LVS BGP 部署 lvs 配置

LVS的参数：<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

ipvsadm:

       定义服务

       定义服务相关的Realserver

ipvsadm ： 参数

       -A 添加ipvsadm规则

       -E 修改

       -D 删除服务

       -Z 清空active数

              ipvsadm -Z -t 192.168.0.65:80

       -t tcp协议

       -s 算法

       -m LVS-NAT

       -g LVS-DR

       -i LVS-TUN

       -w 指定权重

              ipvsadm -A -t 192.168.0.65:80 -s rr  添加服务规则

              ipvsasm -a -t 192.168.0.65:80 -r 192.168.10.6  -m -w 50  添加realserver(192.168.10.6)

       -a 添加realserver

       -e 修改realserver

       -d 删除realserver

       -Ln 查看ipvsadm规则

       -S 保存规则

              ipvsadm -S >> /etc/sysconfig/ip.ipvs ===ipvsadm-save >>/etc/sysconfig/ip.ipvs

              ipvsadm -R < /etc/sysconfig/ip.ipvs

              service ipvsadm save

LVS 工作需要：

              定义服务

              为此服务定义realserver

负载均集群的配置：

       LVS-NAT的配置

              Director：两块网卡eth0：桥接的 VIP：192.168.0.65 eth1:网络连接为自定义的DIP 192.168.10.1

              两台realserver：网络连接于director的eth1相同

                     realserver1   eth0 192.168.10.6/24

                     realserver2   eth0 192.168.10.7/24

              1.配置两台realserver的web服务

                     安装httpd 启动

                     测试服务是否正常elinks: 192.168.10.2|3

                     配置网关route add default gw 192.168.10.1  两台realserver都要配置

              2、配置director

                    打开路由转发功能 vim /etc/sysctl.conf

                            net.ipv4.ip_forward = 1

                     安装LVS yum install ipvsadm

                     ipvsadm -A -t 192.168.0.65:80 -s rr

                     ipvsadm -Ln 查看

                     ipvsadm -a -t 192.168.0.65:80 -r 192.168.10.6 -m -w 5

                     ipvsadm -a -t 192.168.0.65:80 -r 192.168.10.7 -m -w 2

              3、测试：http://192.168.0.65

             4、修改算法测试

                     ipvsadm -E -t 192.168.0.65:80 -s wrr

                     ipvsadm -Z -t 192.168.0.65:80 清空计数器 active的连接数

                     再进行测试

       LVS-DR的配置：R1 R2为realserver

                     director：eth0: DIP 192.168.0.185  eth0:0 vip 192.168.0.83 公网地址

                     R1： eth0: RIP 192.168.0.186   lo:0 vip 192.168.0.83

                     R2:  eth0: RIP  192.168.0.187  lo:0 vip 192.168.0.83

                     1、配置两台realserver 即R1 R2

                            配置ip

                            保证R1、 R2的wed服务正常80端口开启

                            vim /etc/sysctl.conf 添加 以隐藏ARP广播的请求

                               net.ipv4.conf.lo.arp_ignore = 1

                               net.ipv4.conf.lo.arp_announce = 2

                               net.ipv4.conf.all.arp_ignore = 1

                               net.ipv4.conf.all.arp_announce = 2

                            sysctl -p 让其配置生效

                            配置vip地址：

                        ifconfig lo:0192.168.0.83broadcast192.168.0.83netmask255.255.255.255 up

                            ifconfig 查看

                            添加主机路由：指定数据包从lo:0出去

                            route add -host 192.168.0.83 dev lo:0

                            route -n

                     两台realserver配置国过程相同只是ip不同

                     2、配置director

                             配置eth0的ip:192.168.0.185

                            ifconfig eth0:0 192.168.0.83 broadcast 192.168.0.83 netmask 255.255.255.255 up

                            route add -host 192.168.0.83 dev etho:0

                         打开路由转发功能 net.ipv4.ip_forward = 1

                         保证iptables没有规则或关闭该服务

                                    iptables -Z 或iptables -F

                         配置ipvsadm 若有规则要清掉ipvsadm -C

                            ipvsadm -A -t 192.168.0.83:80 -s wlc

                            ipvsadm -a -t 192.168.0.83:80 -r 192.168.0.186 -g  -w 10

                            ipvsadm -a -t 192.168.0.83:80 -r 192.168.0.187 -g  -w 5

                            ipvsadm -L -n 查看规则

                          测试：http://192.168.0.83

                            扩展：实现web服务的后台共享存储

                            在R1上编辑 vim /etc/exports

                                   /var/www     192.168.0.0/24(ro)

