- 1.lvs简介
- 2.结构体系
- 3.lvs工作模式及原理
- 4.配置lvs
- 4.1 部署lvs-nat模式的httpd负载集群—http协议
- 4.2 部署lvs-dr模式的负载均衡集群——http协议
- 4.3 部署lvs-dr模式的负载均衡集群——https协议
- 4.4 部署lvs-tun模式的负载均衡集群——http协议
1.lvs简介
LVS(Linux Virtual Server)即Linux虚拟服务器,是由章文嵩博士主导的开源负载均衡项目,目前LVS已经被集成到Linux内核模块中。在Linux内核中实现了基于IP的数据请求负载均衡调度方案,终端互联网用户从外部访问公司的负载均衡服务器,终端用户的Web请求会发送给LVS调度器,调度器根据自己预设的算法决定将该请求发送给后端的某台Web服务器,比如,轮询算法可以将外部的请求平均分发给后端的所有服务器,终端用户访问LVS调度器虽然会被转发到后端真实的服务器,但如果真实服务器连接的是相同的存储,提供的服务也是相同的服务,最终用户不管是访问哪台真实服务器,得到的服务内容都是一样的,整个集群对用户而言都是透明的。最后根据LVS工作模式的不同,真实服务器会选择不同的方式将用户需要的数据发送到终端用户,LVS工作模式分为NAT模式、TUN模式、以及DR模式。
2.结构体系
使用LVS架设的服务器集群系统有三个部分组成:最前端的负载均衡层(Loader Balancer),中间的服务器群组层,用Server Array表示,最底层的数据共享存储层,用Shared Storage表示。在用户看来所有的应用都是透明的,用户只是在使用一个虚拟服务器提供的高性能服务。
Load Balancer层:位于整个集群系统的最前端,有一台或者多台负载调度器(Director Server)组成,LVS模块就安装在Director Server上,而Director的主要作用类似于一个路由器,它含有完成LVS功能所设定的路由表,通过这些路由表把用户的请求分发给Server Array层的应用服务器(Real Server)上。同时,在Director Server上还要安装对Real Server服务的监控模块Ldirectord,此模块用于监测各个Real Server服务的健康状况。在Real Server不可用时把它从LVS路由表中剔除,恢复时重新加入。
Server Array层:由一组实际运行应用服务的机器组成,Real Server可以是WEB服务器、MAIL服务器、FTP服务器、DNS服务器、视频服务器中的一个或者多个,每个Real Server之间通过高速的LAN或分布在各地的WAN相连接。在实际的应用中,Director Server也可以同时兼任Real Server的角色。
Shared Storage层:是为所有Real Server提供共享存储空间和内容一致性的存储区域,在物理上,一般有磁盘阵列设备组成,为了提供内容的一致性,一般可以通过NFS网络文件系统共享数据,但是NFS在繁忙的业务系统中,性能并不是很好,此时可以采用集群文件系统,例如Red hat的GFS文件系统,oracle提供的OCFS2文件系统等。
从整个LVS结构可以看出,Director Server是整个LVS的核心,目前,用于Director Server的操作系统只能是Linux和FreeBSD,linux2.6内核不用任何设置就可以支持LVS功能,而FreeBSD作为 Director Server的应用还不是很多,性能也不是很好。对于Real Server,几乎可以是所有的系统平台,Linux、windows、Solaris、AIX、BSD系列都能很好的支持
3.lvs工作模式及原理
NAT模式
通过网络地址转换实现的虚拟服务器
大并发访问时,调度器的性能成为瓶颈
NAT模式原理
