写在前面:如果此文有幸被某位朋友看见并发现有错的地方,希望批评指正。如有不明白的地方,愿可一起探讨。
案例拓扑图
说明:
主机操作系统为:CentOS-6.5-x86_64
准备工作
安装keepalived和ipvsadm
在IP地址为10.170.2.60和10.170.2.61两台主机上安装keepalived和ipvsadm
# yum -y install keepalived # yum -y install ipvsadm
安装httpd
在IP地址为10.170.2.101和10.170.2.102两台主机上安装httpd
默认情况下,系统已经安装了httpd服务
配置keepalived1
# cd /etc/keepalived/ # cp keepalived.conf keepalived.conf.bak
[root@kha1 keepalived]# vim keepalived.conf
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 15 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 111111 } virtual_ipaddress { 10.170.2.100 } } vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 115 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 222222 } virtual_ipaddress { 10.170.2.200 } } virtual_server 10.170.2.100 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.252.0 persistence_timeout 0 protocol TCP real_server 10.170.2.101 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.170.2.102 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 10.170.2.200 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.252.0 persistence_timeout 0 protocol TCP real_server 10.170.2.101 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.170.2.102 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
配置keepalived2
# cd /etc/keepalived/ # cp keepalived.conf keepalived.conf.bak
[root@kha1 keepalived]# vim keepalived.conf
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 15 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 111111 } virtual_ipaddress { 10.170.2.100 } } vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 115 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 222222 } virtual_ipaddress { 10.170.2.200 } } virtual_server 10.170.2.100 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.252.0 persistence_timeout 0 protocol TCP real_server 10.170.2.101 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.170.2.102 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 10.170.2.200 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.252.0 persistence_timeout 0 protocol TCP real_server 10.170.2.101 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.170.2.102 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
配置web1
# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore # echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore # echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce # echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce # ifconfig lo:0 10.170.2.100 netmask 255.255.255.255 broadcast 10.170.2.100 up # route add -host 10.170.2.100 dev lo:0 # ifconfig lo:1 10.170.2.200 netmask 255.255.255.255 broadcast 10.170.2.200 up # route add -host 10.170.2.200 dev lo:1
编辑测试页面
# vim /var/www/html/index.html 内容为:<h1>www1.muluhe.com</h1>
启动httpd服务
# /etc/init.d/httpd start
配置web2
# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore # echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore # echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce # echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce # ifconfig lo:0 10.170.2.100 netmask 255.255.255.255 broadcast 10.170.2.100 up # route add -host 10.170.2.100 dev lo:0 # ifconfig lo:1 10.170.2.200 netmask 255.255.255.255 broadcast 10.170.2.200 up # route add -host 10.170.2.200 dev lo:1
编辑测试页面
# vim /var/www/html/index.html 内容为:<h1>www2.muluhe.com</h1>
启动httpd服务
# /etc/init.d/httpd start
启动keepalived服务并进行测试
启动keepalived1和keepalived2两台主机的keepalived服务
# /etc/init.d/keepalived start
打开浏览器,键入10.170.2.100,并刷新几下,然后在两台keepalived主机上进行测试
可分别得到如下结果
[root@kha1 keepalived]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.170.2.100:80 rr -> 10.170.2.101:80 Route 1 0 7 -> 10.170.2.102:80 Route 1 1 7 TCP 10.170.2.200:80 rr -> 10.170.2.101:80 Route 1 0 0 -> 10.170.2.102:80 Route 1 0 0
[root@kha2 keepalived]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.170.2.100:80 rr -> 10.170.2.101:80 Route 1 0 0 -> 10.170.2.102:80 Route 1 0 0 TCP 10.170.2.200:80 rr -> 10.170.2.101:80 Route 1 0 0 -> 10.170.2.102:80 Route 1 0 0
打开浏览器,键入10.170.2.200,并刷新几下,然后在两台keepalived主机上进行测试
可分别得到如下结果
[root@kha1 keepalived]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.170.2.100:80 rr -> 10.170.2.101:80 Route 1 0 0 -> 10.170.2.102:80 Route 1 0 0 TCP 10.170.2.200:80 rr -> 10.170.2.101:80 Route 1 0 0 -> 10.170.2.102:80 Route 1 0 0
[root@kha2 keepalived]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.170.2.100:80 rr -> 10.170.2.101:80 Route 1 0 0 -> 10.170.2.102:80 Route 1 0 0 TCP 10.170.2.200:80 rr -> 10.170.2.101:80 Route 1 0 7 -> 10.170.2.102:80 Route 1 1 7
停止keepalived1主机的keepalived服务,打开浏览器,分别键入10.170.2.100和10.170.2.200并刷新几下,然后在两台keepalived主机上进行测试
可分别得到如下结果
[root@kha1 keepalived]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@kha2 keepalived]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.170.2.100:80 rr -> 10.170.2.101:80 Route 1 0 5 -> 10.170.2.102:80 Route 1 0 6 TCP 10.170.2.200:80 rr -> 10.170.2.101:80 Route 1 0 6 -> 10.170.2.102:80 Route 1 0 5