Linux load balancer software lvs-using lvs+keepalived

Source: Internet
Author: User
Tags failover

5. Installation Configuration keepalived

Keepalived is running on the LVS, its main function is to realize the real machine fault isolation and load balancer between the failure switch Failover.lvs combined with keepalived, the implementation of 3-layer, 4-layer, 5/7-layer switching functions. The following is the second use of LVS, lvs+keepalived. The installation and verification of Ipvsadm is the same as in section 4.2 of this article ( this way does not require the configuration of Director Server), and the configuration and validation of Real server is the same as in section 4.4 of this article.

* all director servers need to install keepalived (hosts with Ipvsadm installed)

5.1 Preparatory work

Address planning: Similar to the first approach.

Server name

IP Address

Gateway

Virtual device Name

Virtual IP

Director Server: Primary

192.168.98.75

192.168.98.1

Eth0

192.168.98.77

Director Server: Standby

192.168.98.118

192.168.98.1

Eth0

192.168.98.77

Real Server 1

192.168.98.74

192.168.98.1

lo:0

192.168.98.77

Real Server 2

192.168.98.117

192.168.98.1

lo:0

192.168.98.77

Real Server N

...

...

..

..

5.2 Installing Keepalived

1. Unzip the keepalived-1.1.17.tar.gz package:

[Email protected] ~]# tar zxvf keepalived-1.1.17.tar.gz

2. Switch Directories:

[Email protected] ~]# CD keepalived-1.1.17

3. Configure Configure

[Email protected] ~]#./configure–prefix=/usr/local/keepalived

Because keepalived runs on Ipvs, the two software must be installed in a system. If the configure operation is working properly, the following summary output will be available after the operation is completed:

keepalived Configuration

------------------------

Keepalived version:1.1.17

compiler:gcc

Compiler Flags:-G-O2

Extra Lib:-lpopt-lssl-lcrypto

Use IPVS Framework:yes

IPVS Sync Daemon Support:yes

Use VRRP Framework:yes

Use Linkwatch:no

Use Debug Flags:no

4. Compiling the installation

[[email protected] ~]# make

[[email protected] ~]# make install

5.2.1 Installation keepalived Verification

After the keepalived installation is complete, the Bin,etc,sbin,share 4 directories are generated in the installation directory/usr/local/keepalived. where etc is the directory where the configuration files are located, enter this directory, and see what's inside?

[email protected] localhost ~]# cd/usr/local/keepalived/etc/

[email protected] localhost etc]# ll

Total 24

Drwxr-xr-x 3 root root 4096 may 15:24 keepalived

Drwxr-xr-x 3 root root 4096 may 15:24 Rc.d

Drwxr-xr-x 2 root root 4096 may 15:24 Sysconfig

There are subdirectories, which focus on the keepalived directory, which contains a complete configuration file keepalived.conf (actually a sample) and a few separate configuration sample files.

[email protected] localhost etc]# CD keepalived/

[email protected] localhost keepalived]# ll

Total 16

-rw-r--r--1 root root 3562 may 15:24 keepalived.conf

Drwxr-xr-x 2 root root 4096 may 15:24 samples

[email protected] localhost keepalived]# tree-l

.

|--keepalived.conf

'--samples

|--Client.pem

|--Dh1024.pem

|--Keepalived.conf.HTTP_GET.port

|--Keepalived.conf.SMTP_CHECK

|--Keepalived.conf.SSL_GET

|--Keepalived.conf.fwmark

|--Keepalived.conf.inhibit

|--Keepalived.conf.misc_check

|--Keepalived.conf.misc_check_arg

|--Keepalived.conf.quorum

|--Keepalived.conf.sample

|--Keepalived.conf.status_code

|--Keepalived.conf.track_interface

|--Keepalived.conf.virtual_server_group

|--Keepalived.conf.virtualhost

|--KEEPALIVED.CONF.VRRP

|--Keepalived.conf.vrrp.localcheck

|--KEEPALIVED.CONF.VRRP.LVS_SYNCD

|--keepalived.conf.vrrp.routes

|--keepalived.conf.vrrp.scripts

|--keepalived.conf.vrrp.static_ipaddress

|--Keepalived.conf.vrrp.sync

|--Root.pem

'--sample.misccheck.smbcheck.sh

1 directory, files

5.3 Configuring keepalived5.3.1 to turn on route forwarding

First turn on the route forwarding feature:

[[email protected] localhost ~] #echo "1" >/proc/sys/net/ipv4/ip_forward

5.3.2 keepalived.conf Configuration

Configuration files for the primary server:

/usr/local/keepalive/etc/keepalived/keepalived.conf

#global define

Global_defs {

router_id lvs_test_1 #本服务器的名称, unique within the backup group

}

############################################

# vvrp_instance Define #

############################################

Vrrp_instance Dr_cache {#VRRP热备实例名

State Master #热备状态, Master (master); backup (back up)

