Lvs/dr
The LVS-DR experimental model is as follows:
650) this.width=650; "title=" Lvs-dr.png "alt=" wkiom1svy9db14msaaefpjcu-is393.jpg "src=" http://s3.51cto.com/wyfs02/ M00/57/3c/wkiom1svy9db14msaaefpjcu-is393.jpg "/>
In this model, the director and real server are in the same physical network segment
Experimental platform
1. This lab is completed on VM virtual machine, using the system of Rhel 5.8, a total of three devices
2, director and real server use bridge mode, each device requires only one network card to
ARP problems in the DR model
In a model such as the VS/DR or Vs/tun application (all machines are in the same physical network), all machines (both director and Realserver) use an additional IP address, the VIP. When a client makes a connection request to the VIP, the request must be connected to the director's VIP, not realserver. Because the main goal of LVS is to have the director responsible for dispatching these connection requests to realserver.
Therefore, after the client sends a connection request to the VIP, only the director will respond to the client (or the routing device directly connected to the director), and the director updates its IPVSADM table to track the connection. It is then forwarded to one of the realserver at the back end.
If a client responds to a request by a realserver when it requests a connection to the VIP, the client establishes a VIP-to-realserver pair in its Mac table, and then communicates later. At this point, the client seems to have only one realserver to be aware of the existence of other servers.
To resolve this issue, you can do so by setting its forwarding rules on the router. Of course, if you do not have permission to access the router and make the appropriate settings, you can only resolve the problem by using a traditional local approach. These methods include:
1, prohibit realserver response to the VIP ARP request;
2, hide the VIP on the realserver, so that they can not learn the ARP request on the network;
3, based on "Transparent agent (Transparent proxy)" or "Fwmark (firewall Mark)";
4, prohibit the ARP request to send to realservers;
Traditionally, solving ARP problems can be based on network interfaces or host-based implementations. Linux uses a host-based approach because it works well in most scenarios, but LVs does not belong to one of these scenarios, so it has been quite a hassle to implement this functionality in the past. Now you can set Arp_ignore and Arp_announce, which is a lot easier.
The kernel of Linux 2.2 and 2.4 (prior to 2.4.26) solves the "ARP problem" differently and is more cumbersome. Fortunately, the kernel of 2.4.26 and 2.6 introduced two new flags to tune the ARP stack: arp_announce and Arp_ignore. Based on this, in the Dr/tun environment, all IPVS related settings can use arp_announce=2 and ARP_IGNORE=1/2/3 to solve the "ARP problem".
Arp_annouce:define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface;
0-(default) Use of any local address, configured on any interface.
1-try to avoid local addresses that is not in the target ' s subnet for this interface.
2-always use the best local address for this target.
ARP_ANNOUNCE={0|1|2}: The level of notification when you define your own address for outward notification
where 0 means that any address on the local is advertised outward
1 indicates an attempt to advertise the destination address of the request and the network on which the address is located. Assuming that a host has 2 network cards eth0 and eth1, so when arp_announce=1, if the request is a Eth0 MAC address, the Eth0 network card is located in the MAC address is advertised to eth0 this interface is located on the network, The MAC address of the ETH1 network card will not be advertised to the network where the eth0 is located.
2 means that only the destination address of the request and the network on which the address is located are advertised
Arp_ignore:define different modes for sending replies on response to received ARP requests that resolve local target IP a Ddress.
0-(default): Reply for any local target IP address, configured on any interface.
1-reply only if the target IP address was local address configured on the incoming interface.
2-reply only if the target IP address was local address configured on the incoming interface and both with the sender ' s I P address is part from same subnet in this interface.
3-do not reply for local address configured with scope host, only resolutions for Golbal and link addresses is replied.
4-7-Reserved
8-do not reply for all local addresses
ARP_IGNORE={0|1|2|3|8}: Used to define the level of response when an ARP request is received, here are 0 and 1
Where 0 means the response is given as long as there is a corresponding address locally
1 means that the response is only given when the destination address of the request matches the interface on which it arrives
On the realservers, the VIP is configured on the local loopback interface lo. If the packet that responds to the client is routed to the Eth0 interface, the ARP advertisement should be implemented through eth0, so the following configuration needs to be defined in the sysctl.conf file:
#vim/etc/sysctl.conf
Net.ipv4.conf.lo.arp_ignore = 1
Net.ipv4.conf.lo.arp_announce = 2
Net.ipv4.conf.all.arp_ignore = 1
Net.ipv4.conf.all.arp_announce = 2
The above options need to be done before the VIP is enabled, otherwise you will need to empty the ARP table on the director to use LVS properly.