                            启动服务service nfs start

                                   chkconfig nfs on

                                   rpcinfo -p 查看服务是否正常

                            在R2上配置：

                            mount 192.168.0.167:/var/www  /var/www

                            ls /var/www查看

                            测试 关闭两台realserver上的selinux

                                   http://192.168.0.83

                            实际应用时用一个单独的主机提供共享存储nfs  让realserver去挂载

持久的客户端连接时间：

              类型：

              PCC：对于同一个ip，不管其请求的服务类型都定向于同一个realserver上

              PPC： 对于同一个ip，根据请求服务类型定向与同类型的一个realserver上

              PNFC：将用户的请求服务类型定义iptables类型(防火墙标记) ，定向于一个realserver上

                     可以根据端口的姻亲关系定向同一个realserver

启用持久的客户端链接 ：在定义ipvsadm是加上-p N 时间选项

                     ipvsadm -Lcn 查看模板持久链接列表

                     基于PCC

                            ipvsadm -A -t 192.168.0.65:0 -s rr -p 3650

                     基于PPC：

                            ipvsadm -A -t 192.168.0.65:80 -s rr -p 3650

                     基于防火墙标记的：标记从0--99 LVS-NAT

                     iptables -A PREROUTING -i eth0 -t mangle -p tcp -d 192.168.0.65 --dport 80 -j MARK --set-mark 1

                     ipvsadm -A -f 1 -s wlc -p 3600

                     ipvsadm -a -f 1 -r 192.168.10.6 -m -w 50

                     ipvsadm -a -f 1 -r 192.168.10.7 -m -w 100

                     ipvsadm -Ln 查看

              端口姻亲的配置http 和https

                     在realserver上做CA证书 证书信息保持一致

                            cd /etc/pki/tls/certs

                            make httpd.pem  做测试的证书

                            mv httpd.pem /etc/httpd/

                            yum install mod_ssl

                            vim /etc/httpd/conf.d/ssl.conf

                                SSLCertificateFile /etc/httpd/httpd.pem

                                SSLCertificateKeyFile /etc/httpd/httpd.pem

                                 开启DocumentRoot

                            service httpd restart

                            定义服务规则

                            ipvsadm -C

                            iptables  -t mangle  -F

                            ipvsadm -A -t 192.168.0.65:80 -s wlc

                            ipvsadm -A -t 192.168.0.65:443 -s wlc

                            ipvsadm -a -t 192.168.0.65:80 -r 192.168.10.6 -m -w 50

                            ipvsadm -a -t 192.168.0.65:443 -r 192.168.10.6 -m -w 100

                            ipvsadm -a -t 192.168.0.65:80 -r 192.168.10.7 -m -w 40

                            ipvsadm -a -t 192.168.0.65:443 -r 192.168.10.7 -m -w 10

                            ipvsadm -Ln

                            测试：http://192.168.0.65 或者是定义的web服务的虚拟主机名

                     基于防火墙标记的定义端口姻亲：

                     ipvsadm -C

                     iptables -A PREROUTING -i eth0 -t mangle -p tcp -d 192.168.0.65 --dport 80 -j MARK --set-mark 3

                     iptables -A PREROUTING -i eth0 -t mangle -p tcp -d 192.168.0.65 --dport 443 -j MARK --set-mark 3

                     ipvsadm -A -f 3 -s wlc -p 3600

                     ipvsadm -a -f 3 -r 192.168.10.6 -m -w 5

                     ipvsadm -a -f 3 -r 192.168.10.7 -m -w 10

                     测试    http://192.168.0.65

                            https://192.168.0.65 或者web服务主机名

转载于:https://blog.51cto.com/jingmu/510015