LVS+DR模式+keepalived

LVS+DR模式+keepalived

LVS+DR模式+keepalived

上一篇博客我们说了三种模式，NAT,TUN,DR这次是DR+Keepalived

先了解什么是Keepalived

keepalived采用VRRP热备份协议实现Linux服务器的多机热备功能VRRP,虚拟路由冗杂协议，是针对路由器的一种备份解决方案 keepalived可以实现多机热备，每个热备组可有多台服务器，最常用的就是双机热备双击热备的故障切换是由虚拟IP地址的飘逸来实现，适用于各种应用服务器

LVS-DR的ARP问题

在LVS-DR的负载均衡群集中，负载均衡器与节点服务器都要配置相同的VIP地址 在局域网中具有相同的IP地址，势必会造成服务器APR通信的紊乱 当一个ARP广播发送到LVS-DR集群时，因为负载均衡器和节点服务器都是连接到相同的网络上，它们都会接收到ARP广播 此时只有前端的负载均衡器进行响应。其他节点服务器不应该响应ARP广播

LVS-DR的ARP问题解决方案

对节点服务器进行处理，使其不响应针对VIP的ARP请求 使用虚接口lo:0承载VIP地址 设置内核参数arp_ignore=1:系统只响应目的IP为本地IP的ARP请求

下面我们来做实验

实验规划

我们需要五台虚拟机DR1 主服务器 192.168.100.201DR4 备份服务器 192.168.100.202web 5 192.168.100.221web 7 192.168.100.222vip 192.168.100.10clent 192.168.100.50

把需要的LVS模块，keepalived,http分别装好

#1，4 [root@localhost ~]# yum install ipvsadm keepalived -y #5，7 [root@localhost ~]# yum install -y

第一台主负载均衡调度器选择仅主机模式，配置网卡

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 BOOTPROTO=static #静态 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=849aa04e-1874-490f-8cb0-b2fde4b9a6f8 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.100.201 #地址 NETMASK=255.255.255.0 #子网 掩码 GATEWAY=192.168.100.1 #网关 [root@localhost ~]# systemctl restart network #ch重启网络服务 [root@localhost ~]# ifconfig #查看固定地址是否生效

第二台4备份负载均衡调度器，绑定仅主机模式，配置网卡

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=c3f0a196-6819-4702-9b54-7cad18402591 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.100.202 NETMASK=255.255.255.0 GATEWAY=192.168.100.1 [root@localhost ~]# systemctl restart network [root@localhost ~]# ifconfig

第三台5web服务器绑定仅主机模式，配置网卡

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=a6cf69fe-eb42-4a99-9239-0da4cdeae0c7 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.100.221 NETMASK=255.255.255.0 GATEWAY=192.168.100.1 [root@localhost ~]# systemctl restart network [root@localhost ~]# ifconfig

第四台7web服务器绑定仅主机模式，配置网卡

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=447e510f-fea3-4b6c-8f47-d0c6319ead28 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.100.222 NETMASK=255.255.255.0 GATEWAY=192.168.100.1 [root@localhost ~]# systemctl restart network [root@localhost ~]# ifconfig

配置第一台1主服务器

[root@localhost ~]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 #proc响应关闭重定向功能 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.ens33.send_redirects = 0 [root@localhost ~]# sysctl -p #生效 net.ipv4.ip_forward = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.ens33.send_redirects = 0

创建虚拟网卡

[root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0 [root@localhost network-scripts]# vim ifcfg-ens33:0 100dd DEVICE=ens33:0 ONBOOT=yes IPADDR=192.168.100.10 NETMASK=255.255.255.0 [root@localhost network-scripts]# ifup ens33:0 #开启网卡，这个网关是用来做虚拟IP的，相当于一给访问入口 [root@localhost network-scripts]# ifconfig [root@localhost network-scripts]# cd /etc/init.d/ [root@localhost init.d]# vim dr.sh #!/bin/bash GW=192.168.100.1 VIP=192.168.100.10 RIP1=192.168.100.221 RIP2=192.168.100.222 case "$1" in start) /sbin/ipvsadm --save > /etc/sysconfig/ipvsadm systemctl start ipvsadm /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up /sbin/route add -host $VIP dev ens33:0 /sbin/ipvsadm -A -t $VIP:80 -s rr /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g echo "ipvsadm starting --------------------[ok]" ;; stop) /sbin/ipvsadm -C systemctl stop ipvsadm ifconfig ens33:0 down route del $VIP echo "ipvsadm stoped---------------------[ok]" ;; status) if [ ! -e /var/lock/subsys/ipvsadm ];then echo "ipvsadm stoped---------------" exit 1 else echo "ipvsamd Runing ---------[ok]" fi ;; *) echo "Usage: $0 {start|stop|status}" exit 1 esac exit 0 [root@localhost init.d]# service dr.sh start ipvsadm starting --------------------[ok] [root@localhost init.d]# systemctl status ipvsadm

配置第一台5web服务器

[root@localhost ~]# systemctl start [root@localhost ~]# systemctl stop firewalld.service [root@localhost ~]# setenforce 0 [root@localhost ~]# cd /var/www/html/ [root@localhost html]# echo "this is accp web" > index.html [root@localhost html]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 [root@localhost network-scripts]# vim ifcfg-lo:0 DEVICE=lo:0 IPADDR=192.168.100.10 NETMASK=255.255.255.0 ONBOOT=yes [root@localhost network-scripts]# cd /etc/init.d/ [root@localhost init.d]# vim web.sh #写一个脚本让它能响应调度服务器的控制，服务的启动和关闭 #!/bin/bash VIP=192.168.100.10 case "$1" in start) ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP /sbin/route add -host $VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK " ;; stop) ifconfig lo:0 down route del $VIP /dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stopd" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0 [root@localhost init.d]# chmod +x web.sh [root@localhost init.d]# service web.sh start RealServer Start OK [root@localhost init.d]# ifup lo:0 #开启虚拟网卡 [root@localhost network-scripts]# ifconfig lo:0: flags=73 mtu 65536 inet 192.168.100.10 netmask 255.255.255.0 loop txqueuelen 1 (Local Loopback) [root@localhost network-scripts]# firefox "& #用火狐浏览器去访问回访地址，放在后台运行 [2] 17973

配置第二台7web服务器

[root@localhost ~]# systemctl start httpd [root@localhost ~]# systemctl stop firewalld.service [root@localhost ~]# setenforce 0 [root@localhost ~]# cd /var/www/html/ [root@localhost html]# echo "this is kgv web" > index.html [root@localhost html]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 [root@localhost network-scripts]# vim ifcfg-lo:0 DEVICE=lo:0 IPADDR=192.168.100.10 NETMASK=255.255.255.0 ONBOOT=yes [root@localhost network-scripts]# cd /etc/init.d/ [root@localhost init.d]# vim web.sh #!/bin/bash VIP=192.168.100.10 case "$1" in start) ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP /sbin/route add -host $VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK " ;; stop) ifconfig lo:0 down route del $VIP /dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stopd" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0 [root@localhost init.d]# chmod +x web.sh [root@localhost init.d]# ifup lo:0 [root@localhost init.d]# service web.sh start RealServer Start OK [root@localhost init.d]# firefox "& [1] 17916

去客户端去测试一下，先设置同一网段的地址

去1主服务器测试能不能Ping通两个web服务器

[root@localhost init.d]# ping 192.168.100.221 PING 192.168.100.221 (192.168.100.221) 56(84) bytes of data. 64 bytes from 192.168.100.221: icmp_seq=1 ttl=64 time=0.416 ms 64 bytes from 192.168.100.221: icmp_seq=2 ttl=64 time=0.420 ms [root@localhost init.d]# ping 192.168.100.222 PING 192.168.100.222 (192.168.100.222) 56(84) bytes of data. 64 bytes from 192.168.100.222: icmp_seq=1 ttl=64 time=0.348 ms 64 bytes from 192.168.100.222: icmp_seq=2 ttl=64 time=0.490 ms