The experimental steps are as follows:
1, on the director of the configuration
# # #配置DIP # #
#ifconfig eth0 192.168.0.10/24 up
# # #在lo口上配置VIP # #
#ifconfig eth0:0 192.168.0.1 up broadcast 192.168.0.1 netmask 255.255.255.255 up
#route add-host 192.168.0.1 Dev eth0:0
#route add-host 192.168.0.10 Dev eth0
# # #开启路由转发功能 # #
#echo 1 >/proc/sys/net/ipv4/ip_forward
2, the configuration on the real Server1
# # #设置内核参数arp_ignore和arp_announce # #
Echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
Echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce
Echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
Echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
# # #配置DIP # #
#ifconfig eth0 192.168.0.100/24 up
# # #配置VIP # #
#ifconfig lo:0 192.168.0.1 broadcast 192.168.0.1 netmask 255.255.255.255 up
# # #添加一条主机路由, ensure that the requested destination IP is VIP, the source IP when responding to the message is also VIP
#route add-host 192.168.0.1 Dev lo:0
3, the configuration on the real Server2
# # #设置内核参数arp_ignore和arp_announce # #
Echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
Echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce
Echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
Echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
# # #配置DIP # #
#ifconfig eth0 192.168.0.200/24 up
# # #配置VIP # #
#ifconfig lo:0 192.168.0.1 broadcast 192.168.0.1 netmask 255.255.255.255 up
# # #添加一条主机路由, ensure that the requested destination IP is VIP, the source IP when responding to the message is also VIP
#route add-host 192.168.0.1 Dev lo:0
Service Scripts for LVS/DR
1. Director script:
#!/bin/bash
#
# LVS Script for VS/DR
#
. /etc/rc.d/init.d/functions
#
vip=192.168.0.1
dip=192.168.0.10
rip1=192.168.0.100
rip2=192.168.0.200
Port=80
#
Case "$" in
Start
/sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add-host $VIP Dev eth0:1
# Since This is the Director we must are able to forward packets
Echo 1 >/proc/sys/net/ipv4/ip_forward
# Clear all iptables rules.
/sbin/iptables-f
# Reset iptables counters.
/sbin/iptables-z
# Clear all Ipvsadm rules/services.
/sbin/ipvsadm-c
# ADD an IP virtual service for VIP 192.168.0.219 Port 80
# In this recipe, we'll use the Round-robin scheduling method.
# in production, however, you should use a weighted, dynamic scheduling method.
/sbin/ipvsadm-a-T $VIP: 80-s WLC
# now direct packets for this VIP to
# The real server IP (RIP) inside the cluster
/sbin/ipvsadm-a-T $VIP: 80-r $RIP 1-g-W 1
/sbin/ipvsadm-a-T $VIP: 80-r $RIP 2-g-W 2
/bin/touch/var/lock/subsys/ipvsadm &>/dev/null
;;
Stop
# Stop Forwarding Packets
echo 0 >/proc/sys/net/ipv4/ip_forward
# Reset Ipvsadm
/sbin/ipvsadm-c
# bring down the VIP interface
/sbin/ifconfig eth0:1 Down
/sbin/route del $VIP
/bin/rm-f/var/lock/subsys/ipvsadm
echo "Ipvs is stopped ..."
;;
Status
if [!-e/var/lock/subsys/ipvsadm]; Then
echo "Ipvsadm is stopped ..."
Else
echo "Ipvs is running ..."
Ipvsadm-l-N
Fi
;;
*)
echo "Usage: $ {Start|stop|status}"
;;
Esac
2. Realserver Script:
#!/bin/bash
#
# Script to start LVS DR real server.
# Description:lvs DR Real Server
#
. /etc/rc.d/init.d/functions
vip=192.168.0.100
Host= '/bin/hostname '
Case "$" in
Start
# Start LVS-DR Real Server on the this machine.
/sbin/ifconfig Lo Down
/sbin/ifconfig lo Up
Echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
Echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce
Echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
Echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add-host $VIP Dev lo:0
;;
Stop
# Stop LVS-DR Real Server loopback device (s).
/sbin/ifconfig lo:0 Down
echo 0 >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 >/proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 >/proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 >/proc/sys/net/ipv4/conf/all/arp_announce
;;
Status
# Status of Lvs-dr Real server.
Islothere= '/sbin/ifconfig lo:0 | grep $VIP '
Isrothere= ' Netstat-rn | grep "lo:0" | grep $VIP '
if [! "$islothere"-O! "Isrothere"];then
# either the route or the lo:0 device
# not found.
echo "LVS-DR Real server Stopped."
Else
echo "LVS-DR Real server Running."
Fi
;;
*)
# Invalid entry.
echo "$0:usage: $ {start|status|stop}"
Exit 1
;;
Esac
This article is from the "Linux Learning path" blog, so be sure to keep this source http://xslwahaha.blog.51cto.com/4738972/1592086
LVS-DR of Linux load Balancing cluster