Fwm:firewall Mark
MARK target 可用于给特定的报文打标记--set-mark value 其中:value 为十六进制数字借助于防火墙标记来分类报文,而后基于标记定义集群服务;可将多个不同的应用使用同一个集群服务进行调度
Implementation method:
在VS主机打标记:iptables -t mangle -A PREROUTING -d $vip -p $proto –m multiport --dports $port1,$port2,… -j MARK --set-mark NUMBER在VS主机基于标记定义集群服务:ipvsadm -A -f 标记符 [options]
# iptables -t mangle -A PREROUTING -d 172.18.50.100 -p tcp –m multiport --dports 80,443 -j MARK --set-mark 10# ipvsadm -A -f 10 -s wrr# ipvsadm -a -f 10 -r 192.168.1.100 -g# ipvsadm -a -f 10 -r 192.168.1.101 -g
Persistent connections
Implementation regardless of any scheduling algorithm, over a period of time (default 360s), can be implemented from the same address of the request always sent to the same RS, from the Polygon implementation session binding
How to implement a durable connection:
PPC: 每端口持久。每个端口对应定义为一个集群服务,每集群服务单独调度 # ipvsadm -E -t 192.168.7.250:80 -s rr -p 60PFWMC: 每防火墙标记持久。基于防火墙标记定义集群服务;可实现将多个端口上的应用统一调度,即所谓的port Affinity # ipvsadm -A -f 10 -s wrr -pPCC: 每客户端持久。基于0端口(表示所有服务)定义集群服务,即将客户端对所有应用的请求都调度至后端主机,必须定义为持久模式 # ipvsadm -E -t 192.168.7.250:0 -s rr -p 60
ipvsadm-a| E-t|u|f Service-address [-S scheduler] [-P [Timeout]]
# ipvsadm -E -t 192.168.7.250:80 -s rr -p 60# ipvsadm -lnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.7.250:80 rr persistent 60 -> 192.168.7.201:80 Route 1 0 0 -> 192.168.7.203:80 Route 1 1 0
Dispatched to the same RS within 60 seconds on the client
# for ((i=1;i<=10;i++));do curl 192.168.7.250;doneRS2RS2RS2RS2RS2RS2RS2RS2RS2RS2
LVS High Availability Ldirectord
http://horms.net/projects/ldirectord/
Used to monitor and manage Realserver servers in the LVS cluster of load balancing virtual servers.
Ldirectord monitors the health of the Realserver server by periodically requesting a known URL and checking to see if the response contains the expected response. If the realserver fails, this RS is removed and once it returns to normal it will be reactivated.
Download page:
OBS Repositories: http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/ldirectord-3.9.6-0rc1.1.2.x86_64.rpm
Installation
# yum install ldirectord-3.9.6-0rc1.1.2.x86_64.rpm有依赖包需要安装,请挂载相应源# rpm -ql ldirectord
/etc/ha.d/ldirectord.cf 主配置文件/usr/share/doc/ldirectord-3.9.6/ldirectord.cf 配置模版/usr/lib/systemd/system/ldirectord.service 服务/usr/sbin/ldirectord 主程序/var/log/ldirectord.log 日志/var/run/ldirectord.ldirectord.pid pid 文件
Related documents
checktimeout=3 #检查超时(秒)checkinterval=1 #检查间隔(秒)autoreloa"d=yeslogfile=“"/var/log/ldirectord.log" #日志文件quiescent=no #down时yes权重为0,no为删除virtual=5 #指定VS的FWM或IP:portreal=172.16.0.7:80 gate 2real=172.16.0.8:80 gate 1fallback=127.0.0.1:80 gate #sorry server,集群不可用时,指向一台备用服务器service=httpscheduler=wrrchecktype=negotiatecheckport=80request="index.html"receive=“Test Ldirectord"
Configuration
# cp /usr/share/doc/ldirectord-3.9.6/ldirectord.cf /etc/ha.d/# vim /etc/ha.d/ldirectord.cfchecktimeout=3checkinterval=1fallback=www.baidu.com:80autoreload=yeslogfile="/var/log/ldirectord.log"quiescent=no# Sample for an http virtual servicevirtual=192.168.7.250:80 > VIP地址 real=192.168.7.201:80 gate 1 > RealServer,gate表示DR模型,后面为权重 real=192.168.7.203:80 gate 1 service=http > 集群类型 scheduler=wrr > 调度算法 #persistent=600 > 持久连接 #netmask=255.255.255.255 protocol=tcp > 协议,fwm(防火墙标记),udp, checktype=negotiate > 健康度检查方法,ping, checkport=80 request="index.html" > 检测的页面文件 receive="RS" > 检查的页面字符
Start Ldirectord
会自动创建集群规则,先把之前的规则清空# ipvsadm -C# systemctl start ldirectord.service# ipvsadm -lnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.7.250:80 wrr -> 192.168.7.201:80 Route 1 0 0 -> 192.168.7.203:80 Route 1 0 0
Analog Realserver Fault
# vim /var/www/html/index.html R2LVS很快就把故障节点删除了# ipvsadm -lnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.7.250:80 wrr -> 192.168.7.201:80 Route 1 0 2修复后会自动加入集群 # ipvsadm -lnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.7.250:80 wrr -> 192.168.7.201:80 Route 1 0 26 -> 192.168.7.203:80 Route 1 0
Example of detecting MySQL
#Sample configuration for a MySQL virtual service.#virtual = 192.168.10.74:3306# real=sql01->sql03:3306 gate 10# fallback=127.0.0.1:3306# service=mysql# scheduler=wrr# #persistent=600# #netmask=255.255.255.255# protocol=tcp# checktype=negotiate# login="readuser"# passwd="genericpassword"# database="portal"# request="SELECT * FROM link"
Linux cluster (quad)-lvs persistent connection and high availability