ipvsadm

ipvsadm
- LVS/NAT
- LVS/DR

加载ip_vs 模块

 #!/bin/bash
ipvs_mods_dir="/usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs"
for i in $(ls $ipvs_mods_dir|grep -o "^[^.]*")
do
  /sbin/modinfo -F filename $i &>/dev/null
  if [ $? -eq 0 ];then
    /sbin/modprobe $i
  fi
done

安装ipvsadm

 #yum install kernel-devel
#yum install libnl* popt* -y
#rpm -ivh popt-static-1.13-7.el6.x86_64.rpm 
ln -s /usr/src/kernels/$(uname -r)/ /usr/src/linux
 
wget  http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
tar xf ipvsadm-1.26.tar.gz
cd ipvsadm-1.26 
make && make install

快速开始

 ipvsadm -A -t 192.168.0.20:80 -s rr -p 20	 添加虚拟主机
ipvsadm -a -t 192.168.0.20:80 -r 192.168.0.3 -g -w 1	添加web节点
ipvsadm -a -t 192.168.0.20:80 -r 192.168.0.4 -g -w 1	添加web节点
ipvsadm -Ln --stats

ipvsadm

ipvsadm - Linux Virtual Server administration

长命令	解释	事例
--set tcp tcpfin udp	指定连接超时时间	ipvsadm --set 20 5 60
--start-daemon master	主
--start-daemon backup	备

维护虚主机

 命令格式:
ipvsadm COMMAND [protocol] service-address [scheduling-method] [persistence options]
ipvsadm   -A       -t      47.113.100.31    -s rr               -p 20

COMMAND

短命令	长命令	解释	事例
-A	--add-service	添加virtual server
-E	--edit-service	编辑virtual server
-D	--delete-service	删除virtual server 及相关的real server	ipvsadm -D -t 47.113.100.31:80
-C	--clear	清空配置	ipvsadm -C
-R	--restore	从标准输入加载
-S	--save	保存到标准输出
-Z	--zero	清空匹配的包

[protocol]

短命令	长命令	解释
-t	--tcp-service	tcp协议service
-u	--udp-service	udp协议service
-f	--fwmark-service

[scheduling-method]

短命令	长命令
-s	--scheduler	rr round-robin
		wrr weighted-round-robin
		lc least-connection
		wlc weighted-least-connection
		lblc 相同客户端访问相同的服务，如果服务没有超负荷
		lblcr
		dh - Destination Hashing
		sh Source hashing
		sed - Shortest Expected Delay 最小延迟
		nq Never Queue 1.优先分配到一个闲置的real server 、或最快的real server 2.如果都繁忙使用sed 调度算法

[persistence options]

短命令	长命令	解释
-p	--persistent [timeout]	回话保持，timeout 默认300s

维护realserver

 命令格式:
ipvsadm command [protocol] service-address server-address [packet-forwarding-method] [weight options]
 
ipvsadm	  -a     -t        47.113.100.31:80   -r 172.16.100.14:80  -m  -w 1

command

短命令	长命令	解释
-a	--add-server	添加real server
-e	--edit-server	编辑real server
-d	--delete-server	删除real server

server-address

短命令	长命令	解释
-r	---real-server	-r 172.16.100.14:80

[packet-forwarding-method]

短命令	长命令	解释
-g	--gatewaying	direct routing
-i	--ipip	tunneling
-m	--masquerading	NAT

[weight options]

注：权重用整数来表示，有时候也可以将其设置为atomic_t；其有效表示值范围为24bit整数空间，即（2^24-1）；

1、添加服务（通过设定其权重>0）；

2、关闭服务（通过设定其权重=0）；此应用场景中，已经连接的用户将可以继续使用此服务，直到其退出或超时；新的连接请求将被拒绝；

短命令	长命令	解释
-w	--weight	权重

查询指令

命令格式：ipvsadm -L|l [options]

[options]

短命令	长命令	解释	事例
-c	--connection	当前ipvs的连接情况
	--stats	输出状态信息
	--rate	速率信息
	--thresholds	输出real server的阈值信息	ipvsadm -Ln --threshods
	--persistent-conn	输出会话保持的信息
	--sort	排序输出
	--nosort	不排序
-n	--numeric	不解析域名
	--exact	精确的字节信息

保存命令
```
 ipvsadm-sav > ipvsadm.sav
```
恢复命令
```
 ipvsadm-sav < ipvsadm.sav
```
查询版本 ipvsadm --version
查询ipvs的hash ipvsadm 返回值IP Virtual Server version 1.2.1 (size=4096)