再去客户端测试一下，我们的LVS没问题

（我们刷新一下就跳出第二个网页了）

去主服务器1配置keepalive

[root@localhost keepalived]# vim keepalived.conf 10 smtp_server 127.0.0.1 12 router_id LVS_01 22 virtual_router_id 10 27 auth_pass abc123 30 192.168.100.10 #把原来的删掉我们只需要一个 36 virtual_server 192.168.100.10 80 { 39 lb_kind DR 45 TCP_CHECK { 43 real_server 192.168.100.221 80 { 44 weight 1 45 TCP_CHECK { 46 connect_port 80 47 connect_timeout 3 48 nb_get_retry 3 49 delay_before_retry 3 50 } 51 } 52 real_server 192.168.100.222 80 { 53 weight 1 54 TCP_CHECK { 55 connect_port 80 56 connect_timeout 3 [root@localhost keepalived]# systemctl start keepalived.service [root@localhost keepalived]# systemctl status keepalived.service #查看状态，如果没起来在开启一次 [root@localhost keepalived]# ip addr show dev ens33:0 #查看网卡有没有被启动起来 2: ens33: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:c9:dd:05 brd ff:ff:ff:ff:ff:ff inet 192.168.100.201/24 brd 192.168.100.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.100.10/24 brd 192.168.100.255 scope global secondary ens33:0 valid_lft forever preferred_lft forever inet6 fe80::e3c7:14af:6e4d:7216/64 scope link valid_lft forever preferred_lft forever

同样的配置第二台备份的4服务器

[root@localhost ~]# systemctl stop firewalld.service [root@localhost ~]# setenforce 0 [root@localhost ~]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 #proc响应关闭重定向功能 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.ens33.send_redirects = 0 [root@localhost ~]# sysctl -p #生效 net.ipv4.ip_forward = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.ens33.send_redirects = 0

创建虚拟网卡

[root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0 [root@localhost network-scripts]# vim ifcfg-ens33:0 100dd DEVICE=ens33:0 ONBOOT=yes IPADDR=192.168.100.10 NETMASK=255.255.255.0 [root@localhost network-scripts]# service network restart Restarting network (via systemctl): [ 确定 ] [root@localhost network-scripts]# ifup ens33:0 #开启网卡，这个网关是用来做虚拟IP的，相当于一给访问入口 [root@localhost network-scripts]# ifconfig [root@localhost network-scripts]# cd /etc/init.d/ [root@localhost init.d]# vim dr.sh #!/bin/bash GW=192.168.100.1 VIP=192.168.100.10 RIP1=192.168.100.221 RIP2=192.168.100.222 case "$1" in start) /sbin/ipvsadm --save > /etc/sysconfig/ipvsadm systemctl start ipvsadm /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up /sbin/route add -host $VIP dev ens33:0 /sbin/ipvsadm -A -t $VIP:80 -s rr /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g echo "ipvsadm starting --------------------[ok]" ;; stop) /sbin/ipvsadm -C systemctl stop ipvsadm ifconfig ens33:0 down route del $VIP echo "ipvsadm stoped---------------------[ok]" ;; status) if [ ! -e /var/lock/subsys/ipvsadm ];then echo "ipvsadm stoped---------------" exit 1 else echo "ipvsamd Runing ---------[ok]" fi ;; *) echo "Usage: $0 {start|stop|status}" exit 1 esac exit 0 [root@localhost init.d]# chmod +x dr.sh [root@localhost init.d]# service dr.sh start ipvsadm starting --------------------[ok] [root@localhost init.d]# cd /etc/keepalived/ [root@localhost keepalived]# vim keepalived.conf 10 smtp_server 127.0.0.1 12 router_id LVS_02 20 state BACKUP 22 virtual_router_id 10 23 priority 99 27 auth_pass abc123 30 192.168.100.10 [root@localhost keepalived]# systemctl start keepalived.service [root@localhost keepalived]# systemctl status keepalived.service #查看状态，如果没起来在开启一次

我们把主服务器1关掉，去客户端去测试一下是不是还能Ping通

[root@localhost keepalived]# ifdown ens33:0 C:\Users\CHEN>ping 192.168.100.10 正在 Ping 192.168.100.10 具有 32 字节的数据: 来自 192.168.100.10 的回复: 字节=32 时间<1ms TTL=64 来自 192.168.100.10 的回复: 字节=32 时间<1ms TTL=64 来自 192.168.100.10 的回复: 字节=32 时间<1ms TTL=64 来自 192.168.100.10 的回复: 字节=32 时间<1ms TTL=6

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。