ipvsadm组件定义规则的格式:
1.定义集群服务格式:
(1).添加集群服务:
ipvsadm -A|E -t|u|f service-address [-s scheduler]
[-p [timeout]] [-M netmask]
-A: 表示添加一个新的集群服务
-E: 编辑一个集群服务
-t: 表示tcp协议
-u: 表示udp协议
-f: 表示firewall-Mark,防火墙标记
service-address: 集群服务的IP地址,即VIP
-s 指定调度算法
-p 持久连接时长,如#ipvsadm -Lcn ,查看持久连接状态
-M 定义掩码
ipvsadm -D -t|u|f service-address 删除一个集群服务
ipvsadm -C 清空所有的规则
ipvsadm -R 重新载入规则
ipvsadm -S [-n] 保存规则
2.向集群服务添加RealServer规则:
(1).添加RealServer规则
ipvsadm -a|e -t|u|f service-address -r server-address
[-g|i|m] [-w weight]
-a 添加一个新的realserver规则
-e 编辑realserver规则
-t tcp协议
-u udp协议
-f firewall-Mark,防火墙标记
service-address realserver的IP地址
-g 表示定八义为LVS-DR模型
-i 表示定义为LVS-TUN模型
-m 表示定义为LVS-NAT模型
-w 定义权重,后面跟具体的权值
ipvsadm -d -t|u|f service-address -r server-address --删除一个realserver
ipvsadm -L|l [options] --查看定义的规则
如:#ipvsadm -L -n
ipvsadm -Z [-t|u|f service-address] --清空计数器
配置环境
主机 | ip地址 | 安装 | 环境 |
DR | 192.168.170.132 | ipvsadm | centos8 |
RS1 | 192.168.170.133 | httpd | centos8 |
RS2 | 192.168.170.134 | httpd | centos8 |
准备工作
//安装httpd服务 [root@RS1 ~]# yum install httpd -y [root@RS2 ~]# yum install -y httpd //关闭防火墙和selinux [root@RS1 ~]# [root@RS2 ~]# systemctl disable --now firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@RS2 ~]# setenforce 0 [root@RS2 ~]# vim /etc/selinux/config [root@DR ~]# systemctl disable --now firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@DR ~]# setenforce 0 [root@DR ~]# vi /etc/selinux/config 写一个访问的网页,用来测试,真实情况不需要。 [root@RS1 ~]# vim /var/www/html/index.html [root@RS2 ~]# vim /var/www/html/index.html //启动服务 [root@RS1 ~]# systemctl restart httpd [root@RS1 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* [root@RS2 ~]# systemctl start httpd s[root@RS2 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:*
nat模式操作步骤
lvs-nat配置:director要配置两块网卡
配置IP地址信息:
director(dip,vip)
RS(rip)
开启DR的ip转发功能
在DR上添加并保存规则:
ipvsadm -A -t vip:port -s rr
ipvsadm -a -t vip:prot -r rip -m
ipvsadm -S > /etc/sysconfig/ipvsadm
负载均衡httpd
nat模式,需要dr主机有两张网卡
//开启ip转发功能 [root@DR ~]# vim /etc/sysctl.conf net.ipv4.ip_forward = 1 [root@DR ~]# sysctl -p net.ipv4.ip_forward = 1 //配置dip [root@DR network-scripts]# vim ifcfg-ens160 TYPE="Ethernet" BOOTPROTO=static NAME="ens160" DEVICE="ens160" ONBOOT="yes" IPADDR=192.168.170.132 NETMASK=255.255.255.0 //配置vip [root@DR network-scripts]# cp ifcfg-ens160 ifcfg-ens192 [root@DR network-scripts]# vim ifcfg-ens192 TYPE="Ethernet" BOOTPROTO=static NAME="ens192" DEVICE="ens192" ONBOOT="yes" IPADDR=192.168.109.250 NETMASK=255.255.255.0 //在RS1上指定网关为dip [root@RS1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160 TYPE="Ethernet" BOOTPROTO="static" DEFROUTE="yes" NAME="ens160" DEVICE="ens160" ONBOOT="yes" GATEWAY=192.168.170.132 IPADDR=192.168.170.133 NETMASK=255.255.255.0 DNS1=114.114.114.114 //重启网卡 [root@RS1 ~]# systemctl restart NetworkManager [root@RS1 ~]# ifdown ens160;ifup ens160 Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) //RS2网关也指定dip [root@RS2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160 TYPE="Ethernet" BOOTPROTO="static" DEFROUTE="yes" NAME="ens160" DEVICE="ens160" ONBOOT="yes" GATEWAY=192.168.170.132 IPADDR=192.168.170.134 NETMASK=255.255.255.0 DNS1=114.114.114.114 //重启网卡 [root@RS2 ~]# systemctl restart NetworkManager [root@RS2 ~]# ifdown ens160;ifup ens160 Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) //在dr上添加并保存规则 [root@DR ~]# ipvsadm -A -t 192.168.109.250:80 -s rr [root@DR ~]# ipvsadm -a -t 192.168.109.250:80 -r 192.168.170.133:80 -m [root@DR ~]# ipvsadm -a -t 192.168.109.250:80 -r 192.168.170.134:80 -m [root@DR ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.109.250:80 rr -> 192.168.170.133:80 Masq 1 0 0 -> 192.168.170.134:80 Masq 1 0 0 [root@DR ~]# ipvsadm -S > /etc/sysconfig/ipvsadm