这个是通过网络地址转换的方法来实现调度的。首先调度器(LB)接收到客户的请求数据包时(请求的目的IP为VIP),根据调度算法决定将请求发送给哪个后端的真实服务器(RS)。然后调度就把客户端发送的请求数据包的目标IP地址及端口改成后端真实服务器的IP地址(RIP),这样真实服务器(RS)就能够接收到客户的请求数据包了。真实服务器响应完请求后,查看默认路由(NAT模式下我们需要把RS的默认路由设置为LB服务器。)把响应后的数据包发送给LB,LB再接收到响应包后,把包的源地址改成虚拟地址(VIP)然后发送回给客户端。
注意事项:
在NAT模式中,Real Server的网关必须指向LVS,否则报文无法送达客户端
DR模式
直接使用路由技术实现虚拟服务器
节点服务器需要配置VIP,注意MAC地址广播
DR模式原理
DR模式是通过改写请求报文的目标MAC地址,将请求发给真实服务器的,而真实服务器响应后的处理结果直接返回给客户端用户。同TUN模式一样,DR模式可以极大的提高集群系统的伸缩性。而且DR模式没有IP隧道的开销,对集群中的真实服务器也没有必要必须支持IP隧道协议的要求。但是要求调度器LB与真实服务器RS都有一块网卡连接到同一物理网段上,必须在同一个局域网环境
1、客户端将请求发往前端的负载均衡器,请求报文源地址是CIP,目标地址为VIP。
2、负载均衡器收到报文后,发现请求的是在规则里面存在的地址,那么它将客户端请求报文的源MAC地址改为自己DIP的MAC地址,目标MAC改为了RIP的MAC地址,并将此包发送给RS
3、RS发现请求报文中的目的MAC是自己,就会将此报文接收下来,处理完请求报文后,将响应报文通过lo接口送给eth0网卡直接发送给客户端。
注意事项:
需要设置lo接口的VIP不能响应本地网络内的arp请求,这个IP就直接设置为32位的网络位即可。
TUN模式
通过隧道方式实现虚拟服务
和NAT模式不同的是,它在LB和RS之间的传输不用改写IP地址。而是把客户请求包封装在一个IP tunnel里面,然后发送给RS节点服务器,节点服务器接收到之后解开IP tunnel后,进行响应处理。并且直接把包通过自己的外网地址发送给客户不用经过LB服务器
1、客户端将请求发往前端的负载均衡器,请求报文源地址是CIP,目标地址为VIP。
2、负载均衡器收到报文后,发现请求的是在规则里面存在的地址,那么它将在客户端请求报文的首部再封装一层IP报文,将源地址改为DIP,目标地址改为RIP,并将此包发送给RS。
3、RS收到请求报文后,会首先拆开第一层封装,然后发现里面还有一层IP首部的目标地址是自己lo接口上的VIP,所以会处理此请求报文,并将响应报文通过lo接口送给eth0网卡直接发送给客户端
4.配置lvs
4.1 部署lvs-nat模式的httpd负载集群—http协议
环境说明
主机名称 网卡信息(ens33为net,ens36为仅主机) 安装应用 系统 client客户端 192.168.169.145(ens33) 无 centos8 DR DIP:192.168.169.139(ens33)
VIP:192.168.234.140(ens36) ipvsadm centos8 RS1 RIP:192.168.169.140(ens33)—gw:192.168.169.139 httpd centos8 RS2 RIP:192.168.169.142(ens33)—gw:192.168.169.139 httpd centos8
//首先添加一块网卡,仅主机模式,然后进行设置
[root@DR ~]# nmcli connection add con-name ens36 ifname ens36 type ethernet
Connection 'ens36' (4c647d67-77ba-4d93-8ead-e50086a9b95e) successfully added.
