LVS负载均衡机制:
LVS工作在网络层。相对于其它负载均衡的解决办法,比如DNS域名轮流解析、应用层负载的调度、客户端的调度等,它的效率是非常高的。LVS的通过控制IP来实现负载均衡。IPVS是其具体的实现模块。IPVS的主要作用:安装在Director Server上面,在Director Server虚拟一个对外访问的IP(VIP)。用户访问VIP,到达Director Server,Director Server根据一定的规则选择一个Real Server,处理完成后然后返回给客户端数据。这些步骤产生了一些具体的问题,比如如何选择具体的Real Server,Real Server如果返回给客户端数据等等。IPVS为此有三种机制:
1.VS/NAT(Virtual Server via Network Address Translation),即网络地址翻转技术实现虚拟服务器。当请求来到时,Diretor server上处理的程序将数据报文中的目标地址(即虚拟IP地址)改成具体的某台Real Server,端口也改成Real Server的端口,然后把报文发给Real Server。Real Server处理完数据后,需要返回给Diretor Server,然后Diretor server将数据包中的源地址和源端口改成VIP的地址和端口,最后把数据发送出去。由此可以看出,用户的请求和返回都要经过Diretor Server,如果数据过多,Diretor Server肯定会不堪重负。
2.VS/TUN(Virtual Server via IP Tunneling),即IP隧道技术实现虚拟服务器。它跟VS/NAT基本一样,但是Real server是直接返回数据给客户端,不需要经过Diretor server,这大大降低了Diretor server的压力。
3.VS/DR(Virtual Server via Direct Routing),即用直接路由技术实现虚拟服务器。跟前面两种方式,它的报文转发方法有所不同,VS/DR通过改写请求报文的MAC地址,将请求发送到Real Server,而Real Server将响应直接返回给客户,免去了VS/TUN中的IP隧道开销。这种方式是三种负载调度机制中性能最高最好的,但是必须要求Director Server与Real Server都有一块网卡连在同一物理网段上
//环境介绍
#VS/DR模式下,Directserver在VIP:80端口监听用户请求,改写请求报文的MAC地址,将请求负载到realserver上,realserver将响应直接返回给用户,因此所有的主机必须在同一个网段,且realserver可以直接与用户通信
1.主机配置
DIRECTSERVER:10.10.54.155
vip:10.10.54.151
DIRECTBACKUP:10.10.54.156
vip:10.10.54.151
realserver:10.10.54.222(80)--Nginx
realserver:10.10.54.226(80)--Nginx
//软件安装
1.所需软件
ipvsadm-1.26.tar.gz
keepalived-1.2.9.tar.gz
2.安装ipvsadm
shell>yum-yinstallwgetlibnl*popt*gcc.x86_64gcc-c++.x86_64gcc-objc++.x86_64kernel-devel.x86_64makepopt-static.x86_64
shell>tarxvfipvsadm-1.26.tar.gz
shell>cdipvsadm-1.26
shell>./configure&&make&&makeinstall
3.安装keepalived
shell>yuminstall-ynet-snmp.x86_64net-snmp-devel.x86_64
shell>tarxvfkeepalived-1.2.9.tar.gz
shell>cdkeepalived-1.2.9
shell>./configure&&make&&makeinstall
shell>./configure--prefix=/usr/local/keepalived--enable-snmp--sysconfdir=/etc
shell>cp/usr/local/keepalived/sbin/keepalived/sbin/
shell>cp/usr/local/keepalived/bin/genhash/bin/
//【real server上操作】
1.编辑realserver脚本
shell>vim/etc/init.d/realserver
-----------------------------------------------------
#!/bin/bash
#description:startrealserver
#script_name:realserver_config
VIP=10.10.54.151#虚拟IP
source/etc/init.d/functions
case"$1"in
start)
echo"startLVSofrealserver."