Interface Eth0 #承载VIP地址的物理接口

Lvs_sync_daemon_inteface eth0 #负载均衡器之间的监控接口 (same as interface in DR Mode)

virtual_router_id #虚拟路由器的ID号, the group is consistent in the preservation

Priority #优先级, the higher the value the higher the precedence, the master should be higher than the backup

Advert_int 5 #主备之间的通告间隔秒数 (heart rate)

Authentication {#认证信息, each hot standby group remains consistent

Auth_type PASS #认证类型, verification during primary and standby switching

Auth_pass 123 #密码字串

}

virtual_ipaddress {#指定虚拟地址 (VIP), you can have multiple

192.168.98.77

}

}

#############################################

# Virtual Machine Setting #

#############################################

# Setting Port 2200 forward

Virtual_server 192.168.98.77 2200 {#虚拟服务器地址 (VIP), port, separated by spaces

Delay_loop 6 #健康检查的间隔时间 (sec)

Lb_algo WLC #lvs scheduling algorithm, where weighted least link is used

Lb_kind DR #lvs Load Balancing mechanism, where direct-attached routing is used

Persistence_timeout #同一IP连接20秒内被分配到同一台服务器 (Session hold time)

Protocol TCP #用 TCP protocol check realserver status

Real_server 192.168.98.74 2200 {#第一个real server node address, port

Weight #权重

Tcp_check {#健康检查方式

Connect_timeout 3 #故障重试秒数 (i.e. connection timeout)

Nb_get_retry 3 #重试延迟 (that is, number of retries)

Delay_before_retry 3 #重试间隔 (sec)

Connect_port 2200 #检查的目标端口

}

}

Real_server 192.168.98.117 2200 {

Weight 100

Tcp_check {

Connect_timeout 3

Nb_get_retry 3

Delay_before_retry 3

Connect_port 2200

}

}

}

Alternate server configuration file:

/usr/local/keepalive/etc/keepalived/keepalived.conf

#global define

Global_defs {

router_id lvs_test_2

}

################################################################

# vvrp_instance Define #

################################################################

Vrrp_instance Dr_cache {

State BACKUP

Interface eth0

Lvs_sync_daemon_inteface eth0

VIRTUAL_ROUTER_ID 51

Priority 150

Advert_int 5

Authentication {

Auth_type PASS

Auth_pass 123

}

virtual_ipaddress {

192.168.98.77

}

}

##############################################################

# Virtual Machine Setting #

##############################################################

# Setting Port 2200 forward

Virtual_server 192.168.98.77 2200 {

Delay_loop 6

Lb_algo WLC

Lb_kind DR

Persistence_timeout 20

Protocol TCP

Real_server 192.168.98.74 2200 {

Weight 100

Tcp_check {

Connect_timeout 3

Nb_get_retry 3

Delay_before_retry 3

Connect_port 2200

}

}

Real_server 192.168.98.117 2200 {

Weight 100

Tcp_check {

Connect_timeout 3

Nb_get_retry 3

Delay_before_retry 3

Connect_port 2200

}

}

}

There are only 3 differences between the primary load balancer (master) and the backup load balancer (SNAPUP) Profile: Globally defined route_id, vrrp_instance state, and priority precedence for vrrp_instance.

5.3.3 configuring keepalived as a system service

[Email protected] ~]# cp/usr/local/keepalived/etc/rc.d/init.d/keepalived/etc/init.d/

[Email protected] ~]# cp/usr/local/keepalived/etc/sysconfig/keepalived/etc/sysconfig/

[Email protected] ~]# mkdir/etc/keepalived/

[Email protected] ~]# cp/usr/local/keepalived/etc/keepalived/keepalived.conf/etc/keepalived/

[Email protected] ~]# cp/usr/local/keepalived/sbin/keepalived/usr/sbin/

[[Email protected] ~]# Service keepalived Start | Stop

Start or stop the keepalived service.

Configure keepalived as a system-initiated service with the following command (two runlevel)

[Email protected] ~]# ln-s/etc/init.d/keepalived/etc/rc.d/rc3.d/s98keepalived

[Email protected] ~]# ln-s/etc/init.d/keepalived/etc/rc.d/rc5.d/s98keepalived

5.3.4 Configuration Verification

After starting the service, use the following command to view the IP address on the primary standby server

[[email protected] localhost ~]# IP addr

Can see the main server eth0 network card more IP, is the virtual IP we just configured, and the standby server is not yet, because he is a spare.

