Deploying LVS-DR Clusters

I. Analysis of the principle of LVS-DR

(i) LVS-DR packet flow analysis

1, the client sends a request to the target VIP, the Director (load balancer) receives. At this point the IP header and data frame header information are:

2, director according to load Balancing algorithm select realserver_1, do not modify or encapsulate the IP packet, but instead the MAC address of the data frame to realserver_1 MAC address, and then sent on the LAN. The IP header and data frame header information are as follows:

3, Realserver_1 received this frame, after the solution package found that the target IP and the native match (Realserver beforehand bound VIP), so processing this message. The message is then re-encapsulated and sent to the local area network. At this point the IP header and data frame header information are:

(ii) ARP issues in LVS-DR

1. Explanation of the problem

In the LVS-DR load Balancer cluster, both the load balancer and the node server are configured with the same VIP address, and the same IP address in the local area network will inevitably cause the disturbance of ARP communication of each server, when an ARP broadcast is sent to the LVS-DR cluster, Because both the load balancer and the node servers are connected to the same network, they will receive ARP broadcasts, which should only be done by the front-end load balancer, and the other node servers should not respond to ARP broadcasts.

2. Treatment method

Processing the node server so that it does not respond to ARP requests for VIPs

(1) The use of virtual interface lo:0 hosting VIP address, meaning that we give each node configured VIP is not for the network card set, virtual interface VIP just identify this node has such an IP address, but not a specific network card on the

(2) Then we also need to set the system to respond only to the ARP request of the destination IP for the local IP, which means that the VIP does not respond to the ARP request, so we can set the kernel parameters arp_ignore=1

3. Response Process Analysis

Realserver return message (source IP is VIP) forwarded by the router, in the re-encapsulation of the message, you need to get the MAC address of the router, when sending ARP request, Linux by default uses the IP packet source IP address (that is, VIP) as the source IP address in the ARP Request packet, Instead of using the IP address of the Send interface (for example, eth0). After the router receives the ARP request, the ARP table entry is updated, and the original VIP corresponding director's MAC address is updated to the VIP corresponding to the MAC address of the Realserver

4. New ARP Request issue

As the router updates the ARP table entry, the new request message is forwarded to the Realserver, which causes the director's VIP to fail!

5. New problem-handling methods

The node server is processed so that the system does not use the source address of the IP packet to set the source address of the ARP request, but chooses the IP address of the sending interface and sets the kernel parameters arp_announce=2

6. How to set up two problems of ARP: Modify the/etc/sysctl.conf file

Net.ipv4.conf.lo.arp_ignore = 1= 2= 1= 2

Second, LVS-DR configuration

Case Environment

A LVS scheduler, four node servers, are configured with two network cards: the first NIC eth0 connected to the Internet, located in the 192.168.10.0/24 network segment, the second NIC Eth1 connected to the intranet, located in the 192.168.7.0/24 network segment, Shared storage is assumed by a Linux server and the directory/var/www/html is published as an NFS writable share. Only the LVS Scheduler, node server access, allow write when the root user is mounted, and the address of the Web cluster is 192.168.10.70 to access the company's Web site through this address

Deployment steps

(i) Configuring the LVS Scheduler
1. Configure IP and VIP
1) Configure IP

[[Email protected] ~] #

2) Configure VIP

[[Email protected] ~] # cp/etc/sysconfig/network-scripts/ifcfg-eth0  /etc/sysconfig/networkscripts/ifcfg-eth0:0[[Email Protected] ~]#  vim/etc/sysconfig/network-scripts/ifcfg-eth0:0 add: DEVICE=eth0:0 Onboot=yesipaddr=192.168.10.70NETMASK=255.255.255.0~]#  Service Network Restart

2. Adjust the response parameters

[[Email protected] ~] # vim/etc/sysctl.conf    = = = ~]# sysctl-p 

3. Install and configure Ipvsadm

[[Email protected] ~]#rpm-ihv/mnt/packages/ipvsadm-1.26-2.el6.x86_64.rpm[[Email protected] ~]#Service Ipvsadm Start[[Email protected] ~]#ipvsadm-a-T 192.168.10.70:80-s RR #添加虚拟director的vip地址, polling scheduling algorithm[[Email protected] ~]#ipvsadm-a-T 192.168.10.70:80-r 192.168.10.77-g-W 1 #添加rip,-G for Dr Mode[[Email protected] ~]#ipvsadm-a-T 192.168.10.70:80-r 192.168.10.78-g-W 1[[Email protected] ~]#ipvsadm-l-N #查询配置[[Email protected] ~]#Service Ipvsadm Save[[Email protected] ~]#chkconfig--add Ipvsadm[[Email protected] ~]#chkconfig Ipvsadm on

(ii) Configuring the Web node server
1. Configure IP Address
1) Set IP

[[Email protected] ~] #

2) Set VIP

[[Email protected] ~] # cp/etc/sysconfig/network-scripts/ifcfg-lo/etc/sysconfig/networkscripts/ifcfg-lo:0 [[Email protected] ~] # vim/etc/sysconfig/network-scripts/ifcfg-lo:0 modified: DEVICE=lo:0ipaddr=192.168.10.70NETMASK=255.255.255.255onboot=yes

3) Add route

[[Email protected] ~] # Route add-host 192.168.10.70 Dev lo:0  #将vip限制在本机[[email protected] ~]#

2. Adjust the response parameters

[[Email protected] ~] # vim/etc/sysctl.conf  = 1= 2= 1= 2= 1= 2~]#  sysctl-p

3. Configuring the HTTP Service

[[Email protected] ~] # echo "Welcome to 192.168.10.78 Web Server" >/var/www/html/index.html [[Email protected] ~] # Service httpd Restart

(iii) Verification
1. Client Access:

[[Email protected] ~] # http://192.168.10.70/

2, on the LVS view:

[[Email protected] ~] # IPVSADM-LNC

Deploying LVS-DR Clusters