Configuration of the DR model of the Linux cluster

Introduction to the LVS cluster

LVS works on the fourth layer of TCP/IP and can be distributed by Director_server to different backend rs_server depending on the IP or port requested by the user, because it works on layer fourth, so it only resolves to the 4 layer protocol. The higher level of the application layer is what the content does not do any processing, so compared to the work on the seventh layer of nginx/haproxy its load balancing effect is better, but also because the high-level protocol does not resolve its support for the high level of performance, such as cannot be based on user requested Web resources (Url/uri) to do load balancing

LVS has three modes of operation:

(1) NAT Dnat similar to Iptables

Features all nodes of a cluster must be in the same network segment

RIP is typically private IP only for each node communication

The stack of messages must go through director-server, so the pressure is great. Easy to become a cluster bottleneck

Port mappings are supported. Client request Port 80, can be forwarded to the 8080 port of the back-end RS

RIP on RS with its gateway as dip

(2) After the DR client requests the director's VIP, the message is forwarded to the backend server through the director, it originates from the destination address unchanged, is still the CIP and VIP, and only changes the message of the two-tier MAC address for the director designated distribution of the MAC address of the RS, When the message returns, its source and destination address are VIP,CIP

Characteristics

All nodes of the cluster must be in the same physical network (because the director relies on the MAC address to forward the message to Rs) can only be separated by a single switch

RIP can be a public address

Only the message into the stack through the director, and relative to the stack message, into the stack message to be lightweight, so the director pressure compared to NAT mode greatly reduced, so the DR mode supports more cluster nodes than NAT

The gateway to RS is not a dip, but a router pointing to the front segment

Port mappings are not supported (because the stack is not only over director)

(3) TUN Tunnel

It is characterized by the message into the stack when the source and destination address is CIP,VIP, after the director will be added an IP header: The source IP is the DIP, the target IP is the selected RS rip; The message arrives at RS, the new IP header is removed, the message returns the source IP is the VIP, the target IP is the CIP

Supports cross-region, such as different nodes can even be located in different cities

RIP must be a public IP because messages are transmitted over the Internet

Director's handling of stack messages

Port mappings are not supported

The DR mode is the most common one, and the following is a demo of Dr Mode configuration:

Director_server:eth0 192.168.139.3 Dip

Eth0:1 192.168.139.6 Vip

Rs1_server:eth0 192.168.139.2 Rip1

lo:0 192.168.139.6 Vip

Rs2_server:eth0 192.168.139.4 RIP2

lo:0 192.168.139.6 Vip

Configure the VIP on RS1 and RS2, because the source IP must be VIP when the message is returned, so each node should have a VIP address

But the VIP on the RS is also used only as the source IP for the response message.

Because each node has a VIP, but the ARP response must only have a VIP response on the director (if the VIP network card is in response to ARP broadcast chaos, because each node has a VIP), so the VIP on the RS must be hidden so that it does not make ARP response. In order for the VIP on the RS to be hidden, the RS must be set up as follows

Echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce

Echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce

Echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore

Echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore

Linux has a feature, the message from which interface out of its message source IP will be changed to the IP on this interface, so when the message returned if the network card from the RIP, the response message will be the source IP to rip (because the client is requesting VIP), one must add a route information:

Route add-host VIP Dev lo:0 (Let the stack message go over the VIP's interface to return, so that the return message source IP can be changed to VIP, and the target IP of the request message consistent)

One

(1) First configured on the RS1

Rs1#ifconfig eth0 192.168.139.2 netmask 255.25.255.0 up//settings RIP1

(2) #bash rs.sh start//Run this script to configure the VIP, and set the routing and Parameters

The script content is as follows (you can set VIP, stop VIP.) and view status)

#!/bin/bash

#

vip=192.168.139.6

STATUS () {

if [-e/var/lock/subsys/ipvs_lock]; then

Echo-e "\033[40;31m initial OK \033[0m"

Else

Echo-e "\033[40;31m Initial not OK \033[0m"

Fi

}

Case $ in

Start

/sbin/ifconfig Lo Down

/sbin/ifconfig lo Up

Echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore

Echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore

Echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce

Echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce

/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up

/sbin/route add-host $VIP Dev lo:0

/bin/touch/var/lock/subsys/ipvs_lock

;;

Stop

/sbin/ifconfig lo:0 Down

/sbin/route del $VIP &>/dev/null

echo 0 >/proc/sys/net/ipv4/conf/lo/arp_ignore

echo 0 >/proc/sys/net/ipv4/conf/all/arp_ignore

echo 0 >/proc/sys/net/ipv4/conf/lo/arp_announce

echo 0 >/proc/sys/net/ipv4/conf/all/arp_announce

/bin/rm-f/var/lock/subsys/ipvs_lock

;;

Status

STATUS;;

*)

echo "Usage: ' basename ' start| STOP "

Exit 7

Esac

(3)

[Email protected] sh]#./RS.SH Status//See if the script is running

Initial OK

~ (4)

[[email protected] sh]# ifconfig//view settings for RIP1 and VIP

Eth0 Link encap:ethernet HWaddr 00:0c:29:1c:13:12

inet addr:192.168.139.2 bcast:192.168.139.255 mask:255.255.255.0

Inet6 ADDR:FE80::20C:29FF:FE1C:1312/64 Scope:link

Up broadcast RUNNING multicast mtu:1500 metric:1

RX packets:3700 errors:0 dropped:0 overruns:0 frame:0

TX packets:1752 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:393174 (383.9 KiB) TX bytes:236163 (230.6 KiB)

