LVS
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LVS相关的知识,希望对你有一定的参考价值。
- 安装
yum install popt popt-devel libnl libnl-devel kernel-headers kernel-devel openssl openssl-devel
rpm -ivh popt-static-1.13-7.el6.x86_64.rpm
tar zxvf ipvsadm-1.26.tar.gz
cd ipvsadm-1.26
make
make install
tar zxvf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure --prefix=/usr/local/keepalived
make
make install
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/keepalived
- 配置
global_defs {
router_id LVS
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.10.1.50
}
}
virtual_server 10.10.1.50 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 7200
protocol TCP
real_server 10.10.1.53 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.10.1.54 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}}
-
real_server上需要执行脚本启动VIP
#!/bin/bash
SNS_VIP=10.10.1.50
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP up
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0 - 其他注意点
① real_server上需要开启IP转发
sed -i ‘s/net.ipv4.ip_forward = 1/net.ipv4.ip_forward = 0/g‘ /etc/sysctl.conf
sysctl -p
② vrrp防火墙设置
-A INPUT -d 224.0.0.18 -j ACCEPT
-
lvs长链接的优化
① 查看是ipvsadm --list --timeout, 比如我的机器就会返回如下结果:
Timeout (tcp tcpfin udp): 7200 5 60
这就表明我的tcp session的timeout时间是7200秒。
设置timeout:
ipvsadm --set 7200 5 60
这个值如果设置太小,你的client将会收到 connection reset by peer此类的错误提示。
② keepalived的配置:
就是virtual_server的persistence_timeout ,意思就是在这个一定时间内会讲来自同一用户(根据ip来判断的)route到同一个real
server。对于长连接类的应用,你肯定需要这么做。配置值最好跟lvs的配置的timeout一致。 - 命令行模式(不安装keepalived)
添加记录
ipvsadm -A -t 10.66.10.200:80 -s rr -p 60
添加真实主机
ipvsadm -a -t 10.66.10.200:80 -r 10.66.10.197:80 -g
ipvsadm -a -t 10.66.10.200:80 -r 10.66.10.198:80 -g
删除真实主机
ipvsadm -d -t 10.66.10.200:80 -r 10.66.10.198:80
删除记录
ipvsadm -D -t 10.66.10.200:80
以上是关于LVS的主要内容,如果未能解决你的问题,请参考以下文章