系統必須有ip_vs模塊
#查看ip_vs模塊 [root@node1 ~]# lsmod |grep -i ip_vs ip_vs_rr 12600 1 ip_vs 141432 3 ip_vs_rr nf_conntrack 133053 7 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_conntrack_ipv4,nf_conntrack_ipv6 libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack #沒有,加載ip_vs [root@node1 ~]# modprobe ip_vs
#1、安裝清華的epel源 #2、安裝ipvadm yum install -y ipvsadm
#https://mirrors.edge.kernel.org/pub/linux/utils/kernel/ipvsadm/選擇與內核相同版本的軟件 mkdir -p /server/tools cd /server/tools wget -c https://mirrors.edge.kernel.org/pub/linux/utils/kernel/ipvsadm/ipvsadm-1.30.tar.xz ln -s /usr/src/kernels/3.10.0-1062.18.1.el7.x86_64/ /usr/src/linux tar xzvf ipvsadm-1.30.tar.gz cd ipvsadm-1.30 make make install #如果編譯報錯,請安裝依賴包 #yum install -y popt-static kernel-devel make gcc openssl-devel lftplibnl* popt* openssl-devel lftplibnl* popt* libnl* libpopt* gcc*
二、ipvsadm命令詳解
ipvsadm是ipvs的管理器,需要yum安裝。
LVS 相關軟件
程序包:ipvsadm Unit File: ipvsadm.service 主程序:/usr/sbin/ipvsadm 規則保存工具:/usr/sbin/ipvsadm-save 規則重載工具:/usr/sbin/ipvsadm-restore 配置文件:/etc/sysconfig/ipvsadm-config ipvs調度規則文件:/etc/sysconfig/ipvsadm
ipvsadm 命令
ipvsadm核心功能:
1、集群服務管理:增、刪、改 2、集群服務的RS管理:增、刪、改 3、查看
#管理集群服務 ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]] [-M netmask] [--pe persistence_engine] [-b sched-flags] ipvsadm -D -t|u|f service-address #刪除 ipvsadm –C #清空 ipvsadm –R #重載,相當於ipvsadm-restore ipvsadm -S [-n] #保存,相當於ipvsadm-save #管理集群中的RS ipvsadm -a|e -t|u|f service-address -r server-address [-g|i|m] [-w weight] ipvsadm -d -t|u|f service-address -r server-address ipvsadm -L|l [options] ipvsadm -Z [-t|u|f service-address]
ipvsadm -D -t|u|f service-address service-address: -t|u|f: -t: TCP協議的端口,VIP:TCP_PORT -u: UDP協議的端口,VIP:UDP_PORT -f:firewall MARK,標記,一個數字 [-s scheduler]:指定集群的調度算法,默認為wlc ipvsadm
ipvsadm -a|e -t|u|f service-address -r server-address [-g|i|m] [-w weight]
刪:
ipvsadm -d -t|u|f service-address -r server-address server-address: rip[:port] 如省略port,不作端口映射 選項: lvs類型: -g: gateway, dr類型,默認 -i: ipip, tun類型 -m: masquerade, nat類型 -w weight:權重
清空定義的所有內容:
ipvsadm -C
清空計數器:
ipvsadm -Z [-t|u|f service-address]
查看:
ipvsadm -L|l [options] --numeric, -n:以數字形式輸出地址和端口號 --exact:擴展信息,精確值 --connection,-c:當前IPVS連接輸出 --stats:統計信息 --rate :輸出速率信息
ipvs規則:
/proc/net/ip_vs
ipvs連接:
/proc/net/ip_vs_conn
保存:建議保存至/etc/sysconfig/ipvsadm
ipvsadm-save > /PATH/TO/IPVSADM_FILE ipvsadm -S > /PATH/TO/IPVSADM_FILE systemctl stop ipvsadm.service #會自動保存規則至/etc/sysconfig/ipvsadm
重載:
ipvsadm-restore < /PATH/FROM/IPVSADM_FILE systemctl start ipvsadm.service #會自動加載/etc/sysconfig/ipvsadm中規則
防火牆標記
iptables -t mangle -A PREROUTING -d $vip -p $proto -m multiport --dports $port1,$port2,… -j MARK --set-mark NUMBER
在Director主機基於標記定義集群服務:
ipvsadm -A -f NUMBER [options]
范例:
