Linux CentOS7: LVS + Keepalived Server Load balancer installation and configuration tutorial, centos7keepalived
I. LVS (Linux Virtual Server)
LVS is short for Linux Virtual Server. It is a Virtual Server cluster system. LVS operates on the fourth layer of the ISO model because it operates on the fourth layer, therefore, like iptables, it must work in kernel space. Therefore, like iptables, lvs directly works in the kernel, called ipvs. Mainstream linux distributions have already integrated ipvs by default. Therefore, you only need to install ipvsadm, a management tool.
Ipvs implements three load balancing technologies:
1. VS/NAT --- Virtual Server via Network Address Translation
Through network address translation, the scheduler overwrites the target address of the request message and distributes the request to the real backend server based on the preset scheduling algorithm. When the response packet of the real server passes through the scheduler, the message source address is overwritten and then returned to the customer to complete the load scheduling process. However, when the traffic is large, the bottleneck of the scheduler is usually caused. Because the service data must be returned through the scheduler.
2. VS/TUN --- Virtual Server via IP Tunneling
When NAT technology is used, because requests and response packets must be overwritten by the scheduler address, the processing capability of the scheduler becomes a bottleneck when there are more and more customer requests. To solve this problem, the scheduler forwards the request packets to the real server through the IP tunnel, and the real server directly returns the response to the customer. Therefore, the Scheduler only processes the request packets. Generally, the network service response is much larger than the request message. after VS/TUN technology is used, the maximum throughput of the cluster system can be increased by 10 times. However, TUN only supports Linux.
3. VS/DR --- Virtual Server via Direct Routing
VS/DR rewrite the MAC address of the request message to send the request to the Real Server, while the real server directly returns the response to the customer. Like VS/TUN technology, VS/DR technology can greatly improve the scalability of Cluster Systems. This method does not involve the overhead of the IP tunnel, and does not require real servers in the cluster to support the IP tunnel protocol, however, the scheduler and the Real Server must have a network card connected to the same physical network segment. That is to say, in this structure, access to data from the external to the internal Real Server will come in through the scheduler, but the real server does not respond to it through the scheduler. In most cases, real servers can send data externally through their respective gateways or dedicated gateways to reduce the scheduler load.
Advantages of LVS:
1. Strong load resistance, because the logic of lvs is very simple, and it only works for request Distribution on Layer 4 of the network, with no traffic, therefore, you do not need to worry too much about efficiency. In my hand, lvs only experienced a problem once: packet loss occurred in the balancer within a short period of time with the highest concurrency. It was analyzed as a network problem, that is, the host capacity of the NIC or linux2.4 kernel has reached the upper limit, and there is basically no consumption in memory and cpu.
2. Low configuration, which is usually a major disadvantage, but it is also a major advantage. because there are not many configurable options, you do not need to touch the server frequently except increase or decrease the server, this greatly reduces the likelihood of human error.
3. Work is stable. Because of its strong load resistance capability, high stability is also a logic. In addition, various lvs have a complete dual-machine Hot Standby solution, therefore, you don't have to worry about the problem with the balancer itself. If the node fails, lvs will automatically identify the problem, so the system is very stable as a whole.
4. No traffic, as mentioned above. Lvs only distributes requests, but the traffic does not go out of it. Therefore, it can be used to distribute some lines. Without traffic, I/O performance of the balancer is not affected by large traffic.
5. Basically, it supports all applications. Because lvs works on Layer 4, it can perform Load Balancing for almost all applications, including http, databases, chat rooms, and so on.
However, LVS needs to manually add commands dynamically, so Keepalived is required for automatic cooperation.
Ii. Keepalived
The purpose of Keepalived is to check the status of the server. If a web server goes down or fails to work, Keepalived will detect it and remove the faulty server from the system, in addition, other servers are used to replace the work of the server. When the server works normally, Keepalived automatically adds the server to the server group. All these work is completed automatically without manual interference, only the faulty server needs to be manually repaired.
