Redhat9.0 lvs Server Load balancer

In redhat9.0, lvs sets up the Server Load balancer server-Linux Enterprise Application-Linux server application information. The following is a detailed description. Install the required components:
Standard internal package linux-2.4.20-tar.gz, with the software matching the internal package s-1.0.09.tar.gz
Linux Kernel requires patching, hidden-2.4.20per10-1.diff, noarp-2.4.20-1.diff, iproute-050816-noarp-1.diff
KTCPVS kernel patch package,
The standard kernel package can be downloaded at: www.kernel.org;
Other required components can be downloaded at: www.linuxvirtualserver.org;
Installation Platform: Red hat 9.0: kernel linux-2.4.20-8
Installation steps:
1) unzip the kernel to the tar-zxvf linux-2.4.20.tar.gz under the/usr/src directory? C/usr/src generate linux-2.4.20/directory
Since the default installation path in the Makefile file of the ipvs-1.0.09 is/usr/src/linux, the following connection is required:
Ln-s/usr/src/linux-2.4.20/usr/src/linux
You can also modify the Makefile settings for the ipvs-1.0.09. Change/usr/src/linux to/usr/src/linux-2.4.20
Modify the path of the Makefile under the ipvsadm/directory. We use the connection method again.
2) patch:
Cd /Ipvs-1.0.09/
Make kernelpatch: patch the kernel in ipvs.
Make installsource: add the ipvs source to the kernel
Cat /Hidden-2.4.20per-1.fiff | (cd/usr/src/linux & patch? P1)
If you want to use vs/tul vs/dr features you need to press the above method to noarp-2.4.20-1.diff, iproute-050816-noarp-1.diff
Patch.
The layer-7 patch involved in KTCPVS is added when the lvs kernel is compiled and used to use the new kernel.
3) Compile the kernel:
Cp/boot/config-2.4. */usr/src/linux/. config copy the configuration file during installation to/usr/src/linux, and then
Make menuconfig compilation, it will read the original configuration information in. config, so as long as the IP: Virtual Server
Select the New Option in Configuration.
PDF files create http://www.pdffactory.com with "FinePrint pdffacloud Pro" trial version
Make mrproper
Make menuconfig
When you execute make menuconfig, we will enter a graphical interface where you can
For detailed settings. All the kernel options related to LVS are in "Networking options" and enter "Networking ".
Options, you can view the "IP: Virtual Server Configuration" option, all other sub-options are
Optional:
Virtual server support (EXPERIMENTAL)

IP virtual server debugging
(12) IPVS connection table size (the Nth power of 2)
--- IPVS scheduler
Round-robin scheduling
Weighted round-robin scheduling
Least-connection scheduling
Weighted least-connection scheduling
Locality-based least-connection scheduling
Locality-based least-connection with replication scheduling
Destination hashing scheduling
Source hashing scheduling
Shortest expected delay scheduling
Never queue scheduling
--- IPVS application helper
FTP protocol helper
In addition, all the sub-items of the options in "IP: Netfilter Configuration" in "Networking options"
You can select either of the following two items:
<> Ipchains (2.2-style) support
<> Ipfwadm (2.0-style) support
Also, there are some network options in "Networking options". You should select the options as needed:
<*> Packet socket
[] Packet socket: mmapped IO
<*> Netlike device emulation

Network packet filtering (replaces ipchains)

Network packet filtering debugging

Socket Filtering
<*> Unix domain sockets

TCP/IP networking

IP: multicasting

IP: advanced router
PDF files create http://www.pdffactory.com with "FinePrint pdffacloud Pro" trial version

IP: policy routing
[] IP: use netfilter MARK value as routing key
[] IP: fast network address translation
IP: tunneling


