Linux学习113 基于LVS实现四层负载均衡配置和DR模型实战
一、概述
1、DR模型中,Director用于承载请求报文,而响应报文用来承载各RS直接响应给请求服务器。即请求报文给到Director,然后Director将请求响应给某一主机,然后由主机直接将响应报文返回给客户端。
二、lvs-dr
1、dr模型中,备主机上均需要配置VIP,解决地址冲突的方式有三种
a、在前端网关做静态绑定
b、在各RS使用arptables
c、在各RS修改内核参数,来限制arp响应和通告的级别
(1)、限制响应级别:arp_ignoe(对arp广播进行应答配置)
1)、0:默认值,表示可使用本地任意接口上配置的任意地址进行响应
2)、1:仅在请求的目标IP配置在本地主机的接收到请求报文接口上时,才给与响应
(2)、限制通告级别:arp_announce(向接口通告自身的mac信息配置)
1)、0:默认值,把本机上的所有接口的所有信息向每个接口上的网络进行通告
2)、1:尽量避免向非直接连接网络进行通告
3)、2:必须避免向非本网络通告。我们dr中RS上就配置成此值,因为我们将VIP配置在lo:0上的,因此只要不是从lo:0接口上的地址就都不通告。也不应答。
2、实践作业(博客):负载均衡两个php应用(wordpress,discuzx)
测试:(1)、是否需要会话保持;(2)、是否需要共享存储
3、RS的预配置脚本
[root@rs1 ~]# cat config.sh #!/bin/bash vip='192.168.10.100' mask='255.255.255.255' case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask $mask broadcast $vip up route add -host $vip dev lo:0 ;; stop) ifconfig lo:0 down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac
三、配置实践
1、标准top图
2、规划:
Director:192.168.10.13
RS1:192.168.10.14
RS2:192.168.10.15
3、配置RS1和RS2
a、在RS1和RS2上配置相应的通告和应答开关脚本
(1)、脚本内容
[root@rs1 ~]# cat setparam.sh #!/bin/bash case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; stop) echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac
(2)、在RS1上配置
1)、脚本配置
[root@rs1 ~]# bash -x setparam.sh start + case $1 in + echo 1 + echo 1 + echo 2 + echo 2 [root@rs1 ~]#
2)、配置VIP(broadcast 192.168.10.100表示只广播给自己)
[root@rs1 ~]# ifconfig lo:0 192.168.10.100 netmask 255.255.255.255 broadcast 192.168.10.100 up [root@rs1 ~]# ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:d4:23:e6:78 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.14 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::d827:3867:4a18:c5b9 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:c3:dd:9a txqueuelen 1000 (Ethernet) RX packets 79905 bytes 7436281 (7.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8444 bytes 1156729 (1.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 134 bytes 27429 (26.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 134 bytes 27429 (26.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 192.168.10.100 netmask 255.255.255.255 loop txqueuelen 1 (Local Loopback)
3)、我们说过对于RS而言他的响应报文直接是应答给客户端的,并且我们为了确保响应报文源地址一定是VIP我们需要确保入栈时到达VIP的时候要经由lo:0这个接口来实现,出去的时候他也会经由他来实现,而不是说到达物理网卡以后就直接到达本机了,而是需要到达物理网卡以后再将其转换给lo:0,这样就能确保出栈的时候经过lo:0,所以我们需要在RS上加一个路由条目
[root@rs1 ~]# route add -host 192.168.10.100 dev lo:0 [root@rs1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.10.254 0.0.0.0 UG 100 0 0 ens33 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.10.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 192.168.10.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo
(3)、在RS2上配置
1)、脚本配置
[root@rs2 ~]# bash -x setparam.sh start + case $1 in + echo 1 + echo 1 + echo 2 + echo 2
2)、配置VIP
[root@rs2 ~]# ifconfig lo:0 192.168.10.100 netmask 255.255.255.255 broadcast 192.168.10.100 up [root@rs2 ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.15 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::5418:2d26:cf07:11c9 prefixlen 64 scopeid 0x20<link> inet6 fe80::d827:3867:4a18:c5b9 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:fd:7d:b6 txqueuelen 1000 (Ethernet) RX packets 80950 bytes 15496587 (14.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11929 bytes 1306980 (1.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 152 bytes 24258 (23.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 152 bytes 24258 (23.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 192.168.10.100 netmask 255.255.255.255 loop txqueuelen 1 (Local Loopback)
3)、添加路由
[root@rs2 ~]# route add -host 192.168.10.100 dev lo:0 [root@rs2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.10.254 0.0.0.0 UG 100 0 0 ens33 192.168.10.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 192.168.10.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo
(4)、在Director上配置
1)、首先在Director上配置VIP,此处我们需要配置在我们的物理网卡上,因为他需要通过物理网卡接进来报文,而且要转发出去,所以要配置在物理网卡的别名上
[root@www ~]# ifconfig ens33:0 192.168.10.100 netmask 255.255.255.255 broadcast 192.168.10.100 [root@www ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:24:c1:90 brd ff:ff:ff:ff:ff:ff inet 192.168.10.13/24 brd 192.168.10.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.10.100/32 brd 192.168.10.100 scope global ens33:0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe24:c190/64 scope link valid_lft forever preferred_lft forever
2)、添加规则
[root@www ~]# ipvsadm -A -t 192.168.10.100:80 -s rr [root@www ~]# ipvsadm -a -t 192.168.10.100:80 -r 192.168.10.14 -g [root@www ~]# ipvsadm -a -t 192.168.10.100:80 -r 192.168.10.15 -g [root@www ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.10.100:80 rr -> 192.168.10.14:80 Route 1 0 0 -> 192.168.10.15:80 Route 1 0 0
3)、 然后在我们的浏览器上访问192.168.10.100/test1.html即可看到会进行轮询。