LVS的安装与配置 LVS入门与详解 lvs的部署和使用

lvs

文章目录

• lvs

• lvs介绍

• Lvs三种模式的介绍

• NAT模式
• IP TUN
• DR
• 三种模式对比

• 部署lvs-nat模式的httpd负载集群
• 部署lvs-dr模式的httpd负载集群
• 部署lvs-tun模式的httpd负载集群

lvs介绍

Lvs是linux vitual server 的简介，即linux 虚拟服务器，是一个虚拟的服务器群集系统。此项目在1998年5月有章文嵩博士成立，是国内最早出现的自由软件项目之一，是根据iptables的实现来开发的，所以使用的时候会和iptables相类似

Lvs三种模式的介绍

1. NAT模式（网络地址映射）
2. IP TUN模式（IP Tunneling IP隧道）
3. DR （Direct Routing 直接路由）

不同的转发模式决定了不同的网络结构

NAT模式

NAT模式其工作原理是：客户端访问lvs时，lvs通过重写请求报文的目标地址，且根据预设的调度算法，将请求分派给后端真实服务器，真实服务器接受到请求处理后，发出响应报文也需要通过lvs回传，返回时需要修改报文的源地址，然后返回给客户，完成整个负载调度过程

1. DNAT：目标地址转化你，改变的是目标地址
2. SNAT：源地址转化你，改变的是源地址

NAT模式就是使用SNAT和DNAT技术完成报的转发，NAT方式可支持任何的操作系统，以及私有网络，并且只需要一个internet ip地址，非常节省成本，但是整个系统的性能受到限制。因为执行NAT每次需要重写数据包，有一定的延迟，另外，大部分应用有80%的数据时从服务器发送向客户机，也就是用户的请求非常短，而服务器的回应非常大，对lvs形成很大的压力，容易成为瓶颈

IP TUN

IP TUN当lvs分配到请求不同的rea l server， real server处理请求后直接回应给客户，这样lvs仅处理客户机与服务器的一半连接。ip tun技术极大地提高了lvs的调度能力，同时也极大地提高了系统能容纳的最大节点数，可以超过100个节点。real server可以在任何lan 或wan上运行，这意味着允许地理上的分布，这在灾难恢复中有重要意义。但此模式要求所有服务器必须支持ip隧道协议，因此只能在linux下使用，在windows无法使用

DR

dr与ip tun类似，负载均衡器仅处理一半的连接，避免了新的性能瓶颈，同样增加了系统的可伸缩性，DR与IP TUN相比，没有ip封装的开销，但由于采用了物理层修改MAC技术，所有服务器都必须再同一个局域网

DR与IP TUN的区别：

DR与IP TUN相比，没有ip封装的开销，但是采用了数据链路层的技术，所以Dr的服务器都需要在一个局域网

三种模式对比

	NAT模式	IP TUN模式	DR模式
对服务器的要求	任何操作系统均可	必须支持ip隧道协议，目前只有linux支持	支持虚拟网卡，且可以禁用ARP响应
网络要求	局域网	局域网或广域网	局域网
支持的节点数	10-20个，看服务器的处理能力	支持100个节点	与IP TUN差不多
安全性	较高，可隐藏real server	较差，real server容易暴露	较差，real server容易暴露
IP要求	只需要一个合法的ip地址作为vip	除vip外，每个服务器需要拥有合法ip地址可以直接路由至客户端	除vip外，每个服务器需要拥有合法ip地址可以直接路由到客户端
扩展性	差	很好	好
特点	地址转行	封装ip	修改mac地址

部署lvs-nat模式的httpd负载集群

环境说明：

主机名	作用	IP/DIP	VIP
DR	LVS服务器	192.168.245.137	192.168.245.210
RS1	apache服务器1	192.168.245.138	192.168.245.210
RS2	apache服务器2	192.168.245.139	192.168.245.210
Client	客户端（测试）	192.168.245.135	客户端不需要VIP

DR配置：

//关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

//添加一块网卡，设置仅主机模式
//设置网卡ip
[root@DR ~]# nmcli connection modify Wired\ connection\ 1 con-name ens37 ipv4.addresses 192.168.65.10/24 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@DR ~]# nmcli con up ens37
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@DR ~]# ip a | grep ens37
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.65.10/24 brd 192.168.65.255 scope global noprefixroute ens37

//开启转发功能
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1

//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
······
Complete!
[root@DR ~]# ipvsadm -A -t 192.168.65.10:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.65.10:80 -r 192.168.183.138:80 -m
[root@DR ~]# ipvsadm -a -t 192.168.65.10:80 -r 192.168.183.139:80 -m
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.65.10:80 rr
  -> 192.168.183.138:80           Masq    1      0          0         
  -> 192.168.183.139:80           Masq    1      0          0         
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
[root@DR ~]#

RS1配置：

//关闭防火墙和selinux
[root@RS1 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

//配置IP
[root@RS1 ~]# nmcli con modify ens33 ipv4.addresses 192.168.183.138/24 ipv4.gateway 192.168.65.10 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@RS1 ~]# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

//配置好yum源，安装httpd配置首页
[root@RS1 ~]# dnf install httpd -y
······
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

RS2配置：

//关闭防火墙和selinux
[root@RS2 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

//配置IP
[root@RS2 ~]# nmcli connection modify ens33 ipv4.addresses 192.168.183.139/24 ipv4.gateway 192.168.65.10 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
[root@RS2 ~]# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

//配置好yum源，安装httpd配置首页
[root@RS2 ~]# dnf install -y httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

