关于网上lvs+keepalived的文章很多,但是多数都是DR模式的方案,对于 nat模式的并不多见,因此,在此写一份nat模式的文章,仅供分享也当笔记保存。
网络拓扑结构:
现在的Linux系统内核都是支持lvs的,所以我们直接可以用yum安装ipvsadm
yum 源的替换,将系统的yum源替换成163的yum源
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
centos-163.repo rhel-source.repo.bak
[root@localhost yum.repos.d]# vim centos-163.repo
#mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=updates gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful [extras] name=CentOS-6 - Extras - 163.com baseurl=http://mirrors.163.com/centos/6/extras/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=extras gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-6 - Plus - 163.com baseurl=http://mirrors.163.com/centos/6/centosplus/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=centosplus gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #contrib - packages by Centos Users [contrib] name=CentOS-6 - Contrib - 163.com baseurl=http://mirrors.163.com/centos/6/contrib/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=contrib gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
LVS软件的安装
[root@localhost yum.repos.d]# yum install ipvsadm -y
开启路由转发功能
[root@localhost yum.repos.d]# vim /etc/sysctl.conf
将net.ipv4.ip_forward = 0改成net.ipv4.ip_forward = 1
使配置生效
[root@localhost yum.repos.d]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_local_port_range = 1024 65000
关闭系统自带防火墙和selinux策略
[root@localhost yum.repos.d]# iptables -F
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost yum.repos.d]# iptables -t nat -F
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost yum.repos.d]# setenforce 0
keepalived安装和配置
由于nat模式的realserver的网关为负载服务器的IP。所以做主备的时候,网关也要能跟随外网VIP的切换一同切换,在这里,我们将定义一个vrrp组,一个inside_network,一个outside_network. inside_network的VIP作为RealServer网关地址,outside_network的VIP作为外网访问地址
[root@localhostyum.repos.d]#wget http://www.keepalived.org/software/keepalived-1.2.4.tar.gz
[root@localhostyum.repos.d]# tar xf keepalived-1.2.4.tar.gz
[root@localhostyum.repos.d]# yum install gcc* openssl* popt-devel libnl*
[root@localhostyum.repos.d]# cd keepalived-1.2.4
[root@localhost keepalived-1.2.4]# ./configure prefix=/usr/local/keepalived
[root@localhost keepalived-1.2.4]# make;make install
[root@localhost keepalived-1.2.4]# cd /usr/local/keepalived/etc/keepalived
[root@localhost keepalived-1.2.4]# cp keepalived.conf keepalived.conf_bak
[root@localhost keepalived-1.2.4]#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig
[root@localhost keepalived]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { hehui0816@163.com #主备切换时候收邮件的地址,一行一个 847616606@163.com } notification_email_from #指定邮件的来源 smtp_server 127.0.0.1 #使用本地邮件服务器 smtp_connect_timeout 30 #指定邮件连接超时时间 router_id LVS_MASTER #指定router_id标识符 ,主备的可以相同,也可以不相同 } vrrp_syncv_group SWJ { #定义一个虚拟路由组 group { inside_network outside_network } } vrrp_instance outside_network { state MASTER #设置主lvs负载为master ,备用的为BACKUP interface eth0 #设置VIP的绑定网卡 track_interface { #定义额外的监听网卡,只要其中一个网卡出现故障就会发生主备切换 # eth0 eth1 } lvs_sync_daemon_inteface eth0 #设置lvs监听网卡 virtual_router_id 100 #设置虚拟路由ID号,同一组主备的ID号要一样 priority 100 #设置优先级,MASTER的优先级要比BACKUP的高 advert_int 1 #设置vrrp检测时间,默认为1S authentication { #设置认证信息,主备要一样 auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.204.172.2/26 #设置外网VIP } } vrrp_instance inside_network { state MASTER interface eth1 track_interface { eth0 # eth1 } lvs_sync_daemon_inteface eth0 virtual_router_id 50 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.21/24 #设置网关地址为内网VIP } } virtual_server 10.204.172.2 9912 { #设置策略 vip+端口 delay_loop 6 lb_algo rr # 设置策略,在这里为轮询模式,也可以设置为wrr或其他 lb_kind NAT #设置为NAT模式,DR模式换为DR即可 nat_mask 255.255.255.192 #persistence_timeout 50 # 此处注释,不然在50s里面访问的都是同一台后端服务器 protocol TCP real_server 192.168.1.32 9912 { #设置真实服务器IP+端口 weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 9912 #设置连接端口 } } real_server 192.168.1.31 9912 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 9912 } } }
配置好了之后启动keepalived服务
[root@localhost ~]# /etc/init.d/keepalived restart
Stopping keepalived: [ OK ]
Starting keepalived: [ OK ]
查看主lvs的IP
查看备用lvs的IP
查看lvs负载:
查看日志
模拟主设备出现故障,ifdown eth0 或者将keepalived服务关闭
会发现VIP都会切换到备用负载上面去。
通过访问都能正常转发: