CentOS 7 部署LVS集群(DR模式、NAT模式,LVS+keepalived)
1.1LVS
linux虛擬服務器,是一個虛擬的服務器集群系統,可以在Unix和linux平臺下實現負載均衡集群的功能。
1.2LVS與nginx的對比
1)工作在網絡模型的7層,可以針對http應用做一些分流的策略,nginx單憑這點可利用的場合遠多於LVS。
2)最新版的nginx也支持4層TCP負載,這曾是LVS的優勢。
3)nginx對網絡穩定性的依賴小,相反LVS對網絡穩定性依賴大。
4)nginx安裝和配置比較簡單,測試起來比較方便,基本上能把錯誤用日誌打印出來。LVS的配置、測試就要花比較長的時間,對網絡依賴較大。
1.3搭建LVS的原因
1)日1000-2000W PV或並發請求1萬以下都可考慮nginx
2)大型門戶網站、電商網站需要用到LVS。
1.4LVS集群的工作模式
1)DR模式:通過改寫請求報文的目標MAC地址,將請求發送給真實服務器,而真實服務器將相應後的處理結果直接返還給客戶端用戶。極大地提高集群的伸縮性,但LB與RS必須在同一局域網環境。
2)NAT模式:
通過網絡地址轉換,LB重寫請求報文的目標地址,根據預設的調度算法,將請求分派給後端的真實服務器,真實服務器的響應報文處理之後,返回時必須通過LB,經過LB時報文的源地址被重寫,再返回給客戶。
3)隧道模式:LB把請求的報文通過IP隧道轉發至真實服務器,而真實服務器將響應處理後直接返回給客戶端用戶。
4)FULLNAT模式:數據包進入時,除了做DNAT,還做SNAT,從而實現LVS-RealServer間可以跨vlan通訊,RealServer只需要連接到內網。
2.環境準備
1)關閉防火墻和Selinux
2)主機名及IP地址關系如下:
lb01 10.0.0.5
lb042 10.0.0.6
web03 10.0.0.17
web04 10.0.0.18
3)web03和web04安裝Tomcat軟件,並滿足下面條件:
curl http://10.0.0.17 頁面底部得到結果為web03
curl http://10.0.0.18 頁面底部得到結果為web04
3.ipvsadm管理LVS負載集群(DR模式)
3.1安裝ipvsadm管理工具(只在lb01操作)
[root@lb01 ~]# yum install -y ipvsadm
說明:默認沒有加載模塊,需要安裝管理工具才能激活
3.2查看LVS狀態,並激活LVS內核模塊
[root@lb01 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@lb01 ~]# lsmod | grep ip_vs
ip_vs_rr 12600 0
ip_vs 140944 2 ip_vs_rr
nf_conntrack 105745 1 ip_vs
libcrc32c 12644 2 xfs,ip_vs
3.3在eth0網卡綁定VIP地址(只在lb01操作)
[root@lb01 ~]# ip addr add 10.0.0.13/24 dev eth0
[root@lb01 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a6:ba:9e brd ff:ff:ff:ff:ff:ff
inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.0.0.13/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fea6:ba9e/64 scope link
valid_lft forever preferred_lft forever
3.4清除所有LVS規則(只在lb01操作)
[root@lb01 ~]# ipvsadm -C
3.5設置tcp、tcpfin、udp連接超時時間
[root@lb01 ~]# ipvsadm --set 30 5 60
3.6添加虛擬服務(只在lb01操作)
[root@lb01 ~]# ipvsadm -A -t 10.0.0.13:80 -s wrr -p 20
3.7將虛擬服務關聯到真實服務上(只在lb01操作)
[root@lb01 ~]# ipvsadm -a -t 10.0.0.13:80 -r 10.0.0.17:80 -g -w 1
[root@lb01 ~]# ipvsadm -a -t 10.0.0.13:80 -r 10.0.0.18:80 -g -w 1
[root@lb01 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.13:80 wrr persistent 20
-> 10.0.0.17:80 Route 1 0 0
-> 10.0.0.18:80 Route 1 0 0
3.8在lo網卡綁定VIP地址(web03、web04同時操作)
ip addr add 10.0.0.13/24 dev lo
3.9修改內核參數抑制ARP響應(web03、web04同時操作)
cat /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
3.10瀏覽器訪問http://10.0.0.13
4.LVS+keepalived(DR模式)
4.1安裝keepalived(lb01、lb02同時操作)
yum install -y keepalived
4.2修改lb01的keepalived配置文件
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.13/24
}
}
virtual_server 10.0.0.13 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 10.0.0.17 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.18 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
4.3修改lb02的keepalived配置文件
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.13/24
}
}
virtual_server 10.0.0.13 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 10.0.0.17 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.18 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
4.4啟動keepalived
systemctl start keepalived.service
4.5測試keepalived高可用,故障轉移
4.6在lo網卡綁定VIP地址(web03、web04同時操作)
ip addr add 10.0.0.13/24 dev lo
4.7修改內核參數抑制ARP響應(web03、web04同時操作)