[root@DR ~]# nmcli connection show
NAME UUID TYPE DEVICE
ens33 db7a9ccd-85c1-42a1-bbfa-3a0975b5f071 ethernet ens33
Wired connection 1 a226711e-700f-3ad7-95b4-099e72ecfb4e ethernet ens36
ens36 4c647d67-77ba-4d93-8ead-e50086a9b95e ethernet --
[root@DR ~]# cd /etc/sysconfig/network-scripts/
[root@DR network-scripts]# ls
ifcfg-ens33 ifcfg-ens36
[root@DR network-scripts]# nmcli connection modify ens36 ipv4.addresses 192.168.234.140/24 ipv4.method manual connection.autoconnect yes
[root@DR network-scripts]# nmcli connection up ens36
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@lDR network-scripts]# nmcli connection show
NAME UUID TYPE DEVICE
ens33 db7a9ccd-85c1-42a1-bbfa-3a0975b5f071 ethernet ens33
ens36 4c647d67-77ba-4d93-8ead-e50086a9b95e ethernet ens36
Wired connection 1 a226711e-700f-3ad7-95b4-099e72ecfb4e ethernet --
//将RS1,RS2的网关改为192.168.169.139,也就是DR的IP地址,然后在手动配置yum源
//DR、RS1、RS2三台主机都关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# sed -ri '/^SELINUX=/s/(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@DR ~]# reboot
//RS1和RS2部署WEB服务器
RS1
[root@DR1 ~]# dnf -y install httpd
[root@DR1 ~]# echo RS1 > /var/www/html/index.html
[root@DR1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2
[root@RS2 ~]# dnf -y install httpd
[root@RS2 yum.repos.d]# echo RS2 > /var/www/html/index.html
[root@RS2 yum.repos.d]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
//配置DR
//开启IP转发功能
[root@localhost ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
//安装ipvsadm并添加规则
[root@localhost ~]# dnf -y install ipvsadm
[root@localhost ~]# ipvsadm -A -t 192.168.234.140:80 -s rr
[root@localhost ~]# ipvsadm -a -t 192.168.234.140:80 -r 192.168.169.140:80 -m
[root@localhost ~]# ipvsadm -a -t 192.168.234.140:80 -r 192.168.169.142:80 -m
[root@localhost ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@localhost ~]# systemctl enable --now ipvsadm.service
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
//在客户端进行测试
[root@client ~]# curl http://192.168.234.140
RS2
[root@client ~]# curl http://192.168.234.140
RS1
[root@client ~]# curl http://192.168.234.140
RS2
[root@client ~]# curl http://192.168.234.140
RS1
4.2 部署lvs-dr模式的负载均衡集群——http协议
主机名称 网卡信息 安装应用 DR DIP:192.168.169.139
VIP:192.168.169.200 ipvsadm RS1 DIP:192.168.169.140
VIP:192.168.169.200 httpd RS2 DIP:192.168.169.142
VIP:192.168.169.200 httpd client 192.168.169.145 无
//DR、RS1、RS2三台主机都关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# sed -ri '/^SELINUX=/s/(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@DR ~]# reboot
//RS1和RS2部署WEB服务器
RS1
[root@DR1 ~]# dnf -y install httpd
[root@DR1 ~]# echo RS1 > /var/www/html/index.html
[root@DR1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2
[root@RS2 ~]# dnf -y install httpd
[root@RS2 yum.repos.d]# echo RS2 > /var/www/html/index.html
[root@RS2 yum.repos.d]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
//DR添加ip
[root@DR ~]# dnf -y install net-tools
[root@DR ~]# ifconfig lo 192.168.169.200/32 broadcast 192.168.169.200 netmask 255.255.255.255 up
[root@DR ~]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 192.168.169.200/0 brd 192.168.169.200 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f1:77:ce brd ff:ff:ff:ff:ff:ff
inet 192.168.169.139/24 brd 192.168.169.255 scope global dynamic noprefixroute ens33
valid_lft 997sec preferred_lft 997sec
inet6 fe80::ac0:aa7e:f1b9:248e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
//RS1和RS2配置内核并添加ip,一定要先配置内核在添加ip,否则会形成广播风暴
RS1
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS1 ~]# dnf -y install net-tools
[root@RS1 ~]# ifconfig lo 192.168.169.200/32 broadcast 192.168.169.200 netmask 255.255.255.255 up
RS2
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS2 ~]# dnf -y install net-tools
[root@RS2 ~]# ifconfig lo 192.168.169.200/32 broadcast 192.168.169.200 netmask 255.255.255.255 up