Keepalived monitors the configuration files, provides information to LVS, and automatically checks the availability of various schedulers, so as to realize the service of the virtual IP address (that is, the master machine. It is to specify which machine is a virtual IP address. In addition, which port is provided on the virtual IP address to map to which real backend servers can achieve load balancing of backend services (which ports can be automatically detected for unavailability)
Iii. Environment preparation
Generally, four machines are required, two are used as the schedulers for dual-Machine backup (VIP can only exist on one machine, and the other is idle), and the other two are used as real application servers (realserver) such as web servers. The number of schedulers can be increased to multiple (waste), and the number of realservers can also be increased to multiple.
1. CentOS01 --- MASTER, ip: 192.168.1.103
2. CentOS02 --- realserver, ip: 192.168.1.104
3. CentOS03 --- realserver, ip: 192.168.1.104
4. CentOS04 --- BACKUP, ip: 192.168.1.102
Iv. install and configure LVS + Keepalive
1. Install the httpd server in CentOS02
yum install httpd
2. Start httpd in CentOS02
service httpd start
3. The http project in CentOS02 is published to the/var/www/html directory, and the index.html file is created.
touch index.html
4. Disable the firewall-all servers
Systemctl stop firewalld. service # stop firewallsystemctl disable firewalld. service # disable firewall to start firewall-cmd -- state # view the default firewall Status (notrunning is displayed after the firewall is disabled, and running is displayed after the firewall is enabled)
After closing the fire wall, refer to index.html
5. Enter the/etc/init. d/directory in CentOS02 and create a realserver script.
touch realserver
The realserver script content is as follows: --- configure virtual IP (VIP)
#! /Bin/bash # description: realserverSNS_VIP = 192.168.1.135 # define virtual IP (VIP ). /etc/rc. d/init. d/functions # export script library case "$1" in # case statement $1 is passed to the first parameter start of the shell script) ifconfig lo: 0 $ SNS_VIP netmask 255.255.255.255 broadcast $ SNS_VIP # Set Lo: 0 VIP netmask and broadcast/sbin/route add-host $ SNS_VIP dev lo: 0 ## add local route echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignoreecho "2">/proc/sys/net/ipv4/ conf/lo/arp_announceecho "1">/proc/sys/net/ipv4/conf/all/arp_ignoreecho "2">/proc/sys/net/ipv4/conf/all/ arp_announcesysctl-p>/dev/null 2> & 1 #-p
(Default/etc/sysctl. conf) input the standard information into the device's empty file echo "RealServer Start OK"; stop) ifconfig lo: 0 downroute del $ SNS_VIP>/dev/null 2> & 1 # route del Delete local route echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignoreecho" 0 ">/proc/sys/net/ipv4/conf/lo/arp_announceecho" 0 ">/proc/sys/net/ipv4/conf/all/arp_ignoreecho" 0 ">/ proc/sys/net/ipv4/conf/all/arp_announceecho "RealServer Stoped ";; *) echo "Usage: $0 {start | stop}" #$0 indicates the Script Name exit 1 # indicates that the process Exits normally from esac # case ends exit 0 # indicates that the process exits abnormally
Parameter description: arp_ignore, arp_announce, used
Arp_ignore: used to configure the response mode for arp requests. The meaning of each mode is as follows:
0: (default) responds to arp query requests from any network interface to any local IP Address
1: Only answers ARP query requests whose target IP address is the local IP address of the access network interface.
2: Only answers ARP query requests whose target IP address is the local IP address of the access network interface. The access IP address must be in the subnet segment of the network interface.
3: Do not return arp requests for network interfaces, but only respond to the set unique and connection address.
4-7: reserved for unused
8: does not respond to arp queries for all (local addresses)
Arp_announce: used to configure the arp request sending mode. The meaning of each mode is as follows:
0: (default) use any local address on any interface. In this mode, no matter which interface is used to send arp requests, the source IP address in the arp request packet will not be modified at the arp layer, that is, the source ip address in the arp request packet is the source ip address of the ip packet to be sent.
1: avoid that this interface is not a local address in the target subnet. It is useful when the destination IP address in the ARP request packet needs to be obtained through a route, check whether the IP address is one of the ip addresses in the subnet segment of all interfaces. If the IP address does not belong to the subnet segment of each network interface, level 2 is used for processing.