加载多条ipvs

 echo "
-A -t 207.175.44.110:80 -s rr
-a -t 207.175.44.110:80 -r 192.168.10.1:80 -m
-a -t 207.175.44.110:80 -r 192.168.10.2:80 -m
-a -t 207.175.44.110:80 -r 192.168.10.3:80 -m
-a -t 207.175.44.110:80 -r 192.168.10.4:80 -m
-a -t 207.175.44.110:80 -r 192.168.10.5:80 -m
" | ipvsadm -R

LVS/NAT

实验环境：

角色	ip	网关
外网ip	192.168.0.99	192.168.0.1
内网ip	172.16.100.100
realserver01	172.16.100.101/24	172.16.100.100
realserver02	172.16.100.102/24	172.16.100.100

实验步骤：

在调度器上设置双网卡，外网网卡192.168.0.99/24 。内网地址 172.16.100.100/24

在调度器上开启路由内核转发

 echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
echo "1" > /proc/sys/net/ipv4/ip_forward
sysctl -p

在调度器上配置

 ipvsadm -A -t 192.168.0.99:80 -s rr
ipvsadm -a -t 192.168.0.99:80 -r 172.16.100.101:8000 -m -w 1
ipvsadm -a -t 192.168.0.99:80 -r 172.16.100.102:8000 -m -w 1

在所有的realserver上配置内网地址 172.16.100.0/24 gateway 172.16.100.100。开启一个http服务等待测试
```
 python2 -m SimpleHTTPServer 8000
```

脚本

 #!/bin/bash
 
VIP=(
        192.168.0.101
        )
Virtul_Port="80"
RIP=(
        172.16.100.101:8000
        172.16.100.102:8000
        )
 
Usage(){
        echo "$0 start|stop."
        }
 
Start(){
                ip addr add ${VIP}/24 dev eth0
                ipvsadm -A -t ${VIP}:${Virtul_Port} -s rr
                for ip in ${RIP[@]};do
                        ipvsadm -a -t ${VIP}:${Virtul_Port} -r ${RIP} -m -w 1
                done
        }
 
Stop(){
                ip addr del ${VIP}/24 dev eth0
                ipvsadm -D -t ${VIP}:${Virtul_Port} -s rr
                for ip in ${RIP};do
                        ipvsadm -d -t ${VIP}:${Virtul_Port} -r ${RIP} -m -w 1
                done
        }
 
declare -A main
main["start"]=Start
main["stop"]=Stop
 
if [ -n "$1" ] && ([ "$1" == "start" ] || [ "$1" == "stop" ]);then
        ${main["$1"]}
else
        Usage
fi

LVS/DR

实验环境：

角色	ip
vip	192.168.0.101
DIP	192.168.0.99
realserver01	192.168.0.113
realserver02	192.168.0.112

实验步骤：

在调度器上配置vip

net.ipv4.ip_forward = 1 在nat 中必须开启，在DR 中不开测试正常

 ip addr add 192.168.0.101/24 dev eth0
ip route add 192.168.0.101 dev eth0
#ifconfig eth0:0 192.168.0.20/24 up
#route add -host 192.168.0.20 dev eth0
ipvsadm -A -t 192.168.0.101:80 -s rr
ipvsadm -a -t 192.168.0.101:80 -r 192.168.0.112:80 -g -w 1
ipvsadm -a -t 192.168.0.101:80 -r 192.168.0.113:80 -g -w 1

在realserver 上配置

 ip addr add 192.168.0.101/32 dev lo
ip route add 192.168.0.101 dev lo
#ifconfig lo:0 192.168.0.20/32 up    
#route add -host 192.168.0.20 dev lo
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore	
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore	
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

DR 模式脚本
realserver健康检查和自动剔除加载脚本

 #!/bin/bash
#introduction:
#creat by wangendao(1209233066@qq.com) at 2019/03/01
# bash -n $0 验证脚本语法
# bash -x $0 显示执行过程
#basename $0
#basedir $0
rs=(
10.4.7.11
10.4.7.12
)
rs_port=80
 
vip=10.4.7.100
vip_port=80
 
# source common function
[ -f /etc/init.d/function ] && . /etc/init.d/function
 
add(){
 ipvsadm -a -t ${vip}:${vip_port} -r ${i}:${rs_port} -g -w 1 &>/dev/null
}
 
remove(){
 ipvsadm -d -t ${vip}:${vip_port} -r ${i}:${rs_port} -g -w 1 &>/dev/null
}
 
