1,LVS的工作模式:
(1) 地址转换模式NAT
NAT的网络结构呈现为一种类似防火墙的私有网结构,通过内部IP地址,将服务结点池同互联网隔离开来。服务结点无法和客户端直接通信,不论是请求数据还是应答数据,都需要经过负载均衡器进行IP包处理工作
(2)IP隧道模式 IPIP
IPIP模式采用的是开放的网络结构,服务结点拥有合法的互联网IP地址,可以通过路由路径将应答包直接返回给客户端。因此,负载均衡器仅仅处理进入集群的请求数据包,而返回包不经过路由器。因此,这种模式称作单工连接模式(单方向连接工作模式)。负载均衡器和服务结点的连接可以是LAN,也可以在不同的网络上,只需要保证负载均衡器能够将IP包发送至服务结点即可.
(3)直接路由模式 DR
和IPIP模式一样,DR模式也是采用单工的连接方式,应答数据不再经过均衡器而直接返回给客户端。服务结点也必须拥有能够到达客户端的合法IP地址。而且,DR模式中,负载均衡器和服务结点必须位于同一个网段。
2,lvs软件安装:
环境:centos 5.5
服务器信息:
LVS1 :192.168.1.201
LVS2 :192.168.1.202
real1(实体机1):192.168.1.203
real2(实体机2):192.168.1.204
VIP 1: 192.168.1.205
VIP 2: 192.168.1.206
下载 ipvsadm-1.24 和 keepalived-1.15
(1)安装ipvsadm软件
<1>使用yum安装ipvsadm
yum -y install ipvsadm* openssl*
<2>编译安装
# tar –zxvf ipvsadm-1.24
# ln -s /usr/src/kernels/2.6.18-194.32.1.el5-xen-i686 /usr/src/linux
# cd ipvsadm-1.24
#./configure
#make;make install
确定 ipvs 模块是否已经装载:
#modprobe ip_vs
#lsmod |grep ip_vs
(2)安装keepalived 软件
如yum安装的ipvsadm,请执行如下命令:
ln -s /usr/src/kernels/2.6.18-194.32.1.el5-xen-i686 /usr/src/linux
# tar –zxvf keepalived-1.15
# cd keepalived-1.15
# ./configure --prefix=/usr/local/keepalived
# make
# make install
注意在congfig时最后部分有如下显示证明为没问题,不然按提示查询问问题。
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
<3>LVS1服务器keepalived的配置文件:
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.205
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.206
}
}
virtual_server 192.168.1.205 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.1.203 80 {
weight 1
TCP_CHECK {
connect_timeout 15
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.204 80 {
weight 1
TCP_CHECK {
connect_timeout 15
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 192.168.1.206 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.1.204 80 {
weight 1
TCP_CHECK {
connect_timeout 15
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.203 80 {
weight 1
TCP_CHECK {
connect_timeout 15
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
<4>LVS2服务器keepalived配置文件
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.205
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.206
}
}
virtual_server 192.168.1.205 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.1.203 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.204 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 192.168.1.206 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.1.204 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.203 80 {
weight 1
TCP_CHECK {
connect_timeout 15
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
3,后台真实服务器虚拟地址配置:
(1)在real服务器上编辑脚本
# vi /etc/rc.d/init.d/lvs
#!/bin/bash
#chkconfig: 235 96 99
#description:start realserver
VIP1=192.168.1.205
VIP2=192.168.1.206
/etc/rc.d/init.d/functions
case "$1" in
start)
echo " start LVS of REALServer"
/sbin/ifconfig lo:0 $VIP1 broadcast $VIP1 netmask 255.255.255.255 up
/sbin/ifconfig lo:1 $VIP2 broadcast $VIP2 netmask 255.255.255.255 up
/sbin/route add -host $VIP1 dev lo:0
/sbin/route add -host $VIP2 dev lo:1
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/ifconfig lo:1 down
/sbin/route del -host $VIP1 dev lo:0
/sbin/route del -host $VIP2 dev lo:1
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
restart)
stop
start
;;
*)
echo "Usage:$0 {start|stop|restart}"
exit 1
esac
# shell end
在系统给予lvs.sh执行权限
chmod 755 /etc/rc.d/init.d/lvs
在系统中添加LVS脚本的自动启动
chkconfig --add lvs && chkconfig --level 345 lvs on
4,启动LVS
(1)在real服务器上执行
#service lvs start
(2)LVS服务器上执行
/usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
5,关闭LVS
(1)在real服务器上执行
#lvs.sh stop
(2)LVS服务器上执行
killall -9 keepalived;ipvsadm -C
6,系统虚拟IP管理:
查看虚拟IP地址
# ip address list
删除虚拟IP地址
# ip addr del 192.168.1.205 dev eth0
7,查看LVS的状态
#ipvsadm -ln