NOTE: If Standard Kernel is used, the Networking op
The IP: Virtual Server Configuration option cannot be found in the tions option, because the Network is not selected.
Packet filtering options,
PDF files create http://www.pdffactory.com with "FinePrint pdffacloud Pro" trial version
Make dep
Make clean
Make bzImage
Make modules; make modules_install note that if you only run the make modules_install command
The file directory of the new kernel may not be generated under the/lib/modules directory. Therefore, the make modules command is run first during the warranty period.
Command, and then make modules_install command
Make install this command can automatically load the new kernel. If your compiling environment cannot use this command, we will have to work harder.
Yes, manually load J
The procedure is as follows:
Mkinitrd/boot/initrd-2.4.20ipvs.img 2.4.20 create initrd Image
Cp/usr/src/linux/arch/i386/boot/bzImage/boot/vmlinuz-2.4.20ipvs
Cd/boot
Rm vmlinuz
Ln? S vmlinuz-2.4.20ipvs (vmlinuz)
Cp/usr/src/linux/System. map/boot/System. map-2.4.20ipvs
Cd/boot
Rm System. map
Ln? S System. map-2.4.20ipvs System. map
You can add the following settings to the grub. conf file to modify the grub file in/boot/grub/and/etc.
PDF files create http://www.pdffactory.com with "FinePrint pdffacloud Pro" trial version
Title LVS-linux (1.0.09)
Root (hd0, 5)
Kernel/boot/vmlinuz-2.4.20ipvs ro
Initrd/boot/initrd-2.4.20ipvs.img
The original root = LABLE =/item may cause trouble, so you can remove it and change it to root =/dev/hda6, that is, linux.
Region ID of the system
After everything is done above, we will go to the next step to use the new kernel and generate the ipvs module.
Install ipvs and ipvsadm
Cd/usr/src/ipvs-1.0.09/
Make all
Make install
Insmod ip_vs_wlc.o
After the kernel supporting ipvs is used, you can install ipvsadm. ipvsadm is a tool for configuring ipvs forwarding methods and scheduling algorithms.
Cd/usr/src/S/ipvsadm/
Make all
Make install
Ipvsadm? Lcn
Run the ipvsadm command. If the following prompt is displayed, the installation is successful.
Note: No matter which version of the kernel is used for compiling, You must select the appropriate patch and ipvs software. Patch in two steps
The most important thing is whether the kernel supports ipvs and compilation after compilation. After using the new kernel, you may encounter the root file
I have not solved the self-check problem so far, as if I had switched the kernel. Two Kernel File Systems are estimated.
Conflict exists.
PDF files create http://www.pdffactory.com with "FinePrint pdffacloud Pro" trial version
LVS use document VS-NAT
VS/NAT (Virtual Server via Network Address Translation)
The architecture 2 of VS/NAT is shown in. There is a scheduler in front of a group of servers, which use the Switch/HUB
Connected. These servers provide the same network service and content, no matter which server the request is sent,
The execution results are the same. The service content can be copied to the local hard disk of each server.
System (such as NFS) sharing can also be provided through a distributed file system.
Working way: when a user accesses a service from the internet, Load balancer first receives the user's request,
Then, call the scheduling algorithm to distribute the access to the Real Server, which will be scheduled to the backend server and
The specified scheduling algorithm has different settings for. VS/NAT on the linux (LB) server and the backend Real Server. In
The settings on the linux Server Load balancer are as follows:
VIP: Virtual IP
RIP: Real server IP Address
PDF files create http://www.pdffactory.com with "FinePrint pdffacloud Pro" trial version
Front-end Load balancer and rael server:
VIP: 192.168.6.100 netmask 255.255.255.0 broadcast 192.168.1.254
RIP: 192.188.1.1 netmask 255.255.255.0 broadcast 192.188.1.254
Real backend servers:
Real server 1:
RIP: 192.188.1.2 netmask 255.255.255.0 broadcast 192.188.1.254
Real server 2:
RIP: 192.188.1.3 netmask 255.255.255.0 broadcast 192.168.1.254
Load Balancer script:
#! Bin/sh
