一、LVS概述
1. 什么是LVS
LVS (Linux Virtual Server) 是Linux内核内置的负载均衡器,工作在四层(传输层),支持TCP/UDP协议的负载均衡。
text
LVS特点:
├── 开源免费(Linux内核集成)
├── 高性能(内核态工作)
├── 高吞吐量
├── 多种调度算法
├── 多种工作模式
└── 透明代理2. LVS核心组件
text
LVS组成部分:
├── 调度器 (Director)
│ └── 接收客户端请求,转发到后端服务器
├── 服务器池 (Real Server)
│ └── 实际处理请求的服务器
└── 共享存储
└── 为Real Server提供统一数据3. LVS工作模式
text
三种工作模式:
1. NAT模式 (Network Address Translation)
客户端 → Director → Real Server → Director → 客户端
特点:请求和响应都经过Director
2. DR模式 (Direct Routing)
客户端 → Director → Real Server → 客户端(直接返回)
特点:请求经过Director,响应直接返回客户端
3. TUN模式 (IP Tunneling)
客户端 → Director → Real Server(隧道)→ 客户端
特点:适用于跨网段4. LVS调度算法
bash
# 静态调度算法
轮询 (RR) # Round Robin
加权轮询 (WRR) # Weighted Round Robin
目标哈希 (DH) # Destination Hashing
源哈希 (SH) # Source Hashing
# 动态调度算法
最少连接 (LC) # Least Connections
加权最少连接 (WLC) # Weighted Least Connections
最短延迟 (SED) # Shortest Expected Delay
永不排队 (NQ) # Never Queue
基于局部性的最少连接 (LBLC)
带复制的基于局部性最少连接 (LBLCR)二、Keepalived概述
1. 什么是Keepalived
Keepalived 是一个用C语言编写的路由软件,主要提供负载均衡和高可用功能。
text
Keepalived特点:
├── 高可用(VRRP协议)
├── 健康检查
├── 故障切换
├── 配置简单
├── 资源占用少
└── 与LVS完美集成2. VRRP协议
text
VRRP (Virtual Router Redundancy Protocol) 虚拟路由冗余协议
原理:
├── 多台路由器组成虚拟路由器
├── 虚拟IP (VIP) 对外提供服务
├── 主路由器 (MASTER) 负责转发
├── 备份路由器 (BACKUP) 待命
└── 主故障时备份自动接管3. Keepalived工作原理
text
Keepalived工作流程:
┌─────────────────────────────────────────────────┐
│ Keepalived │
├─────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────────────┐ │
│ │ VRRP协议 │ ←──→ │ 健康检查 │ │
│ │ (高可用) │ │ (Health Check) │ │
│ └─────────────┘ └─────────────────────┘ │
│ │ │ │
│ ↓ ↓ │
│ ┌─────────────┐ ┌─────────────────────┐ │
│ │ VIP管理 │ │ LVS配置 │ │
│ │ (IP漂移) │ │ (IPVS管理) │ │
│ └─────────────┘ └─────────────────────┘ │
└─────────────────────────────────────────────────┘三、环境准备
1. 环境规划
text
架构图:
┌─────────────────┐
│ 客户端 │
└────────┬────────┘
│
↓
┌─────────────────┐
│ VIP: 10.0.0.100│
└────────┬────────┘
│
┌───────────────┴───────────────┐
↓ ↓
┌─────────────────┐ ┌─────────────────┐
│ LVS-Master │ │ LVS-Backup │
│ 10.0.0.10 │ │ 10.0.0.11 │
└────────┬────────┘ └────────┬────────┘
│ │
└───────────────┬───────────────┘
↓
┌─────────────────┐
│ Real Server │
│ 10.0.0.20 │
│ 10.0.0.21 │
│ 10.0.0.22 │
└─────────────────┘服务器规划:
| 角色 | 主机名 | IP地址 | VIP | 说明 |
|---|---|---|---|---|
| LVS-Master | lvs01 | 10.0.0.10 | 10.0.0.100 | 主调度器 |
| LVS-Backup | lvs02 | 10.0.0.11 | 10.0.0.100 | 备调度器 |
| Web1 | web01 | 10.0.0.20 | - | 后端服务器 |
| Web2 | web02 | 10.0.0.21 | - | 后端服务器 |
| Web3 | web03 | 10.0.0.22 | - | 后端服务器 |
2. 系统配置
bash
# 1. 设置主机名
hostnamectl set-hostname lvs01
hostnamectl set-hostname lvs02
hostnamectl set-hostname web01
hostnamectl set-hostname web02
hostnamectl set-hostname web03
# 2. 配置hosts文件
cat >> /etc/hosts << EOF
10.0.0.10 lvs01
10.0.0.11 lvs02
10.0.0.20 web01
10.0.0.21 web02
10.0.0.22 web03
EOF
# 3. 关闭防火墙(或开放端口)
systemctl stop firewalld
systemctl disable firewalld
# 4. 关闭SELinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# 5. 时间同步
yum install -y ntpdate
ntpdate pool.ntp.org
# 6. 开启IP转发(LVS节点)
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p四、LVS配置
1. 安装ipvsadm
bash
# CentOS/RHEL
yum install -y ipvsadm
# Ubuntu/Debian
apt install -y ipvsadm
# 查看LVS内核模块
lsmod | grep ip_vs
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_lc
modprobe ip_vs_wlc
modprobe ip_vs_sh
# 查看版本
ipvsadm -v2. 配置LVS(DR模式)
bash
# LVS-Master (10.0.0.10)
# 创建LVS脚本
cat > /usr/local/bin/lvs_dr.sh << 'EOF'
#!/bin/bash
# 配置VIP
VIP=10.0.0.100
# 后端服务器
RS1=10.0.0.20
RS2=10.0.0.21
RS3=10.0.0.22
# 配置VIP到网卡
/sbin/ifconfig ens33:0 $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
# 清空IPVS规则
/sbin/ipvsadm -C
# 设置LVS服务
/sbin/ipvsadm -A -t $VIP:80 -s wlc -p 600
# 添加后端服务器
/sbin/ipvsadm -a -t $VIP:80 -r $RS1:80 -g -w 1
/sbin/ipvsadm -a -t $VIP:80 -r $RS2:80 -g -w 2
/sbin/ipvsadm -a -t $VIP:80 -r $RS3:80 -g -w 3
# 查看配置
/sbin/ipvsadm -ln
EOF
chmod +x /usr/local/bin/lvs_dr.sh
# 执行脚本
/usr/local/bin/lvs_dr.sh
# 保存配置
ipvsadm -S > /etc/sysconfig/ipvsadm3. 配置后端Real Server
bash
# 在所有Web服务器上执行 (10.0.0.20/21/22)
cat > /usr/local/bin/realserver.sh << 'EOF'
#!/bin/bash
VIP=10.0.0.100
# 配置ARP抑制(DR模式关键配置)
/sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev lo:0
# 配置ARP响应策略
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
# 永久生效
cat >> /etc/sysctl.conf << EOF
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
EOF
sysctl -p
# 启动Web服务
systemctl start nginx
systemctl enable nginx
EOF
chmod +x /usr/local/bin/realserver.sh
/usr/local/bin/realserver.sh4. 测试LVS
bash
# 1. 查看LVS状态
ipvsadm -ln
# 输出示例:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 wlc persistent 600
-> 10.0.0.20:80 Route 1 0 0
-> 10.0.0.21:80 Route 2 0 0
-> 10.0.0.22:80 Route 3 0 0
# 2. 查看连接统计
ipvsadm -lnc
# 3. 测试访问
curl http://10.0.0.100
# 4. 压测
ab -n 10000 -c 100 http://10.0.0.100/五、Keepalived安装与配置
1. 安装Keepalived
bash
# CentOS/RHEL
yum install -y keepalived
# Ubuntu/Debian
apt install -y keepalived
# 查看版本
keepalived -v
# 启用IP转发
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p2. 主节点配置(LVS-Master)
bash
cat > /etc/keepalived/keepalived.conf << 'EOF'
! Configuration File for keepalived
# 全局定义
global_defs {
# 通知邮件
notification_email {
admin@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_MASTER
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
# VRRP实例配置
vrrp_instance VI_1 {
state MASTER # 主节点
interface ens33 # 监听的网络接口
virtual_router_id 51 # 虚拟路由ID(1-255,主备必须一致)
priority 100 # 优先级(主节点高于备节点)
advert_int 1 # 检查间隔(秒)
# 认证配置
authentication {
auth_type PASS
auth_pass 1111
}
# 虚拟IP地址
virtual_ipaddress {
10.0.0.100/24 dev ens33 label ens33:0
}
# 脚本检查
track_script {
check_lvs
}
}
# 虚拟服务器配置(LVS)
virtual_server 10.0.0.100 80 {
delay_loop 6 # 健康检查间隔
lb_algo wlc # 调度算法
lb_kind DR # 工作模式
persistence_timeout 600 # 持久连接时间
protocol TCP # 协议
# 后端服务器1
real_server 10.0.0.20 80 {
weight 1
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
# 后端服务器2
real_server 10.0.0.21 80 {
weight 2
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
# 后端服务器3
real_server 10.0.0.22 80 {
weight 3
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
}
# 健康检查脚本
vrrp_script check_lvs {
script "/usr/local/bin/check_lvs.sh"
interval 2
weight -20
fall 2
rise 1
}
EOF
# 创建健康检查脚本
cat > /usr/local/bin/check_lvs.sh << 'EOF'
#!/bin/bash
# LVS健康检查脚本
# 检查ipvsadm是否运行
ipvsadm -ln > /dev/null 2>&1
if [ $? -ne 0 ]; then
exit 1
fi
# 检查LVS服务是否存在
ipvsadm -ln | grep "10.0.0.100:80" > /dev/null 2>&1
if [ $? -ne 0 ]; then
exit 1
fi
# 检查是否有活跃的后端服务器
ACTIVE_RS=$(ipvsadm -ln | grep -c "Route")
if [ $ACTIVE_RS -eq 0 ]; then
exit 1
fi
exit 0
EOF
chmod +x /usr/local/bin/check_lvs.sh3. 备节点配置(LVS-Backup)
bash
cat > /etc/keepalived/keepalived.conf << 'EOF'
! Configuration File for keepalived
global_defs {
notification_email {
admin@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_BACKUP
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP # 备节点
interface ens33
virtual_router_id 51
priority 90 # 优先级低于主节点
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100/24 dev ens33 label ens33:0
}
track_script {
check_lvs
}
}
virtual_server 10.0.0.100 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
persistence_timeout 600
protocol TCP
real_server 10.0.0.20 80 {
weight 1
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.21 80 {
weight 2
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.22 80 {
weight 3
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
}
vrrp_script check_lvs {
script "/usr/local/bin/check_lvs.sh"
interval 2
weight -20
fall 2
rise 1
}
EOF
# 同样需要创建健康检查脚本
cat > /usr/local/bin/check_lvs.sh << 'EOF'
#!/bin/bash
ipvsadm -ln > /dev/null 2>&1
exit $?
EOF
chmod +x /usr/local/bin/check_lvs.sh4. 启动Keepalived
bash
# 启动服务
systemctl start keepalived
systemctl enable keepalived
# 查看状态
systemctl status keepalived
# 查看日志
journalctl -u keepalived -f
# 查看VIP
ip addr show
# 查看LVS配置
ipvsadm -ln六、LVS+Keepalived高级配置
1. 多VIP配置
bash
# 支持多个虚拟IP
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
# 多个虚拟IP
virtual_ipaddress {
10.0.0.100/24 dev ens33
10.0.0.101/24 dev ens33
10.0.0.102/24 dev ens33
}
}
# 多个虚拟服务
virtual_server 10.0.0.100 80 {
...
}
virtual_server 10.0.0.100 443 {
...
}
virtual_server 10.0.0.101 3306 {
...