DR模式配置负载均衡
准备工作跟之前一样
httpd已经装上,ipvsadm已经安装
[root@RS1 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* [root@RS2 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* [root@DR ~]# ipvsadm -l IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn
RS配置
//在两台主机配置文件中加入这两行 [root@RS1 ~]# vim /etc/sysctl.conf net.ipv4.conf.all.arp_ignore = 1 //将对应网卡设置为只回应目标IP为自身接口地址的ARP请求 net.ipv4.conf.all.arp_announce = 2 //将ARP请求的源IP设置为ens160上的IP,也就是RIP [root@RS2 ~]# vim /etc/sysctl.conf net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 [root@RS1 ~]# sysctl -p net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 [root@RS2 ~]# sysctl -p net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2
配置VIP
[root@DR ~]# ip addr add 192.168.170.250/32 dev ens160 [root@DR ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:40:b3:a2 brd ff:ff:ff:ff:ff:ff inet 192.168.170.132/24 brd 192.168.170.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet 192.168.170.250/32 scope global ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe40:b3a2/64 scope link valid_lft forever preferred_lft forever
[root@RS1 ~]# ip addr add 192.168.170.250/32 dev lo [root@RS1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.168.170.250/32 scope global lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever [root@RS2 ~]# ip addr add 192.168.170.250/32 dev lo [root@RS2 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.168.170.250/32 scope global lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever
配置路由
[root@RS1 ~]# yum install -y net-tools [root@RS2 ~]# yum install -y net-tools [root@RS1 ~]# route add -host 192.168.170.250/32 dev lo [root@RS1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.170.2 0.0.0.0 UG 100 0 0 ens160 192.168.170.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160 192.168.170.250 0.0.0.0 255.255.255.255 UH 0 0 0 lo [root@RS2 ~]# route add -host 192.168.170.250/32 dev lo [root@RS2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.170.2 0.0.0.0 UG 100 0 0 ens160 192.168.170.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160 192.168.170.250 0.0.0.0 255.255.255.255 UH 0 0 0 lo //命令的方式都是暂时的,想要永久生效就要写配置文件 [root@RS1 ~]# echo '192.168.100.250/32 via 0.0.0.0 dev lo' > /etc/sysconfig/network-scripts/route-lo
添加并保存规则
[root@DR ~]# ipvsadm -A -t 192.168.170.250:80 -s wrr [root@DR ~]# ipvsadm -a -t 192.168.170.250:80 -r 192.168.170.133 -g [root@DR ~]# ipvsadm -a -t 192.168.170.250:80 -r 192.168.170.134 -g [root@DR ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.170.250:80 wrr -> 192.168.170.133:80 Route 1 0 0 -> 192.168.170.134:80 Route 1 0 0 [root@DR ~]# ipvsadm -S > /etc/sysconfig/ip ip6tables-config iptables-config ipvsadm-config [root@DR ~]# ipvsadm -S > /etc/sysconfig/ipvsadm [root@DR ~]# systemctl enable --now ipvsadm.service Created symlink /etc/systemd/system/multi-user.target.wants/ipvsadm.service → /usr/lib/systemd/system/ipvsadm.service.
测试
[root@DR ~]# curl 192.168.170.250 This is RS2 [root@DR ~]# curl 192.168.170.250 This is RS1 [root@DR ~]# curl 192.168.170.250 This is RS2 [root@DR ~]# curl 192.168.170.250 This is RS1