# Set ip_forward ON for vs-nat director (1 on, 0 off)
Echo 1>/proc/sys/net/ipv4/ip_forward
# Director is gateway for realservers
# Turn OFF icmp redirects (1 on, 0 off)
Echo 0>/proc/sys/net/ipv4/conf/all/send_redirects
Echo 0>/proc/sys/net/ipv4/conf/default/send_redirects
Echo 0>/proc/sys/net/ipv4/conf/eth0/send_redirects
# Set VIP
Ifconfig eth0: 100 192.168.6.100 broadcast 192.168.1.254 netmask
255.255.240.0
# Set default gateway
Route add default gw 192.168.1.254 netmask 0.0.0.0 metric 1
# Clean ipvsadm tables
Ipvsadm? C
# Add http to VIP with rr (Round-Robin Scheduling) scheduling
Ipvsadm? A? T 192.168.6.100: http? S rr
# Forward http to real server 192.188.1.1 use LVS-NAT (-m), with weight 1
Ipvsadm? A? T 192.168.6.100: http? R 192.188.1.1: http? M? W 1
# Forward http to real server 192.188.1.2 use LVS-NAT (-m), with weight 1
Ipvsadm? A? T 192.168.6.100: http? R 192.188.1.2: http? M? W 1
PDF files create http://www.pdffactory.com with "FinePrint pdffacloud Pro" trial version
# Forward http to real server 192.188.1.3 use LVS-NAT (-m), with weight 1
Ipvsadm? A? T 192.168.6.100: http? R 192.188.1.3: http? M? W 1
# Check that real server is scheduling from director
Ping? C 1 192.168.1.1
Ping? C 1 192.168.1.2
Ping? C 1 192.168.1.3
# List ipvsadm tables
Ipvsadm
### End ###
Set iptables Masq
All packets from the 192.188.1.0/24 CIDR block are forwarded in disguise. For security testing, we should first clarify
Empty iptables rule chain.
Iptables? F (input forward ouput postrouting)
Iptables-X
Iptables? T nat? A postrouting? R 192.188.1.0/24? J MASQUERADE
The above is the Server Load balancer in VS-NAT Mode settings. The following are the Real server settings.
The settings of 1, 2, and 3 are the same. They are all in the following format:
RealServer script:
#! Bin/sh
# Set ip_forwark OFF for Real server (1 on, 0 off)
Echo 0>/proc/sys/net/ipv4/ip_forward
# Installing default gateway 192.188.1.1 for vs-nat
Route add default gw 192.188.1.1
# Show route table
Route (or netstat-rn)
# Check if default gw is reachable
Ping? C 1 192.188.1 .*
# Looking for VIP on director from realserver
Ping? C 1 192.168.6.100
If you are using the Windows 2000 Server operating system, you only need to set the default gateway
192.188.1.1
PDF files create http://www.pdffactory.com with "FinePrint pdffacloud Pro" trial version
Appendix:
When a customer accesses a network service through a Virtual IP Address (Virtual service IP Address), the request message arrives
The scheduler selects a server from a group of real Servers Based on the connection scheduling algorithm
The Virtual IP Address is changed to the Address of the selected server, and the destination port of the packet is changed to the corresponding port of the selected server.
Port, and then send the modified message to the selected server. Meanwhile, the scheduler records
Connections. When the next packet of the connection arrives, the address of the original selected server can be obtained from the connection Hash table.
Perform the same rewrite operation as the port and send the packet to the selected server.
When the Response Message from the real server passes through the scheduler, the scheduler changes the source address and source port of the packet
The Virtual IP Address and the corresponding port, and then send the packet to the user. We introduce a state machine on the connection,
Different packets make the connection in different States. different statuses have different timeout values.
In TCP connections, status migration is performed based on the standard TCP finite state machine. We will not describe them here. Please
For more information, see W. Richard Steven S's TCP/IP distributed strated Volume I.
In UDP, we only set one UDP status. Timeout values in different states can be set.
The SYN status timeout is 1 minute, the ESTABLISHED status timeout is 15 minutes, And the FIN status exceeds
Time is 1 minute; UDP status timeout is 5 minutes. When the connection is terminated or times out, the scheduler detaches the connection from the connection
Delete A Hash table.