LVS + keepalived configure dir Mode

1. 1 LVS

LVS is short for Linux virtual server, which is a virtual server cluster system. This project was established by Dr. Zhang Wenyu in May 1998 and is one of the earliest free software projects in China. Currently, three IP Server Load balancer technologies are available (Vs/NAT, VS/TUN, and VS/DR)

This article mainly introduces the use of Dr Mode

1. 2 Dr Mode

What is the Dr mode? Apart from the LVS scheduling algorithm, the principle of the Dr mode is to Route packets directly to the target server (direct routing). In fact, there is no routing thing here, called direct select, which is more accurate, why? Because he directly does not modify the data packet, he directly packs the data packet into an Ethernet data frame, but the destination MAC address in the data frame is the final MAC address of the Real Server, therefore, the Dr mode must be in the same physical network segment and cannot be used across routes.

When the target server receives the data frame, it unpacks it. When the server discovers the destination address (VIP) of the data packet) it is on a local network device (usually bound to a VIP address on the Lo: 0 of the Real Server). The server processes this packet and then directly returns the response packet to the customer according to the local route table.

2.1 keepalived

Here we use keepalived to establish LVS and perform health checks on servers and VIPs. In fact, keepalived is like a shell, which automatically performs LVS + vrrp for you.

Keepalived performs health checks on real servers, and vrrp performs VIP redundancy.

VIP: 192.168.2.240

LVS: 192.168.2.210 192.168.2.211

RealServer: 192.168.2.212 192.168.2.213

Certificate -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Required Software: keepalived

Ipvsadm (mainly for management and viewing)

# Ln-S/usr/src/kernels/2.6.18-92. el5-i686/usr/src/Linux

# Tar-zxvf ipvsadm-1.24.tar.gz

Certificate ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Configure the RealServer script first:

/Opt/lvs_server.sh 192.168.2.212

#!/bin/bash# description: Config realserverVIP=192.168.2.240/etc/rc.d/init.d/functionscase "$1" instart)        /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP        /sbin/route add -host $VIP dev lo:0        echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore        echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce        echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore        echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce        sysctl -p > /dev/null 2>&1        echo "RealServer Start OK"        ;;stop)        /sbin/ifconfig lo:0 down        /sbin/route del $VIP > /dev/null 2>&1        echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore        echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce        echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore        echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce        echo "RealServer Stoped"        ;;*)        echo "Usage: $0 {start|stop}"        exit 1esacexit 0

# SCP/opt/lvs_server.sh [email protected]:/opt/

Add to open

vim /etc/rc.d/rc.local/bin/bash /opt/lvs_real start

 

Configure keepalived:

Vim/etc/keepalived. conf 192.168.2.210

! Configuration File for keepalivedglobal_defs {   notification_email {     [email protected]   }   notification_email_from [email protected]163.com   smtp_server smtp.163.com   smtp_connect_timeout 30   router_id LVS_DEVEL}vrrp_instance VI_1 {    state MASTER    interface eth0    virtual_router_id 51    priority 100    advert_int 5    authentication {        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {        192.168.2.240    }}virtual_server 192.168.2.240 80 {    delay_loop 6    lb_algo wlc    lb_kind DR    persistence_timeout 60    protocol TCP    real_server 192.168.2.212 80 {        weight 3        TCP_CHECK {          connect_timeout 10          nb_get_retry 3          delay_before_retry 3          connect_port 80        }}    real_server 192.168.2.213 80 {        weight 3        TCP_CHECK {          connect_timeout 10          nb_get_retry 3          delay_before_retry 3          connect_port 80        }    }}

# SCP/etc/keepalived. conf [email protected]:/etc/keepalived/

 

 

Lvs_sync_daemon_inteface eth0 # monitoring interface between Server Load balancer instances, similar to the heartbeat line of HA heartbeat. However, its mechanism is better than heartbeat because it does not have the "Split-brain" problem. It uses the priority mechanism to avoid this problem. In Dr mode, lvs_sync_daemon_inteface and service interface use the same network interface.

Virtual_router_id 51 # virtual route ID,This identifier is a number and the same vrrp instance uses a unique identifier. That is to say, the virtual_router_id of the master and backup is the same for the same vrrp_stance, and is unique throughout the vrrp.

Mcast_src_ip 192.168.2.240

# Mcast_src_ip # the source IP address of multicast. It seems that this lvs ip address does not need to be used.

Priority 100 # priority of the route. The priority of the master LVS is higher than that of the slave LVS.

Advert_int 1

Authentication {

Auth_type pass #The master and backup of the same vrrp instance can use the same password for normal communication.

Auth_pass 1111

}

Virtual_ipaddress {

192.168.11.240 # virtual IP address, that is, the VIP address. You can set multiple VIP groups.

}

Delay_loop 3 # Health Check Interval

Lb_algo wlc # LVS Scheduling Algorithm

Lb_kind Dr # LVS scheduling mode

Persistence_timeout 50 # connection persistence timeout, which ensures that a user's connection is always directed to the same server. When a user accesses the server for the first time, his access request is forwarded to a real server by the Server Load balancer, in this way, he sees a login page, and the first access is complete; then he fills in the username and password in the login box, and then submits; at this time, the problem may occur-login fails. Because there is no session persistence, the Server Load balancer may forward 2nd requests to other servers.

# Use ipvsadm-lcn to check if it takes effect

Protocol TCP

Ha_suspend # disable health check on the Real Server when the VIP fails (that is, the Standby server will not perform health check on the Real Server)

 

# View the ipvsadm-l-N command

 

LVS + keepalived configure dir Mode