Introduction to Load Balancing Clusters
Introduction to LVS
1.LVS NAT mode: (, target ip forwarding. Suitable for small clusters, the number of machines is not much about 10)
2.LVS IP Tunnel mode (change the target ip)
(The rs machines in this mode are all configured with a public network ip)
3.LVS DR mode (modify the MAC address of the packet)
NAT mode is suitable for small clusters with about 10 machines. Its advantage is to save the public network ip. IP TUNNEL and DR
The difference is not big, it can be used in a larger cluster mode, but each rs server must be configured with a public network ip, which will waste the public network ip and cost money.
LVS scheduling algorithm
The commonly used algorithms are the first four: rr, wrr, lc, wlc.
LVS NAT mode construction
Ready to work:
1. Prepare three machines (I cloned directly from the second one)
(1) Modify the ip of the third clone machine
Restart the service after modification:
(2) Modify the hostname of the clone set:
hostnamectl set-hostname cansheng3
2. Add one more network card to the distributor, also called the scheduler (abbreviated as dir) machine (133):
(Because ens37 has been configured before)
The network card of this ens37 is in host-only mode
At the same time, it can be seen that the subnet IP segment of this network card is 192.168.243.0
(1) So set ip for this ens37:
vim /etc/sysconfig/network-scripts/ifcfg-ens37
After the modification, restart the network service:
systemctl restart network
(2) Check whether the ip can be pinged: (test under the terminal of the window)
ping 192.168.243.144
3. Modify the two rs (real server) gateways (to be consistent with the intranet of the dir distributor)
vim /etc/sysconfig/network-scripts/ifcfg-ens33
! ! When the gateway of the two machines rs is modified to the ip of the dir intranet, they cannot access the Internet.
Restart the service and view the gateway after modification
systemctl restart network
route -n
4.三台机器上都执行执行
(1)systemctl stop firewalld;
systemc disable firewalld
(2)yum install -y iptables-services
(3)systemctl start iptables
(4)iptables -F;
(5)service iptables save
关闭selinux
vim /etc/selinux/config
(如果在使用yum下载的时候发现很慢,则先吧rpel改了名字再下载,需要用到rpel
再把名字改回来
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo1
)
开始 NAT模式搭建
1.只要在分发器dir上安装ipvsadm (实现lvs功能的重要工具)
yum install -y ipvsadm
2.在dir上编写脚本,vim /usr/local/sbin/lvs_nat.sh//内容如下
(写这个脚本是为了更快执行所需命令,不写则下列命令每行执行一次)
#! /bin/bash
# director 服务器上开启路由转发功能(对内核实现转发)
echo 1 > /proc/sys/net/ipv4/ip_forward
# 关闭icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
# 注意区分网卡名字,我的两个网卡分别为ens33和ens37(根据自己的网卡名设定)
echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects
# director 设置nat防火墙
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.136.0/24 -j MASQUERADE //实现让同网段的内网实现上网
# director设置ipvsadm
IPVSADM='/usr/sbin/ipvsadm'
$IPVSADM -C //清空ipvsadm规则
$IPVSADM -A -t 192.168.243.144:80 -s lc -p 3 //添加一个规则,并指定调度算法为lc ,-p指定超时时间(单位秒,建议不加)
$IPVSADM -a -t 192.168.243.144:80 -r 192.168.136.134:80 -m -w 1 //-m:表示NAT模式;-i:ip Tunnel;-g:DR模式-w:表示权重
$IPVSADM -a -t 192.168.243.144:80 -r 192.168.136.135:80 -m -w 1 //-a:添加rs;-t:TCP
(-p的设置会是请求在指定的时间内请求在同一台rs上)
写完脚本执行一下:
sh /usr/local/sbin/lvs_nat.sh
(执行脚本任何输出表示正确)
NAT模式效果测试
1. 两台rs上都安装nginx,并开启服务
2.设置两台rs的主页,做一个区分,也就是说直接curl两台rs的ip时,得到不同的结果
A:对rs1机器操作
