LVS+keepalived 的DR模式的两种做法
LVS DR模式搭建
准备工作
三台机器:
dr:192.168.13.15 rs1:192.168.13.16 rs2: 192.168.13.17 vip:192.168.13.100
修改DR上的/etc/sysctl.conf文件
net.ipv4.ip_forward=0改为net.ipv4.ip_forward=1
第一种做法lo
Dr上的配置
! Configuration File for Keepalived ! --------------------------------------------------------------------------- ! GLOBAL ! --------------------------------------------------------------------------- global_defs { ! this is who emails will go to on alerts notification_email { wan@os.cn ! add a few more email addresses here if you would like } notification_email_from wan@os.cn ! mail relay server smtp_server 127.0.0.1 smtp_connect_timeout 30 ! each load balancer should have a different ID ! this will be used in SMTP alerts, so you should make ! each router easily identifiable router_id LVS_13.100 } vrrp_instance VI1_LVS_CN { state MASTER interface eth1 ! interface to run LVS sync daemon on lvs_sync_daemon_interface eth1 !mcast_src_ip 192.168.13.15 virtual_router_id 100 priority 100 advert_int 1 smtp_alert authentication { auth_type PASS auth_pass qw_web } ! these are the IP addresses that keepalived will setup on this ! machine. Later in the config we will specify which real ! servers are behind these IPs without this block, keepalived ! will not setup and takedown any IP addresses virtual_ipaddress { 192.168.13.100 } } virtual_server 192.168.13.100 80 { ! interval between checks in seconds delay_loop 5 ! use weighted least connection as a load balancing algorithm lb_algo wrr ! lvs_sched wrr ! we are doing Direct Routing lb_kind DR ! lvs_method DR protocol TCP ! WEB01 real_server 192.168.13.16 80 { weight 100 HTTP_GET { url { path /.keepalived status_code 200 } connect_timeout 10 nb_get_retry 3 delay_before_retry 5 } } ! WEB02 real_server 192.168.13.17 80 { weight 100 HTTP_GET { url { path /.keepalived status_code 200 } connect_timeout 10 nb_get_retry 3 delay_before_retry 5 } } }
两台Rs上的这配置
[root@local shell]# more realserver.sh #!/bin/bash vip=192.168.13.100 case "$1" in start) ifdown lo ifup lo ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up /sbin/route add -host $vip lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce ;; stop) ifdown lo ifup lo /sbin/route del -host $vip lo:0 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0
第二种做法iptables
Dr上的配置(同第一种一致)
! Configuration File for Keepalived ! --------------------------------------------------------------------------- ! GLOBAL ! --------------------------------------------------------------------------- global_defs { ! this is who emails will go to on alerts notification_email { wan@os.cn ! add a few more email addresses here if you would like } notification_email_from wan@os.cn ! mail relay server smtp_server 127.0.0.1 smtp_connect_timeout 30 ! each load balancer should have a different ID ! this will be used in SMTP alerts, so you should make ! each router easily identifiable router_id LVS_13.100 } vrrp_instance VI1_LVS_CN { state MASTER interface eth1 ! interface to run LVS sync daemon on lvs_sync_daemon_interface eth1 !mcast_src_ip 192.168.13.15 virtual_router_id 100 priority 100 advert_int 1 smtp_alert authentication { auth_type PASS auth_pass qw_web } ! these are the IP addresses that keepalived will setup on this ! machine. Later in the config we will specify which real ! servers are behind these IPs without this block, keepalived ! will not setup and takedown any IP addresses virtual_ipaddress { 192.168.13.100 } } virtual_server 192.168.13.100 80 { ! interval between checks in seconds delay_loop 5 ! use weighted least connection as a load balancing algorithm lb_algo wrr ! lvs_sched wrr ! we are doing Direct Routing lb_kind DR ! lvs_method DR protocol TCP ! WEB01 real_server 192.168.13.16 80 { weight 100 HTTP_GET { url { path /.keepalived status_code 200 } connect_timeout 10 nb_get_retry 3 delay_before_retry 5 } } ! WEB02 real_server 192.168.13.17 80 { weight 100 HTTP_GET { url { path /.keepalived status_code 200 } connect_timeout 10 nb_get_retry 3 delay_before_retry 5 } } }
两台Rs上的这配置
[root@local shell]# iptables -t nat -A PREROUTING -p tcp -d 192.168.13.100 --dport 80 -j REDIRECT [root@local shell]# iptables -t nat -A OUTPUT -p tcp -d 192.168.13.100 --dport 80 -j REDIRECT
以上两种方式均可实现DR模式。