lvs+keepalived
2020-05-02 本文已影响0人
jamas
lvs四种集群特点及使用场景
-
lvs-nat(net adress translation)
类似于DNAT,但支持多目标转发。通过修改请求报文的目标地址为根据调度算法所挑选出的某RS的RIP来进行转发;
架构特性:
1)RS应该使用私有地址,即RIP应该为私有地址:各RS的网关必须指向DIP;
2)请求和响应报文都经由director转发:高负载场景中,dircetor可能成为瓶颈;
3)支持端口映射;
4)RS可以使用任意OS;
5)RS的RIP必须与director的DIP在同一网络; -
lvs-dr(direct route)
director在实现转发时不修改请求的ip首部,而是通过直接封装MAC首部完成转发:目标MAC是Dircetor根据调度算法挑选出某RS的MAC地址,此类型中,RS也有同Director一样的VIP。
架构特点:
1)通过静态绑定或内核参数修改或arptables规则实现只有Director上的VIP响应服务请求,RS上的VIP拒绝响应服务请求;
2)RS上的RIP可以是私有地址,也可以是公网地址;
3)请求报文必须经过Director调度,响应报文直接由RS通过VIP返回给用户;
4)各RIP必须与DIP在同一网络中;
5)不支持端口映射;
6)RS可以使用大多数的OS;
7)RS的网关一定不能指向Director; -
lvs-tun(Tunnel transmission)
隧道传输ipip:不修改请求报文ip首部,而是通过ip隧道机制在原有的ip报文之外在封装ip首部,经由互联网把请求报文交给选定的rs;
架构特性:
1)RIP,DIP,VIP都是公网地址;
2)RS的网关不能,也不可能指向DIP;
3)请求报文由Director分发,但响应报文直接由RS响应给Client;
4)不支持端口映射;
5)RS的OS必须得支持IP隧道,现在只有linux系统支持,windows,bsfdb等不支持; -
lvs-fullnat(双向转换)
通过请求报文的源地址为DIP,目标为RIP来实现转发:对于响应报文而言,修改源地址为VIP,目标地址为CIP来实现转发:
架构特点:这是一种对nat模型的改进,是一个扩展,使得RS与Director可以处于不同网络。
1)RIP,DIP可以使用私有地址;
2)RIP和DIP可以不再同一个网络中,且RIP的网关未必需要指向DIP;
3)支持端口映射;
4)RS的OS可以使用任意类型;
5)请求报文经由Director,响应报文也经由Director;
LVS-DR工作原理,并配置实现。
-
DR架构
lvs-dr.PNG
其原理是数据包在director上被二层重写成被调度的RS的mac。
因所有RS上都配有相同VIP,故所有RS上都需要关闭ARP相应及通告。
-
实验拓扑:
lvs.jpg
- VS配置:
编写脚本lvs_dr_vs.sh
#!/bin/bash
#
vip='172.16.2.200' #设置VIP
iface='lo:1' #VIP绑定网卡label
mask='255.255.255.255' #掩码
port='80' #端口
rs1='172.16.2.135' #设置rip
rs2='172.16.2.136'
scheduler='rr' #调度算法
type='-g' #集群类型
rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/null #安装ipvsadm工具
case $1 in
start)
#添加VIP
ifconfig $iface $vip netmask $mask #broadcast $vip up
#清空防火墙
iptables -F
#添加ipvs规则
ipvsadm -A -t ${vip}:${port} -s $scheduler
ipvsadm -a -t ${vip}:${port} -r ${rs1} $type
ipvsadm -a -t ${vip}:${port} -r ${rs2} $type
echo "The VS Server is Ready!"