[root@lvs ~]#iptables -t mangle -A PREROUTING -d 172.16.0.100 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 10 [root@lvs ~]#ipvsadm -C [root@lvs ~]#ipvsadm -A -f 10 -s rr [root@lvs ~]#ipvsadm -a -f 10 -r 10.0.0.7 -g [root@lvs ~]#ipvsadm -a -f 10 -r 10.0.0.17 -g [root@lvs ~]#ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 10 rr -> 10.0.0.7:0 Route 1 0 0 -> 10.0.0.17:0 Route 1 0 0 [root@lvs ~]#cat /proc/net/ip_vs IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 0000000A rr -> 0A000011:0000 Route 1 0 9 -> 0A000007:0000 Route 1 0 9
范例:
[root@lvs ~]#ipvsadm -A -f 10 [root@lvs ~]#ipvsadm -a -f 10 -r 10.0.0.7 -g [root@lvs ~]#ipvsadm -a -f 10 -r 10.0.0.17 -g [root@lvs ~]#ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 10 wlc -> 10.0.0.7:0 Route 1 0 0 -> 10.0.0.17:0 Route 1 0 0 [root@LVS ~]#cat /proc/net/ip_vs IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP AC14C8C8:0050 rr -> 0A000011:0050 Masq 1 0 0 -> 0A000007:0050 Masq 1 0 0
LVS 持久連接
session 綁定:對共享同一組RS的多個集群服務,需要統一進行綁定,lvs sh算法無法實現 持久連接( lvs persistence )模板:實現無論使用任何調度算法,在一段時間內(默認360s ),能夠 實現將來自同一個地址的請求始終發往同一個RS
ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]]
持久連接實現方式:
1、每端口持久(PPC):每個端口定義為一個集群服務,每集群服務單獨調度 2、每防火牆標記持久(PFWMC):基於防火牆標記定義集群服務;可實現將多個端口上的應用統一調度,即所謂的port Affinity 3、每客戶端持久(PCC):基於0端口(表示所有服務)定義集群服務,即將客戶端對所有應用的請求都調度至后端主機,必須定義為持久模式
范例:
[root@lvs ~]#ipvsadm -E -f 10 -p [root@lvs ~]#ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 10 wlc persistent 360 -> 10.0.0.7:0 Route 1 0 15 -> 10.0.0.17:0 Route 1 0 7 [root@lvs ~]#ipvsadm -E -f 10 -p 3600 [root@lvs ~]#ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 10 wlc persistent 3600 -> 10.0.0.7:0 Route 1 0 79 -> 10.0.0.17:0 Route 1 0 7 [root@lvs ~]#cat /proc/net/ip_vs_conn Pro FromIP FPrt ToIP TPrt DestIP DPrt State Expires PEName PEData TCP C0A80006 C816 AC100064 01BB 0A000011 01BB FIN_WAIT 67 TCP C0A80006 C812 AC100064 01BB 0A000011 01BB FIN_WAIT 67 TCP C0A80006 9A36 AC100064 0050 0A000011 0050 FIN_WAIT 65 TCP C0A80006 C806 AC100064 01BB 0A000011 01BB FIN_WAIT 65 TCP C0A80006 9A3E AC100064 0050 0A000011 0050 FIN_WAIT 66 TCP C0A80006 C81A AC100064 01BB 0A000011 01BB FIN_WAIT 67 TCP C0A80006 C80A AC100064 01BB 0A000011 01BB FIN_WAIT 66 TCP C0A80006 9A3A AC100064 0050 0A000011 0050 FIN_WAIT 66 TCP C0A80006 9A4E AC100064 0050 0A000011 0050 FIN_WAIT 68 TCP C0A80006 9A42 AC100064 0050 0A000011 0050 FIN_WAIT 67 TCP C0A80006 9A46 AC100064 0050 0A000011 0050 FIN_WAIT 67 TCP C0A80006 C81E AC100064 01BB 0A000011 01BB FIN_WAIT 68 IP C0A80006 0000 0000000A 0000 0A000011 0000 NONE 948 TCP C0A80006 C80E AC100064 01BB 0A000011 01BB FIN_WAIT 66 TCP C0A80006 9A4A AC100064 0050 0A000011 0050 FIN_WAIT 67 [root@lvs ~]#ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination TCP 00:46 FIN_WAIT 192.168.0.6:51222 172.16.0.100:443 10.0.0.17:443 TCP 00:46 FIN_WAIT 192.168.0.6:51218 172.16.0.100:443 10.0.0.17:443 TCP 00:45 FIN_WAIT 192.168.0.6:39478 172.16.0.100:80 10.0.0.17:80 TCP 00:45 FIN_WAIT 192.168.0.6:51206 172.16.0.100:443 10.0.0.17:443 TCP 00:46 FIN_WAIT 192.168.0.6:39486 172.16.0.100:80 