馬哥Linux第十九周

Q1、簡述lvs四種集群特點及使用場景

  • lvs-nat:修改請求報文的目標IP,多目標IP的DNAT

    本質(zhì)是多目標IP的DNAT,通過將請求報文中的目標地址和目標端口修改為某挑出的RS的RIP和PORT實現(xiàn)轉(zhuǎn)發(fā)
    (1)RIP和DIP應(yīng)在同一個IP網(wǎng)絡(luò),且應(yīng)使用私網(wǎng)地址;RS的網(wǎng)關(guān)要指向DIP
    (2)請求報文和響應(yīng)報文都必須經(jīng)由Director轉(zhuǎn)發(fā),Director易于成為系統(tǒng)瓶頸
    (3)支持端口映射,可修改請求報文的目標PORT
    (4)VS必須是Linux系統(tǒng),RS可以是任意OS系統(tǒng)

    此集群類型的優(yōu)點在于RS可支持任意TCP/IP操作系統(tǒng),且僅需一個合法的公網(wǎng)Ip即可部署。

  • lvs-dr:操縱封裝新的MAC地址

    LVS-DR:Direct Routing,直接路由,LVS默認模式,應(yīng)用最廣泛,通過為請求報文重新封裝一個MAC首部進行轉(zhuǎn)發(fā),源MAC是DIP所在的接口的MAC,目標MAC是某挑選出的RS的RIP所在接口的MAC地址;源IP/PORT,以及目標IP/PORT均保持不變
    (1) Director和各RS都配置有VIP
    (2) 確保前端路由器將目標IP為VIP的請求報文發(fā)往Director

    (3)RS的RIP可以使用私網(wǎng)地址,也可以是公網(wǎng)地址;RIP與DIP在同一IP網(wǎng)絡(luò);RIP的網(wǎng)關(guān)不能指向DIP,以確保響應(yīng)報文不會經(jīng)由Director
    (4)RS和Director要在同一個物理網(wǎng)絡(luò)
    (5)請求報文要經(jīng)由Director,但響應(yīng)報文不經(jīng)由Director,而由RS直接發(fā)往Client
    (6)不支持端口映射(端口不能修?。?br> (7)RS可使用大多數(shù)OS系統(tǒng)

  • lvs-tun:在原請求IP報文之外新加一個IP首部

    轉(zhuǎn)發(fā)方式:不修改請求報文的IP首部(源IP為CIP,目標IP為VIP),而在原IP報文之外再封裝一個IP首部(源IP是DIP,目標IP是RIP),將報文發(fā)往挑選出的目標RS;RS直接響應(yīng)給客戶端(源IP是VIP,目標IP是CIP)
    (1) DIP, VIP, RIP都應(yīng)該是公網(wǎng)地址
    (2) RS的網(wǎng)關(guān)一般不能指向DIP
    (3) 請求報文要經(jīng)由Director,但響應(yīng)不經(jīng)由Director
    (4) 不支持端口映射
    (5) RS的OS須支持隧道功能

  • lvs-fullnat:修改請求報文的源和目標IP

    lvs-fullnat:通過同時修改請求報文的源IP地址和目標IP地址進行轉(zhuǎn)發(fā)
    CIP --> DIP
    VIP --> RIP
    (1) VIP是公網(wǎng)地址,RIP和DIP是私網(wǎng)地址,且通常不在同一IP網(wǎng)絡(luò);因此,RIP的網(wǎng)關(guān)一般不會指向DIP
    (2) RS收到的請求報文源地址是DIP,因此,只需響應(yīng)給DIP;但Director還要將其發(fā)往Client
    (3) 請求和響應(yīng)報文都經(jīng)由Director
    (4) 支持端口映射
    注意:此類型kernel默認不支持

