LVS-DR

好久之前就做过测试,但是时间长远,已经记不清楚具体的步骤了,下面做个小环境,再重温一下。

调度器和服务器组都必须在物理上有一个网卡通过不分断的局域网相连,如通过交换机或者高速的HUB相连。VIP地址为调度器和服务器 组共享,调度器配置的VIP地址是对外可见的,用于接收虚拟服务的请求报文;所有的服务器把VIP地址配置在各自的Non-ARP网络设备上,它对外面是 不可见的,只是用于处理目标地址为VIP的网络请求。在LVS/DR中,调度器根据各个服务器的负载情况,动态地选择一台服务器,不修改也不封装IP报文, 而是将数据帧的MAC地址改为选出服务器的MAC地址,再将修改后的数据帧在与服务器组的局域网上发送。因为数据帧的MAC地址是选出的服务器,所以服务器肯定可以收到这个数据帧,从中可以获得该IP报文。当服务器发现报文的目标地址VIP是在本地的网络设备上,服务器处理这个报文,然后根据路由表将响应报文直接返回给客户。
LVS/TUN相比,这种方法没有IP隧道的开销,但是要求负载调度器与实际服务器都有一块网卡连在同一物理网段上,服务器网络设备(或者设备别名)不作ARP响应,或者能将报文重定向(Redirect)到本地的Socket端口上.

server:
 # ip ro li
10.0.2.0/24 dev eth1  proto kernel  scope link  src 10.0.2.20 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.241 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
default via 192.168.1.1 dev eth0 
 
real-server:
client1
# ip ro li
10.0.2.0/24 dev eth1  proto kernel  scope link  src 10.0.2.22 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.229 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
default via 192.168.1.1 dev eth0 
 
client2
# ip ro li
10.0.2.0/24 dev eth1  proto kernel  scope link  src 10.0.2.23 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.224 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
default via 192.168.1.1 dev eth0

这里我们在server端,创建一个VIP 地址:192.168.1.204,然后添加ipvsadm的规则,具体shell文件如下:

# cat lvs_up.sh 
#!/bin/bash
 
IPVSADM='/sbin/ipvsadm'
VIP=192.168.1.204
RS1_IP=192.168.1.229
RS2_IP=192.168.1.224
 
ifconfig eth0:0 $VIP netmask 255.255.255.0 up
 
$IPVSADM -C
$IPVSADM -A -t $VIP:80 -s rr
$IPVSADM -a -t $VIP:80 -r $RS1_IP:80 -g
$IPVSADM -a -t $VIP:80 -r $RS2_IP:80 -g
 
/etc/init.d/ipvsadm save

运行:

# sh -x lvs_up.sh 
+ IPVSADM=/sbin/ipvsadm
+ VIP=192.168.1.204
+ RS1_IP=192.168.1.229
+ RS2_IP=192.168.1.224
+ ifconfig eth0:0 192.168.1.204 netmask 255.255.255.0 up
+ /sbin/ipvsadm -C
+ /sbin/ipvsadm -A -t 192.168.1.204:80 -s rr
+ /sbin/ipvsadm -a -t 192.168.1.204:80 -r 192.168.1.229:80 -g
+ /sbin/ipvsadm -a -t 192.168.1.204:80 -r 192.168.1.224:80 -g
+ /etc/init.d/ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm:      [  OK  ]

显示规则表:

# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.204:http rr
  -> 192.168.1.224:http           Route   1      0          0         
  -> 192.168.1.229:http           Route   1      0          0

至此,服务端配置基本上完成了,具体的参数说明,可以使用ipvsadm -h查阅!

