基于linux下lvs之DR模型的架构

实验环境: 物理主机:172.25.26.250
                  server1: ipvsadm    172.25.26.2
                  server2:  httpd        172.25.26.3
                  server3:  httpd        172.25.254.4

LVSLinux Virtual Server的简写,意即Linux虚拟服务器,是一个虚拟的服务器集群系统。LVS集群采用IP负载均衡技术和基于内容请求分发技术。调度器具有很好的吞吐率,将请求均衡地转移到不同的服务器上执行,且调度器自动屏蔽掉服务器的故障,从而将一组服务器构成一个高性能的、高可用的虚拟服务器。整个服务器集群的结构对客户是透明的,而且无需修改客户端和服务器端的程序。为此,在设计时需要考虑系统的透明性、可伸缩性、高可用性和易管理性。ld解决了lvs的健康检查w加权

Virtual Server via Direct Routing(VS-DR)

优点:和VS-TUN一样,负载均衡器也只是分发请求,应答包通过单独的路由方法返回给客户端。与VS-TUN相比,VS-DR这种实现方式不需要隧道结构,因此可以使用大多数操作系统做为物理服务器

LVS-DR模型实现负载均衡的工作方式

1, 首先用户用CIP请求VIP, 
2, 根据上图可以看到,不管是Director Server还是Real Server上都需要配置VIP,那么当用户请求到达我们的集群网络的前端路由器的时候,请求数据包的源地址为CIP目标地址为VIP,此时路由器会发广 播问谁是VIP,那么我们集群中所有的节点都配置有VIP,此时谁先响应路由器那么路由器就会将用户请求发给谁,这样一来我们的集群系统是不是没有意义 了,那我们可以在网关路由器上配置静态路由指定VIP就是Director Server,或者使用一种机制不让Real Server 接收来自网络中的ARP地址解析请求,这样一来用户的请求数据包都会经过Director Servre,
3,当Director Server收到用户的请求后根据此前设定好的调度算法结果来确定将请求负载到某台Real Server上去,假如说此时根据调度算法的结果,会将请求负载到Real Server 1上面去,此时Director Server 会将数据帧中的目标MAC地址修改为Real Server1的MAC地址,然后再将数据帧发送出去,
4,当Real Server1 收到一个源地址为CIP目标地址为VIP的数据包时,Real Server1发现目标地址为VIP,而VIP是自己,于是接受数据包并给予处理,当Real Server1处理完请求后,会将一个源地址为VIP目标地址为CIP的数据包发出去,此时的响应请求就不会再经过Director Server了,而是直接响应给用户

server1

[[email protected] html]# /etc/init.d/varnish stop
Stopping Varnish Cache:                                    [  OK  ]
[[email protected] html]# chkconfig varnish off


[[email protected] html]# cat /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.2.250/source6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[HighAvailability]
name=HighAvailability
baseurl=http://172.25.2.250/source6.5/HighAvailability
gpgcheck=0

[LoadBalancer ]
name=LoadBalancer
baseurl=http://172.25.2.250/source6.5/LoadBalancer
gpgcheck=0

[ResilientStorage]
name=ResilientStorage
baseurl=http://172.25.2.250/source6.5/ResilientStorage
gpgcheck=0

[ScalableFileSystem]
name=ScalableFileSystem
baseurl=http://172.25.2.250/source6.5/ScalableFileSystem
gpgcheck=0
yum clean all
yum repolist

ipvsadm组件定义规则的格式:

1.定义集群服务格式

(1).添加集群服务:

ipvsadm -A|E -t|u|f service-address [-s scheduler]

              [-p [timeout]] [-M netmask]

-A:  表示添加一个新的集群服务

-E:  编辑一个集群服务

-t:  表示tcp协议

-u:  表示udp协议

-f:  表示firewall-Mark,防火墙标记

service-address: 集群服务的IP地址,即VIP

-s   指定调度算法

-p   持久连接时长,如#ipvsadm -Lcn ,查看持久连接状态 -M    定义掩码

ipvsadm -D -t|u|f service-address      删除一个集群服务

ipvsadm -C   清空所有的规则

ipvsadm -R   重新载入规则

ipvsadm -S [-n]   保存规则

(2).添加RealServer规则

ipvsadm -a|e -t|u|f service-address -r server-address

              [-g|i|m] [-w weight]

-a     添加一个新的realserver规则

-e     编辑realserver规则

-t     tcp协议

-u     udp协议

-f     firewall-Mark,防火墙标记

service-address    realserver的IP地址

-g    表示定义为LVS-DR模型

-i    表示定义为LVS-TUN模型

-m    表示定义为LVS-NAT模型

-w    定义权重,后面跟具体的权值

ipvsadm -d -t|u|f service-address -r server-address          --删除一个realserver

ipvsadm -L|l [options]          --查看定义的规则

[[email protected] html]# yum install ipvsadm -y
[[email protected] html]# ipvsadm -L

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[[email protected] html]# ipvsadm -A -t 172.25.26.100:80 -s rr   //-s 策略,rr 轮叫
[[email protected] html]# ipvsadm -a -t 172.25.26.100:80 -r 172.25.26.3:80 -g  //-r算法
[[email protected] html]# ipvsadm -a -t 172.25.26.100:80 -r 172.25.26.4:80 -g

[[email protected] html]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.2.100:80 rr
  -> 172.25.26.3:80                Route   1      0          0         
  -> 172.25.26.4:80                Route   1      0          0         
[[email protected] html]# ip addr add 172.25.26.100/24 dev eth0

[[email protected] html]# yum install ipvsadm -y
[[email protected] html]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[[email protected] html]# ipvsadm -A -t 172.25.26.100:80 -s rr   //-s 策略,rr 轮叫
[[email protected] html]# ipvsadm -a -t 172.25.26.100:80 -r 172.25.26.3:80 -g  //-r算法
[[email protected] html]# ipvsadm -a -t 172.25.26.100:80 -r 172.25.26.4:80 -g
[[email protected] html]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.26.100:http rr
  -> server3:http                 Route   1      0          0         
  -> server4:http                 Route   1      0          0  
[[email protected] html]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.2.100:80 rr
  -> 172.25.26.3:80                Route   1      0          0         
  -> 172.25.26.4:80                Route   1      0          0         
[[email protected] html]# ip addr add 172.25.26.100/24 dev eth0

物理机:

[[email protected] ~]# curl 172.25.26.100
^C

server2:

[[email protected] ~]# ip addr add 172.25.26.100 dev eth0

server3:

[[email protected] ~]# ip addr add 172.25.26.100 dev eth0

物理机:

[[email protected] ~]# curl www.westos.org
www.westos.org - server2
[[email protected] ~]# curl www.westos.org
www.westos.org - server3
//此时轮叫成功,但这只是暂时的,这是有三个主机的ip同为172.25.2.100,只是恰好ia连接选择server1而已,我们可以做一个测试

物理机上:

[[email protected] ~]# arp -d 172.25.26.100    //清楚解析的缓存,arpwei地址解析协议
[[email protected] ~]# curl www.westos.org    //重新响应
www.westos.org - server2
[[email protected] ~]# curl www.westos.org
www.westos.org - server2                     //两次均为server2
[[email protected] ~]# arp -an |grep 100      //查看解析地址的MAC地址

server2:

[[email protected] ~]# ip addr


//两者比对相同,说明此时是直接访问服务其server2的,而未访问LVS服务器server1。

解决方法,限制对server2和server3的172.25.26.100ip访问。
对两台主机

[[email protected] ~]# yum install arptables_jf -y
[[email protected] ~]# arptables -L    //三个链表
Chain IN (policy ACCEPT)
target     source-ip            destination-ip       source-hw          destination-hw     hlen   op         hrd        pro       

Chain OUT (policy ACCEPT)
target     source-ip            destination-ip       source-hw          destination-hw     hlen   op         hrd        pro       

Chain FORWARD (policy ACCEPT)
target     source-ip            destination-ip       source-hw          destination-hw     hlen   op         hrd        pro       
[[email protected] ~]# arptables -A IN -d 172.25.26.100 -j DROP     
[[email protected] ~]# arptables -A OUT -s 172.25.26.100 -j mangle --mangle-ip-s 172.25.26.3
[[email protected] etc]# /etc/init.d/arptables_jf save

Saving current rules to /etc/sysconfig/arptables:          [  OK  ]
[[email protected] etc]# /etc/init.d/arptables_jf start
Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying arptables firewall rules:                         [  OK  ]

物理机:

[[email protected] ~]# arp -d 172.25.26.100
[[email protected] ~]# curl www.westos.org
www.westos.org - server2
[[email protected] ~]# curl www.westos.org
www.westos.org - server3
[[email protected] ~]# curl www.westos.org
www.westos.org - server2
[[email protected] ~]# curl www.westos.org
www.westos.org - server3
//此时轮叫成功。

物理机:
[[email protected] ~]# curl 172.25.26.100
^C

server2:
[[email protected] ~]# ip addr add 172.25.26.100 dev eth0
server3:
[[email protected] ~]# ip addr add 172.25.26.100 dev eth0

物理机:
[[email protected] ~]# curl www.westos.org
www.westos.org - server2
[[email protected] ~]# curl www.westos.org
www.westos.org - server3
//此时轮叫成功,但这只是暂时的,这是有三个主机的ip同为172.25.2.100,只是恰好ia连接选择server1而已,我们可以做一个测试
物理机上:
[[email protected] ~]# arp -d 172.25.26.100    //清楚解析的缓存,arpwei地址解析协议
[[email protected] ~]# curl www.westos.org    //重新响应
www.westos.org - server2
[[email protected] ~]# curl www.westos.org
www.westos.org - server2                     //两次均为server2
[[email protected] ~]# arp -an |grep 100      //查看解析地址的MAC地址

server2:
[[email protected] ~]# ip addr


//两者比对相同,说明此时是直接访问服务其server2的,而未访问LVS服务器server1。

解决方法,限制对server2和server3的172.25.26.100ip访问。
对两台主机
[[email protected] ~]# yum install arptables_jf -y
[[email protected] ~]# arptables -L    //三个链表
Chain IN (policy ACCEPT)
target     source-ip            destination-ip       source-hw          destination-hw     hlen   op         hrd        pro       

Chain OUT (policy ACCEPT)
target     source-ip            destination-ip       source-hw          destination-hw     hlen   op         hrd        pro       

Chain FORWARD (policy ACCEPT)
target     source-ip            destination-ip       source-hw          destination-hw     hlen   op         hrd        pro       
[[email protected] ~]# arptables -A IN -d 172.25.26.100 -j DROP     
[[email protected] ~]# arptables -A OUT -s 172.25.26.100 -j mangle --mangle-ip-s 172.25.26.3
[[email protected] etc]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables:          [  OK  ]
[[email protected] etc]# /etc/init.d/arptables_jf start
Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying arptables firewall rules:                         [  OK  ]

物理机:
[[email protected] ~]# arp -d 172.25.26.100
[[email protected] ~]# curl www.westos.org
www.westos.org - server2
[[email protected] ~]# curl www.westos.org
www.westos.org - server3
[[email protected] ~]# curl www.westos.org
www.westos.org - server2
[[email protected] ~]# curl www.westos.org
www.westos.org - server3
//此时轮叫成功。

server1

 cd /root
   ls
ldirectord-3.9.5-3.1.x86_64.rpm


     yum install ldirectord-3.9.5-3.1.x86_64.rpm
    rpm -ql ldirectord
    cp /usr/share/doc/ldirectord-3.9.5/ldirectord.cf   /etc/ha.d
    cd /etc/ha.d
    ls
     vim ldirectord.cf


   83  ipvsadm -C
   84  ipvsadm -l
   85  /etc/init.d/ldirectord   start
   86  ipvsadm -l
   87  vim /etc/httpd/conf/httpd.conf
   89  /etc/init.d/httpd    restart
   90  cd /var/www/html
   91  ls
   92  rm -fr *
   93  vim index.html
   94  ipvsadm -l

172.25.254.2:
 /etc/init.d/httpd stop
   34  /etc/init.d/httpd start
   35  /etc/init.d/httpd stop
   36  /etc/init.d/httpd start
172.25.254.3
 /etc/init.d/httpd stop
   34  /etc/init.d/httpd start
   35  /etc/init.d/httpd stop
   36  /etc/init.d/httpd start

物理机:

[[email protected] 安装包]# curl 172.25.254.100
bbs.westos.org
[[email protected] 安装包]# curl 172.25.254.100
www.westos.org----server2
[[email protected] 安装包]# curl 172.25.254.100
bbs.westos.org
[root[email protected] 安装包]# curl 172.25.254.100
bbs.westos.org
[[email protected] 安装包]# curl 172.25.254.100
此站点正在维修


 

原文链接:加载失败,请重新获取