Q2、描述LVS-DR工作原理,并配置實現(xiàn)。

  • LVS-DR工作原理:客戶端向目標vip發(fā)起請求,lvs接收 ,LVS根據(jù)負載均衡算法選擇一臺活躍的的節(jié)點,將此節(jié)點的ip所在網(wǎng)卡的mac地址作為目標mac地址,發(fā)送到局域網(wǎng)里節(jié)點在局域網(wǎng)中收到這個幀,拆開后發(fā)現(xiàn)目標IP(VIP)與本地匹配,于是處理這個報文.隨后直接返回數(shù)據(jù)給客戶端.此時IP包的目標ip是客戶端,源ip是自己的vip地址。

    #環(huán)境:5臺機器,Client:172.16.0.6    Router:172.16.0.7、192.168.37.7、10.0.0.200(2塊網(wǎng)卡,一塊NAT,一塊僅主機) LVS:192.168.37.17、10.0.0.100    RS1:192.168.37.27、10.0.0.100    RS2:192.168.37.37、10.0.0.100

1、router配置
[root@router ~]# nmcli connection modify eth0 ipv4.addresses 192.168.37.7/24 ipv4.gateway 192.168.37.2 ipv4.method manual
[root@router ~]# nmcli connection modify eth0 +ipv4.addresses 10.0.0.200/8
[root@router ~]# nmcli connection modify eth1 ipv4.addresses 172.16.0.7/24 ipv4.method manual
[root@router ~]# nmcli connection up eth0 && nmcli connection up eth1
[root@router ~]# echo "eth0 eth1" | xargs -n1 ip address show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:2d:71:b8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.37.7/24 brd 192.168.37.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 10.0.0.200/8 brd 10.255.255.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::85ff:45b3:efd3:c838/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:2d:71:c2 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.7/24 brd 172.16.0.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::a5dc:4f4a:e48e:f712/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2、LVS
[root@lvs ~]# yum install ipvsadm -y
[root@lvs ~]# iptables -t mangle -A PREROUTING -d 10.0.0.100 -p tcp --dport 80 -j MARK --set-mark 1
[root@lvs ~]# ipvsadm -A -f 1 -s wrr
[root@lvs ~]# ipvsadm -a -f 1 -r 192.168.37.27 -g -w 1
[root@lvs ~]# ipvsadm -a -f 1 -r 192.168.37.37 -g -w 1
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
FWM  1 wrr
  -> 192.168.37.27:0              Route   1      0          0         
  -> 192.168.37.37:0              Route   1      0          0
[root@lvs ~]# ip address add 10.0.0.100/24 dev eth0 label eth0:0
[root@lvs ~]# vim /etc/sysctl.conf 
net.ipv4.ip_forward = 1
[root@lvs ~]# sysctl -p
[root@lvs ~]# route del default
[root@lvs ~]# route add default gw 192.168.37.7

3、配置RS1、RS2(相同部分)
[root@rs1 ~]# yum install -y  httpd
[root@rs1 ~]# ip address add 10.0.0.100/32 dev lo label lo:0
[root@rs1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@rs1 ~]# sysctl -p
[root@rs1 ~]# systemctl start httpd
[root@rs1 ~]# route del default
[root@rs1 ~]# route add default gw 192.168.37.7
[root@rs1 ~]# echo RS1 > /var/www/html/index.html

#rs2
[root@rs2 ~]# echo RS2 > /var/www/html/index.html

4、client
[root@centos6 ~]$ vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
NAME="eth0"
IPADDR=172.16.0.6
PREFIX=24
GATEWAY=172.16.0.7
[root@centos6 ~]$ service network restart
root@centos6 ~]$ while :;do curl 10.0.0.100;sleep 0.5;done
RS1
RS2
RS1
RS2
RS1
RS2
RS1
RS2

Q3、實現(xiàn)LVS+Keepalived高可用。

#環(huán)境:6臺機器,Client:172.16.0.6  Router:172.16.0.7、192.168.37.7、10.0.0.200(2塊網(wǎng)卡,一塊NAT,一塊僅主機) LVS1:192.168.37.17、10.0.0.100   RS1:192.168.37.27、10.0.0.100    RS2:192.168.37.37、10.0.0.100    LVs2:192.168.37.47

