lvs
文章目录
- lvs
- lvs介绍
- Lvs三种模式的介绍
- NAT模式
- IP TUN
- DR
- 三种模式对比
- 部署lvs-nat模式的httpd负载集群
- 部署lvs-dr模式的httpd负载集群
- 部署lvs-tun模式的httpd负载集群
lvs介绍
Lvs是linux vitual server 的简介,即linux 虚拟服务器,是一个虚拟的服务器群集系统。此项目在1998年5月有章文嵩博士成立,是国内最早出现的自由软件项目之一,是根据iptables的实现来开发的,所以使用的时候会和iptables相类似
Lvs三种模式的介绍
- NAT模式(网络地址映射)
- IP TUN模式(IP Tunneling IP隧道)
- DR (Direct Routing 直接路由)
不同的转发模式决定了不同的网络结构
NAT模式
NAT模式其工作原理是:客户端访问lvs时,lvs通过重写请求报文的目标地址,且根据预设的调度算法,将请求分派给后端真实服务器,真实服务器接受到请求处理后,发出响应报文也需要通过lvs回传,返回时需要修改报文的源地址,然后返回给客户,完成整个负载调度过程
- DNAT:目标地址转化你,改变的是目标地址
- SNAT:源地址转化你,改变的是源地址
NAT模式就是使用SNAT和DNAT技术完成报的转发,NAT方式可支持任何的操作系统,以及私有网络,并且只需要一个internet ip地址,非常节省成本,但是整个系统的性能受到限制。因为执行NAT每次需要重写数据包,有一定的延迟,另外,大部分应用有80%的数据时从服务器发送向客户机,也就是用户的请求非常短,而服务器的回应非常大,对lvs形成很大的压力,容易成为瓶颈
IP TUN
IP TUN当lvs分配到请求不同的rea l server, real server处理请求后直接回应给客户,这样lvs仅处理客户机与服务器的一半连接。ip tun技术极大地提高了lvs的调度能力,同时也极大地提高了系统能容纳的最大节点数,可以超过100个节点。real server可以在任何lan 或wan上运行,这意味着允许地理上的分布,这在灾难恢复中有重要意义。但此模式要求所有服务器必须支持ip隧道协议,因此只能在linux下使用,在windows无法使用
DR
dr与ip tun类似,负载均衡器仅处理一半的连接,避免了新的性能瓶颈,同样增加了系统的可伸缩性,DR与IP TUN相比,没有ip封装的开销,但由于采用了物理层修改MAC技术,所有服务器都必须再同一个局域网
DR与IP TUN的区别:
DR与IP TUN相比,没有ip封装的开销,但是采用了数据链路层的技术,所以Dr的服务器都需要在一个局域网
三种模式对比
NAT模式 | IP TUN模式 | DR模式 | |
对服务器的要求 | 任何操作系统均可 | 必须支持ip隧道协议,目前只有linux支持 | 支持虚拟网卡,且可以禁用ARP响应 |
网络要求 | 局域网 | 局域网或广域网 | 局域网 |
支持的节点数 | 10-20个,看服务器的处理能力 | 支持100个节点 | 与IP TUN差不多 |
安全性 | 较高,可隐藏real server | 较差,real server容易暴露 | 较差,real server容易暴露 |
IP要求 | 只需要一个合法的ip地址作为vip | 除vip外,每个服务器需要拥有合法ip地址可以直接路由至客户端 | 除vip外,每个服务器需要拥有合法ip地址可以直接路由到客户端 |
扩展性 | 差 | 很好 | 好 |
特点 | 地址转行 | 封装ip | 修改mac地址 |
部署lvs-nat模式的httpd负载集群
环境说明:
主机名 | 作用 | IP/DIP | VIP |
DR | LVS服务器 | 192.168.245.137 | 192.168.245.210 |
RS1 | apache服务器1 | 192.168.245.138 | 192.168.245.210 |
RS2 | apache服务器2 | 192.168.245.139 | 192.168.245.210 |
Client | 客户端(测试) | 192.168.245.135 | 客户端不需要VIP |
DR配置:
//关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//添加一块网卡,设置仅主机模式
//设置网卡ip
[root@DR ~]# nmcli connection modify Wired\ connection\ 1 con-name ens37 ipv4.addresses 192.168.65.10/24 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@DR ~]# nmcli con up ens37
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@DR ~]# ip a | grep ens37
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.65.10/24 brd 192.168.65.255 scope global noprefixroute ens37
//开启转发功能
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
······
Complete!