10.0.0.17:80 TCP 00:47 FIN_WAIT 192.168.0.6:51226 172.16.0.100:443 10.0.0.17:443 TCP 00:45 FIN_WAIT 192.168.0.6:51210 172.16.0.100:443 10.0.0.17:443 TCP 00:45 FIN_WAIT 192.168.0.6:39482 172.16.0.100:80 10.0.0.17:80 TCP 00:47 FIN_WAIT 192.168.0.6:39502 172.16.0.100:80 10.0.0.17:80 TCP 00:46 FIN_WAIT 192.168.0.6:39490 172.16.0.100:80 10.0.0.17:80 TCP 00:46 FIN_WAIT 192.168.0.6:39494 172.16.0.100:80 10.0.0.17:80 TCP 00:47 FIN_WAIT 192.168.0.6:51230 172.16.0.100:443 10.0.0.17:443 IP 15:27 NONE 192.168.0.6:0 0.0.0.10:0 10.0.0.17:0 TCP 00:46 FIN_WAIT 192.168.0.6:51214 172.16.0.100:443 10.0.0.17:443 TCP 00:47 FIN_WAIT 192.168.0.6:39498 172.16.0.100:80 10.0.0.17:80
三、部署LVS NAT
1、LVS NAT模式注意事項
LVS NAT模式工作原理 用戶請求LVS VIP到達director(LVS服務器:LB)(公網VIP:211.1.1.1),director 將請求的報文的目標IP地址改成后端的realserver IP地址,同時將報文的目標端口 也改成后端選定的realserver相應端口,最后將報文發送到realserver,realserver 將數據返給director,director再把數據發送給用戶。(兩次請求都經過director, 所以訪問大的話,director會成為瓶頸),
1)、LVS服務器至少2塊物理網卡,一塊連接公網(VIP),一塊連接內網; 2)、后端Realserver機器的默認網關設置為LVS的內網IP地址; 3)、保證LVS內網網卡通常跟Realserver在同一網段; 4)、LVS NAT模式后端Realserver機器數量不超過30台; 5)、用戶的請求進入和返回均會經過LVS,LVS會成為瓶頸。
DR: inode1:外網ip:10.0.0.101 內網ip:172.16.1.101 RS1: inode2:172.16.1.102----->web頁面 www.ywx1.com RS2: inode3:172.16.1.103----->web頁面 www.ywx2.com [root@inode1 ~]# uname -r 3.10.0-862.el7.x86_64 [root@inode1 ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core)
[root@inode2 ~]# curl 172.16.1.102 www.ywx1.com [root@inode3 ~]# curl 172.16.1.103 www.ywx2.com
[root@inode2 ~]# sed -i '$aGATEWAY=172.16.1.101' /etc/sysconfig/network-scripts/ifcfg-eth1 [root@inode2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.16.1.102 PREFIX=24 GATEWAY=172.16.1.101 [root@inode2 ~]#systemctl restart network [root@inode3 ~]# sed -i '$aGATEWAY=172.16.1.101' /etc/sysconfig/network-scripts/ifcfg-eth1 [root@inode3 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.16.1.103 PREFIX=24 GATEWAY=172.16.1.101 [root@inode3 ~]#systemctl restart network
5、部署NAT的LVS
ipvsadm -A -t 10.0.0.101:80 -s rr #-A 添加虛擬服務器的VIP #-t TCP協議,ip:port #-s 指定算法為RR輪訓模式
第三步:#在虛擬集群10.10.10.101中,加入后端Realserver服務器
ipvsadm -a -t 10.0.0.101:80 -r 172.16.1.102 -m -w 50 ipvsadm -a -t 10.0.0.101:80 -r 172.16.1.103 -m -w 50 # -a,往虛擬服務器集群中添加真實服務器; # -t,TCP協議; # -r,指定后端realserver服務器的IP和端口; # -m,指定NAT轉發模式; # -w,weight權重設置;
查看LVS信息
[root@inode1 ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.101:80 rr -> 172.16.1.102:80 Masq 50 0 0 -> 172.16.1.103:80 Masq 50 0 0
第四步:LVS NAT模式能夠實現數據轉發,還要依靠Linux內核開啟轉發功能
#臨時生效 echo 1 > /proc/sys/net/ipv4/ip_forward #關閉icmp的重定向 echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects #永久生效 vim /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.eth1.send_redirects = 0 sysctl -p
第五步:測試
[root@inode4 ~]# curl 10.0.0.101 www.ywx2.com [root@inode4 ~]# curl 10.0.0.101 www.ywx1.com
在DR inode1上觀察InAction發現是負載均衡
[root@inode1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.101:80 rr -> 172.16.1.102:80 Masq 50 0 3 -> 172.16.1.103:80 Masq 50 0 2