> /usr/share/nginx/html/index.html (清空文件内容)
vim /usr/share/nginx/html/index.html
B:对rs2机器操作:
> /usr/share/nginx/html/index.html (清空文件内容)
vim /usr/share/nginx/html/index.html
3. 浏览器里访问192.168.243.144,多访问几次看结果差异
浏览器中输入公网ip
使用curl测试:curl 192.168.243.144
(可看出请求均衡在两台rs上)
使用命令 ipvadm -ln 可以看到相应的规则
DR模式搭建
(在生产环境中,使用较多的是DR模式,但是使用公网ip资源大。
在生产中也可以搭建一个内网,使用一个公网ip,映射到公网的VIP上,从而减少公网资金支出
)
准备工作
把上面实验的两台rs的网关修改回来
DR模式搭建
1.dir上编写脚本 vim /usr/local/sbin/lvs_dr.sh //内容如下
#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ipv=/usr/sbin/ipvsadm
vip=192.168.136.200
rs1=192.168.136.134
rs2=192.168.136.135
#注意这里的网卡名字
ifdown ens33
ifup ens33
ifconfig ens33:2 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev ens33:2
$ipv -C
$ipv -A -t $vip:80 -s wrr
$ipv -a -t $vip:80 -r $rs1:80 -g -w 1
$ipv -a -t $vip:80 -r $rs2:80 -g -w 1
执行脚本:sh /usr/local/sbin/lvs_dr.sh
(这个提示是正常的。因为我们执行了ifdown 和ifup)
2.两台rs上也编写脚本 vim /usr/local/sbin/lvs_rs.sh//内容如下
#/bin/bash
vip=192.168.136.200
#把vip绑定在lo上,是为了实现rs直接把结果返回给客户端
ifdown lo
ifup lo
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip lo:0
#以下操作为更改arp内核参数,目的是为了让rs顺利发送mac地址给客户端
#参考文档www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
两台rs都执行脚本: sh /usr/local/sbin/lvs_rs.sh
检测VIP
ip addr
3.测试:
测试最好是用另外一台不同ip网段的虚拟机测试最好。
(当我们的访问量很大时,自然起到均衡的作用。)
keepalived+ lvs
(在LVS架构中,NAT和DR模式,当后端的RS宕机时,调度器依然会把请求转发到宕机的RS上。使用keepalived可以解决此问题,keepalived能实现高可用和负载均衡)
一般的情况下,使用这个keepalived做负载均衡,首先就是要做高可用再做负载均衡
所以最少要准备四台机器:两台做keepalived,两台作为真实机器
(本次实验用三台机器
dir(安装keepalived)136.133
rs1 136.134
rs2 133.135
vip 133.200
)
步骤
(在实验之前,我们甚至是不需要使用ipvsadm 即可ipvsadm -c 卸载)
1. 编辑keepalived配置文件:
vim /etc/keepalived/keepalived.conf (先把之前内容清空)
/内容请到https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D21Z/lvs_keepalived.conf 获取
内容:
vrrp_instance VI_1 {
#备用服务器上为 BACKUP
state MASTER
#绑定vip的网卡为ens33,你的网卡和阿铭的可能不一样,这里需要你改一下
interface ens33
virtual_router_id 51
#备用服务器上为90
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux
}
virtual_ipaddress { #虚拟ip:VIP
192.168.136.200
}
}
virtual_server 192.168.136.200 80 { #端口根据具体监控的端口确定
#(每隔10秒查询realserver状态)
delay_loop 10
#(lvs 算法)
lb_algo wlc
#(DR模式)
lb_kind DR
#(同一IP的连接60秒内被分配到同一台realserver)
persistence_timeout 60
#(用TCP协议检查realserver状态)
protocol TCP
real_server 192.168.136.134 80 {
#(权重)
weight 100
TCP_CHECK {
#(10秒无响应超时)
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.136.135 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
添加完内容后: 启动keepalived服务
systemctl start keepalived
2.其他两台真实机器rs的nginx服务要启动起来
systemctl start nginx
同时也要把之前的vip清空掉:systemctl restart network
3.使用 ipvsadm -ln :可以查看到设定的VIP和两台rs机器
此时我们尝试着把气筒一台或两台rs机器的nginx服务停止,可以发现
keepalived会把宕机的rs机器踢出,这样就可以保证到,当rs真实服务器
宕机后,请求不在发送到其上。
(1)停掉rs1机器后的效果:
(2)把两台的rs机器都停了
当我们把rs机器再次启动的时候,keepalived会自动的把负载的机器添加回来
!!!!使用keepalived+LVS DR需要注意的事项.
(1)两台rs上,依然要执行/usr/local/sbin/lvs_rs.sh脚本
两台rs上也编写脚本 vim /usr/local/sbin/lvs_rs.sh//内容如下
#/bin/bash
vip=192.168.136.200
#把vip绑定在lo上,是为了实现rs直接把结果返回给客户端
ifdown lo
ifup lo
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up //命令行下添加ip。临时添加,重启失去
route add -host $vip lo:0
#以下操作为更改arp内核参数,目的是为了让rs顺利发送mac地址给客户端
#Reference documentwww.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
Execute these scripts on dir and on both rs respectively
(2) need to be executed in the dir distributor
Execute: echo 1 >/proc/sys/net/ipv4/ip_forward
Browser test: