上一篇博客我们说了三种模式, NAT,TUN,DR 这次是 DR+Keepalived
先了解什么是 Keepalived
keepalived 采用 VRRP 热备份协议实现 Linux 服务器的多机热备功能
VRRP, 虚拟路由冗杂协议, 是针对路由器的一种备份解决方案
keepalived 可以实现多机热备, 每个热备组可有多台服务器, 最常用的就是双机热备
双击热备的故障切换是由虚拟 IP 地址的飘逸来实现, 适用于各种应用服务器
LVS-DR 的 ARP 问题
在 LVS-DR 的负载均衡群集中, 负载均衡器与节点服务器都要配置相同的 VIP 地址
在局域网中具有相同的 IP 地址, 势必会造成服务器 APR 通信的紊乱
当一个 ARP 广播发送到 LVS-DR 集群时, 因为负载均衡器和节点服务器都是连接到相同的网络上, 它们都会接收到 ARP 广播
此时只有前端的负载均衡器进行响应. 其他节点服务器不应该响应 ARP 广播
LVS-DR 的 ARP 问题解决方案
对节点服务器进行处理, 使其不响应针对 VIP 的 ARP 请求
使用虚接口 lo:0 承载 VIP 地址
设置内核参数 arp_ignore=1: 系统只响应目的 IP 为本地 IP 的 ARP 请求
下面我们来做实验
实验规划
我们需要五台虚拟机
DR1 主服务器 192.168.100.201
DR4 备份服务器 192.168.100.202
- Web 5 192.168.100.221
- Web 7 192.168.100.222
- vip 192.168.100.10
- clent 192.168.100.50
把需要的 LVS 模块, keepalived,http 分别装好
- #1,4
- [[email protected] ~]# yum install ipvsadm keepalived -y
- #5,7
- [[email protected] ~]# yum install httpd -y
第一台主负载均衡调度器选择仅主机模式, 配置网卡
- [[email protected] ~]# VIM /etc/sysconfig/network-scripts/ifcfg-ens33
- BOOTPROTO=static #静态
- DEFROUTE=yes
- IPV4_FAILURE_FATAL=no
- IPV6INIT=yes
- IPV6_AUTOCONF=yes
- IPV6_DEFROUTE=yes
- IPV6_FAILURE_FATAL=no
- IPV6_ADDR_GEN_MODE=stable-privacy
- NAME=ens33
- UUID=849aa04e-1874-490f-8cb0-b2fde4b9a6f8
- DEVICE=ens33
- ONBOOT=yes
- IPADDR=192.168.100.201 #地址
- NETMASK=255.255.255.0 #子网 掩码
- GATEWAY=192.168.100.1 #网关
- [[email protected] ~]# systemctl restart network #ch 重启网络服务
- [[email protected] ~]# ifconfig #查看固定地址是否生效
第二台 4 备份负载均衡调度器, 绑定仅主机模式, 配置网卡
- [[email protected] ~]# VIM /etc/sysconfig/network-scripts/ifcfg-ens33
- BOOTPROTO=static
- DEFROUTE=yes
- IPV4_FAILURE_FATAL=no
- IPV6INIT=yes
- IPV6_AUTOCONF=yes
- IPV6_DEFROUTE=yes
- IPV6_FAILURE_FATAL=no
- IPV6_ADDR_GEN_MODE=stable-privacy
- NAME=ens33
- UUID=c3f0a196-6819-4702-9b54-7cad18402591
- DEVICE=ens33
- ONBOOT=yes
- IPADDR=192.168.100.202
- NETMASK=255.255.255.0
- GATEWAY=192.168.100.1
- [[email protected] ~]# systemctl restart network
- [[email protected] ~]# ifconfig
第三台 5web 服务器绑定仅主机模式, 配置网卡
- [[email protected] ~]# VIM /etc/sysconfig/network-scripts/ifcfg-ens33
- BOOTPROTO=static
- DEFROUTE=yes
- IPV4_FAILURE_FATAL=no
- IPV6INIT=yes
- IPV6_AUTOCONF=yes
- IPV6_DEFROUTE=yes
- IPV6_FAILURE_FATAL=no
- IPV6_ADDR_GEN_MODE=stable-privacy
- NAME=ens33
- UUID=a6cf69fe-eb42-4a99-9239-0da4cdeae0c7
- DEVICE=ens33
- ONBOOT=yes
- IPADDR=192.168.100.221
- NETMASK=255.255.255.0
- GATEWAY=192.168.100.1
- [[email protected] ~]# systemctl restart network
- [[email protected] ~]# ifconfig
第四台 7web 服务器绑定仅主机模式, 配置网卡
- [[email protected] ~]# VIM /etc/sysconfig/network-scripts/ifcfg-ens33
- BOOTPROTO=static
- DEFROUTE=yes
- IPV4_FAILURE_FATAL=no
- IPV6INIT=yes
- IPV6_AUTOCONF=yes
- IPV6_DEFROUTE=yes
- IPV6_FAILURE_FATAL=no
- IPV6_ADDR_GEN_MODE=stable-privacy
- NAME=ens33
- UUID=447e510f-fea3-4b6c-8f47-d0c6319ead28
- DEVICE=ens33
- ONBOOT=yes
- IPADDR=192.168.100.222
- NETMASK=255.255.255.0
- GATEWAY=192.168.100.1
- [[email protected] ~]# systemctl restart network
- [[email protected] ~]# ifconfig
配置第一台 1 主服务器
- [[email protected] ~]# VIM /etc/sysctl.conf
- net.ipv4.ip_forward=1
- #proc 响应关闭重定向功能
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- net.ipv4.conf.ens33.send_redirects = 0
- [[email protected] ~]# sysctl -p #生效
- net.ipv4.ip_forward = 1
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- net.ipv4.conf.ens33.send_redirects = 0
创建虚拟网卡
- [[email protected] ~]# cd /etc/sysconfig/network-scripts/
- [[email protected] network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0
- [[email protected] network-scripts]# VIM ifcfg-ens33:0
- 100dd
- DEVICE=ens33:0
- ONBOOT=yes
- IPADDR=192.168.100.10
- NETMASK=255.255.255.0
- [[email protected] network-scripts]# ifup ens33:0 #开启网卡, 这个网关是用来做虚拟 IP 的, 相当于一给访问入口
- [[email protected] network-scripts]# ifconfig
- [[email protected] network-scripts]# cd /etc/init.d/
- [[email protected] init.d]# VIM dr.sh
- #!/bin/bash
- GW=192.168.100.1
- VIP=192.168.100.10
- RIP1=192.168.100.221
- RIP2=192.168.100.222
- case "$1" in
- start)
- /sbin/ipvsadm --save> /etc/sysconfig/ipvsadm
- systemctl start ipvsadm
- /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
- /sbin/route add -host $VIP dev ens33:0
- /sbin/ipvsadm -A -t $VIP:80 -s rr
- /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
- /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
- echo "ipvsadm starting --------------------[ok]"
- ;;
- stop)
- /sbin/ipvsadm -C
- systemctl stop ipvsadm
- ifconfig ens33:0 down
- route del $VIP
- echo "ipvsadm stoped---------------------[ok]"
- ;;
- status)
- if [ ! -e /var/lock/subsys/ipvsadm ];then
- echo "ipvsadm stoped---------------"
- exit 1
- else
- echo "ipvsamd Runing ---------[ok]"
- fi
- ;;
- *)
- echo "Usage: $0 {start|stop|status}"
- exit 1
- esac
- exit 0
- [[email protected] init.d]# service dr.sh start
- ipvsadm starting --------------------[ok]
- [[email protected] init.d]# systemctl status ipvsadm
配置第一台 5web 服务器
- [[email protected] ~]# systemctl start httpd.service
- [[email protected] ~]# systemctl stop firewalld.service
- [[email protected] ~]# setenforce 0
- [[email protected] ~]# cd /var/www/HTML/
- [[email protected] HTML]# echo "this is accp web"> index.HTML
- [[email protected] HTML]# cd /etc/sysconfig/network-scripts/
- [[email protected] network-scripts]# cp ifcfg-lo ifcfg-lo:0
- [[email protected] network-scripts]# VIM ifcfg-lo:0
- DEVICE=lo:0
- IPADDR=192.168.100.10
- NETMASK=255.255.255.0
- ONBOOT=yes
- [[email protected] network-scripts]# cd /etc/init.d/
- [[email protected] init.d]# VIM Web.sh
- # 写一个脚本让它能响应调度服务器的控制, 服务的启动和关闭
- #!/bin/bash
- VIP=192.168.100.10
- case "$1" in
- start)
- ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
- /sbin/route add -host $VIP dev lo:0
- echo "1">/proc/sys.NET/ipv4/conf/lo/arp_ignore
- echo "2">/proc/sys.NET/ipv4/conf/lo/arp_announce
- echo "1">/proc/sys.NET/ipv4/conf/all/arp_ignore
- echo "2">/proc/sys.NET/ipv4/conf/all/arp_announce