在實驗模式NAT時,要關閉RS服務器上的外網網卡,否則會因為RS上有外網路由的問題,造成VIP地址無法訪問后端頁面
刪除RS1,inode2
[root@inode1 ~]# ipvsadm -d -t 10.0.0.101:80 -r 172.16.1.102 [root@inode1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.101:80 rr -> 172.16.1.103:80 Masq 50 0 7
繼續在inode4上訪問VIP
[root@inode4 ~]# curl 10.0.0.101 www.ywx2.com [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com
RS1被刪除后,客戶端訪問沒有影響
[root@inode1 ~]# ipvsadm -a -t 10.0.0.101:80 -r 172.16.1.102 -m -w 50 [root@inode1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.101:80 rr -> 172.16.1.102:80 Masq 50 0 0 -> 172.16.1.103:80 Masq 50 0 0
inode4上訪問VIP
[root@inode4 ~]# curl 10.0.0.101 www.ywx1.com [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com [root@inode4 ~]# curl 10.0.0.101 www.ywx1.com [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com 在lvs 10.0.0.101上查看lvs連接 [root@node1 ~]# cat /proc/net/ip_vs_conn Pro FromIP FPrt ToIP TPrt DestIP DPrt State Expires PEName PEData TCP 0A000068 B522 0A000065 0050 ACA80167 0050 TIME_WAIT 116 TCP 0A000068 B51C 0A000065 0050 ACA80166 0050 TIME_WAIT 113 TCP 0A000068 B516 0A000065 0050 ACA80167 0050 TIME_WAIT 110 TCP 0A000068 B51E 0A000065 0050 ACA80167 0050 TIME_WAIT 114 TCP 0A000068 B520 0A000065 0050 ACA80166 0050 TIME_WAIT 115 TCP 0A000068 B51A 0A000065 0050 ACA80167 0050 TIME_WAIT 112 TCP 0A000068 B514 0A000065 0050 ACA80166 0050 TIME_WAIT 109 TCP 0A000068 B518 0A000065 0050 ACA80166 0050 TIME_WAIT 111
lvs自動均衡到2台服務器上
[root@inode2 ~]# nginx -s stop
繼續使用inode4上訪問
[root@inode4 ~]# curl 10.0.0.101 curl: (7) Failed connect to 10.0.0.101:80; Connection refused [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com [root@inode4 ~]# curl 10.0.0.101 curl: (7) Failed connect to 10.0.0.101:80; Connection refused [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com [root@inode4 ~]# curl 10.0.0.101 curl: (7) Failed connect to 10.0.0.101:80; Connection refused [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com [root@inode4 ~]# curl 10.0.0.101 curl: (7) Failed connect to 10.0.0.101:80; Connection refused [root@inode4 ~]# curl 10.0.0.101 www.ywx2.com
一個訪問正常,一個訪問報錯,因為LVS只是前端調度的功能,沒有健康檢查。
[root@node1 ~]# ipvsadm -Sn > /tmp/ipvsadm [root@node1 ~]# cat /tmp/ipvsadm -A -t 10.0.0.101:80 -s rr -a -t 10.0.0.101:80 -r 172.168.1.102:80 -m -w 50 -a -t 10.0.0.101:80 -r 172.168.1.103:80 -m -w 50
#清空ipvsadm規程 [root@node1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.101:80 rr -> 172.168.1.102:80 Masq 50 0 0 -> 172.168.1.103:80 Masq 50 0 0 [root@node1 ~]# ipvsadm -C [root@node1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn #重新導入ipvsadm規則 [root@node1 ~]# ipvsadm -R < /tmp/ipvsadm [root@node1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.101:80 rr -> 172.168.1.102:80 Masq 50 0 0 -> 172.168.1.103:80 Masq 50 0 0
四、部署單網段LVS DR
