LVS (attention to iptables and selinux issues)

1.LVS (High load)
LVS (Linux virtual Server)
Linux Virtual Server
The LVS cluster uses both IP load and technology and content-based request distribution technology. The receiver has a good throughput rate, transfer the request balanced to different server execution, and the scheduler automatically masks the failure of the server, thereby forming a set of servers into a high-performance, highly available virtual server
Explanation of principle
http://junwang.blog.51cto.com/5050337/1439428/
1. See if the kernel supports Ipvs

　　　　grep ' vs ' /boot/config-3.17. 4-301. fc21.i686+PAE  grep'vs' /boot/config- 3.17. 4-301. fc21.i686

2. Installing Ipvsadm
Yum Install Ipvsadm
3.ipvsadm command
1. Manage Cluster service
1. Added:-aipvsadm-a| E-t|u|f service-address
-T:TCP protocol Cluster-U:UDP protocol cluster-F: Firewall tag cluster
2. Modification:-E
3. Delete:-D ipvsadm-d-t|u|f service-address
2. Management of Realserver in Cluster service
1. Add:-aipvsadm-a|e-t|u|f service-address-r server-address [-g|i|m] [-w weight]
-r:rs address, Nat model, Ip:port implementation port mapping available
-G:DR Model-i:tun Model-m:nat model-W: Weight
2. Modification:-E
3. Delete:-D ipvsadm-d-t|u|f service-address-r server-address
3. Managing view of Cluster services
1.ipvsadm-l|l [Options]
OPTIONS:-N: Digital format display
--stats Statistical information
--rate: Statistical rate
--timeout: Shows the session timeout length for TCP, Tcpinfo, and UDP
-C: Number of connection clients
4. Situation counter: ipvsadm-z [-t|u|f service-address]

5. Situation rule: Ipvsadm–c

6. Save the rule:
1.ipvsadm-s >/path/to/somefile
2.ipvsadm-save >/path/to/somefile
3.ipvsadm-restore </path/to/somefile
4.lvs Scheduling algorithm:

1. Fixed scheduling
I. RR: Polling
II. WRR: Weighted Polling
Iii. Sh:source Hash, source address hash (within a certain time, the same source address sent to the same host) session affinity, session sharing
IV. DH: For the same request, send to the same server (cache server)

2. Dynamic scheduling (default to WLC)
I. LC (least-connection) Minimum connection
1) Active*256+inactive Who's small, pick who
II. WLC: Weighted Minimum connection
1) (active*256+inactive)/weight who's small, pick who
Iii. sed: Shortest expected latency
1) (active+1) *256/weight who's small, pick who
Iv. nq:never Queue (based on SED, regardless of incative)
V. LBLC (locality-based Least-connection) based on local minimum connections
Vi. LBLCR: Local-based minimum connection with replication (cache shared object, sibling server)
Dispatch to the same server as much as possible, only new requests are sent to the fewest servers, no words will be queried for the sibling server



5.LVS Dr Model
Principle of Dr Model

When a client accesses a service in the cluster (for example, the Web), the source IP (defined as a) and the destination IP (defined as B), as shown, send the data message to the scheduler

<1> client Send message must be to the scheduler, cannot go to rearserver, otherwise cannot implement dispatch
Implementation principle: Although the LO port on the RS is also configured VIP, but can not respond, by the following configuration on the RS to achieve

　　　　Echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore  echo2 >/proc/sys/net/ipv4/conf /lo/arp_announce  echo1 >/proc/sys/net/ipv4/conf/all/arp_ignore  Echo  2 >/proc/sys/net/ipv4/conf/all/arp_announce

Arp_ignore (Response level when an ARP request is accepted, default 0)
1) 0: As long as the local configuration has the appropriate address, give the response
2) 1: Only when the requested destination address is configured on the interface to which the request arrives, the 　　　　　　Respond to
Arp_announce (notification level when you advertise your own address, default 0)
1) 0: Advertise any address on any local interface
2) 1: Attempt to advertise the tone network-matched address only to the target network
3) 2: Advertise only to the network that matches the address on the local interface

2. After the dispatcher receives the message, queries the IPVSADM rules, and after the Cluster service sends the paper to the RS, the source IP address is unchanged and is sent to Rs by modifying the MAC address,
<1> The rules of the timer

    192.168. 11.100: -s WRR    192.168.  11.100:192.168. 11.12 -G-W2    192.168.  11.100:192.168. 11.13 -G-W4

RS received the message, found that the target IP for its own VIP (lo:0 configuration, not external response, only to do the return of the source IP), with its own VIP as the source address to send messages

