Ubuntu LVS Dr Mode production environment deployment

1. Environmental Description

system version:ubuntu14.04

LVS server:14.17.64.3

Real server:14.17.64.4-12

VIP:14.17.64.13

Deployment Purpose: The user requests 14.17.64.13 messages forwarded to the 14.17.64.4-12 for load balancing.

2. InstallationLvs

because LVS like iptables is working in the kernel layer, so only need to install the module ip_vs on it, and no background process in running

#aptitude Install Ipvsadm

# ipvsadm-v

Ipvsadm v1.26

# lsmod |grep Ip_vs # View kernel module, there is a representative ipvsadm loaded into the kernel, when the LVS installation is complete

Ip_vs 136701 0

Nf_conntrack 96976 1 Ip_vs

LIBCRC32C 12644 3 Xfs,btrfs,ip_vs

# ipvsadm-l-N # View LVS rules

IP Virtual Server version 1.2.1 (size=4096)

Prot Localaddress:port Scheduler Flags

Remoteaddress:port Forward Weight activeconn inactconn

[Email protected]

# ipvsadm-l-C # view connection Status

3. ConfigurationLVS VIPService

-A is to add a virtual server record, which is the VIP. Here you configure the algorithm to select.

#ipvsadm-a-t 14.17.64.13-s wrr-p agent forwards all packets going to the IP TCP ,-s specifies the algorithm WR R is a weighted polling algorithm,-p session hold Time (default is 300s)

#ipvsadm-a-t 14.17.64.13:80-s wrr-p agent forwards the message to the IP TCP80 Port

VIP Maintenance:

use -E to modify VIP settings

Example:ipvsadm-e-T 14.17.64.13-s wrr-p # can modify session hold time and algorithm.

use -D to remove VIP settings

Example:ipvsadm-d-T 14.17.64.13 # Delete this bar VIP

4. ConfigurationLVS RIPrules

- A is to add a VIP to which real server IP(that is, RIP) is loaded (by default DR mode is-G).

Ipvsadm-a-T 14.17.64.13-r 14.17.64.4-g-W 1 #-R Specify real server IP,-g for select DR mode (-m for NAT mode,-t for Tunnel mode),-w selects weights.

Ipvsadm-a-T 14.17.64.13-r 14.17.64.5-g-W 1

Ipvsadm-a-T 14.17.64.13-r 14.17.64.6-g-W 1

Ipvsadm-a-T 14.17.64.13-r 14.17.64.7-g-W 1

Ipvsadm-a-T 14.17.64.13-r 14.17.64.8-g-W 1

Ipvsadm-a-T 14.17.64.13-r 14.17.64.9-g-W 1

Ipvsadm-a-T 14.17.64.13-r 14.17.64.10-g-W 1

Ipvsadm-a-T 14.17.64.13-r 14.17.64.11-g-W 1

Ipvsadm-a-T 14.17.64.13-r 14.17.64.12-g-W 1

# If you are only loading TCP ports, use the following command

#ipvsadm-a-t14.17.64.13:80-r 14.17.64.4:80-g-W 1

RIP Maintenance:

modifying RIP configurations with -E

Example:ipvsadm-e-t14.17.64.13-r 14.17.64.6-g-W 4 # Modifies the weight of this RIP rule.

Delete RIP configuration using -D

Example:ipvsadm-d-t14.17.64.13-r 14.17.64.6-g-W 1 # Delete the RIP configuration

5. Configure on the real serverVip

On the real server are configured on the VIP, which is the 14.17.64.13 address.

#ifconfig lo:1314.17.64.13 netmask 255.255.255.255

6. Shut down on the real serverArpResponse

Turn off the ARP response from the loop on the real server without shutting down the other ports.

The default arp_ignore and arp_announce parameters are 0, that is, the ARP request thatresponds to all destination IPs is native .

On all real servers, do the following:

echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore # answer only the destination IP address is the one that accesses the local address of the network interface ARP Query Request.

echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce # uses the most appropriate local address for the query target .

# here can be tested, before the detection of ARP suppression , can ping the VIP address. After suppressing Arp , clear the ARP cache on the front-end switch , and then Ping the VIP will be out of the way. But the physical eth0 network card IP is still able to pass.

ARP meaning reference address:http://www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html

Next , configure the VIP on the LVS:

Ifconfig lo:13 14.17.64.13 netmask255.255.255.255

7. Turn on the kernel forwarding function

Turn on the kernel forwarding function on the LVS.

#echo ' net.ipv4.ip_forward=1 ' >>/etc/sysctl.conf

#sysctl-P

8. LVSTest

Since the HTTP service is not built on the real server , the LVS I set up is forwarding all TCP connections, so I'm testing through ssh to the VIP .

#iptables-L-C # View The LVS forwarding record to determine if the request was forwarded successfully.

TCP 14:59 established 242.103.143.219.broad.bj.bj.dynamic.163data.com.cn:5197714.17.64.13:22 14.17.64.10:22

The LVS was built successfully.

9. LVs SupplementThinking

1, You can not live on the real server, if the server down situation, will also forward the request to down the server.

The workaround is to keepalived or self-write scripts to monitor connectivity and then purge the corresponding rules.

2, one LVS server will appear single point of failure, need to have backup LVS server

The workaround is to keepalived for the LVS fault takeover.

This article from "Yang Cloud" blog, declined reprint!

Ubuntu LVS Dr Mode production environment deployment