Main

Preparation

1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 qdisc noqueue

Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00

inet 127.0.0.1/8 Scope host lo

2:eth0: <broadcast,multicast,up ,lower_up> MTU Qdisc pfifo_fast qlen

Link/ether 00:50:56:91:43:e4 brd ff:ff:ff:ff:ff:ff

inet 192.168.98.75/24 BRD 192.168.98.255 Scope global eth0

inet 192.168.98.77/32  scope Global Eth0

1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 Qdisc noqueue

Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00

inet 127.0.0.1/8 Scope host Lo

INET6:: 1/128 Scope Host

Valid_lft Forever Preferred_lft Forever

2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast Qlen 1000

Link/ether 00:50:56:91:14:81 BRD FF:FF:FF:FF:FF:FF

inet 192.168.98.118/24 BRD 192.168.98.255 Scope Global eth0

Inet6 FE80::250:56FF:FE91:1481/64 Scope link

Executing commands on the primary server

[[email protected] localhost ~]# service keepalived stop

Review the IP address situation again. You can see that the virtual IP on the primary server is gone, and that there are multiple virtual IPs on the standby server.

Then access the 192.168.98.77 2200 port (which can be Telnet),

Then use the following command to view

[email protected] localhost ~]# ipvsadm

View TCP connection conditions.

[Email protected] etc]# Ipvsadm

IP Virtual Server version 1.2.1 (size=4096)

Prot Localaddress:port Scheduler Flags

Remoteaddress:port Forward Weight activeconn inactconn

TCP 192.168.98.77:2200 WLC Persistent 20

-192.168.98.117:2200 Route 100 0 6

-192.168.98.74:2200 Route 100 0 0

[email protected] localhost ~]# IPVSADM–LCN

View which server the test machine's request was forwarded to.

[Email protected] etc]# IPVSADM-LCN

IPVS Connection Entries

Pro Expire State source virtual destination

TCP 14:16 established 192.168.10.176:53564 192.168.98.77:2200 192.168.98.117:2200

TCP 14:16 established 192.168.10.176:53563 192.168.98.77:2200 192.168.98.117:2200

TCP 00:36 NONE 192.168.10.176:0 192.168.98.77:2200 192.168.98.117:2200

TCP 14:16 established 192.168.10.176:53562 192.168.98.77:2200 192.168.98.117:2200

TCP 14:16 established 192.168.10.176:53559 192.168.98.77:2200 192.168.98.117:2200

TCP 14:16 established 192.168.10.176:53561 192.168.98.77:2200 192.168.98.117:2200

TCP 14:16 established 192.168.10.176:53560 192.168.98.77:2200 192.168.98.117:2200

[email protected] localhost ~]# ipvsadm–lcn|grep 192.168.98.117

See how a real server is being turned

[Email protected] etc]# IPVSADM-LCN |grep 192.168.98.117

TCP 14:56 established 192.168.10.176:53564 192.168.98.77:2200 192.168.98.117:2200

TCP 14:56 established 192.168.10.176:53563 192.168.98.77:2200 192.168.98.117:2200 TCP 00:16 NONE 192.168.10.176:0 192.168.98.77:2200 192.168.98.117:2200

TCP 14:56 established 192.168.10.176:53562 192.168.98.77:2200 192.168.98.117:2200

TCP 14:56 established 192.168.10.176:53559 192.168.98.77:2200 192.168.98.117:2200

TCP 14:56 established 192.168.10.176:53561 192.168.98.77:2200 192.168.98.117:2200

TCP 14:56 established 192.168.10.176:53560 192.168.98.77:2200 192.168.98.117:2200

6 Appendix: Configuration Notes 6.1 Host planning instructions

In this example, 4 hosts are used in the plan, in fact, the director server and real server can be the same host. It is important to note that Director server: The real server in which master is one is not required to do a real server configuration, that is, do not need to perform lvsrs*.sh.

6.2 Real Server Configuration instructions

1, VIP (virtual IP). The VIP of the direct routing mode must be in the same network segment as the server's external service IP address, and the LVS load balancer and all other servers that provide the same functionality use this VIP.

2, VIP is bound in the loopback interface lo0:0 , its broadcast address is itself, and the subnet mask is 255.255.255.255. This differs greatly from the standard network address settings. This variable length mask is used to divide the network segment into only one host address to avoid IP address collisions.

3, echo "1", echo "2" The role of this paragraph is to suppress the ARP broadcast. If you do not do ARP suppression, there will be a lot of machines to the other ARP packets to claim that they are true, so it is a mess.

6.3 keepalived.conf Configuration Instructions

Description: A keepalived configuration file that features a complete configuration file keepalived.conf can contain three blocks of text: A global definition block, a VRRP instance definition block, and a virtual server definition block. Global definition blocks and virtual server definition blocks are required, and if you have only one load balancer, you do not need to VRRP instance definition blocks. Both the Ipvsadm and Keepalived methods are installed on the primary and standby servers, and the main difference is on the configuration file keepalived.conf.