<1> How to implement the sending message, the source IP for its own lo:0 on the VIP, the default Linux message from which interface out of the source IP for that interface
Implementation principle:

ifconfig lo:1192.168. 11.100 255.255. 255.255  192.168. 11.100 Dev lo:0 (Increase routing, message destination IP is 192.) 168.11. 100 of the interface is lo:0, so the return is also through the lo:0 return, ensure that the message source IP is VIP)

<2> Make sure the dispatch on the scheduler is correct, add the following configuration

ifconfig ETH:0192.168. 11.100 255.255. 255.255  192.168. 11.100 Dev ETH:0

After the client receives the source IP as the VIP, the destination IP is the client IP, the package of the message is: RS through its own lo:0 response message, the source IP is the VIP, the target IP is the client IP

Dr Model Implementation Script
Example of a configuration script for the Dr Type, director and Realserver:

Director script:

#!/bin/bash## LVS Script forvs/dr# chkconfig:- - Ten#. /etc/rc.d/init.d/FUNCTIONS#VIP=192.168.11.100DIP=192.168.11.11RIP1=192.168.11.12RIP2=192.168.11.13PORT= theRSWEIGHT1=2RSWEIGHT2=4# Case " $" inchstart)/sbin/ifconfigEth0:1$VIP Broadcast $VIP netmask255.255.255.255 up/sbin/route add-host $VIP Dev eth0:1# Since This is the Director we must are able to forward packetsEcho 1>/proc/sys/net/ipv4/ip_forward# Clear all iptables rules./sbin/iptables-F # Reset iptables counters./sbin/iptables-z# Clear all Ipvsadm rules/Services./sbin/ipvsadm-C # Add an IP virtual service forVip192.168.0.219Port the# In this recipe, we'll use the round-Robin scheduling method. # in production, however, you should use a weighted, dynamic scheduling method./sbin/ipvsadm-a-T $VIP: the-s wrr# now direct packets forThis VIP to# the real server IP (RIP) inside the cluster/sbin/ipvsadm-a-T $VIP: the-R $RIP 1-g-W$RSWEIGHT 1/sbin/ipvsadm-a-T $VIP: the-R $RIP 2-g-W$RSWEIGHT 2/bin/Touch/var/lock/subsys/ipvsadm &>/dev/NULL;; stop) # Stop forwarding packetsEcho 0>/proc/sys/net/ipv4/ip_forward# Reset Ipvsadm/sbin/ipvsadm-C # bring down the VIP interface/sbin/ifconfigEth0:0 Down/sbin/Route del $VIP/bin/RM-f/var/lock/subsys/IpvsadmEcho "Ipvs is stopped ...";; Status)if[!-e/var/lock/subsys/ipvsadm]; ThenEcho "Ipvsadm is stopped ..."ElseEcho "Ipvs is running ..."Ipvsadm-L-Nfi;;*)Echo "Usage: $ {start|stop|status}";;Esac

Realserver script:

#!/bin/bash## Script to start LVS DR real server.# chkconfig:- - Ten# Description:lvs DR real server#./etc/rc.d/init.d/FUNCTIONSVIP=192.168.11.100Host= '/bin/hostname` Case " $" inchstart) # start LVS-DR Real Server on the this machine./sbin/ifconfigLo Down/sbin/ifconfigLo upEcho 1>/proc/sys/net/ipv4/conf/lo/Arp_ignoreEcho 2>/proc/sys/net/ipv4/conf/lo/arp_announceEcho 1>/proc/sys/net/ipv4/conf/all/Arp_ignoreEcho 2>/proc/sys/net/ipv4/conf/all/arp_announce/sbin/ifconfigLo0$VIP Broadcast $VIP netmask255.255.255.255 up/sbin/route add-host $VIP Dev lo:0;; Stop) # Stop LVS-DR Real Server loopback device (s)./sbin/ifconfigLo0 DownEcho 0>/proc/sys/net/ipv4/conf/lo/Arp_ignoreEcho 0>/proc/sys/net/ipv4/conf/lo/arp_announceEcho 0>/proc/sys/net/ipv4/conf/all/Arp_ignoreEcho 0>/proc/sys/net/ipv4/conf/all/arp_announce;; Status) # Status of LVS-DR Real Server.islothere= '/sbin/ifconfigLo0|grep$VIP ' Isrothere= ' Netstat-rn |grep "lo:0"|grep$VIP 'if[ !"$islothere"-O!"Isrothere"]; Then# Either the route or the lo:0device# not found.Echo "LVS-DR Real server Stopped."ElseEcho "LVS-DR Real server Running."fi;;*) # Invalid entry.Echo "$0:usage: $ {start|status|stop}"Exit1;;Esac 

LVS (attention to iptables and selinux issues)