 
check(){
	for i in "${rs[@]}"
	do 
    	http_code=`curl -o /dev/null -s -w "%{http_code}" ${i}`
    	count=`ipvsadm -Ln|grep ${i}`
    	count=${count:=2}
    	
    	if [ "${http_code}" == "200" ]&&[ "${count}" -eq 2 ];then
    		add
    		action ${i} add to ${vip}:${vip_port}'s server
    		
    	fi
    	
    	if [ "${http_code}" != "200" ]&&[ "${count}" -eq 1 ];then
    		remove
    		action ${i} remove to ${vip}:${vip_port}'s server
    	fi
    	
    done       
}
 
 
while 1
do
	check
	sleep 1
done

实现vip的漂移

 #!/bin/bash
 
dip=10.4.7.20
vip=10.4.7.100
vip_port=80
 
source /etc/init.d/functions
add(){
	ifconfig eth0:0 ${vip}/24 up
	route add -host ${vip} dev eth0
	echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
	echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
	echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
}
 
remove(){
	ifconfig eth0:0 down
	route del -host ${vip}
	echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
	echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
	echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce
}
 
check(){
	result_dip=`nmap -sn ${dip}|awk -F '[ |(]' '{if (NR==5){print $7}}'`
	result_vip=`nmap -sn ${dip}|awk -F '[ |(]' '{if (NR==5){print $7}}'`
	
	if [ "${result_dip}" -ne 0 ] && [ "${result_vip}" -ne 0 ];then
		add && return 100
     fi
}
 
while 1
do
	check
	if [ "$?" -eq 100 ];then
		action "current LVS's dip is `hostname -i`"
	fi
done

在工作以上两个脚本都不会使用，因为已经有成熟的工具管理ipvs

piranha web界面管理
keepalived 管理 http://www.linuxvirtualserver.org/docs/ha/keepalived.html

突破lvs 的瓶颈https://my.oschina.net/lxcong/blog/143904

posted @ 2022-02-05 21:42 mingtian是吧阅读(98) 评论(0) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

阅读排行：
· 无需6万激活码！GitHub神秘组织3小时极速复刻Manus，手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 葡萄城 AI 搜索升级：DeepSeek 加持，客户体验更智能
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏

公告

昵称： mingtian是吧
园龄： 4年7个月
粉丝： 0
关注： 0

+加关注

2025年3月

日

一

二

三

四

五

六

随笔分类

随笔档案

文章分类

阅读排行榜

评论排行榜

1. 时间戳的字段时间异常(1)

ipvsadm

ipvsadm

LVS/NAT

LVS/DR

公告

搜索

常用链接

我的标签

随笔分类

随笔档案

文章分类

阅读排行榜

评论排行榜

推荐排行榜

最新评论

	#!/bin/bash
	ipvs_mods_dir="/usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs"
	for i in $(ls $ipvs_mods_dir\|grep -o "^[^.]*")
	do
	/sbin/modinfo -F filename $i &>/dev/null
	if [ $? -eq 0 ];then
	/sbin/modprobe $i
	fi
	done

	#yum install kernel-devel
	#yum install libnl* popt* -y
	#rpm -ivh popt-static-1.13-7.el6.x86_64.rpm
	ln -s /usr/src/kernels/$(uname -r)/ /usr/src/linux

	wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
	tar xf ipvsadm-1.26.tar.gz
	cd ipvsadm-1.26
	make && make install

	ipvsadm -A -t 192.168.0.20:80 -s rr -p 20 添加虚拟主机
	ipvsadm -a -t 192.168.0.20:80 -r 192.168.0.3 -g -w 1 添加web节点
	ipvsadm -a -t 192.168.0.20:80 -r 192.168.0.4 -g -w 1 添加web节点
	ipvsadm -Ln --stats

	命令格式:
	ipvsadm COMMAND [protocol] service-address [scheduling-method] [persistence options]
	ipvsadm -A -t 47.113.100.31 -s rr -p 20

	命令格式:
	ipvsadm command [protocol] service-address server-address [packet-forwarding-method] [weight options]

	ipvsadm -a -t 47.113.100.31:80 -r 172.16.100.14:80 -m -w 1

	echo "
	-A -t 207.175.44.110:80 -s rr
	-a -t 207.175.44.110:80 -r 192.168.10.1:80 -m
	-a -t 207.175.44.110:80 -r 192.168.10.2:80 -m
	-a -t 207.175.44.110:80 -r 192.168.10.3:80 -m
	-a -t 207.175.44.110:80 -r 192.168.10.4:80 -m
	-a -t 207.175.44.110:80 -r 192.168.10.5:80 -m
	" \| ipvsadm -R

	echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
	echo "1" > /proc/sys/net/ipv4/ip_forward
	sysctl -p

	ipvsadm -A -t 192.168.0.99:80 -s rr
	ipvsadm -a -t 192.168.0.99:80 -r 172.16.100.101:8000 -m -w 1
	ipvsadm -a -t 192.168.0.99:80 -r 172.16.100.102:8000 -m -w 1

