lvs-dr实现

时间  2019-11-05
标签 lvs 实现 栏目 负载均衡 繁體版
原文   原文链接

lvs-dr实现:
1个Director + 2个Real Server:html

在lvs-dr类型的集群中,各个主机(包括Director和各RS)都须要配置VIP;为了解决IP地址冲突的问题,一般有如下几种方法:
    1.在前端路由器上静态绑定VIP和MAC地址的对应关系;
    2.在各个RS中使用arptables对ARP报文进行过滤;
    3.在各个RS中修改对应的内核参数,以此来限制ARP报文的通告和应答级别;
        arp_ignore
            0:默认值;
            1:
            2:
        arp_announce
            0:默认值;
            1:
            2:

        经常使用的内核参数设定值的选择:
            arp_ignore = 1
            arp_announce =2

lvs-dr实现的简单示例:
三台虚拟机
Director(CentOS 7.2A):
DIP:172.16.72.1
//在eno16777736网卡接口上
VIP:172.16.72.254
//在eno16777736网卡接口的label(标签)上
Real Server1(CentOS 7.2B):
DIP:172.16.72.2
//在eno16777736网卡接口上
VIP:172.16.72.254
//在lo(环回接口)的label(标签)上
Real Server2(CentOS 7.2C):
DIP:172.16.72.3
//在eno16777736网卡接口上
VIP:172.16.72.254
//在lo(环回接口)的label(标签)上前端

1.修改对应的主机名
    Director(CentOS 7.2A)
        ~]# hostnamectl set-hostname drct1
    Real Server1(CentOS 7.2B)
        ~]# hostnamectl set-hostname rs1
    Real Server2(CentOS 7.2C)
        ~]# hostnamectl set-hostname rs2

2.在Director(CentOS 7.2A)查看DIP,在DIP对应的网络接口上设置VIP
    ~]# ifconfig 
    ~]# ifconfig eno16777736:0 172.16.72.254 netmask 255.255.255.255 broadcast 172.16.72.254 up

3.在RS1(CentOS 7.2B)、RS2(CentOS 7.2C)上利用脚本进行的配置;
    #!/bin/bash
    #
    VIP=172.16.72.254
    MASK=255.255.255.255

    case $1 in
    setup)
    #调整ARP相关的内核参数:
        echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
        echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce        

    #在lo的标签接口上配置VIP
        ifconfig lo:0 $VIP netmask $MASK broadcast $VIP up

    #为了可以使响应报文从lo:0标签接口向外封装发送数据,须要指定一条特殊的静态路由:
        route add -host $VIP dev lo:0       
        ;;
    delete)
        ifconfig lo:0 down

        echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
        ;;
    *)
        echo "Usage: $(basename $0) { setup | delete }"
        ;;
    esac

4.向Director(CentOS 7.2A)的集群服务添加集群RS:
    ~]# ipvsadm -A -t 172.16.72.254:80 -s rr
    ~]# ipvsadm -E -t 172.16.72.254:80 -s wrr
    ~]# ipvsadm -a -t 172.16.72.254:80 -r 172.16.72.2 -g -w 1
    ~]# ipvsadm -a -t 172.16.72.254:80 -r 172.16.72.3 -g -w 2
    ~]# ipvsadm -l
    IP Virtual Server version 1.2.1 (size=4096)
    Prot LocalAddress:Port Scheduler Flags
      -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
    TCP  172.16.72.254:http rr
      -> 172.16.72.2:http             Route   1      0          0         
      -> 172.16.72.3:http             Route   2      0          0

5.在客户端(CentOS 7.2D)测试
    ~]# for i in {1..10}; do curl http://172.16.72.254 ;done
    this is CentOS 7.2C for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    This is CentOS 7.2B for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    This is CentOS 7.2B for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    This is CentOS 7.2B for /var/www/html/
    this is CentOS 7.2C for /var/www/html/

使用FWM(Firewall Mark)的方式定义集群服务:
优点:能够实现多个服务的集群服务同时定义;算法

在netfilter上,为某些匹配规则所匹配到的数据报文添加对应的标记;所以须要在mangle表上进行设置;为了配合工做于INPUT链上的ipvs的工做,只能在netfilter的PREROUTING链上对数据报文进行标记;

1.打标记的方法:
    ~]# ipvsadm -C
    ~]# iptables -t mangle -A PREROUTING -d 172.16.72.254 -p tcp --dport 80 -j MARK --set-mark 15
    或者
    ~]# iptables -t mangle -A PREROUTING -d 172.16.72.254 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 10     

