LVS-DR+keepalive做高可用,实现负载均衡(主备模式)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LVS-DR+keepalive做高可用,实现负载均衡(主备模式)相关的知识,希望对你有一定的参考价值。
LVS:
LVS是Linux Virtual Server的简写,意即Linux虚拟服务器,是一个虚拟的服务器集群系统。
LVS集群采用IP负载均衡技术和基于内容请求分发技术。调度器具有很好的吞吐率,将请求均衡地转
移到不同的服务器上执行,且调度器自动屏蔽掉服务器的故障,从而将一组服务器构成一个高性能的、
高可用的虚拟服务器。整个服务器集群的结构对客户是透明的,而且无需修改客户端和服务器端的程
序。为此,在设计时需要考虑系统的透明性、可伸缩性、高可用性和易管理性。
其中,LVS有三种工作模式:
1、NAT模式(VS-NAT)
把客户端发来的数据包的IP头的目的地址,在负载均衡器上换成其中一台RS的IP地址,并发至此RS
来处理,RS处理完成后把数据交给经过负载均衡器,负载均衡器再把数据包的原IP地址改为自己的IP,将
目的地址改为客户端IP地址即可期间,无论是进来的流量,还是出去的流量,都必须经过负载均衡器
2、IP隧道模式(VS-TUN)
由于互联网上的大多Internet服务的请求包很短小,而应答包通常很大,所以,隧道模式就是把客
户端发来的数据包,封装一个新的IP头标记(仅目的IP)发给RS,RS收到后,先把数据包的头解开,还原数据
包,处理后,直接返回给客户端,不需要再经过负载均衡器注意,由于RS需要对负载均衡器发过来的数据包
进行还原,所以必须支持IPTUNNEL协议,因此在RS的内核中,必须要编译IPTUNNEL这个选项。
3、直接路由模式(VS-DR)
负载均衡器和RS都使用同一个IP对外服务但只有DR对ARP请求进行响应,所有RS对本身这个IP的ARP
请求保持静默也就是说,网关会把对这个服务IP的请求全部定向给DR,而DR收到数据包后根据调度算法,
找出对应的RS,把目的MAC地址改为RS的MAC(因为IP一致)并将请求分发给这台RS这时RS收到这个数据
包,处理完成之后,由于IP一致,可以直接将数据返给客户,则等于直接从客户端收到这个数据包无异,
处理后直接返回给客户端由于负载均衡器要对二层包头进行改换,所以负载均衡器和RS之间必须在一个
广播域,也可以简单的理解为在同一台交换机上
keepalive:
简单一点来说,keepalive就是一个在TCP中可以检测死连接的机制。
搭建环境(CentOS 7)
拓扑图如下:
说明:
| 主机 | ip | 角色 | |
| LVS-1 | 10.0.0.11 | LVS-DR+keepalive (LVS主调度器) |
vip:10.0.0.100 |
| LVS-2 | 10.0.0.12 | LVS-DR+keepalive (LVS从调度器) | |
| web-1 | 10.0.0.13 | web服务器 | |
| web-2 | 10.0.0.14 | web服务器 |
配置实验环境:
1、先分别给各台主机配好ip,关闭SELinux,在这里我把防火墙也关闭了,为防止时间不同步,我们也
可以同步一下时间。
##同步时间:
yum install -y ntpdate crontab -e * * * * * ntpdate -u 0.pool.ntp.org >> /dev/null
接下来就是开始安装和配置服务了。
2、作为web服务器的两台主机,我用yum的方式装Apache作为web服务器,这里就不写配置httpd服务的具体过程了(两台机的配置都是一样的)。
##开启路由转发。
echo "1">/proc/sys/net/ipv4/ip_forward
##绑定VIP(如果不想每次重启失效,可以选择写进网卡里)
ifconfig ens33:0 10.0.0.100 broadcast 10.0.0.100 netmask 255.255.255.255 up
##添加发送数据包到vip的路由
route add -host 10.0.0.100 dev ens33:0
##抑制ARP请求
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
到此web服务器就已经配置完毕了,接下来就是配置LVS调度器了。
3、LVS调度器的配置
两台LVS调度器除了keepalive配置文件和ip地址不一样之外,其他配置都是一样的。
##开启路由转发。
echo "1">/proc/sys/net/ipv4/ip_forward
##安装相关软件包
yum install -y keepalived ipvsadm
##配置keepalive(因为keepalived是为了lvs而生的,所以我们可以直接用keepalived直接配置lvs
的DR模型)
##主LVS调度器的keepalive配置文件 [[email protected] ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { ##全局设置 notification_email { ##设置报警邮件地址 [email protected] } notification_email_from [email protected] ##设置邮件的发送地址 smtp_server localhost smtp_connect_timeout 30 router_id LVS-1 ##表示该台服务的ID } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 ##master和backup的id一致 priority 150 ##优先级,master的一定比backup的高 advert_int 1 ##master和backup之间的检测时间 authentication { auth_type PASS ##认证方式 auth_pass 123456 ##认证密码 } virtual_ipaddress { 10.0.0.100 ##设置vip } } virtual_server 10.0.0.100 80 { delay_loop 6 ##设置运行情况检查时间,单位是秒 lb_algo rr ##负载算法,这里是rr表示轮询 lb_kind DR ##定义模式,这里是Direct route persistence_timeout 0 ##会话保存时长(秒),0表示不使用stickyness会话 protocol TCP sorry_server 127.0.0.1 80 ##假如后端服务器都不能使用了,则访问本机的80端口 real_server 10.0.0.13 80 { weight 1 HTTP_GET { ##以http模式检查该服务器监控状态 url { path /index.html ##检测的网页路径 } connect_timeout 3 ##连接超时时间 nb_get_retry 3 ##重试次数 delay_before_retry 3 ##每次重试前等待延迟时间 } } real_server 10.0.0.14 80 { weight 1 HTTP_GET { url { path /index.html } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
