LVS Load Balancing
Recently in the study server load Balancing, read some information on the Internet, found that the main software load Balancing scheme has nginx (load balancing for HTTP service), LVS (for the IP layer, the MAC layer of load balancing). LVS mode works in the network layer, and the kernel implements load forwarding, which is more efficient than nginx.
LVS load Balancing consists of three modes:
1. Nat mode (similar to routers, to implement external network address mapping, load Balancer Server Modify the source of the request packet and the destination MAC address and IP address, sent to the actual server; Load balancer Server, modify the source of the response package and the destination MAC address and IP address, sent to the client. Request and response messages need to be load balanced server)
2. Tun Mode (IP tunnel, the Load Balancer server encapsulates the packets coming from the extranet in the IP tunnel and passes it to the actual server. The actual server response is sent directly to the client without the need for a load-balanced server. )
3. Dr Mode (the Load Balancer server and the actual server on the back end have the same virtual IP address, after the Load Balancer server receives the response packet, the modified destination MAC address is sent to the actual server, the actual server sends the response packet directly to the client, does not need to go through the Load Balancer server)
Build LVS Dr Mode load Balancing Service
The connection is as follows:
Where the IP address of the Load Balancer server is 10.10.10.30/24 and 10.10.10.22/32 (the IP address is the IP address that the user accesses ), and the IP address of real server 1 is 10.10.10.31/24, real The IP address of Server 2 is 10.10.10.32/24, the three are connected in the same LAN, and the virtual IP address of RS1 and RS2 ( can be set on lo or lo:0, that is, local loopback, so that the virtual IP is only visible to the machine itself, Does not expose an IP conflict that is caused by an external part ) is set to the IP address dev-1 of the Load Balancer server.
When external access is 10.10.10.22, the Load Balancer server is accessed, and the Load Balancer server chooses an actual server, such as RS1, and then modifies the destination MAC address of the package to RS1 's MAC address and sends the packet to the LAN. At this time for the request packet, the destination MAC address is RS1 MAC address, so RS1 will receive, RS1 found the destination MAC for the package itself, and the destination IP address is 10.10.10.22, is also an IP of its own, so that the packet is sent to their own, began to deal with.
First, install the HTTP service
1. Install the HTTPD service on RS1 and RS2 respectively
2. Modify the/etc/httpd/conf/httpd.conf file to configure it accordingly.
3. Start the HTTPD service and set the firewall open 80 port
Second, install and configure the Ipvsadm on the Load Balancer server
1. yum -y install ipvsadm
2. Set the actual IP and virtual IP
Ifconfig eth0 10.10.10.30/24 ifconfig eth0:0 10.10.10.22 netmask 255.255.255.255 #虚拟IP, exposed to external
3. Set up load forwarding
Way one, through Ipvsadm
Systemctl start Ipvsadm ipvsadm-c ipvsadm--set 5 #vip on load balancer ipvsadm-a- t 10.10.10.22:8 0-s wrr-p #接受转发协议 ipvsadm-a-T 10.10.10.22:80-r 10.10.10.31:80-g-W 1 #增加转发目的地 ipvsadm-a-T 10.10.10.22:8 0-r 10.10.10.32:80-g-W 1 #增加转发目的地 ipvsadm-l-N
Mode two, through keepalived
vim/etc/keepalived/keepalived.conf Modify the configuration file as follows Global_defs {notification_email {[email protected]} Notification_email_from [email protected] smtp_server 192.168.80.1 smtp_connection_timeout Lvs_devel # Set the ID of the LVS, should be unique within a network} vrrp_instance vi_1 {state Master #指定Keepalived的角色, master Primary, backup as standby Interface eth0 #指定Keepalived的角色, master-based, backup for the preparation of virtual_router_id Wuyi #虚拟路由编号, the main preparation to be consistent priority #定义优先级, the more Large, the higher the priority, the primary Dr must be larger than the standby Dr Advert_int 1 #检查间隔, the default is 1s authentication {auth_type PASS auth_pass 1111 } virtual_ipaddress {10.10.10.22 #定义虚拟IP (VIP) is 10.10.10.22, can be set to multiple, one}} # defines the VIP of the LVS serving externally and the PORTVI Rtual_server 10.10.10.22 {delay_loop 6 # Set Health check time in seconds Lb_algo WRR # Set the algorithm for load scheduling for WLC Lb_kind Dr # sets the load mechanism for LVS, with Nat, TUN, DR three modes nat_mask 255.255.255.0 Persistence_timeo UT 0 ProtocOL TCP Real_server 10.10.10.31 80 {# Specifies the IP address of real Server1 weight 3 # Configure node weights, the higher the number the greater the weight Tcp_check {connect_timeout Nb_get_retry 3 delay_before_retry 3 Connect_port}} real_server 10.10.10.32 80 {# Specify IP address of real server2 weight 3 # Configure node weights, numbers The bigger the weight the higher tcp_check {connect_timeout nb_get_retry 3 delay_before_retry 3 con Nect_port 80}} starts keepalived service systemctl start keepalived
Third, set the actual server network card
Ifconfig lo:0 10.10.10.22 netmask 255.255.255.255 #即设置虚拟IP地址, the IP address is bound on the loopback card and will not be exposed to external
Four, set the actual server kernel parameters
[[email protected] LVS] #vim/etc/sysctl.conf [[email protected] lvs]# sysctl-p net.ipv4.ip_forward = 1 #打开路由转发 C5/>net.ipv4.conf.all.arp_ignore = 1 #只回答目的IP为本网口IP地址的arp包的请求 net.ipv4.conf.all.arp_announce = 2 # Use the most appropriate native address for the query target net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2
Arp_ignore and arp_announce above see lvs arp settings
v. Access using the client
At this point , the client accesses http://10.10.10.22, and the request is forwarded to the RS1 or RS2.
Troubleshoot problems
At the time of construction, there may be http://10.10.10.22 unreachable, that is, HTTP requests are not forwarded. This situation can be checked in the following cases:
1. Whether the Load Balancer Server firewall shuts down, or whether TCP connections to 80 ports are allowed
2. Whether Listen 80 is set in the HTTP configuration of RS1 and RS2 (listens to all addresses on this computer, and if only the network card address of the machine is monitored, the virtual IP packet is ignored)
3. If the VIP is not set on the Load Balancer server, there is only one IP address 10.10.10.22/24, which can also be configured. But at this point, when the Load Balancer server is going to 10.10.10.31 and 10.10.10.32 forwarding, it needs to know their MAC address, so it will send an ARP request message, when RS1 or RS2 received ARP, it replies when the source IP of the request message is 10.10.10.22 and then sent directly to the machine, Will not be restored to the Load Balancer server. The Load Balancer server will not be able to dynamically learn the MAC addresses of RS1 and RS2.
At this point, you can only manually set ARP on the Load balancer server. Arp-s ...
This also results in the inability to directly access rs1/rs2 from the Load Balancer server, as well as rs1/rs2 directly to the Load Balancer server. Therefore, it is necessary to configure a eth0 and a virtual IP eth0:0 on the load Balancer server.
LVS Dr Mode load Balancing Service Setup