /]# vim /usr/local/sbin/ipvs #!/bin/bash PORT=80 VIP=192.168.119.150 RIP=( 192.168.119.134 192.168.119.135 ) start(){ ifconfig eth0:0 $VIP/24 up route add -host $VIP dev eth0 ipvsadm -C ipvsadm -A -t $VIP:$PORT -s rr -p 20 for ((i=0;i<${#RIP[*]};i++)) do ipvsadm -a -t $VIP:$PORT -r ${RIP[$i]}:$PORT -g -w 1 done } stop(){ ipvsadm -C ifconfig eth0:0 down route del -host $VIP dev eth0 } case "$1" in start) start echo "ipvs is start" ;; stop) stop echo "ipvs is stop" ;; restart) stop echo "ipvs is stop" start echo "ipvs is start" ;; *) echo "usage:$0 {start|stop|restart}" esac 測試腳本 [root@lvs /]# ipvs stop ipvs is stop [root@lvs /]# ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:21:BC:27 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 [root@lvs /]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn [root@lvs /]# ipvs start ipvs is start [root@lvs /]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.119.150:80 rr persistent 20 -> 192.168.119.134:80 Route 1 0 0 -> 192.168.119.135:80 Route 1 0 0 [root@lvs /]# ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:21:BC:27 inet addr:192.168.119.150 Bcast:192.168.119.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Real Server腳本
#!/bin/bash VIP=192.168.119.150 PORT=80 case "$1" in start) ifconfig eth0:0 $VIP/32 up route add -host $VIP dev eth0 echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce echo "1">/proc/sys/net/ipv4/conf/all/arp_announce echo "2">/proc/sys/net/ipv4/conf/all/arp_announce echo "start LVS of REALServer IP" ;; stop) ifconfig eth0:0 $VIP/32 down route del -host $VIP dev eth0 echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce echo "0">/proc/sys/net/ipv4/conf/all/arp_announce echo "0">/proc/sys/net/ipv4/conf/all/arp_announce echo "stop LVS OF REALServer" ;; *) echo "Usage: $0 {start|stop}" esac 測試腳本 [root@web02 /]# ipvs_client.sh start start LVS of REALServer IP [root@web02 /]# ipvs_client.sh stop stop LVS OF REALServer [root@web02 /]# ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:09:8E:31 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 [root@web02 /]# ipvs_client.sh start start LVS of REALServer IP [root@web02 /]# ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:09:8E:31 inet addr:192.168.119.150 Bcast:255.255.255.255 Mask:0.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1