;;
stop)
# 清空ipvs规则
ipvsadm -C
ifconfig $iface down
echo "The VS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
启动脚本
[root@node1 ~]# bash lvs_dr_vs.sh start
- RS配置:
编写脚本lvs_dr_rs.sh
#!/bin/bash
vip=172.16.2.200 #设置VIP
mask='255.255.255.255' #掩码
dev=lo:1 #VIP绑定网卡label
#安装httpd服务并启动
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
#生成index文件
echo "<h1>172.16.2.136</h1>" > /var/www/html/index.html
case $1 in
start)
#关闭ARP相应
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#添加VIP
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
#还原配置
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
启动脚本
[root@centos8-node1 ~]# bash lvs_dr_rs.sh start
- 测试:
[root@centos6 ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:21:75:ba brd ff:ff:ff:ff:ff:ff
inet 172.16.98.200/24 brd 172.16.98.255 scope global eth0
inet6 fe80::20c:29ff:fe21:75ba/64 scope link
valid_lft forever preferred_lft forever
[root@centos6 ~]# while true;do curl 172.16.2.200;sleep 0.5;done
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
LVS+Keepalived高可用
-
实验拓扑:
keepalived.jpg
-
RS端:
使用RS脚本:
#!/bin/bash
vip=172.16.2.200
mask='255.255.255.255'
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
echo "<h1>172.16.2.135</h1>" > /var/www/html/index.html
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
- keepalived服务配置:(以MASTER端为例)
安装keepalived服务
[root@node1 ~]# yum install -y keepalived
配置sorry server
[root@node1 ~]# yum install -y httpd
[root@node1 ~]# echo sorry server > /var/www/html/index.html
[root@node1 ~]# systemctl start httpd
编辑keepalived配置文件
[root@node1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { #全局通用配置
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1 #邮件服务器IP
smtp_connect_timeout 30 #邮件发送超时时间
router_id node1 #本机id标识 BACKUP应为其id
#vrrp_strict #此设置应注销,否则会添加iptables规则使主机无法通行
vrrp_skip_check_adv_addr
rrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 239.1.1.1 # vrrp组播侦听地址,默认为224.0.0.18
}
vrrp_instance VI_1 { #配置vrrp实例
state MASTER #设置主从 从服务器应为BACKUP
interface ens160 #使用的网卡名称
virtual_router_id 66 #识别同一个虚拟路由,一个实例内服务器应相同
priority 100 #优先级,MASTER比BACKUP
advert_int 1
authentication { #配置认证
auth_type PASS
auth_pass 6666
}
virtual_ipaddress { #虚拟IP
172.16.2.200/24
}
}
virtual_server 172.16.2.200 80 { #VS配置
delay_loop 3
lb_algo rr #定义调度算法
lb_kind DR #集群类型
#persistence_timeout 50 #持久连接,为实验效果已注释
protocol TCP #服务协议
real_server 172.16.2.135 80 { #配置RS
weight 1
HTTP_GET { #健康检测
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.2.136 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
启动服务
[root@node1 ~]# systemctl start keepalived
- 验证:
查看MASTER节点IP
[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:db:0a:d3 brd ff:ff:ff:ff:ff:ff
inet 172.16.2.131/24 brd 172.16.2.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 172.16.2.200/24 scope global secondary ens160 #VIP上线
valid_lft forever preferred_lft forever
inet6 fe80::52b4:adde:49fc:1544/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::8e34:700b:215e:e13c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
查看ipvs规则
[root@node1 ~]# ipvsadm -Ln #ipvs规则已生成
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.2.200:80 rr
-> 172.16.2.135:80 Route 1 0 0
-> 172.16.2.136:80 Route 1 0 0
尝试关闭MASTER节点keepalived服务,验证VIP是否漂移至BACKUP节点
[root@node1 ~]# systemctl stop keepalived
[root@node2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:c9:0a:a2 brd ff:ff:ff:ff:ff:ff
inet 172.16.2.132/24 brd 172.16.2.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 172.16.2.200/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::52b4:adde:49fc:1544/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@node2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.2.200:80 rr
-> 172.16.2.135:80 Route 1 0 0
-> 172.16.2.136:80 Route 1 0 0
- client端测试:
keepalived主从节点切换,业务流量未端
[root@centos6 ~]# while true;do curl 172.16.2.200 ;sleep 0.5;done
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
<h1>172.16.2.136</h1>
<h1>172.16.2.135</h1>