##从LVS调度器的keepalive配置文件 [[email protected] ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { ##全局设置 notification_email { ##设置报警邮件地址 [email protected] } notification_email_from [email protected] ##设置邮件的发送地址 #smtp_server localhost #smtp_connect_timeout 30 router_id LVS-2 ##表示该台服务的ID } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 ##master和backup的id一致 priority 100 ##优先级,master的一定比backup的高 advert_int 1 ##master和backup之间的检测时间 authentication { auth_type PASS ##认证方式 auth_pass 123456 ##认证密码 } virtual_ipaddress { 10.0.0.100 ##设置vip } } virtual_server 10.0.0.100 80 { delay_loop 6 ##设置运行情况检查时间,单位是秒 lb_algo rr ##负载算法,这里是rr表示轮询 lb_kind DR ##定义模式,这里是Direct route persistence_timeout 0 ##会话保存时长(秒),0表示不使用stickyness会话 protocol TCP sorry_server 127.0.0.1 80 ##假如后端服务器都不能使用了,则访问本机的80端口 real_server 10.0.0.13 80 { weight 1 HTTP_GET { ##以http模式检查该服务器监控状态 url { path /index.html ##检测的网页路径 } connect_timeout 3 ##连接超时时间 nb_get_retry 3 ##重试次数 delay_before_retry 3 ##每次重试前等待延迟时间 } } real_server 10.0.0.14 80 { weight 1 HTTP_GET { url { path /index.html } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
注:如果要配置非抢占模式,则两个都为BACKUP: state BACKUP nopreempt ##这一句一定要加上去
4、启动keepalive服务,由于主调度器的优先级比从调度器的要高,所以vip在主机LVS-1上。
主机LVS-1(主LVS调度器)
[[email protected] ~]# systemctl restart keepalived
[[email protected] ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2017-10-25 23:09:44 CST; 6s ago
Process: 1173 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1174 (keepalived)
CGroup: /system.slice/keepalived.service
├─1174 /usr/sbin/keepalived -D
├─1175 /usr/sbin/keepalived -D
└─1176 /usr/sbin/keepalived -D
Oct 25 23:09:46 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:46 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:46 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:46 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
[[email protected] ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:1d:7a:63 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link
valid_lft forever preferred_lft forever
主机LVS-2(从LVS调度器)
[[email protected] ~]# systemctl restart keepalived
[[email protected] ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2017-10-25 23:13:46 CST; 2s ago
Process: 1189 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1190 (keepalived)
CGroup: /system.slice/keepalived.service
├─1190 /usr/sbin/keepalived -D
├─1191 /usr/sbin/keepalived -D
└─1192 /usr/sbin/keepalived -D
Oct 25 23:13:46 lvs-2 Keepalived_healthcheckers[1191]: Activating healthchecker for service [10.0.0.100]:80
Oct 25 23:13:46 lvs-2 Keepalived_healthcheckers[1191]: Activating healthchecker for service [10.0.0.100]:80
Oct 25 23:13:46 lvs-2 Keepalived_vrrp[1192]: Registering Kernel netlink reflector
Oct 25 23:13:46 lvs-2 Keepalived_vrrp[1192]: Registering Kernel netlink command channel
Oct 25 23:13:46 lvs-2 Keepalived_vrrp[1192]: Registering gratuitous ARP shared channel
Oct 25 23:13:46 lvs-2 Keepalived_vrrp[1192]: Opening file ‘/etc/keepalived/keepalived.conf‘.