Global definition Block

Global_defs {

Notification_email {

[Email protected] #故障接受联系人

}

Notification_email_from [email protected] #故障发送人

Smtp_server 127.0.0.1 #本机发送邮件

Smtp_connect_timeout 30

router_id Lvs_master #BACKUP上修改为LVS_BACKUP

}

Can be added via mail notification failure, not configured in this example

1, email notification. Function: There is a malfunction, send an email alarm. This is optional and is not recommended and is replaced with nagios full monitoring.

2, curly braces "{}". Used to separate the definition block, so it must appear in pairs. If the write leaks, the keepalived run, will not get the expected results. Because of the nested relationships within the definition block, it is easy to omit the curly braces at the end, which is especially important.

VRRP Defining blocks

1, synchronous VRRP group Vrrp_sync_group. Role: Determines the number of routing instances that failed switchover (FailOver) contains. That is, in a scenario with 2 load balancers, once a load balancer fails, what are the instances that need to be automatically switched to another load balancer?

2. Instance groups group. Contains at least one VRRP instance.

3, VRRP instance vrrp_instance. The instance name is the name of the instance Group group.

(1) Instance status State. Only MASTER and BACKUP two states, and these words need to be capitalized. Where Master is the working state, backup is the standby state. When Master's server fails, the backup system automatically transforms its status to master, and when the failed Master System resumes, backup resumes from master to the backup state.

(2) Communication interface interface. A network interface that provides services externally, such as eth0,eth1. The current mainstream server has 2 or more than 2 interfaces, when selecting the service interface, it must be verified clearly.

(3) Lvs_sync_daemon_inteface. The monitoring interface between the load balancer. In DR mode, the Lvs_sync_daemon_inteface uses the same network interface as the service interface interface.

(4) Virtual route identification virtual_router_id. This identifier is a number and the same VRRP instance uses a unique identity. That is, the same vrrp_stance,master and BACKUP virtual_router_id are consistent and unique throughout the VRRP.

(5) Precedence priority. This is a number, the larger the value, the higher the priority. In the same vrrp_instance, MASTER has a higher priority than BACKUP. If MASTER has a priority value of 150, then the priority of backup is only 140 or smaller.

(6) Synchronization notification interval advert_int. The time interval, in seconds, between MASTER and the BACKUP load balancer for synchronization checks.

(7) Verify the authentication. Contains the authentication type and the authentication password. The type is mainly pass, ah two kinds, usually use the type of pass, it is said AH use problems. Verify that the password is plaintext and that the same VRRP instance master uses the same password as BACKUP to communicate properly.

4, Virtual IP address virtual_ipaddress. There can be multiple addresses, one row per address, and no subnet mask to be specified. Note: This IP must match the VIP we set in the LVS client (real server)!

Virtual Server Virtual_server definition block

The virtual server definition is the most important project of the keepalived framework and is an essential part of keepalived.conf.

1, Virtual server virtual_server. This IP comes from the "4" step of the VRRP definition block, followed by a space, followed by a port number. Defines a VIP that can implement load balancing on multiple TCP ports.

(1) Delay_loop. The health check interval, in seconds.

(2) Lb_algo. Load balancing scheduling algorithm, the use of the WLC or RR is often used in Internet applications.

(3) Lb_kind. Load-balanced forwarding rules. Generally includes dr,nat,tun3 species, the way DR is used here.

(4) Persistence_timeout. Session hold time in seconds. This option is useful for dynamic sites: When a user logs on to a website from a remote account, the session hold function is used to forward the user's request to the same application server. Here, let's assume that there is now an LVS environment, using the DR forwarding mode, there are 3 real servers, and the load balancer does not enable session hold functionality. When the user first visited, his access request was transferred to a real server by the load balancer, so he saw a landing page, the first access is complete, then he filled in the Login box user name and password, and then submit; At this point, the problem may arise-the login cannot be successful. Because there is no session hold, the load balancer may forward the 2nd request to the other server.

(5) Forwarding Protocol protocol. There are generally TCP and UDP two types.

2, Real server real_server. That is, the server pool. The value of the real_server includes the IP address and port number.

(1) Weight weight. The weight value is a number, the greater the value, the higher the weight. The purpose of using different weights is to assign different loads to different performance machines, and to load the machines with better performance, and the lower the performance of the machines, the less load is shared, so that the machine resources of different performance can be rationally utilized.

(2) TCP check tcp_check.

Resources:

Http://www.keepalived.org/pdf/sery-lvs-cluster.pdf

Http://www.cnblogs.com/mchina/archive/2012/08/27/2644391.html

Http://blog.51cto.com/tag-lvs%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE.html

Http://www.keepalived.org/documentation.html

Linux load balancer software lvs-using lvs+keepalived

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.