LVS DR模式工作原理 用戶請求LVS VIP到達director(LB均衡器),director將請求的報文的目標MAC 地址改成后端的realserver MAC地址,目標IP為VIP(不變),源IP為用戶IP地址 (保持不變),然后Director將報文發送到realserver,Realserver檢測到目標IP 為自己本地VIP,如果在同一個網段,然后將請求直接返給用戶。如果用戶跟 realserver不在一個網段,則通過網關返回用戶。
DR模式注意事項
1)、LVS DR模式要求LVS和RS服務器同一個物理網段(二層網絡); 2)、LVS修改數據報文的目標MAC地址,目標VIP保持不變; 3)、LVS和RS服務器的網卡塊數沒有要求,單個網卡即可; 4)、RS服務器配置VIP地址,只能配置在LO回環網卡上並且抑制VIP的ARP廣播(防止跟其它主機配置的VIP沖突); 5)、LVS服務器需要配置VIP地址,配置在真實網卡設備上,保證真實網卡不能抑制VIP的ARP廣播; 6)、arp_ignore參數(1)含義:只響應目標IP是本地真實網卡上配置的IP(對RS而言),只響應真實網卡(eth0、ens33等),不響應lo網卡上的VIP地址; 7)、arp_announce參數(2)含義:忽略報文的源IP地址,使用主機上能夠跟用戶通信的真實網卡發送數據(對RS而言),源地址為lo上的VIP地址則忽略,數據直接從真實網卡上發送。
DR模型中各主機上均需要配置VIP,解決地址沖突的方式有三種: (1) 在前端網關做靜態綁定 (2) 在各RS使用arptables (3) 在各RS修改內核參數,來限制arp響應和通告的級別 限制響應級別:arp_ignore 0:默認值,表示可使用本地任意接口上配置的任意地址進行響應 1:僅在請求的目標IP配置在本地主機的接收到請求報文的接口上時,才給予響應 限制通告級別:arp_announce 0:默認值,把本機所有接口的所有信息向每個接口的網絡進行通告 1:盡量避免將接口信息向非直接連接網絡進行通告 2:必須避免將接口信息向非本網絡進行通告 配置要點 1. Director 服務器采用雙IP橋接網絡,一個是VIP,一個DIP 2. Web服務器采用和DIP相同的網段和Director連接 3. 每個Web服務器配置VIP 4. 每個web服務器可以出外網
[root@inode1 ~]# uname -r 3.10.0-862.el7.x86_64 [root@inode1 ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) LVS inode1:10.0.0.101 RS1 inode2:10.0.0.102 -----> 頁面 www.ywx1.com RS2 inode3:10.0.0.103 -----> 頁面 www.ywx2.com VIP 10.0.0.111 client:172.168.1.104 GW:172.168.1.105 rouer: 172.168.1.105 10.0.0.105
3、router和client部署及LVS RS1 RS2的ip
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf sysctl -p cd /etc/sysconfig/network-scripts/ [root@node5 network-scripts]# cat ifcfg-eth0 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth0" DEVICE="eth0" ONBOOT="yes" IPADDR="10.0.0.105" PREFIX="24" GATEWAY="10.0.0.254" DNS1="223.5.5.5" [root@node5 network-scripts]# cat ifcfg-eth1 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.168.1.105 PREFIX=24
Client部署
[root@node4 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.168.1.104 PREFIX=24 GAREWAY=172.168.1.105
LVS node1 ip
[root@node1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth0" DEVICE="eth0" ONBOOT="yes" IPADDR="10.0.0.101" PREFIX="24" GATEWAY="10.0.0.105" DNS1="223.5.5.5"
RS1 node2 ip
[root@node2 network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth0" DEVICE="eth0" ONBOOT="yes" IPADDR="10.0.0.102" PREFIX="24" GATEWAY="10.0.0.105" DNS1="223.5.5.5"
RS2 node3 ip
[root@node3 network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth0" DEVICE="eth0" ONBOOT="yes" IPADDR="10.0.0.103" PREFIX="24" GATEWAY="10.0.0.105" DNS1="223.5.5.5"
[root@inode2 ~]# curl 10.0.0.102 www.ywx1.com [root@inode3 ~]# curl 10.0.0.103 www.ywx2.com
5、在部署LVS
yum install -y ipvsadm
第二步:把10.0.0.111作為VIP,加入lvs集群
ipvsadm -A -t 10.0.0.111 -s rr
第三步:把RS1 inode2和RS2 inode3加入lvs集群
ipvsadm -a -t 10.0.0.111:80 -r 10.0.0.102:80 -g -w 50 ipvsadm -a -t 10.0.0.111:80 -r 10.0.0.103:80 -g -w 50
查看ipvsadm
[root@node1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.111:80 rr -> 10.0.0.102:80 Route 50 0 0 -> 10.0.0.103:80 Route 50 0 0
第四步:DR inode1 上綁定VIP地址