实体服务器部署shell:

# cat realserver_up.sh 
#!/bin/bash
 
VIP=192.168.1.204
 
ifconfig lo:0 $VIP netmask 255.255.255.255 up
route add -host $VIP dev lo:0
 
echo '1'>/proc/sys/net/ipv4/conf/lo/arp_ignore
echo '1'>/proc/sys/net/ipv4/conf/all/arp_ignore
echo '2'>/proc/sys/net/ipv4/conf/lo/arp_announce
echo '2'>/proc/sys/net/ipv4/conf/all/arp_announce
 
sysctl -p

路由表规则:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.204   0.0.0.0         255.255.255.255 UH    0      0        0 lo
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

测试:
QQ图片20140527163658-300x140

# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.204:http rr
  -> 192.168.1.224:http           Route   1      6          0         
  -> 192.168.1.229:http           Route   1      6          0

ipvsadm帮助:

# ipvsadm -h
ipvsadm v1.26 2008/5/15 (compiled with popt and IPVS v1.2.1)
Usage:
  ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]] [-M netmask] [--pe persistence_engine]
  ipvsadm -D -t|u|f service-address
  ipvsadm -C
  ipvsadm -R
  ipvsadm -S [-n]
  ipvsadm -a|e -t|u|f service-address -r server-address [options]
  ipvsadm -d -t|u|f service-address -r server-address
  ipvsadm -L|l [options]
  ipvsadm -Z [-t|u|f service-address]
  ipvsadm --set tcp tcpfin udp
  ipvsadm --start-daemon state [--mcast-interface interface] [--syncid sid]
  ipvsadm --stop-daemon state
  ipvsadm -h
 
Commands:
Either long or short options are allowed.
  --add-service     -A        添加虚拟服务选项
  --edit-service    -E        使用此选项编辑虚拟服务
  --delete-service  -D        删除虚拟服务
  --clear           -C        清除整个规则
  --restore         -R        从标准输入还原规则
  --save            -S        保存规则(/etc/sysconfig/ipvsadm)
  --add-server      -a        添加真实服务器
  --edit-server     -e        编辑真实服务器
  --delete-server   -d        删除真实服务器
  --list            -L|-l     规则清单(查看规则表)
  --zero            -Z        zero counters in a service or all services
  --set tcp tcpfin udp        设置连接超时值
  --start-daemon              start connection sync daemon(启动连接同步守护进程)
  --stop-daemon               stop connection sync daemon(关闭连接同步守护进程)
  --help            -h        display this help message(显示帮助信息)
 
Options:
  --tcp-service  -t service-address   service-address is host[:port]
  --udp-service  -u service-address   service-address is host[:port]
  --fwmark-service  -f fwmark         fwmark is an integer greater than zero
  --ipv6         -6                   fwmark entry uses IPv6
  --scheduler    -s scheduler         one of rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq,
                                      the default scheduler is wlc.
  --pe            engine              alternate persistence engine may be sip,
                                      not set by default.
  --persistent   -p [timeout]         persistent service
  --netmask      -M netmask           persistent granularity mask
  --real-server  -r server-address    server-address is host (and port)
  --gatewaying   -g                   gatewaying (direct routing) (default)  DR直接路由
  --ipip         -i                   ipip encapsulation (tunneling)         TUN隧道模式
  --masquerading -m                   masquerading (NAT)                     NAT模式
  --weight       -w weight            capacity of real server
  --u-threshold  -x uthreshold        upper threshold of connections
  --l-threshold  -y lthreshold        lower threshold of connections
  --mcast-interface interface         multicast interface for connection sync
  --syncid sid                        syncid for connection sync (default=255)
  --connection   -c                   output of current IPVS connections
  --timeout                           output of timeout (tcp tcpfin udp)
  --daemon                            output of daemon information
  --stats                             output of statistics information
  --rate                              output of rate information
  --exact                             expand numbers (display exact values)
  --thresholds                        output of thresholds information
  --persistent-conn                   output of persistent connection info
  --nosort                            disable sorting output of service/server entries
  --sort                              does nothing, for backwards compatibility
  --ops          -o                   one-packet scheduling
  --numeric      -n                   numeric output of addresses and ports

还没有评论,快来抢沙发!

发表评论

  • 😉
  • 😐
  • 😡
  • 😈
  • 🙂
  • 😯
  • 🙁
  • 🙄
  • 😛
  • 😳
  • 😮
  • emoji-mrgree
  • 😆
  • 💡
  • 😀
  • 👿
  • 😥
  • 😎
  • ➡
  • 😕
  • ❓
  • ❗
  • 68 queries in 0.388 seconds