cat /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
4.8瀏覽器訪問http://10.0.0.13(測試keepalived健康檢查)
5.ipvsadm管理LVS負載集群(NAT模式)
5.1安裝ipvsadm管理工具(只在lb01操作)
[root@lb01 ~]# yum install -y ipvsadm
說明:默認沒有加載模塊,需要安裝管理工具才能激活
5.2查看LVS狀態,並激活LVS內核模塊
[root@lb01 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@lb01 ~]# lsmod | grep ip_vs
ip_vs_rr 12600 0
ip_vs 140944 2 ip_vs_rr
nf_conntrack 105745 1 ip_vs
libcrc32c 12644 2 xfs,ip_vs
5.3在eth0網卡綁定VIP地址(只在lb01操作)
[root@lb01 ~]# ip addr add 10.0.0.13/24 dev eth0
[root@lb01 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a6:ba:9e brd ff:ff:ff:ff:ff:ff
inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.0.0.13/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fea6:ba9e/64 scope link
valid_lft forever preferred_lft forever
5.4清除所有LVS規則(只在lb01操作)
[root@lb01 ~]# ipvsadm -C
5.5設置tcp、tcpfin、udp連接超時時間(只在lb01操作)
[root@lb01 ~]# ipvsadm --set 30 5 60
5.6添加虛擬服務(只在lb01操作)
[root@lb01 ~]# ipvsadm -A -t 10.0.0.13:80 -s rr -p 20
5.7將虛擬服務關聯到真實服務上(只在lb01操作)
ipvsadm -a -t 10.0.0.13:80 -r 172.16.1.203:80 -m
ipvsadm -a -t 10.0.0.13:80 -r 172.16.1.204:80 -m
5.9開啟路由轉發功能(只在lb01操作)
[root@lb01 ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@lb01 ~]# sysctl -p
5.10清空iptables規則(只在lb01操作)
[root@lb01 ~]# iptables -F
[root@lb01 ~]# iptables -F -t nat
5.11添加nat轉換規則(只在lb01操作)
[root@lb01 ~]# iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j MASQUERADE
5.12RS服務器內網網卡添加虛擬網關(web03、web04同時操作)
echo "GATEWAY=172.16.1.13" >> /etc/sysconfig/network-scripts/ifcfg-eth1
5.13瀏覽器訪問http://10.0.0.15
6.LVS+keepalived(NAT模式)
6.1安裝keepalived(lb01、lb02同時操作)
yum install -y keepalived
6.2修改lb01的keepalived配置文件
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.13/24 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth1
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1112
}
virtual_ipaddress {
172.16.1.13/24 dev eth1 label eth1:1
}
}
virtual_server 10.0.0.13 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 172.16.1.17 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.1.18 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
6.3修改lb02的keepalived配置文件
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_DEVEL1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.13/24 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1112
}
virtual_ipaddress {
172.16.1.13/24 dev eth1 label eth1:1
}
}
virtual_server 10.0.0.13 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 172.16.1.17 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.1.18 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
6.4開啟路由轉發功能(lb01、lb02同時操作)
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p
6.5清空iptables規則(lb01、lb02同時操作)
iptables -F
iptables -F -t nat
6.6添加nat轉換規則(lb01、lb02同時操作)
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j MASQUERADE
6.7防止keepalived腦裂(lb01、lb02同時操作)
iptables -A INPUT -i eth0 -p vrrp -j ACCEPT
6.8啟動keepalived
systemctl start keepalived.service
6.8RS服務器內網網卡添加虛擬網關(web03、web04同時操作)
echo "GATEWAY=172.16.1.13" >> /etc/sysconfig/network-scripts/ifcfg-eth1
6.9瀏覽器訪問http://10.0.0.13
CentOS 7 部署LVS集群(DR模式、NAT模式,LVS+keepalived)