2.lvs集群定义方法:lvs-dr类型实现:
    ~]# ipvsadm -A -f 15 -s wrr
    ~]# ipvsadm -a -f 15 -r 172.16.72.3 -g -w 3
    ~]# ipvsadm -a -f 15 -r 172.16.72.2 -g -w 1
    ~]# ipvsadm -ln
    IP Virtual Server version 1.2.1 (size=4096)
    Prot LocalAddress:Port Scheduler Flags
      -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
    FWM  15 wrr
      -> 172.16.72.2:0                Route   1      0          0         
      -> 172.16.72.3:0                Route   3      0          0 

3.客户端(CentOS 7.2D)测试
    ~]# for i in {1..10}; do curl http://172.16.72.254 ;done
    this is CentOS 7.2C for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    This is CentOS 7.2B for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    This is CentOS 7.2B for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    this is CentOS 7.2C for /var/www/html/
    this is CentOS 7.2C for /var/www/html/

lvs persistence:lvs的持久链接;
当客户端和RS创建链接时,会建立一个持久链接的模版;基于此模版实现不管使用任何调度算法,都会在一段时间内未来自于同一个源IP地址的请求始终调度至后端同一台RS上,只有第一次调度是根据算法来进行选择;后端

能够将持久连接理解为:带有时间限制的SH算法;

三种能够选择的持久链接的方案:
    1.每端口持久链接:仅在一段时间内,未来自于同一源IP地址的访问某一特定服务的请求调度转发至后端的同一台RS上;
        调度标准:VIP:PORT

    2.每客户端持久链接:仅在一段时间内,未来自于同一源IP地址的访问请求,统一调度至后端同一台RS上,更像是SH算法的应用;
        调度标准:VIP:0

    3.每防火墙标记持久链接:仅在一段时间内,将对于绑定在同一个FWM的全部请求,调度至后端同一台RS;
        调度标准;FWM

持久链接+防火墙标记:端口姻亲关系(Port Affinity)
    最多见的端口姻亲关系就是:80 + 443

1.作防火墙标记,在基于防御墙标记创建lvs集群服务并开启持久链接:
    ~]# iptables -t mangle -A PREROUTING -d 172.16.72.254 -p tcp --dport 80 -j MARK --set-mark 15
    或者
    ~]# iptables -t mangle -A PREROUTING -d 172.16.72.254 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 10

2.lvs集群定义方法:lvs-dr类型实现,添加持久链接时长:
    ~]# ipvsadm -A -f 15 -s wrr
    ~]# ipvsadm -a -f 15 -r 172.16.72.3 -g -w 3
    ~]# ipvsadm -a -f 15 -r 172.16.72.2 -g -w 1
    ~]# ipvsadm -E -f 15 -s wrr -p 30
        //30s的持久链接时长,不写-p后面的值默认360秒
    ~]# ipvsadm -ln
            IP Virtual Server version 1.2.1 (size=4096)
            Prot LocalAddress:Port Scheduler Flags
              -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
            FWM  15 wrr persistent 30
              -> 172.16.72.2:0                Route   1      0          0         
              -> 172.16.72.3:0                Route   3      0          0

3.客户端(CentOS 7.2D)测试
    首次测试:
        ~]# for i in {1..10}; do curl http://172.16.72.254 ;done
        This is CentOS 7.2B for /var/www/html/
        This is CentOS 7.2B for /var/www/html/
        This is CentOS 7.2B for /var/www/html/
        This is CentOS 7.2B for /var/www/html/
        This is CentOS 7.2B for /var/www/html/
        This is CentOS 7.2B for /var/www/html/
        This is CentOS 7.2B for /var/www/html/
        This is CentOS 7.2B for /var/www/html/
        This is CentOS 7.2B for /var/www/html/
        This is CentOS 7.2B for /var/www/html/
    等待一段时间事后测试:
        ~]# for i in {1..10}; do curl http://172.16.72.254 ;done
        this is CentOS 7.2C for /var/www/html/
        this is CentOS 7.2C for /var/www/html/
        this is CentOS 7.2C for /var/www/html/
        this is CentOS 7.2C for /var/www/html/
        this is CentOS 7.2C for /var/www/html/
        this is CentOS 7.2C for /var/www/html/
        this is CentOS 7.2C for /var/www/html/
        this is CentOS 7.2C for /var/www/html/
        this is CentOS 7.2C for /var/www/html/
        this is CentOS 7.2C for /var/www/html/
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程