1、LVS配置
#LVS1
[root@lvs ~]# ipvsadm -C
[root@lvs ~]# ssh-keygen
[root@lvs ~]# ssh-copy-id 192.168.37.47
[root@lvs ~]# yum install keepalived httpd -y
[root@lvs ~]# echo "192.168.37.17 lvs" >> /etc/hosts
[root@lvs ~]# echo "192.168.37.47 lvs2" >> /etc/hosts
[root@lvs ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from lvs@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id lvs
   vrrp_garp_interval 0 
   vrrp_gna_interval 0    
   vrrp_iptables
   vrrp_mcast_group4 224.0.0.100
}

vrrp_instance VI_1 {
    state MASTER 
    interface eth0
    virtual_router_id 10
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.0.0.100/32 dev eth0 label eth0:0
    }
    track_interface {
        eth0   
    }   
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 10.0.0.100 80 {      
    delay_loop 5                        
    lb_algo wrr                         
    lb_kind DR                          
    persistence_timeout 50              
    protocol TCP        
    sorry_server 127.0.0.1 80
    
    real_server 192.168.37.27 80 {
        weight 1
        HTTP_GET {
            url {
              path /                    
              status_code 200           
            }
            connect_timeout 1           
            nb_get_retry 3              
            delay_before_retry 3
        }
    }

    real_server 192.168.37.37 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 1
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
[root@lvs ~]# vim /etc/keepalived/notify.sh 
#!/bin/bash
contact='root@localhost'
notify() {
    mailsubject="$(hostname) to be $1, vip floating"
    mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
    echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
    master)
        notify master
    ;;
    backup)
        notify backup
    ;;
    fault)
        notify fault
    ;;
    *)
        echo "Usage: $(basename $0) {master|backup|fault}"
        exit 1
    ;;
esac
[root@lvs ~]# scp /etc/keepalived/notify.sh lvs2:/etc/keepalived/  
[root@lvs ~]# scp /etc/keepalived/keepalived.conf lvs2:/etc/keepalived/
[root@lvs ~]# echo "Sorry Server 1" > /var/www/html/index.html

#LVS2
[root@lvs2 ~]# route del default
[root@lvs2 ~]# route add default gw 192.168.37.7
[root@lvs2 ~]# ssh-keygen
[root@lvs2 ~]# ssh-copy-id 192.168.37.37
[root@lvs2 ~]# yum install keepalived httpd -y
[root@lvs2 ~]# echo "192.168.37.17 lvs" >> /etc/hosts
[root@lvs2 ~]# echo "192.168.37.47 lvs2" >> /etc/hosts
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
    ...
    router_id lvs2
    ...
}
vrrp_instance VI_1 {
    state BACKUP
    priority 80
    ...
}
[root@lvs ~]# echo "Sorry Server 2" > /var/www/html/index.html

#LV1、LV2啟動keepalived
systemctl start keepalived httpd

2、配置RS1、RS2(相同部分)
[root@rs1 ~]# yum install -y  httpd
[root@rs1 ~]# ip address add 10.0.0.100/32 dev lo label lo:0
[root@rs1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@rs1 ~]# sysctl -p
[root@rs1 ~]# systemctl start httpd
[root@rs1 ~]# route del default
[root@rs1 ~]# route add default gw 192.168.37.7
[root@rs1 ~]# echo RS1 > /var/www/html/index.html

#rs2
[root@rs2 ~]# echo RS2 > /var/www/html/index.html

3、client測試
[root@centos6 ~]$ while :;do curl 10.0.0.100;sleep 0.5;done

#RS1、RS2分別停止服務(wù)
systemctl stop httpd

#lvs停止服務(wù)查看sorry情況
systemctl stop keepalived
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。
禁止轉(zhuǎn)載,如需轉(zhuǎn)載請通過簡信或評論聯(lián)系作者。

友情鏈接更多精彩內(nèi)容