主流开源软件LVS、keepalived、haproxy、nginx等其中LVS属于4层(网络OSI 7层模型),nginx属于7层,haproxy既可以认为是4层,也可以当做7层使用keepalived的负载均衡功能其实就是lvslvs这种4层的负载均衡是可以分发除80外的其他端口通信的,比如MySQL的,而nginx仅仅支持http,https,mail,haproxy也支持MySQL这种相比较来说,LVS这种4层的更稳定,能承受更多的请求,而nginx这种7层的更加灵活,能实现更多的个性化需求
18.7 LVS Introduction
LVS Introduction
LVS是由国人章文嵩开发流行度不亚于apache的httpd,基于TCP/IP做的路由和转发,稳定性和效率很高LVS最新版本基于Linux内核2.6,有好多年不更新了LVS有三种常见的模式:NAT、DR、IP TunnelLVS架构中有一个核心角色叫做分发器(Load balance),它用来分发用户的请求,还有诸多处理用户请求的服务器(Real Server,简称rs)
LVS NAT Mode
这种模式借助iptables的nat表来实现用户的请求到分发器后,通过预设的iptables规则,把请求的数据包转发到后端的rs上去rs需要设定网关为分发器的内网ip用户请求的数据包和返回给用户的数据包全部经过分发器,所以分发器成为瓶颈在nat模式中,只需要分发器有公网ip即可,所以比较节省公网ip资源
LVS IP tunnel mode
这种模式,需要有一个公共的IP配置在分发器和所有rs上,我们把它叫做vip客户端请求的目标IP为vip,分发器接收到请求数据包后,会对数据包做一个加工,会把目标IP改为rs的IP,这样数据包就到了rs上rs接收数据包后,会还原原始数据包,这样目标IP为vip,因为所有rs上配置了这个vip,所以它会认为是它自己
LVS Dr Mode
这种模式,也需要有一个公共的IP配置在分发器和所有rs上,也就是vip和IP Tunnel不同的是,它会把数据包的MAC地址修改为rs的MAC地址rs接收数据包后,会还原原始数据包,这样目标IP为vip,因为所有rs上配置了这个vip,所以它会认为是它自己
Scheduling algorithm for 18.8 LVs
轮询 Round-Robin rr加权轮询 Weight Round-Robin wrr最小连接 Least-Connection lc加权最小连接 Weight Least-Connection wlc基于局部性的最小连接 Locality-Based Least Connections lblc带复制的基于局部性最小连接 Locality-Based Least Connections with Replication lblcr目标地址散列调度 Destination Hashing dh源地址散列调度 Source Hashing sh
18.9-10 LVS NAT Mode construction
Nat Mode Setup – Prep work
三台机器分发器,也叫调度器(简写为dir)内网:133.130,外网:147.144(vmware仅主机模式)rs1内网:133.132rs2内网:133.133三台机器分发器,也叫调度器(简写为dir)内网:133.130,外网:142.147(vmware仅主机模式)rs1内网:133.132,设置网关为133.130rs2内网:133.133,设置网关为133.130三台机器上都执行执行 systemctl stop firewalld; systemc disable firewalldsystemctl start
Nat Mode Setup
在dir上安装ipvsadmyum install -y ipvsdam在dir上编写脚本,vim /usr/local/sbin/lvs_nat.sh//内容如下
#! /bin/bash
Turn on routing forwarding on the director serverEcho 1 >/proc/sys/net/ipv4/ip_forward
Turn off redirection of ICMPecho 0 >/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/ens37/send_redirects
Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-a postrouting-s 192.168.133.0/24-j Masquerade
Ipvsadm= '/usr/sbin/ipvsadm '
$IPVSADM-C
$IPVSADM-A-T 192.168.147.144:80-s wlc-p 3
$IPVSADM-T 192.168.147.144:80-r 192.168.133.132:80-m-W 1
$IPVSADM-T 192.168.147.144:80-r 192.168.133.133:80-m-W 1
Nat Mode effect test
两台rs上都安装nginx设置两台rs的主页,做一个区分,也就是说直接curl两台rs的ip时,得到不同的结果浏览器里访问192.168.142.147,多访问几次看结果差异
Operation Process
Distributor configuration, network adapter set to host mode only
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens37TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens37UUID=DEVICE=ens37ONBOOT=yesIPADDR=172.16.166.130PREFIX=24ZONE=在电脑上可以ping通 172.16.166.130[[email protected] ~]# systemctl stop firewalld
Three Linux machines are
Setenforce 0;getenforce
Systemctl Stop Firewalld
Modify the IP of the gateway as a Distributor to form the intranet
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33IPADDR=192.168.106.165NETMASK=255.255.255.0GATEWAY=192.168.106.160DNS1=119.29.29.29[[email protected] ~]# systemctl restart network[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33IPADDR=192.168.106.166NETMASK=255.255.255.0GATEWAY=192.168.106.160DNS1=119.29.29.29[[email protected] ~]# systemctl restart network
Distributor installation Configuration
[email protected] ~]# Yum install-y ipvsadm
[Email protected] ~]# vim/usr/local/sbin/lvs_nat.sh
#! /bin/bash
Echo 1 >/proc/sys/net/ipv4/ip_forward
Turn off redirection of ICMPecho 0 >/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/ens37/send_redirects
Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-a postrouting-s 192.168.106.0/24-j Masquerade
Ipvsadm= '/usr/sbin/ipvsadm '
$IPVSADM-C
$IPVSADM-A-T 172.16.166.130:80-s wlc-p 3
$IPVSADM-T 172.16.166.130:80-r 192.168.106.165:80-m-W 1
$IPVSADM-T 172.16.166.130:80-r 192.168.106.166:80-m-W 1
[[email protected] ~]# sh /usr/local/sbin/lvs_nat.sh
RS Host Start Nginx
[[email protected] ~]# netstat-lnptactive Internet connections (only servers) Proto recv-q send-q Local Address Foreign Address State Pid/program name TCP 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd TCP 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 946 /sshd TCP 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1185/master tcp6 0 0::: 111:::* LISTEN 1/systemd tcp6 0 0::: 22 :::* LISTEN 946/sshd tcp6 0 0:: 1:25:::* LISTEN 1185/master [[email protected] ~]# systemctl start nginx[[email protected ] ~]# vi/usr/share/nginx/html/index.htmlaminglinux02[[email protected] ~]# Curl Localhostaminglinux02[[email protected] ~]# vim/usr/shAre/nginx/html/index.htmlaminglinux03[[email protected] ~]# Curl localhostaminglinux03[[email protected ] ~]# ipvsadm-lnip Virtual Server version 1.2.1 (size=4096) Prot localaddress:port Scheduler Flags--Remoteaddress:po RT Forward Weight activeconn inactconntcp 172.16.166.130:80 WLC Persistent 3-192.168.106.165:80 MASQ 1 0 3-192.168.106.166:80 masq 1 0 0 [[email prote CTED] ~]# vim/usr/local/sbin/lvs_nat.sh$ipvsadm-a-T 172.16.166.130:80-s wlc-p 3 changed to $ipvsadm-a-T 172.16.166.130:80-s RrTest access
[[email protected] ~]# curl 172.16.166.130aminglinux03[[email protected] ~]# curl 172.16.166.130aminglinux02[[email protected] ~]# curl 172.16.166.130aminglinux03[[email protected] ~]# curl 172.16.166.130aminglinux02
2018-05-22 Linux Learning
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
