LVS + KEEPALIVED + NAT模式详解
相信大家对LVS + KEEPALIVED已经很熟悉了。LVS即Linux Virtual Server;KEEPALIVED是为LVS设计的,主要提供了VRRP功能,解决静态路由的单点故障的问题,并且还能够检测每个服务节点的健康状态,当出现故障节点,keepalived能够剔除该节点,当故障节点回复后,又能够重新加入集群。
本实验是LVS+KEEPALIVED +NAT模式,在企业里这种模式用的比较少,适合小的访问量。正因如此,此方面的正式文档比较少,这也是我写此博客的原因。NAT模式所有的数据量都需要通过LD,所以LD得负载比较大,为减少LD的负载,可以选择使用TUN模式。实验架构简图如下:
qq:1185466650 那片依然海 群名:河北-why
LD:
station1 :外网IP eth0 172.16.1.11
内网IP eth1 192.168.1.11
Station2:外网 IP eth0 172.16.1.12
内网:IP eth1 192.168.1.12
浮动IP 172.16.1.100
网关浮动IP 192.168.1.254
Realserver Apache1 192.168.1.13
Apache2 192.168.1.14
在station1上
安装keepalived-1.2.7
yum -y install gcc make openssl-devel openssl net-snmp net-snmp-develpopt popt-devel
./configure --prefix=/usr/local/keepalived –enable-snmp
make && make install
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
ln -s /usr/local/keepalived/etc/keepalived.conf /etc/keepalived.conf修改主配置文件:
! Configuration File for keepalivedglobal_defs {
router_id KL_HOST1}
vrrp_instance VI_1 { state BACKUP interface eth0
virtual_router_id 51 priority 150 nopreempt advert_int 1
authentication { auth_type PASS auth_pass 1111 }
virtual_ipaddress {
qq:1185466650 那片依然海 群名:河北-why
172.16.1.100/24 }}
vrrp_instance VI_2 { state BACKUP interface eth1 nopreempt
virtual_router_id 52 priority 150 advert_int 1
authentication {
auth_type PASSauth_pass 2222 }
virtual_ipaddress {
192.168.1.254/24 }}
vrrp_sync_group VG_1 { group {
VI_1VI_2 }}
virtual_server 172.16.1.100 80 { delay_loop 6 lb_algo rr lb_kind NAT
nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP
# sorry_server 192.168.200.200 1358
real_server 192.168.1.13 80 { weight 1 HTTP_GET { url {
path /urltest/test.html
digest 37dba1d9a3c103df127b4e957c9de188 }
qq:1185466650 那片依然海 群名:河北-why
connect_timeout 3 nb_get_retry 3
delay_before_retry 3 } }
real_server 192.168.1.14 80 { weight 2 HTTP_GET { url {
path /urltest/test.html
digest 37dba1d9a3c103df127b4e957c9de188 }
connect_timeout 3 nb_get_retry 3
delay_before_retry 3 } }}
这里面的md5值是使用如下命令生成的。
/usr/local/keepalived/bin/genhash -s 192.168.1.14 -p 80 -u /urltest/test.html 防火墙配置:
[root@station1 tmp]# iptables -L -nChain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT 112 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHEDACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-withicmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
qq:1185466650 那片依然海 群名:河北-why
[root@station1 tmp]# iptables -L -n -t natChain PREROUTING (policy ACCEPT)
target prot opt source destination Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.1.0/24 0.0.0.0/0 Chain OUTPUT (policy ACCEPT)
target prot opt source destination [root@station1 tmp]# 在station2操作
安装keepalived-1.2.7
yum -y install gcc make openssl-devel openssl net-snmp net-snmp-develpopt popt-devel
./configure --prefix=/usr/local/keepalived –enable-snmp
make && make install
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
ln -s /usr/local/keepalived/etc/keepalived.conf /etc/keepalived.conf修改主配置文件:
! Configuration File for keepalivedglobal_defs {
router_id KL_HOST2}
vrrp_instance VI_1 { state BACKUP interface eth0
virtual_router_id 51 priority 100 advert_int 1
authentication { auth_type PASS auth_pass 1111 }
virtual_ipaddress {
qq:1185466650 那片依然海 群名:河北-why
172.16.1.100/24 }}
vrrp_instance VI_2 { state BACKUP interface eth1
virtual_router_id 52 priority 100 advert_int 1
authentication {
auth_type PASSauth_pass 2222 }
virtual_ipaddress {
192.168.1.254/24 }}
vrrp_sync_group VG_1 { group {
VI_1VI_2 }}
virtual_server 172.16.1.100 80 { delay_loop 6 lb_algo rr lb_kind NAT
nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP
# sorry_server 192.168.200.200 1358
real_server 192.168.1.13 80 { weight 1 HTTP_GET { url {
path /urltest/test.html
digest 37dba1d9a3c103df127b4e957c9de188 }
connect_timeout 3
qq:1185466650 那片依然海 群名:河北-why
nb_get_retry 3
delay_before_retry 3 } }
real_server 192.168.1.14 80 { weight 2 HTTP_GET { url {
path /urltest/test.html
digest 37dba1d9a3c103df127b4e957c9de188 }
connect_timeout 3 nb_get_retry 3
delay_before_retry 3 } }}
station2的防火墙和station1的完全一样apache2和apache1上做如下相同配置yum -y install httpd
mkdir /var/www/html/urltest/
echo “this is a test page” > /var/www/html/urltest/test.htmliptables -I INPUT -p tcp –dport 80 -j ACCEPTservice iptables saveservice httpd startchkconfig httpd on
所有配置已经完成
在staiton1和station2上开启keepalived服务,并打开路由功能net.ipv4.ip_forward = 1
keepalived -f /etc/keepalived.conf
echo “keepalived -f /etc/keepalived.conf” >> /etc/rc.local测试keepalived的vrrp功能和集群功能都没有任何问题!
因篇幅问题不能全部显示,请点此查看更多更全内容