- sysctl -p>/dev/null 2>&1
- echo "RealServer Start OK"
- ;;
- stop)
- ifconfig lo:0 down
- route del $VIP /dev/null 2>&1
- echo "0">/proc/sys.NET/ipv4/conf/lo/arp_ignore
- echo "0">/proc/sys.NET/ipv4/conf/lo/arp_announce
- echo "0">/proc/sys.NET/ipv4/conf/all/arp_ignore
- echo "0">/proc/sys.NET/ipv4/conf/all/arp_announce
- echo "RealServer Stopd"
- ;;
- *)
- echo "Usage: $0 {start|stop}"
- exit 1
- esac
- exit 0
- [[email protected] init.d]# chmod +x Web.sh
- [[email protected] init.d]# service Web.sh start
- RealServer Start OK
- [[email protected] init.d]# ifup lo:0 #开启虚拟网卡
- [[email protected] network-scripts]# ifconfig
- lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
- .NET 192.168.100.10 netmask 255.255.255.0
- loop txqueuelen 1 (Local Loopback)
- [[email protected] network-scripts]# Firefox "http://127.0.0.1/" & #用火狐浏览器去访问回访地址, 放在后台运行
- [2] 17973
配置第二台 7web 服务器
- [[email protected] ~]# systemctl start httpd
- [[email protected] ~]# systemctl stop firewalld.service
- [[email protected] ~]# setenforce 0
- [[email protected] ~]# cd /var/www/HTML/
- [[email protected] HTML]# echo "this is kgv web"> index.HTML
- [[email protected] HTML]# cd /etc/sysconfig/network-scripts/
- [[email protected] network-scripts]# cp ifcfg-lo ifcfg-lo:0
- [[email protected] network-scripts]# VIM ifcfg-lo:0
- DEVICE=lo:0
- IPADDR=192.168.100.10
- NETMASK=255.255.255.0
- ONBOOT=yes
- [[email protected] network-scripts]# cd /etc/init.d/
- [[email protected] init.d]# VIM Web.sh
- #!/bin/bash
- VIP=192.168.100.10
- case "$1" in
- start)
- ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
- /sbin/route add -host $VIP dev lo:0
- echo "1">/proc/sys.NET/ipv4/conf/lo/arp_ignore
- echo "2">/proc/sys.NET/ipv4/conf/lo/arp_announce
- echo "1">/proc/sys.NET/ipv4/conf/all/arp_ignore
- echo "2">/proc/sys.NET/ipv4/conf/all/arp_announce
- sysctl -p>/dev/null 2>&1
- echo "RealServer Start OK"
- ;;
- stop)
- ifconfig lo:0 down
- route del $VIP /dev/null 2>&1
- echo "0">/proc/sys.NET/ipv4/conf/lo/arp_ignore
- echo "0">/proc/sys.NET/ipv4/conf/lo/arp_announce
- echo "0">/proc/sys.NET/ipv4/conf/all/arp_ignore
- echo "0">/proc/sys.NET/ipv4/conf/all/arp_announce
- echo "RealServer Stopd"
- ;;
- *)
- echo "Usage: $0 {start|stop}"
- exit 1
- esac
- exit 0
- [[email protected] init.d]# chmod +x Web.sh
- [[email protected] init.d]# ifup lo:0
- [[email protected] init.d]# service Web.sh start
- RealServer Start OK
- [[email protected] init.d]# Firefox "http://127.0.0.1/" &
- [1] 17916
去客户端去测试一下, 先设置同一网段的地址
去 1 主服务器测试能不能 Ping 通两个 Web 服务器
- [[email protected] init.d]# ping 192.168.100.221
- PING 192.168.100.221 (192.168.100.221) 56(84) bytes of data.
- 64 bytes from 192.168.100.221: icmp_seq=1 ttl=64 time=0.416 ms
- 64 bytes from 192.168.100.221: icmp_seq=2 ttl=64 time=0.420 ms
- [[email protected] init.d]# ping 192.168.100.222
- PING 192.168.100.222 (192.168.100.222) 56(84) bytes of data.
- 64 bytes from 192.168.100.222: icmp_seq=1 ttl=64 time=0.348 ms
- 64 bytes from 192.168.100.222: icmp_seq=2 ttl=64 time=0.490 ms
再去客户端测试一下, 我们的 LVS 没问题
(我们刷新一下就跳出第二个网页了)
去主服务器 1 配置 keepalive
- [[email protected] keepalived]# VIM keepalived.conf
- 10 smtp_server 127.0.0.1
- 12 router_id LVS_01
- 22 virtual_router_id 10
- 27 auth_pass abc123
- 30 192.168.100.10 #把原来的删掉我们只需要一个
- 36 virtual_server 192.168.100.10 80 {
- 39 lb_kind DR
- 45 TCP_CHECK {
- 43 real_server 192.168.100.221 80 {
- 44 weight 1
- 45 TCP_CHECK {
- 46 connect_port 80
- 47 connect_timeout 3
- 48 nb_get_retry 3
- 49 delay_before_retry 3
- 50 }
- 51 }
- 52 real_server 192.168.100.222 80 {
- 53 weight 1
- 54 TCP_CHECK {
- 55 connect_port 80
- 56 connect_timeout 3
- [[email protected] keepalived]# systemctl start keepalived.service
- [[email protected] keepalived]# systemctl status keepalived.service #查看状态, 如果没起来在开启一次
- [[email protected] keepalived]# ip addr show dev ens33:0 #查看网卡有没有被启动起来
- 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
- link/ether 00:0c:29:c9:dd:05 brd ff:ff:ff:ff:ff:ff
- .NET 192.168.100.201/24 brd 192.168.100.255 scope global ens33
- valid_lft forever preferred_lft forever
- .NET 192.168.100.10/24 brd 192.168.100.255 scope global secondary ens33:0
- valid_lft forever preferred_lft forever
- inet6 fe80::e3c7:14af:6e4d:7216/64 scope link
- valid_lft forever preferred_lft forever
同样的配置第二台备份的 4 服务器
- [[email protected] ~]# systemctl stop firewalld.service
- [[email protected] ~]# setenforce 0
- [[email protected] ~]# VIM /etc/sysctl.conf
- net.ipv4.ip_forward=1
- #proc 响应关闭重定向功能
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- net.ipv4.conf.ens33.send_redirects = 0
- [[email protected] ~]# sysctl -p #生效
- net.ipv4.ip_forward = 1
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- net.ipv4.conf.ens33.send_redirects = 0
创建虚拟网卡
- [[email protected] ~]# cd /etc/sysconfig/network-scripts/
- [[email protected] network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0
- [[email protected] network-scripts]# VIM ifcfg-ens33:0
- 100dd
- DEVICE=ens33:0
- ONBOOT=yes
- IPADDR=192.168.100.10
- NETMASK=255.255.255.0
- [[email protected] network-scripts]# service network restart
Restarting network (via systemctl): [ 确定 ]
- [[email protected] network-scripts]# ifup ens33:0 #开启网卡, 这个网关是用来做虚拟 IP 的, 相当于一给访问入口
- [[email protected] network-scripts]# ifconfig
- [[email protected] network-scripts]# cd /etc/init.d/
- [[email protected] init.d]# VIM dr.sh
- #!/bin/bash
- GW=192.168.100.1
- VIP=192.168.100.10
- RIP1=192.168.100.221
- RIP2=192.168.100.222
- case "$1" in
- start)
- /sbin/ipvsadm --save> /etc/sysconfig/ipvsadm
- systemctl start ipvsadm
- /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
- /sbin/route add -host $VIP dev ens33:0
- /sbin/ipvsadm -A -t $VIP:80 -s rr
- /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
- /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
- echo "ipvsadm starting --------------------[ok]"
- ;;
- stop)
- /sbin/ipvsadm -C
- systemctl stop ipvsadm
- ifconfig ens33:0 down
- route del $VIP
- echo "ipvsadm stoped---------------------[ok]"
- ;;
- status)
- if [ ! -e /var/lock/subsys/ipvsadm ];then
- echo "ipvsadm stoped---------------"
- exit 1
- else
- echo "ipvsamd Runing ---------[ok]"
- fi
- ;;
- *)
- echo "Usage: $0 {start|stop|status}"
- exit 1
- esac
- exit 0
- [[email protected] init.d]# chmod +x dr.sh
- [[email protected] init.d]# service dr.sh start
- ipvsadm starting --------------------[ok]
- [[email protected] init.d]# cd /etc/keepalived/
- [[email protected] keepalived]# VIM keepalived.conf
- 10 smtp_server 127.0.0.1
- 12 router_id LVS_02
- 20 state BACKUP
- 22 virtual_router_id 10
- 23 priority 99
- 27 auth_pass abc123
- 30 192.168.100.10
- [[email protected] keepalived]# systemctl start keepalived.service
- [[email protected] keepalived]# systemctl status keepalived.service #查看状态, 如果没起来在开启一次
我们把主服务器 1 关掉, 去客户端去测试一下是不是还能 Ping 通
- [[email protected] keepalived]# ifdown ens33:0
- C:\Users\CHEN>ping 192.168.100.10
正在 Ping 192.168.100.10 具有 32 字节的数据:
来自 192.168.100.10 的回复: 字节 = 32 时间 < 1ms TTL=64
来自 192.168.100.10 的回复: 字节 = 32 时间 < 1ms TTL=64
来自 192.168.100.10 的回复: 字节 = 32 时间 < 1ms TTL=64
来自 192.168.100.10 的回复: 字节 = 32 时间 < 1ms TTL=6
来源: http://www.bubuko.com/infodetail-3374597.html