ifconfig eth0:0 10.0.0.111 netmask 255.255.255.255 broadcast 10.0.0.111 /sbin/route add -host 10.0.0.111 dev eth0:0
方法二:
cd /etc/sysconfig/network-scripts/ cp ifcfg-eth0 ifcfg-eth0:0 vim ifcfg-eth0:0 TYPE=Ethernet BOOTPROTO=static DEVICE=eth0:0 ONBOOT=yes IPADDR=10.0.0.111 NETMASK=255.255.255.255
第五步:RS1 inode2和RS2 inode3上綁定VIP地址
ifconfig lo:0 10.0.0.111 netmask 255.255.255.255 broadcast 10.0.0.111 /sbin/route add -host 10.0.0.111 dev lo:0
方法二:
cd /etc/sysconfig/network-scripts/ cp ifcfg-lo ifcfg-lo:0 vim ifcfg-lo:0 DEVICE=lo:0 IPADDR=10.0.0.111 NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback
第六步:在RS1 inode2和RS2 inode3上配置arp抑制
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p
cat /proc/sys/net/ipv4/conf/lo/arp_ignore cat /proc/sys/net/ipv4/conf/lo/arp_announce cat /proc/sys/net/ipv4/conf/all/arp_ignore cat /proc/sys/net/ipv4/conf/all/arp_announce
第七步:測試
[root@inode4 ~]# curl 10.0.0.111 www.ywx1.com [root@inode4 ~]# curl 10.0.0.111 www.ywx2.com [root@inode4 ~]# curl 10.0.0.111 www.ywx1.com [root@inode4 ~]# curl 10.0.0.111 www.ywx2.com
[root@inode1 ~]# uname -r 3.10.0-862.el7.x86_64 [root@inode1 ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) LVS inode1:10.0.0.101 RS1 inode2:10.0.0.102 -----> 頁面 www.ywx1.com RS2 inode3:10.0.0.103 -----> 頁面 www.ywx2.com VIP 192.168.1.100 client:172.168.1.104 GW:172.168.1.105 rouer: 172.168.1.105 10.0.0.105 192.168.1.200(與vip通信使用)
1、router和client部署及LVS RS1 RS2的ip
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf sysctl -p cd /etc/sysconfig/network-scripts/ [root@node5 network-scripts]# cat ifcfg-eth0 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth0" DEVICE="eth0" ONBOOT="yes" IPADDR="10.0.0.105" PREFIX="24" GATEWAY="10.0.0.254" DNS1="223.5.5.5" [root@node5 network-scripts]# cat ifcfg-eth1 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.168.1.105 PREFIX=24 #在eth0:0上配置192.168.1.200 ifconfig eth0:0 192.168.1.200 netmask 255.255.255.0 broadcast 192.168.1.200 /sbin/route add -host 192.168.1.200 dev eth0:0 [root@node5 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:f5:01:8d brd ff:ff:ff:ff:ff:ff inet 10.0.0.105/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet 192.168.1.200/32 brd 192.168.1.200 scope global eth0:0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fef5:18d/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:f5:01:97 brd ff:ff:ff:ff:ff:ff inet 172.168.1.105/24 brd 172.168.1.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fef5:197/64 scope link valid_lft forever preferred_lft forever
Client部署
[root@node4 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.168.1.104 PREFIX=24 GAREWAY=172.168.1.105
LVS node1 ip
[root@node1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth0" DEVICE="eth0" ONBOOT="yes" IPADDR="10.0.0.101" PREFIX="24" GATEWAY="10.0.0.105" DNS1="223.5.5.5"
RS1 node2 ip
[root@node2 network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth0" DEVICE="eth0" ONBOOT="yes" IPADDR="10.0.0.102" PREFIX="24" GATEWAY="10.0.0.105" DNS1="223.5.5.5"