Oct 25 23:13:46 lvs-2 Keepalived_vrrp[1192]: VRRP_Instance(VI_1) removing protocol VIPs.
Oct 25 23:13:46 lvs-2 Keepalived_vrrp[1192]: Using LinkWatch kernel netlink reflector...
Oct 25 23:13:46 lvs-2 Keepalived_vrrp[1192]: VRRP_Instance(VI_1) Entering BACKUP STATE
Oct 25 23:13:46 lvs-2 Keepalived_vrrp[1192]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
[[email protected] ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:76:bf:48 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8ec5:50ac:d71:20d7/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
5、正常访问web网页测试
在这里我另外开了一台虚拟机用来做访问web服务的,当两台LVS调度器都正常的时候,能够正常访
问到web页面
[[email protected] ~]# curl 10.0.0.100 It is web1 [[email protected] ~]# curl 10.0.0.100 It is web2 [[email protected] ~]# curl 10.0.0.100 It is web1 [[email protected] ~]# curl 10.0.0.100 It is web2 [[email protected] ~]# curl 10.0.0.100 It is web1 [[email protected] ~]# curl 10.0.0.100 It is web2
6、当把主LVS调度器(即主机LVS-1)的keepalive服务停掉了之后,我们可以看到vip飘到了从调度器
(主机LVS-2)上去了。
从LVS调度器(主机LVS-2)
[[email protected] ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2017-10-25 23:13:46 CST; 13min ago
Process: 1189 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1190 (keepalived)
CGroup: /system.slice/keepalived.service
├─1190 /usr/sbin/keepalived -D
├─1191 /usr/sbin/keepalived -D
└─1192 /usr/sbin/keepalived -D
Oct 25 23:27:10 lvs-2 Keepalived_vrrp[1192]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:27:10 lvs-2 Keepalived_vrrp[1192]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:27:10 lvs-2 Keepalived_vrrp[1192]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:27:10 lvs-2 Keepalived_vrrp[1192]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:27:15 lvs-2 Keepalived_vrrp[1192]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:27:15 lvs-2 Keepalived_vrrp[1192]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.100
Oct 25 23:27:15 lvs-2 Keepalived_vrrp[1192]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:27:15 lvs-2 Keepalived_vrrp[1192]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:27:15 lvs-2 Keepalived_vrrp[1192]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:27:15 lvs-2 Keepalived_vrrp[1192]: Sending gratuitous ARP on ens33 for 10.0.0.100
[[email protected] ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:76:bf:48 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8ec5:50ac:d71:20d7/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
主LVS调度器(主机LVS-1)
[[email protected] ~]# systemctl stop keepalived
[[email protected] ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:09:51 lvs-1 Keepalived_vrrp[1176]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 25 23:27:09 lvs-1 Keepalived[1174]: Stopping
Oct 25 23:27:09 lvs-1 systemd[1]: Stopping LVS and VRRP High Availability Monitor...
Oct 25 23:27:09 lvs-1 Keepalived_vrrp[1176]: VRRP_Instance(VI_1) sent 0 priority
Oct 25 23:27:09 lvs-1 Keepalived_vrrp[1176]: VRRP_Instance(VI_1) removing protocol VIPs.
Oct 25 23:27:10 lvs-1 systemd[1]: Stopped LVS and VRRP High Availability Monitor.
[[email protected] ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:1d:7a:63 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link
valid_lft forever preferred_lft forever
当vip从主调度器飘到从调度器上时,还能正常访问web页面
[[email protected] ~]# curl 10.0.0.100 It is web1 [[email protected] ~]# curl 10.0.0.100 It is web2 [[email protected] ~]# curl 10.0.0.100 It is web1 [[email protected] ~]# curl 10.0.0.100 It is web2 [[email protected] ~]# curl 10.0.0.100 It is web1 [[email protected] ~]# curl 10.0.0.100 It is web2
这次有关LVS-DR+keepalive做高可用,实现负载均衡的实验就写到这了,如果有写得不好的地方请
见谅。。。
本文出自 “YuQuan” 博客,请务必保留此出处http://3381847248.blog.51cto.com/13408601/1976219
以上是关于LVS-DR+keepalive做高可用,实现负载均衡(主备模式)的主要内容,如果未能解决你的问题,请参考以下文章
LVS-NAT与LVS-DR群集+keepalive部署(含LVS+Keepalived+ipvsadm理论概述)