2: use the most appropriate local IP address for the arp request packet. In this mode, the source address of the IP packet to be sent is ignored, and the local address that can communicate with the destination address is selected, first, select the interface IP address that belongs to the same subnet as the target IP address. If no suitable address is found, the current sending network interface or other network interfaces that may receive the ARP response will be selected for sending, when an intranet machine needs to send an IP packet to an external server, it will request the Mac address of the router and send an arp request, which includes its own IP address and Mac address, in linux, the source IP address of the packet to be sent is used as the source IP address in arp (0 mode) by default, instead of the source IP address on the sending device. If arp_announce is set to 2, the IP address of the sending device is used.
6. Authorize the realserver script in centos 02
chmod 775 /etc/init.d/realserver
7. CentOS02 start realserver
/etc/init.d/realserver start
8. Perform steps 1-7 in centos 03
9. Install keepalived in CentOS01
yum -y install ipvsadmin keepalived
10. Modify the/etc/keepalived. conf configuration file in CentOS01.
Global_defs {## global configuration # icationication_email {## the following lines are all global notification configurations. You can enable alarms when an error occurs, but the functions are limited. Therefore, comment out, and use Nagios monitoring lvs running # admin@toxingwang.com # icationication_email_from master@toxingwang.com # smtp_server smtp.exmail.qq.com # smtp_connect_timeout 30router_id LVS_DEVEL # Set lvs id, it should be unique in a network} vrrp_instance VI_1 {# Set vrrp group, unique and the same LVS server group must be the same state MASTER # host LVS server is set to MASTER, set the standby LVS server to BACKUPinterface ens33 # Set the interface vi for external services Rtual_router_id 51 ## set the virtual route ID priority 100 # set the priority. A greater value indicates a higher priority. backup is set to 99, so that the backup is automatically changed to master when the master node is down, when the original master recovers, the current master changes to backup again. Advert_int 1 ## set the synchronization interval authentication {## set the authentication type and password. master and buckup must be set to the same auth_type PASSauth_pass 1111} virtual_ipaddress {## set multiple VIPs, each row occupies 192.168.1.135} virtual_server 192.168.1.135 80 {delay_loop 6 # Health Check Interval. The unit is slb_algo wrr # The Server Load balancer scheduling algorithm is set to Weighted Round call, for details about scheduling algorithms, refer to the fifth item in this article. lb_kind DR # Server Load balancer forwarding rule nat_mask 255.255.255.0 # network mask, in DR mode, the Real Server and lvs must be in the same network segment persistence_timeout 50 # session persistence time, in seconds. During the session persistence time, the virtual IP address must be accessed, the corresponding real_server does not change protocol TCP # protocol real_server 192.168.1.104 80 {## real server configuration, 80 indicates port weight 3 ## weight TCP_CHECK {## the Health Check Methods for keepalived are as follows: HTTP_GET | SSL_GET | TCP_CHECK | SMTP_CHECK | MISC_CHECKconnect_timeout 5 # connection timeout nb_get_retry 3 # Number of retry failures delay_before_retry 3 # interval of retry failures connect_port 80 # connection backend port}} real_server 192.168.1.105 80 {weight 3TCP_CHECK {connect_timeout 10nb_get_retry 3delay_before_retry 3connect_port 80 }}}
11. Start keepalived in CentOS01
service keepalived start
12. Access the virtual IP address (VIP) configured in CentOS01)
If the access fails, view the log:
tail -f /var/log/messages
13. Run "9-11" in "CentOS04" to create a backup server. Note the following points:
(1) Replace MASTER in the keepalived. conf file in Step 10 with BACKUP
(2) In step 10, the value of priority is changed from 100 to 99 (as long as the value is lower than 100)
5. Scheduling Algorithms in LVS
1: Round-Robin Scheduling)
2: Weighted Round Scheduling (Weighted Round-Robin Scheduling)
3: Least-Connection Scheduling)
4: Weighted Least-Connection Scheduling)
5: Locality-Based Least Connections Scheduling)
6: Locality-Based Least Connections with Replication Scheduling)
7: Destination Hashing Scheduling)
8: Source Hashing Scheduling)
9: Shortest Expected Delay Scheduling)
10: No Queue Scheduling (Never Queue Scheduling)
Correspondence: rr | wrr | lc | wlc | lblc | lblcr | dh | sh | sed | nq