Linux学习113 基于LVS实现四层负载均衡配置和DR模型实战

一、概述

  1、DR模型中,Director用于承载请求报文,而响应报文用来承载各RS直接响应给请求服务器。即请求报文给到Director,然后Director将请求响应给某一主机,然后由主机直接将响应报文返回给客户端。

    

二、lvs-dr

  1、dr模型中,备主机上均需要配置VIP,解决地址冲突的方式有三种

    a、在前端网关做静态绑定

    b、在各RS使用arptables

    c、在各RS修改内核参数,来限制arp响应和通告的级别

      (1)、限制响应级别:arp_ignoe(对arp广播进行应答配置)

        1)、0:默认值,表示可使用本地任意接口上配置的任意地址进行响应

        2)、1:仅在请求的目标IP配置在本地主机的接收到请求报文接口上时,才给与响应

        

      (2)、限制通告级别:arp_announce(向接口通告自身的mac信息配置)

        1)、0:默认值,把本机上的所有接口的所有信息向每个接口上的网络进行通告

        2)、1:尽量避免向非直接连接网络进行通告

        3)、2:必须避免向非本网络通告。我们dr中RS上就配置成此值,因为我们将VIP配置在lo:0上的,因此只要不是从lo:0接口上的地址就都不通告。也不应答。

      

  2、实践作业(博客):负载均衡两个php应用(wordpress,discuzx)

    测试:(1)、是否需要会话保持;(2)、是否需要共享存储

  3、RS的预配置脚本

[root@rs1 ~]# cat config.sh 
#!/bin/bash
vip='192.168.10.100'
mask='255.255.255.255'
case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

    ifconfig lo:0 $vip netmask $mask broadcast $vip up
    route add -host $vip dev lo:0
    ;;
stop)
    ifconfig lo:0 down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
     
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac 

三、配置实践

  1、标准top图

    

  2、规划:

    Director:192.168.10.13

    RS1:192.168.10.14

    RS2:192.168.10.15

  3、配置RS1和RS2

    a、在RS1和RS2上配置相应的通告和应答开关脚本

      (1)、脚本内容

[root@rs1 ~]# cat setparam.sh 
#!/bin/bash
case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ;;
stop)
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

      (2)、在RS1上配置

        1)、脚本配置

[root@rs1 ~]# bash -x setparam.sh start
+ case $1 in
+ echo 1
+ echo 1
+ echo 2
+ echo 2
[root@rs1 ~]#

        2)、配置VIP(broadcast 192.168.10.100表示只广播给自己)

[root@rs1 ~]# ifconfig lo:0 192.168.10.100 netmask 255.255.255.255 broadcast 192.168.10.100 up
[root@rs1 ~]# ifconfig 
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
        ether 02:42:d4:23:e6:78  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.14  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::d827:3867:4a18:c5b9  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c3:dd:9a  txqueuelen 1000  (Ethernet)
        RX packets 79905  bytes 7436281 (7.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8444  bytes 1156729 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 134  bytes 27429 (26.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 134  bytes 27429 (26.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.10.100  netmask 255.255.255.255
        loop  txqueuelen 1  (Local Loopback)

        3)、我们说过对于RS而言他的响应报文直接是应答给客户端的,并且我们为了确保响应报文源地址一定是VIP我们需要确保入栈时到达VIP的时候要经由lo:0这个接口来实现,出去的时候他也会经由他来实现,而不是说到达物理网卡以后就直接到达本机了,而是需要到达物理网卡以后再将其转换给lo:0,这样就能确保出栈的时候经过lo:0,所以我们需要在RS上加一个路由条目

[root@rs1 ~]# route add -host 192.168.10.100 dev lo:0
[root@rs1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.10.254  0.0.0.0         UG    100    0        0 ens33
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.10.0    0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.10.100  0.0.0.0         255.255.255.255 UH    0      0        0 lo

      (3)、在RS2上配置

        1)、脚本配置

[root@rs2 ~]# bash -x setparam.sh start
+ case $1 in
+ echo 1
+ echo 1
+ echo 2
+ echo 2

        2)、配置VIP

[root@rs2 ~]# ifconfig lo:0 192.168.10.100 netmask 255.255.255.255 broadcast 192.168.10.100 up
[root@rs2 ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.15  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::5418:2d26:cf07:11c9  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::d827:3867:4a18:c5b9  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:fd:7d:b6  txqueuelen 1000  (Ethernet)
        RX packets 80950  bytes 15496587 (14.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11929  bytes 1306980 (1.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 152  bytes 24258 (23.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 152  bytes 24258 (23.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.10.100  netmask 255.255.255.255
        loop  txqueuelen 1  (Local Loopback)

        3)、添加路由

[root@rs2 ~]# route add -host 192.168.10.100 dev lo:0
[root@rs2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.10.254  0.0.0.0         UG    100    0        0 ens33
192.168.10.0    0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.10.100  0.0.0.0         255.255.255.255 UH    0      0        0 lo

      (4)、在Director上配置

        1)、首先在Director上配置VIP,此处我们需要配置在我们的物理网卡上,因为他需要通过物理网卡接进来报文,而且要转发出去,所以要配置在物理网卡的别名上

[root@www ~]# ifconfig ens33:0 192.168.10.100 netmask 255.255.255.255 broadcast 192.168.10.100
[root@www ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:24:c1:90 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.13/24 brd 192.168.10.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.10.100/32 brd 192.168.10.100 scope global ens33:0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe24:c190/64 scope link 
       valid_lft forever preferred_lft forever

        2)、添加规则

[root@www ~]# ipvsadm -A -t 192.168.10.100:80 -s rr
[root@www ~]# ipvsadm -a -t 192.168.10.100:80 -r 192.168.10.14 -g 
[root@www ~]# ipvsadm -a -t 192.168.10.100:80 -r 192.168.10.15 -g 
[root@www ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.10.100:80 rr
  -> 192.168.10.14:80             Route   1      0          0         
  -> 192.168.10.15:80             Route   1      0          0

        3)、 然后在我们的浏览器上访问192.168.10.100/test1.html即可看到会进行轮询。

 

posted @ 2020-06-29 09:44  Presley  阅读(249)  评论(0编辑  收藏  举报