	#!/bin/bash

	VIP=(
	192.168.0.101
	)
	Virtul_Port="80"
	RIP=(
	172.16.100.101:8000
	172.16.100.102:8000
	)

	Usage(){
	echo "$0 start\|stop."
	}

	Start(){
	ip addr add ${VIP}/24 dev eth0
	ipvsadm -A -t ${VIP}:${Virtul_Port} -s rr
	for ip in ${RIP[@]};do
	ipvsadm -a -t ${VIP}:${Virtul_Port} -r ${RIP} -m -w 1
	done
	}

	Stop(){
	ip addr del ${VIP}/24 dev eth0
	ipvsadm -D -t ${VIP}:${Virtul_Port} -s rr
	for ip in ${RIP};do
	ipvsadm -d -t ${VIP}:${Virtul_Port} -r ${RIP} -m -w 1
	done
	}

	declare -A main
	main["start"]=Start
	main["stop"]=Stop

	if [ -n "$1" ] && ([ "$1" == "start" ] \|\| [ "$1" == "stop" ]);then
	${main["$1"]}
	else
	Usage
	fi

	ip addr add 192.168.0.101/24 dev eth0
	ip route add 192.168.0.101 dev eth0
	#ifconfig eth0:0 192.168.0.20/24 up
	#route add -host 192.168.0.20 dev eth0
	ipvsadm -A -t 192.168.0.101:80 -s rr
	ipvsadm -a -t 192.168.0.101:80 -r 192.168.0.112:80 -g -w 1
	ipvsadm -a -t 192.168.0.101:80 -r 192.168.0.113:80 -g -w 1

	ip addr add 192.168.0.101/32 dev lo
	ip route add 192.168.0.101 dev lo
	#ifconfig lo:0 192.168.0.20/32 up
	#route add -host 192.168.0.20 dev lo
	echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
	echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
	echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

	#!/bin/bash
	#introduction:
	#creat by wangendao(1209233066@qq.com) at 2019/03/01
	# bash -n $0 验证脚本语法
	# bash -x $0 显示执行过程
	#basename $0
	#basedir $0
	rs=(
	10.4.7.11
	10.4.7.12
	)
	rs_port=80

	vip=10.4.7.100
	vip_port=80

	# source common function
	[ -f /etc/init.d/function ] && . /etc/init.d/function

	add(){
	ipvsadm -a -t ${vip}:${vip_port} -r ${i}:${rs_port} -g -w 1 &>/dev/null
	}

	remove(){
	ipvsadm -d -t ${vip}:${vip_port} -r ${i}:${rs_port} -g -w 1 &>/dev/null
	}


	check(){
	for i in "${rs[@]}"
	do
	http_code=`curl -o /dev/null -s -w "%{http_code}" ${i}`
	count=`ipvsadm -Ln\|grep ${i}`
	count=${count:=2}

	if [ "${http_code}" == "200" ]&&[ "${count}" -eq 2 ];then
	add
	action ${i} add to ${vip}:${vip_port}'s server

	fi

	if [ "${http_code}" != "200" ]&&[ "${count}" -eq 1 ];then
	remove
	action ${i} remove to ${vip}:${vip_port}'s server
	fi

	done
	}


	while 1
	do
	check
	sleep 1
	done

	#!/bin/bash

	dip=10.4.7.20
	vip=10.4.7.100
	vip_port=80

	source /etc/init.d/functions
	add(){
	ifconfig eth0:0 ${vip}/24 up
	route add -host ${vip} dev eth0
	echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
	echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
	echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
	}

	remove(){
	ifconfig eth0:0 down
	route del -host ${vip}
	echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
	echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
	echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce
	}

	check(){
	result_dip=`nmap -sn ${dip}\|awk -F '[ \|(]' '{if (NR==5){print $7}}'`
	result_vip=`nmap -sn ${dip}\|awk -F '[ \|(]' '{if (NR==5){print $7}}'`

	if [ "${result_dip}" -ne 0 ] && [ "${result_vip}" -ne 0 ];then
	add && return 100
	fi
	}

	while 1
	do
	check
	if [ "$?" -eq 100 ];then
	action "current LVS's dip is `hostname -i`"
	fi
	done