Linux cluster-simple LVS-DNAT and LVS-DR

LVS-DNAT

 

Working principle:

Change the destination address of a data packet before it enters the kernel)

 

The working mechanism of LVS is similar to iptables. Some work in the user space (ipvsadm) and some work in the kernel space.

Installing ipvsadm is enough to implement LVS functions.

 

When using ipvsadm, the kernel needs to be re-compiled in the early stage. However, the current version of RedHat is directly implemented in the kernel by default.

# Check whether the kernel contains ipvs

Grep-I-c 5 ipvs/boot/config-'uname-R'

 

 

Use the ipvsadm command:

Ipvsadm Function

1: Define cluster services

2: Define real RealServer

3: view the defined information

1. Define cluster services

Ipvsadm

-T tcp-based cluster service

-U based on UDP

-F: firewall-based cluster service and firewall type

-A: Add a new cluster.

-E. modify a cluster.

-S: Specify the default wlc algorithm.

-D. delete a cluster.

-G | I | M gateway | Internet | net Dr | Tun | DNAT Model

-W weight

-C clear rules

-S: Save the rule to a file.

-R: Restore rules from a file

-L | L View

-N -- display address in numeric Mode

-- Stats: displays statistics (abbreviated as statistics)

-- Rate: Display rate information

-Z: Clear the counter

 

Add/delete ctor end

Ipvsadm-A |-e-t |-u VIP: Port-S

Ipvsadm-D-T |-u VIP: Port

 

Add/delete RealServer

Ipvsadm-A |-e-t |-u VIP: Port-r RealServer [-G |-I |-M] [-W weight]

Ipvsadm-D-T |-u VIP: Port-r readserver

 

 

Configure and install LVS

1. Install OS

2. install Apache

3. Set the default route

4. Install LVS

5. Configure LVS and define rules

6. Test

 

 

1. Two Apache servers serve as RealServer and only provide static pages

2. Enable the forwarding function in Directory

3. The two realservers are in the same network segment

 

Preparation:

1) 3 clean VMS: RS1 rs2 ctor (a NIC is required)

2) configure the respective Yum sources

 

I. Configure the address and install the software.

RealServer:

Ifconfig eth0 10.0.0.11/8

Route add default GW 10.0.0.1/8

Yum install httpd PHP-mysql mysqlmysql-server PHP-mbstring-y

# Test whether the webpage is displayed

Vim/var/www/html/index.html

Realserver1

Service httpd start

Elinks http: // 10.0.0.11

 

Directory:

Ifconifg eth0 10.0.0.1/8

Yum install ipvsadm

 

 

# Enable ipforward

Echo 1>/proc/sys/NET/IPv4/ip_forward

 

# Add Director

Ipvsadm-a-t 172.16.14.1: 80-s rr

# View Cluster services

Ipvsadm-l-N

# Add RealServer

Ipvsadm-a-t 172.16.14.1: 80-r 10.0.0.11-m

Ipvsadm-a-t 172.16.14.1: 80-r 10.0.0.12-m

Ipvsadm-l-N

 

The cluster has been built .... Test with a browser

 

# Stress testing, 10 concurrent connections, initiated 10000 times

AB-C 10-N 10000 http: // 172.16.14.1/index.html

# View results

Ipvsadm-ln

# Use weighted least join

Ipvsadm-e-t 172.16.14.1: 80-s wlc

# Modifying Weights

Ipvsadm-e-t 172.16.14.1: 80-r 10.0.0.11-m-W 3

 

# Stress testing, 10 concurrent connections, initiated 10000 times

AB-C 10-N 10000 http: // 172.16.14.1/index.html

 

# Use another algorithm to test the effect.

Watch-N 1 'ingress SADM-L-N'

 

# Save the ipvsadm result. Otherwise, the system will not be started.

# For RedHat

Service ipvsadm save

Chkconfig ipvsadm on

# Or

Ipvsadm-S>/etc/sysconfig/ipvsadm

########## It is recommended that you write your own scripts to implement the Save function. It is best to include startstop restart.

 

 

 

========================================================== ========================================

LVS-DR

 

Working Principle:

By setting kernel parameters, RS is prohibited from directly responding to user requests. RS is isolated and only allowed to respond to the requests forwarded by Dr.

 

Use LVS-DR prerequisites:

The kernel includes arp_announce and arp_ignore.

Arp_annouce defines which address is used to notify others of the restriction level defined by the local Mac-IP information.

 

0 indicates responding to any local address and any interface (the IP address belongs to the kernel rather than the NIC)

1. TryAvoidAnd the IP address of the source hostAddress of a different networkRespond to it

2. Always use localResponse from the best address (same network segment)

 

Arp_ignore defines the response method and type

0 whether the address is placed inAnywhereAll response

1 only when the requested address andThe interfaces in the request are the same.(The incoming interface and request address are in the same network segment ).

 

 

Think about arp_ignore = 1 arg_annouce = 2

 

 

Server reject response 2.2

 

Solution data entry:

To avoid direct Rs response, set the VIP address for Lo: 0 on the server and CIP for the local Nic so that the RS will not respond directly, hiding the RS

Solve the problem:

By default, Linux sets the NIC from which the data packet is sent, and the source address is set to the NIC address. By adding a special route, If the destination address is Lo's VIP address, set the source address to the lo address when you exit.

Routing Information principle:

Add a host route and set the VIP address as a network segment. The subnet mask is 255.255.255.255. In this way, the VIP address becomes the best IP address when it goes out.

 

 

The related network plan is as follows:

 

Configuration required:

1. Lo is set to VIP

2. Modify Kernel Parameters

3. Add a special route

 

 

Note the following When configuring the LVS-DR:

1. Set the NIC mode to bridging

2. The rip address is not necessarily a public IP address.

 

 

1. Set the NIC

Director end

1. Dip is configured on the interface, and VIP is configured on the Interface alias.

# Director, one-step deployment. Otherwise, you need to restart the network service.

Ifconfig eth0: 0 172.16.14.1 broadcast172.16.14.1 netmask 255.255.255.255 up # VIP

Ifconfig eth0 172.16.14.10 # dip

 

VIP should be set on the alias address, dip is set on the static address, and all VIPs are set on eth0: 0

 

 

RS end

Dip must be configured on the interface, and VIP must be configured on the lo alias.

 

Ifconfig eth0 172.16.14.11 # Rip

 

# Configure kernel parameters to prohibit responses to ARP broadcast requests to VIP addresses

Echo 1>/proc/sys/NET/IPv4/CONF/LO/arp_ignore

Echo 1>/proc/sys/NET/IPv4/CONF/All/arp_ignore

Echo 2>/proc/sys/NET/IPv4/CONF/All/arp_announce

Echo 2>/proc/sys/NET/IPv4/CONF/LO/arp_announce

 

# Setting the VIP address will not conflict with Director

#255.255.255.255

# VIP only broadcasts to itself

Ifconfig lo: 0 172.16.14.1 broadcast172.16.14.1 netmask 255.255.255.255 up

 

# Add route information. All outgoing information is subject to Dev information.

Route add-host 172.16.14.1 Dev lo: 0

Route-n

 

Set all Rs

 

2. Configure ipvsadm

Ipvsadm-C # Remove the previous

Ipvsadm-a-t 172.16.14.1: 80-s wlc

Ipvsadm-a-t 172.16.14.1: 80-r172.16.14.11-g w 2

Ipvsadm-a-t 172.16.14.1: 80-r172.16.14.12-g w 4

Ipvsadm-l-N