客户端进行测试

[root@Client ~]# curl http://192.168.65.10
RS2
[root@Client ~]# curl http://192.168.65.10
RS1
[root@Client ~]# curl http://192.168.65.10
RS2
[root@Client ~]# curl http://192.168.65.10
RS1

部署lvs-dr模式的httpd负载集群

环境说明：

主机名	作用	IP/DIP	VIP
DR	LVS服务器	192.168.245.137	192.168.245.210
RS1	apache服务器1	192.168.245.138	192.168.245.210
RS2	apache服务器2	192.168.245.139	192.168.245.210
Client	客户端（测试）	192.168.245.135	客户端不需要VIP

DR配置：

//关闭selinux和防火墙
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

//配置lo网卡ip
[root@DR ~]# dnf -y install net-tools
······
[root@DR ~]# ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up
[root@DR ~]# ip a | grep lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 192.168.183.200/0 brd 192.168.183.200 scope global lo

//永久生效lo网卡配置
[root@DR ~]# echo "ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@DR ~]# chmod +x /etc/rc.d/rc.local

//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.183.200:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.183.200:80 -r 192.168.202.138:80 -g
[root@DR ~]# ipvsadm -a -t 192.168.183.200:80 -r 192.168.202.139:80 -g
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.183.200:80 rr
  -> 192.168.202.138:80           Route   1      0          0         
  -> 192.168.202.139:80           Route   1      0          0         
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.

RS1配置：

//关闭防火墙和selinux
[root@RS1 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

//RS1上配置内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1	//下面两条是为了保险，其实只需要关闭lo网卡的对外公布apr即可
net.ipv4.conf.all.arp_announce = 2
[root@RS1 ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

//配置VIP
[root@RS1 ~]# dnf install -y net-tools
[root@RS1 ~]# ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up

//永久生效
[root@RS1 ~]# echo "ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@RS1 ~]# chmod +x /etc/rc.d/rc.local

//添加路由
[root@RS1 ~]# route add -host 192.168.183.200/32 dev lo

//安装httpd配置首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

RS2配置：

//关闭防火墙和selinux
[root@RS2 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

//RS2配置内核参数
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS2 ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

//配置VIP
[root@RS2 ~]# dnf install -y net-tools
[root@RS2 ~]# ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up

//永久生效
[root@RS2 ~]# echo "ifconfig lo 192.168.183.200/32 broadcast 192.168.183.200 netmask 255.255.255.255 up" >> /etc/rc.d/rc.local
[root@RS2 ~]# chmod +x /etc/rc.d/rc.local

//添加路由
[root@RS2 ~]# route add -host 192.168.183.200/32 dev lo

//安装httpd配置首页
[root@RS2 ~]# dnf install -y httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

客户端测试

[root@Client ~]# curl 192.168.183.200
RS1
[root@Client ~]# curl 192.168.183.200
RS2
[root@Client ~]# curl 192.168.183.200
RS1
[root@Client ~]# curl 192.168.183.200
RS2

部署lvs-tun模式的httpd负载集群

环境说明：

主机名	作用	IP/DIP	VIP
DR	LVS服务器	192.168.245.137	192.168.245.210
RS1	apache服务器1	192.168.245.138	192.168.245.210
RS2	apache服务器2	192.168.245.139	192.168.245.210
Client	客户端（测试）	192.168.245.135	客户端不需要VIP

DR配置：

//关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@DR ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# setenforce 0
[root@DR ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

//修改内核参数
[root@DR ~]# vim /etc/sysctl.conf 
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1

//配置VIP
[root@DR ~]# dnf -y install net-tools
[root@DR ~]# ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255
[root@DR ~]# ip a|grep tunl0
3: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 192.168.183.210/32 brd 192.168.183.210 scope global tunl0

//永久生效
[root@DR ~]# echo "ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@DR ~]# chmod +x /etc/rc.d/rc.local

//安装ipvsadm并添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.183.210:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.183.210:80 -r 192.168.202.138:80 -i
[root@DR ~]# ipvsadm -a -t 192.168.183.210:80 -r 192.168.202.139:80 -i
[root@DR ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.183.210:80 rr
  -> 192.168.202.138:80           Tunnel  1      0          0         
  -> 192.168.202.139:80           Tunnel  1      0          0         
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl restart ipvsadm
[root@DR ~]# systemctl enable ipvsadm
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.

RS1配置：

//关闭防火墙和selinux
[root@RS1 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

//启用ipip模块，配置VIP
[root@RS1 ~]# dnf -y install net-tools 
[root@RS1 ~]# modprobe ipip
[root@RS1 ~]# ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255
[root@RS1 ~]# echo "ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@RS1 ~]# chmod +x /etc/rc.d/rc.local

//修改内核参数
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS1 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0

//安装httpd配置首页
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

RS2配置：

//关闭防火墙和selinux
[root@RS2 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

//启用ipip模块，配置VIP
[root@RS2 ~]#  dnf -y install net-tools
[root@RS2 ~]# modprobe ipip
[root@RS2 ~]# ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255
[root@RS2 ~]# echo "ifconfig tunl0 192.168.183.210 broadcast 192.168.183.210 netmask 255.255.255.255" >> /etc/rc.d/rc.local
[root@RS2 ~]# chmod +x /etc/rc.d/rc.local

//修改内核参数
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS2 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0

//安装httpd配置首页
[root@RS2 ~]# dnf install -y httpd
[root@RS2 ~]# echo "RS2" > /var/www/html/index.html
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.