RS2 node3 ip
[root@node3 network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth0" DEVICE="eth0" ONBOOT="yes" IPADDR="10.0.0.103" PREFIX="24" GATEWAY="10.0.0.105" DNS1="223.5.5.5"
[root@inode2 ~]# curl 10.0.0.102 www.ywx1.com [root@inode3 ~]# curl 10.0.0.103 www.ywx2.com
方法一:
ifconfig lo:1 192.168.1.100 netmask 255.255.255.255 broadcast 192.168.1.100 /sbin/route add -host 192.168.1.100 dev lo:1
方法二:
cd /etc/sysconfig/network-scripts/ cp ifcfg-lo ifcfg-lo:1 vim ifcfg-lo:1 DEVICE=lo:1 IPADDR=192.168.1.100 NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback
方法一:
ifconfig lo:1 192.168.1.100 netmask 255.255.255.255 broadcast 192.168.1.100 /sbin/route add -host 192.168.1.100 dev lo:1
方法二:
cd /etc/sysconfig/network-scripts/ cp ifcfg-lo ifcfg-lo:1 vim ifcfg-lo:1 DEVICE=lo:1 IPADDR=192.168.1.100 NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p
cat /proc/sys/net/ipv4/conf/lo/arp_ignore cat /proc/sys/net/ipv4/conf/lo/arp_announce cat /proc/sys/net/ipv4/conf/all/arp_ignore cat /proc/sys/net/ipv4/conf/all/arp_announce
第一步:安裝LVS
yum install -y ipvsadm
第二步:把192.168.1.100作為VIP,加入lvs集群
ipvsadm -A -t 192.168.1.100 -s rr
第三步:把RS1 inode2和RS2 inode3加入lvs集群
ipvsadm -a -t 192.168.1.100:80 -r 10.0.0.102:80 -g -w 50 ipvsadm -a -t 192.168.1.100:80 -r 10.0.0.103:80 -g -w 50
查看ipvsadm
[root@node1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.100:80 rr -> 10.0.0.102:80 Route 50 0 0 -> 10.0.0.103:80 Route 50 0 0
[root@node4 ~]# curl 192.168.1.100 www.ywx2.com [root@node4 ~]# curl 192.168.1.100 www.ywx1.com [root@node4 ~]# curl 192.168.1.100 www.ywx2.com [root@node4 ~]# curl 192.168.1.100 www.ywx1.com
#!/bin/bash #Author:wangxiaochun #Date:2017-08-13 vip='192.168.1.100' iface='lo:1' mask='255.255.255.255' port='80' rs1='10.0.0.102' rs2='10.0.0.103' scheduler='wrr' type='-g' rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/null case $1 in start) ifconfig $iface $vip netmask $mask #broadcast $vip up iptables -F ipvsadm -A -t ${vip}:${port} -s $scheduler ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1 ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1 echo "The VS Server is Ready!" ;; stop) ipvsadm -C ifconfig $iface down echo "The VS Server is Canceled!" ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac
lvs_dr_rs
#!/bin/bash #Author:wangxiaochun #Date:2017-08-13 vip=192.168.1.100 mask='255.255.255.255' dev=lo:1 #rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null #service httpd start &> /dev/null && echo "The httpd Server is Ready!" #echo "`hostname -I`" > /var/www/html/index.html case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev $vip netmask $mask #broadcast $vip up echo "The RS Server is Ready!" ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo "The RS Server is Canceled!" ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac