1、简述lvs四种集群特点及使用场景

LVS集群类型
nat:修改请求报文的目标IP,多目标IP的DNAT
dr:操纵封装新的MAC地址
tun:在原请求IP报文之外新加一个IP首部
fullnat:修改请求报文的源和目标IP

Lvs集群中术语:

CIP:客户端IP地址
VS:调度器
VIP:客户端访问调度器的公网IP
DIP:调度器与物理服务器连接的IP
RS:真正提供服务器的物理服务器
nat模式
本质是多目标IP的DNAT,通过将请求报文中的目标地址和目标端口修改为某挑出的RS的RIP和PORT实现转发

特点:
(1)RIP和DIP应在同一个IP网络,且应使用私网地址;RS的网关要指向DIP
(2)请求报文和响应报文都必须经由Director转发,Director易于成为系统瓶颈
(3)支持端口映射,可修改请求报文的目标PORT
(4)VS必须是Linux系统,RS可以是任意OS系统
DR模式
Direct Routing,直接路由,LVS默认模式,应用最广泛,通过为请求报文重新封装一个MAC首部进行转发,
源MAC是DIP所在的接口的MAC,目标MAC是某挑选出的RS的RIP所在接口的MAC地址;源IP/PORT,以及目标IP/PORT均保持不变

特点:
(1) Director和各RS都配置有VIP
(2) 确保前端路由器将目标IP为VIP的请求报文发往Director
在前端网关做静态绑定VIP和Director的MAC地址
在RS上使用arptables工具
arptables -A IN -d $VIP -j DROP
arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP
在RS上修改内核参数以限制arp通告及应答级别
/proc/sys/net/ipv4/conf/all/arp_ignore
/proc/sys/net/ipv4/conf/all/arp_announce
(3)RS的RIP可以使用私网地址,也可以是公网地址;RIP与DIP在同一IP网络;RIP的网关不能指向DIP,以确保响应报文不会经由Director
(4)RS和Director要在同一个物理网络
(5)请求报文要经由Director,但响应报文不经由Director,而由RS直接发往Client
(6)不支持端口映射(端口不能修败)
(7)RS可使用大多数OS系统
TUN模式
转发方式:不修改请求报文的IP首部(源IP为CIP,目标IP为VIP) 而在原IP报文之外再封装一个IP首部(源IP是DIP,目标IP是RIP)
将报文发往挑选出的目标RS,Rs直接相应给客户端(源IP是VIP ,目标IP是CIP)

特点:
(1) DIP, VIP, RIP都应该是公网地址
(2) RS的网关一般不能指向DIP
(3) 请求报文要经由Director,但响应不经由Director
(4) 不支持端口映射
(5) RS的OS须支持隧道功能
fullnat模式
通过同时修改请求报文的源IP地址和目标IP地址进行转发
CIP --> DIP
VIP –> RIP

特点:
(1) VIP是公网地址,RIP和DIP是私网地址,且通常不在同一IP网络;因此,RIP的网关一般不会指向DIP
(2) RS收到的请求报文源地址是DIP,因此,只需响应给DIP;但Director还要将其发往Client
(3) 请求和响应报文都经由Director
(4) 支持端口映射
注意:此类型kernel默认不支持

总结

lvs-nat与lvs-fullnat:请求和响应报文都经由Director
lvs-nat:RIP的网关要指向DIP
lvs-fullnat:RIP和DIP未必在同一IP网络,但要能通信
lvs-dr与lvs-tun:请求报文要经由Director,但响应报文由RS直接发往Client
lvs-dr:通过封装新的MAC首部实现,通过MAC网络转发
lvs-tun:通过在原IP报文外封装新IP头实现转发,支持远距离通信

2、描述LVS-DR工作原理,并配置实现。

未命名表单

原理:

1)client 向目标vip发出请求,lvs接收,
2)lvs根据负载均衡算法选择一台active的realserver ,将此rip所在网卡的mac地址作为目标mac地址,发送到局域网里,
3)realserver在局域网中收到这个帧,拆开后发现目标Ip与本地匹配,于是处理这个报文,随后重新封装报文,发送到局域网
4)如果client与vs同一网段,那么client将收到这个回复报文,如果跨了网段,那么报文通过getway/路由器经由internet返回给用户

实验准备:
准备5台主机:
1.客户端 [10.31.222.50]
2.路由器[10.31.222.228;192.168.47.100  ]
3.LVS服务器 [192.168.47.101]
4.RS1 [192.168.47.102]
5.RS2 [192.168.47.103]