[root@DR ~]# ipvsadm -A -t 192.168.65.10:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.65.10:80 -r 192.168.183.138:80 -m
[root@DR ~]# ipvsadm -a -t 192.168.65.10:80 -r 192.168.183.139:80 -m
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.65.10:80 rr
-> 192.168.183.138:80 Masq 1 0 0
-> 192.168.183.139:80 Masq 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
[root@DR ~]#
RS1配置:
//关闭防火墙和selinux
[root@RS1 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//配置IP
[root@RS1 ~]# nmcli con modify ens33 ipv4.addresses 192.168.183.138/24 ipv4.gateway 192.168.65.10 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@RS1 ~]# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
//配置好yum源,安装httpd配置首页
[root@RS1 ~]# dnf install httpd -y
······
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2配置:
//关闭防火墙和selinux
[root@RS2 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//配置IP
[root@RS2 ~]# nmcli connection modify ens33 ipv4.addresses 192.168.183.139/24 ipv4.gateway 192.168.65.10 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@RS2 ~]# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
//配置好yum源,安装httpd配置首页
[root@RS2 ~]# dnf install -y httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
客户端进行测试
[root@Client ~]# curl http://192.168.65.10
RS2
[root@Client ~]# curl http://192.168.65.10
RS1
[root@Client ~]# curl http://192.168.65.10
RS2
[root@Client ~]# curl http://192.168.65.10
RS1
部署lvs-dr模式的httpd负载集群
环境说明:
主机名 | 作用 | IP/DIP | VIP |
DR | LVS服务器 | 192.168.245.137 | 192.168.245.210 |
RS1 | apache服务器1 | 192.168.245.138 | 192.168.245.210 |
RS2 | apache服务器2 | 192.168.245.139 | 192.168.245.210 |
Client | 客户端(测试) | 192.168.245.135 | 客户端不需要VIP |
DR配置:
//关闭selinux和防火墙
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//配置lo网卡ip
[root@DR ~]# dnf -y install net-tools
······
[root@DR ~]# ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up
[root@DR ~]# ip a | grep lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 192.168.183.200/0 brd 192.168.183.200 scope global lo
//永久生效lo网卡配置
[root@DR ~]# echo "ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@DR ~]# chmod +x /etc/rc.d/rc.local
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.183.200:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.183.200:80 -r 192.168.202.138:80 -g
[root@DR ~]# ipvsadm -a -t 192.168.183.200:80 -r 192.168.202.139:80 -g
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.183.200:80 rr
-> 192.168.202.138:80 Route 1 0 0
-> 192.168.202.139:80 Route 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
RS1配置:
//关闭防火墙和selinux
[root@RS1 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//RS1上配置内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1 //下面两条是为了保险,其实只需要关闭lo网卡的对外公布apr即可
net.ipv4.conf.all.arp_announce = 2
[root@RS1 ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//配置VIP
[root@RS1 ~]# dnf install -y net-tools
[root@RS1 ~]# ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up
//永久生效
[root@RS1 ~]# echo "ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@RS1 ~]# chmod +x /etc/rc.d/rc.local
//添加路由
[root@RS1 ~]# route add -host 192.168.183.200/32 dev lo
//安装httpd配置首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2配置:
//关闭防火墙和selinux
[root@RS2 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//RS2配置内核参数
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS2 ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//配置VIP
[root@RS2 ~]# dnf install -y net-tools
[root@RS2 ~]# ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up
//永久生效
[root@RS2 ~]# echo "ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@RS2 ~]# chmod +x /etc/rc.d/rc.local
//添加路由
[root@RS2 ~]# route add -host 192.168.183.200/32 dev lo
//安装httpd配置首页
[root@RS2 ~]# dnf install -y httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
客户端测试
[root@Client ~]# curl 192.168.183.200
RS1
[root@Client ~]# curl 192.168.183.200
RS2
[root@Client ~]# curl 192.168.183.200
RS1
[root@Client ~]# curl 192.168.183.200
RS2
部署lvs-tun模式的httpd负载集群
环境说明:
主机名 | 作用 | IP/DIP | VIP |
DR | LVS服务器 | 192.168.245.137 | 192.168.245.210 |
RS1 | apache服务器1 | 192.168.245.138 | 192.168.245.210 |
RS2 | apache服务器2 | 192.168.245.139 | 192.168.245.210 |
Client | 客户端(测试) | 192.168.245.135 | 客户端不需要VIP |
DR配置:
//关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//修改内核参数
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
//配置VIP
[root@DR ~]# dnf -y install net-tools
[root@DR ~]# ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255
[root@DR ~]# ip a|grep tunl0
3: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
inet 192.168.183.210/32 brd 192.168.183.210 scope global tunl0
//永久生效
[root@DR ~]# echo "ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@DR ~]# chmod +x /etc/rc.d/rc.local
//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.183.210:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.183.210:80 -r 192.168.202.138:80 -i
[root@DR ~]# ipvsadm -a -t 192.168.183.210:80 -r 192.168.202.139:80 -i
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.183.210:80 rr
-> 192.168.202.138:80 Tunnel 1 0 0
-> 192.168.202.139:80 Tunnel 1 0 0
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
RS1配置:
//关闭防火墙和selinux
[root@RS1 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//启用ipip模块,配置VIP
[root@RS1 ~]# dnf -y install net-tools
[root@RS1 ~]# modprobe ipip
[root@RS1 ~]# ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255
[root@RS1 ~]# echo "ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@RS1 ~]# chmod +x /etc/rc.d/rc.local
//修改内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS1 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
//安装httpd配置首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2配置:
//关闭防火墙和selinux
[root@RS2 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//启用ipip模块,配置VIP
[root@RS2 ~]# dnf -y install net-tools
[root@RS2 ~]# modprobe ipip
[root@RS2 ~]# ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255
[root@RS2 ~]# echo "ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@RS2 ~]# chmod +x /etc/rc.d/rc.local
//修改内核参数
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS2 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
//安装httpd配置首页
[root@RS2 ~]# dnf install -y httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.