lvs DR模式
1.单机
director端
ifconfig eth0:1 $vip broadcast $vip netmask 255.255.255.255 up ----broadcast广播(单机的时候加这条,双机的时候keepalived会产生vip的,所以不需要加)
route add -host $vip dev eth0:1
yum install ipvsadm
ipvsadm -A -t 192.168.10.100:80 -s wlc
ipvsadm -a -t 192.168.10.100:80 -g -r 192.168.10.11 -w 1
ipvsadm -a -t 192.168.10.100:80 -g -r 192.168.10.12 -w 2
ipvsadm -ln 查看,试试ipvsadm -ln -stats这个命令看
2.双机(keepalived)
director端
yum install kernel-devel gcc openssl-devel
yum install ipvsadm
tar xvf keepalived-1.1.19.tar.gz 可用比较新的版本
./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/xxxx
make && make install
制作服务 cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
chkconfig --add keepalived
配置文件
!Configuration File for keepalived
global_defs{
router_id LVS_MASTER
}
vrrp_instance VI_1{
state MASTER #定义主备,SLAVE
interface eth0 #HA检测端口
virtual_router_id 51 #主备必须相同
priority 100 #备机比这小,如80
advert_int 3 #vrrp多播间隔周期
authentication{
auth_type PASS
auth_pass 1111
}
virtual_ipaddress{ #定义vip,多个vip可换行添加
192.168.10.100
}
}
virtual_server 192.168.10.100 80{
delay_loop 6 #每隔6秒查看realserver状态
lb_algo wlc #调度算法
lb_kind DR #lvs工作模式
nat_mask 255.255.255.0
persistence_timeout 50 #同一IP的连接50s内被分配到同一台realserver
protocol TCP
real_server 192.168.10.11 80{
weight 1
TCP_CHECK { #TCP_CHECK和{ 之间最好跟一空格
connect_timeout 10 #10s无反应算超时
nb_get_retry 3
connect_port 80
}
}
real_server 192.168.10.12 80{
weight 2
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
connect_port 80
}
}
}
ln -s /etc/init.d/keepalived /etc/rc.d/rc3.d/s99keepalived
ln -s /etc/init.d/keepalived /etc/rc.d/rc5.d/s99keepalived
单机、双机realserver的配置都一样,都是如下的脚本
realserver.sh
#!/bin/bash
# network Bring up/down networking
# description: Activates/Deactivates all network interfaces configured to \
# start at boot time.
#/etc/rc.d/init.d/functions
LVS_VIP2=192.168.200.50
case "$1" in
start)
/sbin/ifconfig lo:1 $LVS_VIP2 netmask 255.255.255.255 broadcast $LVS_VIP2
/sbin/route add -host $LVS_VIP2 dev lo:1
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:1 down
/sbin/route del $LVS_VIP2 >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
dr模式问答:
1.配置dr模式,需要修改交换机参数吗?
答:不需要,在realserver上修改网络参数就可以了,见问题2、3
2.在dr模式下,director、realserver都绑定了vip,为什么前端的arp广播只有director响应?
答:因为在realserver上要设置echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore, echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 这样的话realserver对vrp广播就不理会了
3.在dr模式下,realserver不经过director(网关不设置为director),而且不用改原地址的情况下,直接回复客户端并且不会被丢包(realserver将接收包的目的地址作为发送包的源地址)?
答:原因有2
a.realserver在lo绑定了vip
b.realserver设置了后面3项 , echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce , echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce , route add -host $VIP dev lo:0
4.dr模式下,realserver需要有公网地址吗?
答:不需要,只要realserver能访问外网就行
5.dr模式下,director上的vip绑定在哪个接口
答:绑在实际通讯的那个网络接口,如eth0下,绑成为:eth0:0,单机和双机的用法不一样
单机情况下,ifconfig eth0:1 $vip broadcast $vip netmask 255.255.255.255 up
双机情况下,在keepalived的配置文件里 virtual_ipaddress { 192.168.200.100}
6.dr模式下,在realserver上为什么设置route add -host 192.168.200.50 dev lo:0?
答:问题3的答案可以回答
