本文详细介绍LVS-DR模式的配置步骤与原理,包括如何在CentOS 7上搭建LVS-DR环境、配置Keepalived实现高可用,以及LVS-DR模式下ARP协议的工作原理等关键技术点。
lvs
1.arp解析过程
2.lvs-dr模式
1)lvs-把用户的 VIPmac地址 转换为后面RS服务器的mac地址。---目标mac地址DMAC
2)RS服务器本地lo要有VIP
3)RS服务器抑制ARP解析
4)lvs-DR模式下面 如果RS是web 要有公网地址
centos7 基本软件准备
1.准备环境
yum -y install wget vim bash-completion lrzsz nmap telnet tree net-tools bind-utils
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo1.2 关闭防火墙SELinux
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
setenforce 01.3 机器准备
lb01 10.0.0.5 172.16.1.5
lb02 10.0.0.6 172.16.1.6
web01 10.0.0.8 172.16.1.8
web02 10.0.0.7 172.16.1.7
web01 web02 准备环境 安装nginx
yum install pcre-devel openssl-devel -y
mkdir /home/oldboy/tools -p
cd /home/oldboy/tools/
wget http://nginx.org/download/nginx-1.10.3.tar.gz
useradd -s /sbin/nologin -M www
tar xf nginx-1.10.3.tar.gz
cd nginx-1.10.3
./configure --user=www --group=www --prefix=/data/nginx-1.10.3 --with-http_sub_module --with-http_ssl_module
make && make install
ln -s /data/nginx-1.10.3/ /application/nginx修改配置文件nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.php index.html index.htm;
}
}
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.php index.html index.htm;
}
}
}创建试用目录和软件
mkdir -p /data/nginx/html/{www,bbs}
for name in www bbs ;do echo $(hostname) $name >/data/nginx/html/$name/na.html ;done测试
curl -H Host:www.etiantian.org 10.0.0.8/na.html
curl -H Host:bbs.etiantian.org 10.0.0.8/na.html
curl -H Host:www.etiantian.org 10.0.0.7/na.html
curl -H Host:bbs.etiantian.org 10.0.0.7/na.html 添加hosts解析 windows
10.0.0.7 www.etiantian.org bbs.etiantian.org
##手动在lb01上面添加VIP 10.0.0.3
ip addr add 10.0.0.3/24 dev eth0 label eth0:0
cat /proc/sys/net/ipv4/conf/lo/arp_ignore
cat /proc/sys/net/ipv4/conf/lo/arp_announce
cat /proc/sys/net/ipv4/conf/all/arp_ignore
cat /proc/sys/net/ipv4/conf/all/arp_announce
keepalived.conf 配置文件几部分?
GLOBAL CONFIGURATION
VRRPD CONFIGURATION
LVS CONFIGURATION
mv /etc/keepalived/keepalived.conf{,.ori}
mv keepalived.conf.lvs0*-lb0*.oldboy /etc/keepalived/keepalived.conf
2、ARP协议工作原理---wireshark抓包
3、工作中ARP带来的实际问题和解决方案
a.局域网ARP欺骗原理及解决方法。
b.切换网关路由器,arp表带来的问题。
c.集群架构中高可用服务器对之间的切换,arp表带来的问题及解决办法。
1.5 LVS技术点小结:
1、真正实现调度的工具是IPVS内核模块,工作在linux内核层面。
2、LVS自带的IPVS命令行管理工具是ipvsadm。
3、keepalived实现管理IPVS(配置文件)及负载均衡器的高可用。
####lvs-dr模式配置过程
###lb01 操作
####1.关闭keepalived iptables selinux
####2.手工添加LVS转发
#####1)配置lvs 添加vip
ip addr add 10.0.0.3/24 dev eth0 label eth0:0
#####2)配置lvs规则
ipvsadm-save -n
###查看下当前都已经保存了什么规则
###可以把当前的lvs规则 以可以再次使用的形式 导出
ipvsadm -C #clear 情况lvs的规则
ipvsadm --set 30 5 60 #tcp超时时间
ipvsadm -A -t 10.0.0.3:80 -s wrr -p 20 #添加一个虚拟服务 vip -s 轮询算法
#rr wrr lc wlc #-p 会话保持的时间
ipvsadm -a -t 10.0.0.3:80 -r 10.0.0.7:80 -g -w 1
