1. 对比 LVS 负载均衡集群的 NAT 模式和 DR 模式,比较其各自的优势 。
NAT:集群中的物理服务器可以使用任何支持TCP/IP操作系统,物理服务器可以分配Internet的保留私有地址,只有负载均衡器需要一个合法的IP地址。
DR:DR模式直接由后备服务器把数据返回给客户端,不需要逆向发送数据包,此时lvs只有一个职责就是专注做调度,效率很高
2. 构建 LVS-DR 集群时,在调度器与节点服务器中的/proc 参数调整有何区别?
3. 基于 CentOS 7 构建 LVS-DR 群集。
环境:
LB(负载调度器):192.168.159.133? ? ? ? ? ? VIP:192.168.159.140
RS1:192.168.159.136
RS2:192.168.159.138
负载调度器端配置
1)、在负载调度器上?配置LVS,VIP的IP地址
[root@localhost ~]# nmcli con mod ens33 ipv4.address 192.168.159.140/24
[root@localhost ~]# nmcli con up ens33
[root@localhost ~]# ip a
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:39:0d:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.159.133/24 brd 192.168.159.255 scope global noprefixroute dynamic ens33
valid_lft 1792sec preferred_lft 1792sec
inet 192.168.159.140/24 brd 192.168.159.255 scope global secondary noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::c99b:165d:97c2:8424/64 scope link noprefixroute
valid_lft forever preferred_lft forever
?2)、安装ipvsadm软件
[root@localhost ~]# yum install ipvsadm -y3)、?手工执行配置添加LVS服务并增加两台RS
[root@localhost ~]# ipvsadm -A -t 192.168.159.140:80 -s rr //添加一个虚拟服务使用轮询算法
[root@localhost ~]# ipvsadm -a -t 192.168.159.140:80 -r 192.168.159.136:80
[root@localhost ~]# ipvsadm -a -t 192.168.159.140:80 -r 192.168.159.138:80
4)、查看配置情况
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.150.140:80 rr
-> 192.168.159.136:80 Route 1 0 0
-> 192.168.159.138:80 Route 1 0 0
手工在RS终端端绑定VIP
记住是在输入终端,不要在xshell上,否则会出现断开连不上的情况
##RS1
[root@localhost ~]# ifconfig lo:100 192.168.159.140 netmask 255.255.255.255
[root@localhost ~]# route add -host 192.168.159.140 dev lo //添加本机访问VIP的路由
##RS2
[root@localhost ~]# ifconfig lo:100 192.168.159.140 netmask 255.255.255.255
[root@localhost ~]# route add -host 192.168.159.140 dev lo //添加本机访问VIP的路由
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.159.140/32 scope global lo:100
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
手工在RS端抑制ARP响应
每台
real server
端执行相同命令
调整内核参数,关闭
arp
响应
[root@localhost ~]# echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@localhost ~]# echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@localhost ~]# echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@localhost ~]# echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
新开一台虚拟机测试
此前在两台RS上,web服务静态网页已经配好
[root@localhost ~]# for((i=1;i<=6;i++)); do curl 192.168.159.140; done
web1 test ip:192.168.159.136
web2 test2 ip:192.168.159.138
web1 test ip:192.168.159.136
web2 test2 ip:192.168.159.138
web1 test ip:192.168.159.136
web2 test2 ip:192.168.159.138
?负载调度器端查看
[root@localhost ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP localhost.localdomain:http rr
-> 192.168.159.136:http Route 1 0 6
-> 192.168.159.138:http Route 1 0 6
4. 基于 CentOS 7 构建 LVS-NAT 群集。
环境:
服务端DS:有两张网卡,开启路由转发功能?
内网地址:192.168.159.133 外网地址:192.168.184.133
RS:网关指向DR的内网口 191.168.159.136? 192.168.159.138
测试机:仅主机模式,模拟外网作为测试? 192.168.184.
1)、 添加一块儿网卡,选择仅主机模拟外网
2)、准备一台仅主机模式的虚拟机从当外网测试机
?
3)、将两台RS的网关指向服务端DS的内网地址
[root@rs1 ~]# nmcli con mod ens33 ipv4.gateway 192.168.159.133
[root@rs1 ~]# nmcli con up ens33
[root@rs2 ~]# nmcli con mod ens33 ipv4.gateway 192.168.159.133
[root@rs2 ~]# nmcli con up ens33
4)服务端DS开启路有转发
[root@localhost ~]# sysctl -w net.ipv4.ip_forward=1 >> /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
5)、添加ipvsadm TCP集群(使用外网IP)
A添加 -t:指定虚拟ip -s:指定轮询
[root@localhost ~]# ipvsadm -A -t 192.168.184.133:80 -s rr
6)、添加ipvsadm节点
[root@localhost ~]# ipvsadm -a -t 192.168.184.133:80 -r 192.168.159.136:80 -m
[root@localhost ~]# ipvsadm -a -t 192.168.184.133:80 -r 192.168.159.138:80 -m
查看
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.184.133:80 rr
-> 192.168.159.136:80 Masq 1 0 0
-> 192.168.159.138:80 Masq 1 0 0 测试机测试
[root@localhost ~]# for((i=1;i<=6;i++)); do curl 192.168.184.133; done
web1 test ip:192.168.159.136
web2 test2 ip:192.168.159.138
web1 test ip:192.168.159.136
web2 test2 ip:192.168.159.138
web1 test ip:192.168.159.136
web2 test2 ip:192.168.159.138
[root@localhost ~]# ipvsadm -lnc //DS查看
IPVS connection entries
pro expire state source virtual destination
TCP 00:00 TIME_WAIT 192.168.184.136:58494 192.168.184.133:80 192.168.159.138:80
TCP 01:42 TIME_WAIT 192.168.184.136:58500 192.168.184.133:80 192.168.159.136:80
TCP 01:41 TIME_WAIT 192.168.184.136:58496 192.168.184.133:80 192.168.159.136:80
TCP 01:42 TIME_WAIT 192.168.184.136:58498 192.168.184.133:80 192.168.159.138:80
TCP 01:42 TIME_WAIT 192.168.184.136:58506 192.168.184.133:80 192.168.159.138:80
TCP 01:42 TIME_WAIT 192.168.184.136:58502 192.168.184.133:80 192.168.159.138:80
TCP 01:42 TIME_WAIT 192.168.184.136:58504 192.168.184.133:80 192.168.159.136:80