一、lvs-dr类型:也称direct routing,简称为g(gatewaying);配置lvs-dr基于iptables mangle的实现方式
实验图:
地址规划:
VIP: 172.16.2.100
DIP: 172.16.2.13
RIP1:172.16.2.12
RIP2:172.16.2.14
配置步骤
(1)同步时间,以Director为时间服务器,RS以Director为时间服务器,同步时间
[root@Director ~]# date Sun Jun 21 13:24:02 CST 2015 [root@RS1 htdocs]# date Sun Jun 21 13:24:06 CST 2015 [root@RS2 html]# date Sun Jun 21 13:24:08 CST 2015
(2)修改RS的内核参数,禁止响应路由器查询VIP的arp请求
[root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce [root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce [root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce [root@RS2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce [root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@RS2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
(3)修改Director的防火墙规则,开启转发功能
[root@Director ~]# iptables -F;iptables -F -t nat [root@Director ~]# vim /etc/sysctl.conf net.ipv4.ip_forward = 1 [root@Director ~]# sysctl -p
(4)在Director、RS服务器上配置VIP地址
[root@Director ~]# ifconfig eth1:0 172.16.2.100 broadcast 172.16.2.100 netmask 255.255.255.255 [root@Director ~]# ifconfig eth1 Link encap:Ethernet HWaddr 00:0C:29:5A:4F:52 inet addr:172.16.2.13 Bcast:172.16.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe5a:4f52/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:34718 errors:0 dropped:0 overruns:0 frame:0 TX packets:12253 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:14209969 (13.5 MiB) TX bytes:1351338 (1.2 MiB) eth1:0 Link encap:Ethernet HWaddr 00:0C:29:5A:4F:52 inet addr:172.16.2.100 Bcast:172.16.2.100 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:80 errors:0 dropped:0 overruns:0 frame:0 TX packets:80 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:7266 (7.0 KiB) TX bytes:7266 (7.0 KiB)
[root@RS1 ~]# ifconfig lo:0 172.16.2.100 broadcast 172.16.2.100 netmask 255.255.255.255 [root@RS1 ~]# ifconfig eth1 Link encap:Ethernet HWaddr 00:0C:29:0E:C4:33 inet addr:172.16.2.12 Bcast:172.16.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe0e:c433/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9328 errors:0 dropped:0 overruns:0 frame:0 TX packets:3795 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8278339 (7.8 MiB) TX bytes:337391 (329.4 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:59 errors:0 dropped:0 overruns:0 frame:0 TX packets:59 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5699 (5.5 KiB) TX bytes:5699 (5.5 KiB) lo:0 Link encap:Local Loopback inet addr:172.16.2.100 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:16436 Metric:1
[root@RS2 ~]# ifconfig lo:0 172.16.2.100 broadcast 172.16.2.100 netmask 255.255.255.255 [root@RS2 ~]# ifconfig eth1 Link encap:Ethernet HWaddr 00:0C:29:F8:D4:92 inet addr:172.16.2.14 Bcast:172.16.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fef8:d492/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:161326 errors:0 dropped:0 overruns:0 frame:0 TX packets:132169 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:25610678 (24.4 MiB) TX bytes:16331857 (15.5 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:1935 errors:0 dropped:0 overruns:0 frame:0 TX packets:1935 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:197004 (192.3 KiB) TX bytes:197004 (192.3 KiB) lo:0 Link encap:Local Loopback inet addr:172.16.2.100 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:65536 Metric:1
(5)在Director、RS上添加去往172.16.2.100的主机路由(目的是RS构建响应报文的时候以VIP为源IP封装数据包)
[root@Director ~]# route add -host 172.16.2.100 dev eth1:0 [root@Director ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.2.100 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 172.16.2.1 0.0.0.0 UG 0 0 0 eth1
[root@RS1 ~]# route add -host 172.16.2.100 dev lo:0 [root@RS1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.2.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo 172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 172.16.2.1 0.0.0.0 UG 0 0 0 eth1
[root@RS2 ~]# route add -host 172.16.2.100 dev lo:0 [root@RS2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.2.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo 172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 172.16.2.1 0.0.0.0 UG 0 0 0 eth1
(6)在Director上利用iptables将http流量打标记
root@Director ~]# iptables -t mangle -A PREROUTING -d 172.16.2.100 -p tcp --dport 80 -j MARK --set-mark 6 [root@Director ~]# iptables -L -n -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK tcp -- 0.0.0.0/0 172.16.2.100 tcp dpt:80 MARK set 0x6
(7)在Director上创建基于防火墙标记的集群
[root@Director ~]# ipvsadm -A -f 6 -s rr
(8)在Director上创建的iptables防护墙标记集群添加RS
[root@Director ~]# ipvsadm -a -f 6 -r 172.16.2.12 -g -w 1 [root@Director ~]# ipvsadm -a -f 6 -r 172.16.2.14 -g -w 1 [root@Director ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 6 rr -> 172.16.2.12:0 Route 1 0 0 -> 172.16.2.14:0 Route 1 0 0
(9)打开浏览器,输入地址:http://172.16.2.100,刷新页面查看变化;
二、lvs的持久连接:
1)lvs的持久连接目的:
无论使用何种调度方法,持久连接都能保证在指定的时间段内,将来自同一个IP的请求始终定向至同一个RS
2)lvs的持久连接类型:
PCC: 每客户端持久连接
在持久连接时长内,来自同一个的CIP对VIP的请求,无论请求什么服务,都统统转发至第一次挑选出的RS;定义TCP或UDP集群服务时,其端口为0;
PPC: 每端口持久连接
单端口持久调度;分属于不同的端口,不会跨端口调度
PFM: 每FWM持久连接
单FWM调度;分属于不同的FWM,不会跨FWM调度
3)实现方法:只有在创建服务集群时添加-p选项,其他过程都与lvs-dr一样,没有变化
PCC实现方法:
[root@Director ~]# ipvsadm -A -t 172.16.2.100 -s rr -p 300 \\添加会话保持时间为300s,单位是秒
PPC实现方法:
[root@Director ~]# ipvsadm -A -t 172.16.2.100:80 -s rr -p 300
PFM实现方法:
[root@Director ~]# ipvsadm -A -f 6 -s rr -p 300
原创文章,作者:马行空,如若转载,请注明出处:http://www.178linux.com/5515