1.客户端配置
1)网卡配置为桥接模式
2)配置网关
route add default gw 10.31.222.228

测试:
while true ;do curl http://192.168.47.200/index.html;sleep 1 ;done
2.路由器配置:
添加两个网卡,一个桥接模式,一个nat模式
3.LVS服务器配置(网卡为nat模式)
1)配置网关
route add default gw 192.168.47.100
2)绑定一个vip
ip a a 192.168.47.200 dev ens33
3)ipvsamm配置
yum install ipvsadm -y
ipvsadm -A -t 192.168.47.200:80 -s rr
ipvsadm -a -t 192.168.47.200 -r 192.168.47.102
ipvsadm -a -t 192.168.47.200 -r 192.168.47.103
4.RS配置(网卡为nat模式)
1)配置网关
route add default gw 192.168.47.100
2)绑定vip脚本
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=192.168.47.200
mask='255.255.255.255'
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
echo "<h1>`hostname`</h1>" > /var/www/html/index.html

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask #broadcast $vip up
    #route add -host $vip dev $dev
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

3、实现LVS+Keepalived高可用。

11

实验前提:关闭防火墙,selinux,时间同步

1.客户端
网卡配置为桥接模式
IP:10.31.222.227
配置网关:route add default gw 10.31.222.228

测试:while  true ;do curl 192.168.47.200 ;sleep 1 ;done


2.路由器
1)配置两个网卡,一个桥接模式,一个Nat模式
    IP分别为:10.31.222.228; 192.168.47.100
2)配置转发
vim /etc/sysctl.conf
    net.ipv4.ip_forward=1
sysctl –p

 

3.lvs服务器
1)lvs1
配置网关:
route add default gw 192.168.47.100

yum install keepalived
vim /etc/keepalived/keepalived.conf
----------------------------------------------------------------------------------
! Configuration File for keepalived
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id lvs1
   vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
     192.168.47.200/24 dev ens33 label ens33:1
    }
}
virtual_server 192.168.47.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP
    sorry_server 127.0.0.1 80

    real_server 192.168.47.102 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
   real_server 192.168.47.103 80 {
        weight 1
        SSL_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

}
----------------------------------------------------------------------------------
2)lvs2
配置网关:
route add default gw 192.168.47.100

yum install keepalived
vim /etc/keepalived/keepalived.conf
----------------------------------------------------------------------------------
! Configuration File for keepalived
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id lvs2
   vrrp_mcast_group4 224.100.100.100
}


vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 66
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
     192.168.47.200/24 dev ens33 label ens33:1
    }
}
virtual_server 192.168.47.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP
    sorry_server 127.0.0.1 80

    real_server 192.168.47.102 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
   real_server 192.168.47.103 80 {
        weight 1
        SSL_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

}
----------------------------------------------------------------------------------

在lvs1和lvs2上运行脚本lvs_dr_vs.sh;绑定IP:192.168.47.200
bash lvs_dr_vs.sh start
----------------------------------------------------------------------------------
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip='192.168.47.200'
iface='lo:1'
mask='255.255.255.255'
port='80'
rs1='192.168.8.102'
rs2='192.168.8.103'
scheduler='wrr'
type='-g'
rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/null

case $1 in
start)
    ifconfig $iface $vip netmask $mask #broadcast $vip up
    iptables -F

    ipvsadm -A -t ${vip}:${port} -s $scheduler
    ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1
    ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1
    echo "The VS Server is Ready!"
    ;;
stop)
    ipvsadm -C
    ifconfig $iface down
    echo "The VS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac
----------------------------------------------------------------------------------


4.rs1和rs2配置

配置网关:
route add default gw 192.168.47.100

yum install httpd -y
echo 192.168.47.102 RS1 > /var/www/html/index.html
echo 192.168.47.102 RS2 > /var/www/html/index.html
systemctl start httpd

在lvs1和lvs2上运行脚本lvs_dr_rs.sh;绑定IP:192.168.47.200
bash lvs_dr_rs.sh start
----------------------------------------------------------------------------------
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=192.168.47.200
mask='255.255.255.255'
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
#service httpd start &> /dev/null && echo "The httpd Server is Ready!"
#echo "<h1>`hostname`</h1>" > /var/www/html/index.html

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask #broadcast $vip up
    #route add -host $vip dev $dev
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac
----------------------------------------------------------------------------------