/sbin/ifconfiglo:0$VIPbroadcast$VIPnetmask255.255.255.255up
echo"1">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo"2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo"1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo"2">/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfiglo:0down
echo"0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo"0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo"0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo"0">/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo"Usage:$0{start|stop}"
exit1
esac
-----------------------------------------------------------------
2.shell>/etc/init.d/realserverstart
//【Direct server上操作】
1.[master]修改配置文件
shell>vim/etc/keepalived/keepalived.conf
---------------------------------------------
global_defs{
notification_email{
lij@ssr.com
}
notification_email_fromlij@ssr.com
smtp_serverlij@ssr.com
smtp_connect_timeout30
router_idLVS_MASTER2
}
vrrp_instanceVI_1{
stateMASTER
interfaceeth0
virtual_router_id51
priority100
advert_int1
authentication{
auth_typePASS
auth_pass1111
}
virtual_ipaddress{
10.10.54.151/24deveth0labeleth0:1#虚拟IP,用户可见IP
}
}
virtual_server10.10.54.15180{
delay_loop6
lb_algorr
lb_kindDR
#nat_mask255.255.255.0
#persistence_timeout50
protocolTCP
real_server10.10.54.15780{#realserver上80端口
weight1
TCP_CHECK{
connect_timeout3
nb_get_retry3
delay_before_retry3
connect_port80
}
}
real_server10.10.54.15980{
weight1
TCP_CHECK{
connect_timeout3
nb_get_retry3
delay_before_retry3
connect_port80
}
}
}
#查看IPVS表
shell>ipvsadm-ln
IPVirtualServerversion1.2.1(size=4096)
ProtLocalAddress:PortSchedulerFlags
->RemoteAddress:PortForwardWeightActiveConnInActConn
TCP10.10.54.151:80rr
->10.10.54.157:80Route100
->10.10.54.159:80Route100
--------------------------------------------------
2.【backupserver】修改配置文件
---------------------------------------------------
global_defs{
notification_email{
lij@ssr.com
}
notification_email_fromlij@ssr.com
smtp_serverlij@ssr.com
smtp_connect_timeout30
router_idLVS_BACKUP#改1
}
vrrp_instanceVI_1{
stateMASTER#改2
interfaceeth0
virtual_router_id51
priority80#改3
advert_int1
authentication{
auth_typePASS
auth_pass1111
}
...
}
#backup上查看IPVS表
shell>ipvsadm-ln
IPVirtualServerversion1.2.1(size=4096)
ProtLocalAddress:PortSchedulerFlags
->RemoteAddress:PortForwardWeightActiveConnInActConn
TCP10.10.54.151:80rr
->10.10.54.157:80Route100
->10.10.54.159:80Route100
-----------------------------------------------
//telnet 测试负载均衡和故障转移
#####################
测试负载均衡
1.master和backup上启动keepalived
/etc/init.d/keepalivedstart
2.150主机上telnetVIP
shell>telnet10.10.54.15180
Trying10.10.54.151...
Connectedto10.10.54.151.
Escapecharacteris'^]'.
3.master主机上查看IPVS信息
shell>ipvsadm-ln
IPVirtualServerversion1.2.1(size=4096)
ProtLocalAddress:PortSchedulerFlags
->RemoteAddress:PortForwardWeightActiveConnInActConn
TCP10.10.54.151:80rr
->10.10.54.157:80Route110
->10.10.54.159:80Route101
##由上面查看157机子上"ActiveConn"变为1
##重新执行telnet10.10.54.15180操作后,发现159机子"ActiveConn"变为1
##上面测试结果显示,LVS负载均衡已经成功
###################
测试故障转移是否成功
1.当掉master主机155
shell>/etc/init.d/keepalivedstop
Stoppingkeepalived:[OK]
2.backup主机上查看ip信息
shell>ipaddlist
1:lo:<LOOPBACK,UP,LOWER_UP>mtu16436qdiscnoqueuestateUNKNOWN
link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
inet127.0.0.1/8scopehostlo
inet6::1/128scopehost
valid_lftforeverpreferred_lftforever
2:eth0:<BROADCAST,MULTICAST,LOWER_UP>mtu1500qdiscpfifo_faststateUPqlen1000
link/ether08:00:27:1f:da:47brdff:ff:ff:ff:ff:ff
inet10.10.54.156/24brd10.10.54.255scopeglobaleth0
inet10.10.54.151/24scopeglobalsecondaryeth0:1
inet6fe80::a00:27ff:fe1f:da47/64scopelink
valid_lftforeverpreferred_lftforever
3:eth1:<BROADCAST,MULTICAST>mtu1500qdiscpfifo_faststateDOWNqlen1000
link/ether08:00:27:ac:b4:36brdff:ff:ff:ff:ff:ff
3.测试backup是否可以负载
shell>telnet10.10.54.15180
shell>ipvsadm-ln
IPVirtualServerversion1.2.1(size=4096)
ProtLocalAddress:PortSchedulerFlags
->RemoteAddress:PortForwardWeightActiveConnInActConn
TCP10.10.54.151:80rr
->10.10.54.157:80Route110
->10.10.54.159:80Route100
##由上面可知,LVS故障转移成功