Ipvsadm Life Introduction to the order:
Ipvsadm is the management command of LVS in the application layer, we can manage the LVS configuration by this command. In the system after FEDORA14 and Linux6.0, the LVS related modules have been integrated, but the IPVSADM command still needs to be installed separately using YUM.
1. Command format:
ipvsadm COMMAND [protocol] service-address [Scheduling-method ] [persistence options]
IPVSADM command [protocol] service-address server-address [Packet-forwarding-method] [weight options]
The first command is used to add a virtual server (VS) for load Balancing to the LVS system;
The second command modifies the existing VS configuration, which is used to specify the virtual service that is involved, the virtual address, and the server-address specifies the real address that is involved.
2. Command:
-A,--add-service: Add a virtual service for the Ipvs virtual server,
That is, add a virtual address that needs to be load balanced. The virtual address needs to be in the form of an IP address, port number, and protocol.
-E,--edit-service: Modifies a virtual service.
-D,--delete-service: Deletes a virtual service.
-C,--clear: Clears all virtual services.
-R,--restore: Gets the IPVSADM command from standard input. Generally combined with the below-s use.
-S,--save: Rules for outputting virtual servers from standard output.
You can save the rules of a virtual server and read it directly through-R in the future for automated configuration.
-A,--add-server: Add a real server (RS) for virtual services
-E,--edit-server: Modify RS
-D,--delete-server: delete
-L,-L,--list: Lists all virtual services in the Virtual service table. You can specify an address. Add-C Displays the connection table.
-Z,--zero: zeroing all data-related records. These records are typically used for scheduling policies.
--set TCP tcpfin UDP: Modifies the time-out period for the protocol.
--start-daemon state: Set up a standby server for the virtual server to enable redundancy of the primary and standby server (only IPv4 supported)
--stop-daemon: Stop standby server.
-H,--help: Help.
3. Parameters:
-T,--tcp-service
Service-address: Specifies that the virtual service is TCP, if the host[:p ort] form, the port is 0 for any port, such as the port is set to 0, need to add-p (persistent connection)
-U,--udp-service service-address: Use UDP service, other ibid.
-F,--fwmark-service Integer:
Using firewall mark instead of virtual address to specify the packet to be load balanced, this command can be implemented by the different address, port virtual address integration into a virtual service, you can let the virtual server simultaneously intercept processing to many different addresses of packets. Fwmark can be specified by the iptables command. If used in IPv6 need to add-6.
-S,--scheduler Scheduling-method: Specifies the scheduling algorithm. You can specify several of the following:
RR (polling), WRR (weight), LC (last connection), WLC (weight),
LBLC (Local last connection), LBLCR (Local last connection with replication),
DH (Destination address hash), SH (source address hash), SED (minimum expected delay), NQ (never queued)
-P,--persistent [timeout]: Set persistent connection,
This mode allows multiple requests from customers to be sent to the same real server, usually in FTP or SSL.
-M,--netmask netmask: Specifies the subnet mask for the customer address. Used to forward requests from clients of the same subnet to the same server.
- R,--real-server server-address: Specifies the address of the real server to which data can be forwarded to the virtual service. You can add a port number. If you do not specify a port number, it is equivalent to the port number that uses the virtual address.
[Packet-forwarding-method]: Specifies the data forwarding mode used by the real server. Each RS must be specified separately.
-G,--gatewaying: Using a gateway (that is, direct routing), this mode is the default mode.
-I,--ipip: Use Ipip tunnel mode.
-M,--masquerading: Use NAT mode.
-W,--weight Weight: Sets the weight. The weight is an integer of 0~65535.
If the weight is set to 0, then it will not receive a new connection, but the existing connection will continue to be maintained (this is different from the direct removal of an RS)
- x,--u-threshold uthreshold: Sets the maximum connection limit that the server can maintain. 0~65535. 0 means there is no upper limit.
- y,--l-threshold lthreshold: Sets the minimum connection limit for the server.
The server can re-receive connections when the number of connections to the server is below this value. If this value is not set, the server can receive a new connection when the number of connections to the server is three consecutive times lower than Uthreshold. (PS: I think this setting may be to prevent the server from being able to change frequently in the two states of receiving connections)
--mcast-interface Interface: Specifies the broadcast interface when the standby server is used.
--syncid syncid: specifies SyncId, which is also used for synchronization of the primary and standby servers.
The following options are used for the list command:
-C,--connection: Lists the current Ipvs connection.
--timeout: List Timeouts
--daemon:
--stats: status information
--rate: Transfer Rate
--thresholds: List threshold values
--persistent-conn: Stick to the connection
--sor: Sort the list.
--nosort: Not sorted
-N,--numeric: No DNS query for IP addresses
--exact: Unit
-6: You need to specify this option if Fwmark is using a IPv6 address.
Other precautions
1, if use IPV6 address, need to add "[]" at both ends of the address
such as: ipvsadm-a-T [2001:db8::80]:80-s RR
2. You can protect against Dos attacks by setting the values of the following virtual files:
/proc/sys/net/ipv4/vs/drop_entry
/proc/sys/net/ipv4/vs/drop_packet
/proc/sys/net/ipv4/vs/secure_tcp
4. Example:
4.1. Using NAT mode
Add a virtual service with an address of 207.175.44.110:80, specifying that the scheduling algorithm is rotated.
Ipvsadm-a-T 207.175.44.110:80-s RR
Adding a real server, specifying a transport mode of NAT
Ipvsadm-a-T 207.175.44.110:80-r 192.168.10.1:80-m
Ipvsadm-a-T 207.175.44.110:80-r 192.168.10.2:80-m
Ipvsadm-a-T 207.175.44.110:80-r 192.168.10.3:80-m
Nat mode is the simplest of the three modes of LVS. This mode only needs to ensure that the dispatch server and the real server interoperability can be run.
4.2. Using Dr Mode
For Dr Mode, you first configure the real server:
For each real server, the following actions are performed:
4.2.1, setting the LO interface of the real server does not make an ARP response
echo 1 >/proc/sys/net/ipv4/conf/all/arg_ignore
echo 1 >/proc/sys/net/ipv4/conf/lo/arg_ignore
echo 2 >/proc/sys/net/ipv4/conf/all/arg_announce
echo 2 >/proc/sys/net/ipv4/conf/lo/arg_announce
after setting, so that each interface only responds to addresses on this interface
4.2.2, adding virtual IP on the real server
ifconfig lo:0 192.168.10.10 Boradcast 207.175.44.110 netmask 255.255.255.255
IP r add 192.168.10.10 dev Lo
Then add the Ipvs rule:
Add a virtual service with an address of 192.168.10.10:80, specifying that the scheduling algorithm is rotated.
Ipvsadm-a-T 192.168.10.10:80-s RR
Add a real server, specify the transfer mode as Dr
Ipvsadm-a-T 192.168.10.10:80-r 192.168.10.1:80-g
Ipvsadm-a-T 192.168.10.10:80-r 192.168.10.2:80-g
Ipvsadm-a-T 192.168.10.10:80-r 192.168.10.3:80-g
Note: In this example, the customer, dispatch server, and real server are all in the same network segment.
---end---
This article is from the "Wind No Trace" blog, please be sure to keep this source http://wangfx.blog.51cto.com/1697877/1959064
Linux command: Ipvsadm