一、实验环境:
[root@a ~]# cat /etc/redhat-release CentOS Linux release 7.7.1908 (Core) [root@a ~]# uname -a Linux a 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux IP分配: lvs:10.10.10.11 keepalived:10.10.10.14 web1:10.10.10.12 web2:10.10.10.13 vip:10.10.10.100
二、实验目的:
lvs调度器宕机或者web服务器宕机不影响业务的进行
三、实验原理:
1.客户端向LVS的VIP发送请求,源IP和目的IP分别为CIP和VIP,源MAC地址和目的MAC分别为CMAC和DMAC
2.当LVS收到请求后通过调度选出一个realserver来响应请求将源请求中的MAC地址该为自己的MAC地址目的地址改为realserver的MAC地址,此时源MAC和目的MAC分别为DMAC和RMAC,然后将报文送往交换机,交换机收报文后根据目的MAC地址将请求转发至后端Realserver
3.Realserver发现请求报文中的MAC地址是自己就会将报文接收并处理,处理完请求报文后将响应报文通过lo接口送给eth0网卡直接发送给客户端。 注意:需要设置lo接口的VIP不能响应本地网络内的arp请求。
四、实验部分:
(1)构建LVS-DR模式
1、关闭网卡守护进程(all) systemctl stop NetworkManager && systemctl disable NetworkManager.service 2、开启网卡子接口 配置VIP [root@a ~]# cd /etc/sysconfig/network-scripts/ [root@a network-scripts]# cp -a ifcfg-ens32 ifcfg-ens32:0 [root@a network-scripts]# cat ifcfg-ens32:0 BOOTPROTO=static DEVICE=ens32:0 ONBOOT=yes IPADDR=10.10.10.100 PREFIX=24 [root@a network-scripts]# systemctl restart network 3、修改内核配置文件 关闭广播功能 [root@a network-scripts]# echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects [root@a network-scripts]# echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects [root@a network-scripts]# echo 0 > /proc/sys/net/ipv4/conf/ens32/send_redirects 4、安装ipvsadm lvs的管理工具 [root@a network-scripts]# yum install -y ipvsadm 5、关闭防火墙和selinux [root@a network-scripts]# systemctl stop firewalld [root@a network-scripts]# systemctl disable firewalld [root@a network-scripts]# setenforce 0 RS配置(all): 1、安装apache并写入内容 [root@a ~]# yum install -y httpd [root@a ~]# echo "this is server 1" >> /var/www/html/index.html [root@a ~]# systemctl restart httpd [root@a ~]# systemctl enable httpd [root@a ~]# curl localhost this is server 1 2、开启网卡子接口 配置VIP [root@a ~]# cd /etc/sysconfig/network-scripts/ [root@a network-scripts]# cp -a ifcfg-lo ifcfg-lo:0 [root@a network-scripts]# cat ifcfg-lo:0 DEVICE=lo:0 IPADDR=10.10.10.100 NETMASK=255.255.255.255 NETWORK=127.0.0.0 # If you're having problems with gated making 127.0.0.0/8 a martian, # you can change this to something else (255.255.255.255, for example) BROADCAST=127.255.255.255 ONBOOT=yes NAME=loopback [root@a network-scripts]# systemctl restart network 3、ARP行为控制 [root@a network-scripts]# echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@a network-scripts]# echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce [root@a network-scripts]# echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore [root@a network-scripts]# echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce 刷新 [root@a network-scripts]# sysctl -p 4、添加路由 [root@a network-scripts]# route add -host 10.10.10.100 dev lo:0 [root@a network-scripts]# echo "route add -host 10.10.10.100 dev lo:0" >> /etc/rc.local 5、关闭防火墙和selinux [root@a network-scripts]# systemctl stop firewalld [root@a network-scripts]# systemctl disable firewalld [root@a network-scripts]# setenforce 0 6、设置LBC 参数说明: -A:添加集群 -a:集群子节点 -t:tcp协议 -s:算法 -r:真实服务器 -g:DR模式 [root@a ~]# ipvsadm -A -t 10.10.10.100:80 -s rr [root@a ~]# ipvsadm -a -t 10.10.10.100:80 -r 10.10.10.12:80 -g [root@a ~]# ipvsadm -a -t 10.10.10.100:80 -r 10.10.10.13:80 -g [root@a ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.10.10.100:80 rr -> 10.10.10.12:80 Route 1 0 0 -> 10.10.10.13:80 Route 1 0 0 [root@a ~]# ipvsadm --save > /etc/sysconfig/ipvsadm [root@a ~]# systemctl start ipvsadm.service [root@a ~]# systemctl enable ipvsadm.service 7、测试 lvs会把请求按rr算法分给rs [root@a network-scripts]# ipvsadm -Ln --stats IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 10.10.10.100:80 24 164 0 24880 0 -> 10.10.10.12:80 12 94 0 16209 0 -> 10.10.10.13:80 12 70 0 8671 0
(2)部署keepalived
在lvs上配置和一台新的虚拟机上配置 [root@a ~]# cd /etc/sysconfig/network-scripts/ [root@a ~]# scp ./ifcfg-ens32:0 10.10.10.14:/etc/sysconfig/network-scripts/ifcfg-ens32:0 [root@a ~]# yum install -y keepalived #配置keepalived配置文件 [root@a ~]# cat /etc/keepalived/keepalived.conf|head -50 ! Configuration File for keepalived global_defs { router_id R1 } vrrp_instance VI_1 { state MASTER interface ens32 virtual_router_id 66 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.10.10.100 } } virtual_server 10.10.10.100 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 10.10.10.12 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.10.10.13 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } 从节点配置基本一致, 修改以下配置 router_id R2 state SLAVE priority 20 在从节点安装ipvsadm [root@a network-scripts]# yum install -y ipvsadm [root@a network-scripts]# ipvsadm -l IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn 第一次查看没有集群信息,重启keepalived服务后会发现集群信息已经同步在两个节点 [root@a network-scripts]# systemctl restart keepalived [root@a network-scripts]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.10.10.100:80 rr persistent 50 -> 10.10.10.12:80 Route 1 0 0 -> 10.10.10.13:80 Route 1 0 0
(3)进行测试
断开lvs调度器的网卡再次测试
断开web1服务器