ipvsadm -a -t 10.0.0.3:80 -r 10.0.0.8:80 -g -w 1
#-a 添加RS服务器 -r指定RS服务器IP和端口 -g 表示的是 dr模式 -w(weight) 权重
ipvsadm -ln --stats
[root@lb01 ~]# ipvsadm -ln #查看 当前lvs的规则
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
协议 本地的地址 :端口号码 轮询算法 其他的参数
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
-> RS服务器的ip地址:端口号码 转发规则(lvs模式)
TCP 10.0.0.3:80 wrr persistent 20
-> 10.0.0.7:80 Route 1 0 0
-> 10.0.0.8:80 Route 1 0 0
#####3)手工在RS端绑定
####每台real server端执行
#####绑定vip
ip addr add 10.0.0.3/32 dev lo label lo:0
#####4)手工在RS端抑制ARP响应
cat >>/etc/sysctl.conf<<EOF
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
EOF
sysctl -p
####3.lb01 测试 web01 web02 是否可用
[root@lb01 ~]# curl 10.0.0.7/xiaoyu.html
web02 www
[root@lb01 ~]# curl -H Host:blog.etiantian.org 10.0.0.7/xiaoyu.html
web02 blog
[root@lb01 ~]# curl 10.0.0.8/xiaoyu.html
web01 www
[root@lb01 ~]# curl -H Host:blog.etiantian.org 10.0.0.8/xiaoyu.html
web01 blog
#####4.windows hosts 解析
10.0.0.3 www.etiantian.org blog.etiantian.org
####ipvsadm 规则的备份和恢复。
[root@lb01 ~]# ipvsadm-save -n
-A -t 10.0.0.3:80 -s wrr -p 20
-a -t 10.0.0.3:80 -r 10.0.0.7:80 -g -w 1
-a -t 10.0.0.3:80 -r 10.0.0.8:80 -g -w 1
[root@lb01 ~]# ipvsadm-save -n >/tmp/ipvsadm-dr.save
[root@lb01 ~]# cat /tmp/ipvsadm-dr.save
-A -t 10.0.0.3:80 -s wrr -p 20
-a -t 10.0.0.3:80 -r 10.0.0.7:80 -g -w 1
-a -t 10.0.0.3:80 -r 10.0.0.8:80 -g -w 1
[root@lb01 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.3:80 wrr persistent 20
-> 10.0.0.7:80 Route 1 0 0
-> 10.0.0.8:80 Route 1 0 0
[root@lb01 ~]# ipvsadm -C
[root@lb01 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@lb01 ~]# ipvsadm-restore </tmp/ipvsadm-dr.save
[root@lb01 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.3:80 wrr persistent 20
-> 10.0.0.7:80 Route 1 0 0
-> 10.0.0.8:80 Route 1 0 0
#####lvs高可用---keepalived
keepalived.conf
#1.global_defs 全局定义
#2.vrrp 实例配置 VIP
#3.lvs的配置
#配置keepalived管理 lvs
#1. 删除之前配置的VIP
#2.配置lb01 lb02 上面的keepalived
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
virtual_server 10.0.0.3 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 10.0.0.7 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.8 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
virtual_server 10.0.0.3 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 10.0.0.7 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.8 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
##3.测试是否能管理lvs
ipvsadm-save -n >/tmp/ipvsadm.save
ipvsadm -C
ipvsadm -ln
/etc/init.d/keepalived restart
ipvsadm -ln
1、arp协议的介绍及实现原理。<==加强理解lvs dr模式的原理。
2、lvs几种工作模式: DR,NAT,TUN,FULLNAT
DR
3、lvs高可用 keepalived
4、通过配置keepalived 管理lvs
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