//添加路由信息
RS1
[root@RS1 ~]# route add -host 192.168.169.200/32 dev lo
RS2
[root@RS2 ~]# route add -host 192.168.169.200/32 dev lo
//在DR添加并保存规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.169.200:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.169.200:80 -r 192.168.169.140:80 -g
[root@DR ~]# ipvsadm -a -t 192.168.169.200:80 -r 192.168.169.142:80 -g
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl enable --now ipvsadm.service
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
//客户端进行验证
[root@client ~]# curl 192.168.169.200
RS2
[root@client ~]# curl 192.168.169.200
RS1
[root@client ~]# curl 192.168.169.200
RS2
[root@client ~]# curl 192.168.169.200
RS1
[root@client ~]# curl 192.168.169.200
RS2
[root@client ~]# curl 192.168.169.200
RS1
4.3 部署lvs-dr模式的负载均衡集群——https协议
主机名称 网卡信息 安装应用 DR DIP:192.168.169.139
VIP:192.168.169.200 ipvsadm RS1 DIP:192.168.169.140
VIP:192.168.169.200 httpd RS2 DIP:192.168.169.142
VIP:192.168.169.200 httpd client 192.168.169.145 无
//DR、RS1、RS2三台主机都关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# sed -ri '/^SELINUX=/s/(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@DR ~]# reboot
//RS1和RS2部署WEB服务器
RS1
[root@DR1 ~]# dnf -y install httpd
[root@DR1 ~]# echo RS1 > /var/www/html/index.html
[root@DR1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2
[root@RS2 ~]# dnf -y install httpd
[root@RS2 yum.repos.d]# echo RS2 > /var/www/html/index.html
[root@RS2 yum.repos.d]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
//DR添加ip
[root@DR ~]# dnf -y install net-tools
[root@DR ~]# ifconfig lo 192.168.169.200/32 broadcast 192.168.169.200 netmask 255.255.255.255 up
[root@DR ~]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 192.168.169.200/0 brd 192.168.169.200 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f1:77:ce brd ff:ff:ff:ff:ff:ff
inet 192.168.169.139/24 brd 192.168.169.255 scope global dynamic noprefixroute ens33
valid_lft 997sec preferred_lft 997sec
inet6 fe80::ac0:aa7e:f1b9:248e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
//RS1和RS2配置内核并添加ip,一定要先配置内核在添加ip,否则会形成广播风暴
RS1
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS1 ~]# dnf -y install net-tools
[root@RS1 ~]# ifconfig lo 192.168.169.200/32 broadcast 192.168.169.200 netmask 255.255.255.255 up
RS2
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@RS2 ~]# dnf -y install net-tools
[root@RS2 ~]# ifconfig lo 192.168.169.200/32 broadcast 192.168.169.200 netmask 255.255.255.255 up
//添加路由信息
RS1
[root@RS1 ~]# route add -host 192.168.169.200/32 dev lo
RS2
[root@RS2 ~]# route add -host 192.168.169.200/32 dev lo
//在DR中生成一堆秘钥
[root@DR ~]# mkdir -p /etc/pki/CA/private
[root@DR ~]# cd /etc/pki/CA/
[root@DR CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...+++++
.............................+++++
e is 65537 (0x010001)
[root@DR CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
[root@DR CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 1024
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:twt
Organizational Unit Name (eg, section) []:zzd
Common Name (eg, your name or your server's hostname) []:zzd
Email Address []:zzd@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@RS1 ssl]# ls
httpd.csr httpd.key
//将以上两个文件发送给DR
[root@RS1 ssl]# scp httpd.csr httpd.key root@192.168.169.139:/root
//在CA签署证书并发给RS1
[root@DR CA]# mkdir /etc/pki/CA/newcerts
[root@DR CA]# touch /etc/pki/CA/index.txt
[root@DR CA]# echo "01" > /etc/pki/CA/serial
[root@DR CA]# openssl ca -in /root/httpd.csr -out /root/httpd.crt -days 1024
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Sep 27 05:08:19 2022 GMT
Not After : Jul 17 05:08:19 2025 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = twt
organizationalUnitName = zzd
commonName = zzd
emailAddress = zzd@example.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