Lo Link encap:local Loopback

inet addr:127.0.0.1 mask:255.0.0.0

Inet6 addr::: 1/128 scope:host

Up LOOPBACK RUNNING mtu:65536 metric:1

RX packets:105215 errors:0 dropped:0 overruns:0 frame:0

TX packets:105215 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:9448156 (9.0 MiB) TX bytes:9448156 (9.0 MIB)

lo:0 Link encap:local Loopback

inet addr:192.168.139.6 mask:255.255.255.255

Up LOOPBACK RUNNING mtu:65536 metric:1

(5)

[Email protected] sh]# vim/usr/local/apache24/htdocs/index.html//Add www.RS1.com to Apache's homepage

~

If Apache is not compiled and installed, it is #yum install httpd

Then # vim/var/www/html/index/html

(6)

[[email protected] sh]# apachectl start//Start Apache

Available in Yum or rpm packaged Apache

#service httpd Start

(7)

[[email protected] sh]# NETSTAT-TNLP//See if Port 80 is open

Active Internet connections (only servers)

Proto recv-q send-q Local address Foreign address State Pid/program Name

TCP 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1411/sshd

TCP 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1490/master

TCP 0 0::: +:::* LISTEN 1794/httpd

TCP 0 0::: $:::* LISTEN 1411/sshd

TCP 0 0:: 1:25:::* LISTEN 1490/master

two perform the same operation on RS2 but the eth0 IP is 192.168.139.4

Three

Director for configuration

#ifconfig eth0 192.168.139.2 netmask 255.25.255.0 up//Set dip

[[email protected] sh]# vim lvs.sh//config script, can start, close and view Ipvsadm and set VIP

#!/bin/bash

#

vip=192.168.139.6

rip1=192.168.139.2

rip2=192.168.139.4

STATUS () {

if [-e/var/lock/subsys/ipvsadm.lock];then

echo "Ipvs is running ..."

/sbin/ipvsadm-l-N--stats

Else

echo "Ipvs is stop ..."

Fi

}

Case $ in

Start

/sbin/ifconfig eth0:1 $VIP netmask 255.255.255.0 up

/sbin/route add-host $VIP Dev eth0:1

echo 1 >/proc/sys/net/ipv4/ip_forward #打开路由转发功能 so the director can go back to Rs #发请求报文

/sbin/iptables-f #清空iptables规则, iptables cannot be used with LVS

/sbin/iptables-z

/sbin/ipvsdam-c #清空之前的ipvsadm规则

/sbin/ipvsadm-a-T $VIP: 80-s WLC

/sbin/ipvsadm-a-T $VIP: 80-r $RIP 1-m-W 1

/sbin/ipvsadm-a-T $VIP: 80-r $RIP 2-m-W 2

/bin/touch/var/lock/subsys/ipvsadm.lock;;

Stop

/sbin/ipvsadm-c

/sbin/ifconfig eth0:1 Down

echo 0 >/proc/sys/net/ipv4/ip_forward

/bin/rm-f/var/lock/subsys/ipvsadm.lock

;;

Status

STATUS;;

*)

echo "Usage: ' Basement ' start|stop|status"

[[email protected] sh]#./lvs.sh Start//Startup script

[[email protected] sh]#./lvs.sh Status//Start complete view

Ipvs is running ...

IP Virtual Server version 1.2.1 (size=4096)

Prot localaddress:port Conns inpkts outpkts inbytes outbytes

Remoteaddress:port

TCP 192.168.139.6:80 3 6 0 312 0

-192.168.139.2:80 1 2 0 104 0

-192.168.139.4:80 2 4 0 208 0

[[email protected] sh]# ifconfig//IP configuration After starting the DR Cluster

Eth0 Link encap:ethernet HWaddr 00:0c:29:6f:eb:02

inet addr:192.168.139.3 bcast:192.168.139.255 mask:255.255.255.0

Inet6 ADDR:FE80::20C:29FF:FE6F:EB02/64 Scope:link

Up broadcast RUNNING multicast mtu:1500 metric:1

RX packets:14654 errors:0 dropped:0 overruns:0 frame:0

TX packets:9495 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:2335616 (2.2 MiB) TX bytes:1422724 (1.3 MiB)

Eth0:1 Link encap:ethernet HWaddr 00:0c:29:6f:eb:02

inet addr:192.168.139.6 bcast:192.168.139.255 mask:255.255.255.0

Up broadcast RUNNING multicast mtu:1500 metric:1

Lo Link encap:local Loopback

inet addr:127.0.0.1 mask:255.0.0.0

Inet6 addr::: 1/128 scope:host

Up LOOPBACK RUNNING mtu:65536 metric:1

RX packets:121 errors:0 dropped:0 overruns:0 frame:0

TX packets:121 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:12859 (12.5 KiB) TX bytes:12859 (12.5 KiB)

Browser testing

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/89/81/wKiom1gVoP6z6E0UAABY0wV4hXk956.png-wh_500x0-wm_3 -wmp_4-s_1610809065.png "title=" Qq20161030152624.png "alt=" Wkiom1gvop6z6e0uaaby0wv4hxk956.png-wh_50 "/>

  Ctrl+f5 forced Refresh ~                             &NBS P                          ,         &NB Sp                          ,         &NB Sp         650) this.width=650; "Src=" http://s3.51cto.com/wyfs02/M02/89/81/ Wkiom1gvoviqa5njaabterd3th0419.png-wh_500x0-wm_3-wmp_4-s_1745880043.png "title=" QQ20161030152655.png "alt=" Wkiom1gvoviqa5njaabterd3th0419.png-wh_50 "/>                    &NBS P                          ,         &NB Sp                          ,         &NB Sp                                        ,         &N Bsp               

~

This article is from the "11097124" blog, please be sure to keep this source http://11107124.blog.51cto.com/11097124/1867364

Configuration of the DR model of the Linux cluster