18.6 Load Balancing Cluster introduction
- Main open source software LVs, keepalived, Haproxy, Nginx, etc.
- The LVS belong to 4 layer (network OSI 7 layer model), Nginx belongs to 7 layer, Haproxy can be considered as 4 layer, can be used as 7 layer
- The Keepalived load balancing function is actually the LVS
- LVS This 4-tier load balancer can distribute other ports except 80, such as MySQL, while Nginx supports only Http,https,mail,haproxy and MySQL.
- In comparison, the 4-layer LVS is more stable, can withstand more requests, and nginx this 7-layer more flexible, to achieve more personalized requirements
18.7 LVS Introduction
- LVS is developed by Chinese Zhangwensong
- Popularity is no less than Apache httpd, TCP/IP-based routing and forwarding, high stability and efficiency
- The latest version of LVS is based on Linux kernel 2.6 and has not been updated for many years
- LVS has three common patterns: NAT, DR, IP, tunnel
- A core role in the LVS architecture is called the Dispatcher (Load Runner), which is used to distribute the user's requests, as well as many servers that handle user requests (Real server, RS)
LVS NAT Mode
- This model is implemented using the Iptables NAT table
- After the user's request to the dispatcher, the requested packet is forwarded to the back-end RS via a preset iptables rule.
- RS needs to set the gateway as the Distributor's intranet IP
- The data packets that are requested by the user and the packets returned to the user are all passed through the dispatcher, so the dispenser becomes a bottleneck
- In NAT mode, it is necessary for the distributor to have a public IP, so it is more economical to save public IP resources.
LVS IP tunnel mode
- This mode requires a common IP configuration on the Distributor and all RS, we call it VIP
- The target IP requested by the client is the VIP, and after the dispatcher receives the request packet, the packet is processed and the target IP is changed to the IP of Rs so that the packet is on the RS
- After the RS receives the packet, it restores the original packet so that the target IP is the VIP, because the VIP is configured on all RS, so it will consider itself
LVS Dr Mode
- This mode also requires a common IP configuration on the Distributor and all RS, which is the VIP
- Unlike IP tunnel, he will change the MAC address of the packet to the MAC address of the RS.
- After the RS receives the packet, it restores the original packet so that the target IP is the VIP, because the VIP is configured on all RS, so it will consider itself
18.8 LVS Scheduling algorithm
- Poll Round-robin RR
- Weighted polling Weight Round-robin WRR
- Minimum connection least-connection LC
- Weighted minimum connection Weight least-connection WLC
- The minimum connection based on locality locality-based Least Connections LBLC
- Locally-based minimal connection with replication locality-based Least Connections with Replication LBLCR
- Destination Address hash dispatch Destination Hashing DH
- Source Address hash Dispatch source Hashing sh
18.9-18.10 LVS NAT Mode construction
Nat mode build-ready to work
- Three machines
- Dispatcher, also known as the Scheduler (dir)
- Intranet: 192.168.0.130/24, Extranet: 192.168.147.144 (VMware only host mode)
- Rs1
- Intranet: 192.168.0.132/24, set gateway to 192.168.0.130
[[email protected] html]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 192.168.0.130 0.0.0.0 UG 100 0 0 ens33192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
- Rs2
- Intranet: 192.168.0.133/24, set gateway to 192.168.0.130
[[email protected] html]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 192.168.0.130 0.0.0.0 UG 100 0 0 ens33192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
- Execute on three machines, shut down the firewall
- Systemctl Stop Firewalld;systemctl Disable FIREWALLD
#由于3台是重新, shut down the firewall [[email protected] ~]# systemctl stop firewalld[[email protected] ~]# systemctl Disable Firewalldremoved symlink/etc/systemd/system/multi-user.target.wants/firewalld.service.removed symlink/etc/ Systemd/system/dbus-org.fedoraproject.firewalld1.service. [[email protected] ~]# iptables-nvlchain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes Target prot opt in Out Source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes Target Prot opt in Out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) Pkts by TES target prot opt in Out source destination [[email protected] ~]# yum install-y iptables-services# If the installation is very slow, you can cancel the epel#/etc/yum.repos.d/directory Epel.repo Change the name # View the files installed by the package [[email protected] yum.repos.d]# RPM-QL iptables-services/etc/sysconfig/ip6tables/etc/sysconfig/iptables/usr/lib/systemd/system/ Ip6tables.service/usr/lib/systemd/system/iptables.service# start iptables.service[[email protected] yum.repos.d]# systemctl start Iptables[[email protected] yum.repos.d]# systemctl enable iptablescreated symlink from/etc/systemd/system/ Basic.target.wants/iptables.service To/usr/lib/systemd/system/iptables.service.
- Systemctl start iptables-services;iptables-f; Service Iptables Save
#开启的目的是为了调用一个空的规则[[email protected] ~]# iptables -F[[email protected] ~]# service iptables saveiptables: Saving firewall rules to /etc/sysconfig/iptables:[ 确定 ]#关闭selinux[[email protected] yum.repos.d]# setenforce 0[[email protected] yum.repos.d]# vi /etc/selinux/config #SELINUX=disabled #查看网关[[email protected] ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 ens33192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
Nat Mode Setup
- Installing the Ipvsadm on Dir
[[email protected] yum.repos.d]# yum install -y ipvsadm
- Write a script on Dir, vim/usr/local/sbin/lvs_nat.sh//content as follows
[[email protected] ~]# vim /usr/local/sbin/lvs_nat.sh#! /bin/bash# director 服务器上开启路由转发功能echo 1 > /proc/sys/net/ipv4/ip_forward# 关闭ICMP的重定向echo 0 > /proc/sys/net/ipv4/conf/all/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/default/send_redirects#注意区分网卡名字,两个网卡分别为ens33和ens37echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects# dirrector 设置nat防火墙iptables -t nat -F iptables -t nat -Xiptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE# director设置ipvsadmIPVSADM=‘/usr/sbin/ipvsadm‘$IPVSADM -C$IPVSADM -A -t 192.168.147.144:80 -s wlc -p 3$IPVSADM -a -t 192.168.147.144:80 -r 192.168.0.132:80 -m -w 1$IPVSADM -a -t 192.168.147.144:80 -r 192.168.0.133:80 -m -w 1
[[email protected] ~]# sh /usr/local/sbin/lvs_nat.sh#没有输出,说明没有错误
Nat Mode effect test
[[email protected] ~]# curl 192.168.147.144qingyun03-132[[email protected] ~]# curl 192.168.147.144qingyun03-133[[email protected] ~]# curl 192.168.147.144qingyun03-132[[email protected] ~]# curl 192.168.147.144qingyun03-133[[email protected] ~]# cat /usr/local/sbin/lvs_nat.sh ...........$IPVSADM -C$IPVSADM -A -t 192.168.147.144:80 -s wlc.............
- Browser access to 192.168.147.144, multiple visits several times to view the results of differences
[[email protected] ~]# ipvsadm -lnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.147.144:80 wlc -> 192.168.0.132:80 Masq 1 0 0 -> 192.168.0.133:80 Masq 1 0 4
Load Balancing cluster Introduction, LVS Introduction, LVS scheduling algorithm, LVS NAT mode construction