LVS 全称 Linux Virtual Server ,是 Linux 内核层实现的高性能、高可用的负载均衡集群技术,由章文嵩博士开发,目前是 Linux 内核的标准模块之一。它的核心作用是将前端的请求流量分发到后端多台真实服务器(Real Server)上,从而提升服务的并发处理能力和可用性。
一、NAT模式环境设定
vs主机的IP配置
eth0(NAT)
root@vs /\]# ./vmset.sh eth0 172.25.254.10 rs1 noroute \[root@vs /\]# nmcli connection modify eth0 ipv4.gateway 172.25.254.2 eth1(仅主机) \[root@vs /\]# ./vmset.sh eth1 192.168.1.10 vs noroute \[root@vs system-connections\]# nmcli connection modify eth1 ipv4.gateway 192.168.1.2 \[root@vs system-connections\]# dnf install ipvsadm.x86_64 #下载ipvsadm工具 rs1主机配置 eth0(仅主机) \[root@rs1 /\]# ./vmset.sh eth0 192.168.1.20 rs1 noroute \[root@rs1 /\]# nmcli connection modify eth0 ipv4.gateway 192.168.1.2 \[root@rs1 /\]# dnf install httpd-y \[root@rs1 /\]# echo rs1 192.168.1.20 \> /var/www/html/index.html rs2 eth0(仅主机) \[root@rs2 /\]# ./vmset.sh eth0 192.168.1.30 rs2 noroute \[root@rs2 /\]# nmcli connection modify eth0 ipv4.gateway 192.168.1.2 \[root@rs2 /\]# dnf install httpd-y \[root@rs2 /\]# echo rs2 192.168.1.30 \> /var/www/html/index.html vs主机ipvsadm配置 \[root@vs system-connections\]# ipvsadm -A -t 172.25.254.10:80 -s wrr \[root@vs system-connections\]# ipvsadm -a -t 172.25.254.10:80 -r 192.168.1.20:80 -m -w 1 \[root@vs system-connections\]# ipvsadm -a -t 172.25.254.10:80 -r 192.168.1.30:80 -m -w 1 #10和20主机都采用权重轮询算法 \[root@vs system-connections\]# ipvsadm -Ln #写完查看规则 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -\> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.25.254.10:80 wrr -\> 192.168.1.20:80 Masq 1 0 0 -\> 192.168.1.30:80 Masq 1 0 0 运行结果  ## 规则持久化 \[root@vs system-connections\]# ipvsadm-save -n \> /mnt/ipvs.rule #将写完后的规则保存到/mnt/ipvs.rule **DR模式** 路由器设置 开启内核路由功能并查看是否开启 \[root@router \~\]# echo net.ipv4.ip_forward=1 \>\> /etc/sysctl.conf \[root@router \~\]# sysctl -p net.ipv4.ip_forward = 1 数据转发策略 \[root@router \~\]# iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.100 \[root@router \~\]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 172.25.254.20 rs1和rs2主机lo接口配置 \[root@rs1 system-connections\]# cp -p eth1.nmconnection lo.nmconnection \[root@rs1 system-connections\]# vim lo.nmconnection \[connection
id=lo
type=loopback
interface-name=lo
ipv4
method=manual
address1=127.0.0.1/8
address2=192.168.1.201/32
禁止arp响应
#arp禁止响应
root@rs1 \~\]# echo 1 \> /proc/sys/net/ipv4/conf/all/arp_ignore \[root@rs1 \~\]# echo 1 \> /proc/sys/net/ipv4/conf/lo/arp_ignore \[root@rs1 \~\]# echo 2 \> /proc/sys/net/ipv4/conf/lo/arp_announce \[root@rs1 \~\]# echo 2 \> /proc/sys/net/ipv4/conf/all/arp_announce 调度器配置 \[root@vs system-connections\]# vim lo.nmconnection \[connection
id=lo
type=loopback
interface-name=lo
ipv4
method=manual
address1=127.0.0.1/8
address2=192.168.1.201/32 #192.168.1.201是vip
ipvsadm配置
root@vs system-connections\]# ipvsadm -A -t 192.168.1.201:80 -s rr \[root@vs system-connections\]# ipvsadm -a -t 192.168.1.201:80 -r 192.168.1.20:80 -g \[root@vs system-connections\]# ipvsadm -a -t 192.168.1.201:80 -r 192.168.1.30:80 -g 测试结果  **利用火墙标记轮询错误** rs主机下载mod_sll工具 \[root@rs1 \~\]# dnf install mod_ssl -y \[root@rs2 \~\]# dnf install mod_ssl -y 两台主机重启httpd服务 \[root@rs1 \~\]# systemctl restart httpd \[root@rs2 \~\]# systemctl restart httpd 修改轮询策略 \[root@vs \~\]# ipvsadm -A -t 192.168.1.10:80 -s rr \[root@vs \~\]# ipvsadm -a -t 192.168.1.10:80 -r 192.168.1.20 -g \[root@vs \~\]# ipvsadm -a -t 192.168.1.10:80 -r 192.168.1.30 -g \[root@vs \~\]# ipvsadm -a -t 192.168.1.10:80 -r 192.168.1.20:443 -g \[root@vs \~\]# ipvsadm -a -t 192.168.1.10:443 -r 192.168.1.20:443 -g \[root@vs \~\]# ipvsadm -a -t 192.168.1.10:443 -r 192.168.1.30:443 -g 使用火墙标记访问vip的80和443的所有数据包,设定标记为6666,然后对此标记进行负载 \[root@vs system-connections\]# iptables -t mangle -A PREROUTING -d 192.168.0.200 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 6666 \[root@vs system-connections\]# ipvsadm -A -f 6666 -s rr \[root@vs system-connections\]# ipvsadm -a -f 6666 -r 192.168.1.20 -g \[root@vs system-connections\]# ipvsadm -a -f 6666 -r 192.168.1.30 -g 测试结果  ## 利用持久连接实现会话粘滞 \[root@vs system-connections\]# ipvsadm -A -f 6666 -s rr -p 1 测试结果 