87:B3:BB:35:44:1E:35:08:5B:70:85:33:F8:66:63:BA:64:81:78:B4
X509v3 Authority Key Identifier:
keyid:62:AF:53:D5:EC:E7:B7:BC:51:FF:BB:11:CB:E3:A7:60:C5:81:9D:1F
Certificate is to be certified until Jul 17 05:08:19 2025 GMT (1024 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
//将CA签署的证书httpd.crt和服务器的证书cacert.pem发送给RS1
[root@DR CA]# scp /root/httpd.crt /etc/pki/CA/cacert.pem root@192.168.169.140:/etc/httpd/ssl
//RS2配置https
[root@RS2 ~]# dnf -y install mod_ssl
[root@RS2 ~]# mkdir -p /etc/httpd/ssl
//RS1中把RS1的证书和密钥发送给RS2
[root@RS1 ssl]# scp /etc/httpd/ssl/{cacert.pem,httpd.crt,httpd.key} root@192.168.169.142:/etc/httpd/ssl
//在RS1中修改https的配置文件
[root@RS1 ssl]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
SSLCACertificateFile /etc/httpd/ssl/cacert.pem
[root@RS1 ssl]# systemctl restart httpd
//在RS2中修改https的配置文件
[root@RS2 ssl]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
SSLCACertificateFile /etc/httpd/ssl/cacert.pem
[root@RS2 ssl]# systemctl restart httpd
//在DR中添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.169.200:443 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.169.200:443 -r 192.168.169.140 -g
[root@DR ~]# ipvsadm -a -t 192.168.169.200:443 -r 192.168.169.142 -g
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl enable --now ipvsadm.service
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
//客户端测试
[root@client ~]# curl -k https://192.168.169.200:443
RS1
[root@client ~]# curl -k https://192.168.169.200:443
RS2
[root@client ~]# curl -k https://192.168.169.200:443
RS1
[root@client ~]# curl -k https://192.168.169.200:443
RS2
4.4 部署lvs-tun模式的负载均衡集群——http协议
//DR、RS1、RS2三台主机都关闭防火墙和selinux
[root@DR ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# sed -ri '/^SELINUX=/s/(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@DR ~]# reboot
//RS1和RS2部署WEB服务器
RS1
[root@DR1 ~]# dnf -y install httpd
[root@DR1 ~]# echo RS1 > /var/www/html/index.html
[root@DR1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
RS2
[root@RS2 ~]# dnf -y install httpd
[root@RS2 yum.repos.d]# echo RS2 > /var/www/html/index.html
[root@RS2 yum.repos.d]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
//DR配置内核,开启ip转发并添加ip
[root@DR ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@DR ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@DR ~]# dnf -y install net-tools
[root@DR ~]# ifconfig tunl0 192.168.169.55 broadcast 192.168.169.55 netmask 255.255.255.255 up
//RS1和RS2添加ip并启用ipip模块
RS1
[root@RS1 ~]# dnf -y install net-tools
[root@RS1 ~]# modprobe ipip
[root@RS1 ~]# ifconfig tunl0 192.168.169.55 broadcast 192.168.169.55 netmask 255.255.255.255 up
RS2
[root@RS2 ~]# dnf -y install net-tools
[root@RS2 ~]# modprobe ipip
[root@RS2 ~]# ifconfig tunl0 192.168.169.55 broadcast 192.168.169.55 netmask 255.255.255.255 up
//RS1,RS2修改内核
RS1
[root@RS1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS1 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
RS2
[root@RS2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
[root@RS2 ~]# sysctl -p
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
//DR上添加规则
[root@DR ~]# dnf -y install ipvsadm
[root@DR ~]# ipvsadm -A -t 192.168.169.55:80 -s rr
[root@DR ~]# ipvsadm -a -t 192.168.169.55:80 -r 192.168.169.140:80 -i
[root@DR ~]# ipvsadm -a -t 192.168.169.55:80 -r 192.168.169.142:80 -i
[root@DR ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@DR ~]# systemctl enable --now ipvsadm.service
Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
//客户端进行验证
[root@client ~]# curl 192.168.169.55
RS2
[root@client ~]# curl 192.168.169.55
RS1
[root@client ~]# curl 192.168.169.55
RS2
[root@client ~]# curl 192.168.169.55
RS1
Original: https://www.cnblogs.com/zicnotes/p/16735070.html
Author: Zic师傅
Title: lvs
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/606838/
转载文章受原作者版权保护。转载请注明原作者出处!