}2. TCP健康检查
bash
# TCP端口健康检查
virtual_server 10.0.0.100 3306 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 10.0.0.20 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
connect_port 3306
}
}
}3. 自定义健康检查脚本
bash
cat > /usr/local/bin/check_http.sh << 'EOF'
#!/bin/bash
# 自定义HTTP健康检查
VIP=$1
PORT=$2
RS_IP=$3
# 检查后端服务
curl -s -o /dev/null -w "%{http_code}" http://$RS_IP:$PORT/health | grep -q "200"
if [ $? -eq 0 ]; then
exit 0
else
exit 1
fi
EOF
chmod +x /usr/local/bin/check_http.sh
# 在keepalived配置中使用
real_server 10.0.0.20 80 {
weight 1
MISC_CHECK {
misc_path "/usr/local/bin/check_http.sh 10.0.0.100 80 10.0.0.20"
misc_timeout 5
misc_dynamic
}
}4. 邮件告警配置
bash
# 在global_defs中添加
global_defs {
# 邮件配置
notification_email {
admin@example.com
ops@example.com
}
notification_email_from keepalived@example.com
smtp_server smtp.example.com
smtp_connect_timeout 30
# 通知脚本
notify_master "/usr/local/bin/notify.sh master"
notify_backup "/usr/local/bin/notify.sh backup"
notify_fault "/usr/local/bin/notify.sh fault"
}
# 创建通知脚本
cat > /usr/local/bin/notify.sh << 'EOF'
#!/bin/bash
# Keepalived状态通知脚本
STATE=$1
DATE=$(date '+%Y-%m-%d %H:%M:%S')
HOSTNAME=$(hostname)
case $STATE in
master)
echo "$DATE - $HOSTNAME 成为MASTER节点" | mail -s "Keepalived Master" admin@example.com
;;
backup)
echo "$DATE - $HOSTNAME 成为BACKUP节点" | mail -s "Keepalived Backup" admin@example.com
;;
fault)
echo "$DATE - $HOSTNAME 出现故障" | mail -s "Keepalived Fault" admin@example.com
;;
esac
logger -t keepalived "State changed to: $STATE"
EOF
chmod +x /usr/local/bin/notify.sh七、后端Web服务器配置
1. 安装配置Nginx
bash
# 在所有Web服务器上安装Nginx
yum install -y nginx
# 创建测试页面
cat > /usr/share/nginx/html/index.html << EOF
<!DOCTYPE html>
<html>
<head>
<title>Web Server $(hostname)</title>
</head>
<body>
<h1>Welcome to $(hostname)</h1>
<p>Server IP: $(hostname -I | awk '{print $1}')</p>
<p>Hostname: $(hostname)</p>
</body>
</html>
EOF
# 创建健康检查接口
cat > /usr/share/nginx/html/health << EOF
OK
EOF
# 配置Nginx
cat > /etc/nginx/conf.d/health.conf << 'EOF'
server {
listen 80;
server_name _;
location /health {
return 200 "OK\n";
add_header Content-Type text/plain;
}
}
EOF
# 启动Nginx
systemctl start nginx
systemctl enable nginx
# 测试
curl http://localhost/health2. 配置ARP抑制(永久生效)
bash
cat > /etc/sysctl.d/99-lvs.conf << 'EOF'
# LVS DR模式ARP配置
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
EOF
sysctl -p /etc/sysctl.d/99-lvs.conf
# 创建VIP启动脚本
cat > /etc/systemd/system/lvs-vip.service << 'EOF'
[Unit]
Description=LVS VIP configuration
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/ifconfig lo:0 10.0.0.100 netmask 255.255.255.255 broadcast 10.0.0.100 up
ExecStart=/sbin/route add -host 10.0.0.100 dev lo:0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable lvs-vip
systemctl start lvs-vip八、测试与验证
1. 测试脚本
bash
#!/bin/bash
# test_lvs.sh - LVS+Keepalived测试脚本
VIP="10.0.0.100"
LVS_MASTER="10.0.0.10"
LVS_BACKUP="10.0.0.11"
echo "=========================================="
echo "LVS+Keepalived集群测试"
echo "=========================================="
# 1. 测试VIP访问
echo -e "\n1. 测试VIP访问:"
curl -s http://$VIP/ | grep -o "Welcome to.*"
# 2. 查看LVS调度统计
echo -e "\n2. LVS调度统计:"
ipvsadm -ln --stats | grep "10.0.0.100"
# 3. 查看连接分布
echo -e "\n3. 连接分布:"
ipvsadm -lnc | grep -c "10.0.0.100"
# 4. 测试后端健康检查
echo -e "\n4. 后端健康检查:"
for rs in 10.0.0.20 10.0.0.21 10.0.0.22; do
STATUS=$(curl -s -o /dev/null -w "%{http_code}" http://$rs/health)
echo "$rs: $STATUS"
done
# 5. 查看Keepalived状态
echo -e "\n5. Keepalived状态:"
systemctl status keepalived | grep -E "Active|MASTER|BACKUP"
# 6. VIP归属
echo -e "\n6. VIP当前所在节点:"
ping -c 1 $VIP > /dev/null
arping -c 1 $VIP 2>/dev/null | grep "reply"
# 7. 负载测试
echo -e "\n7. 负载测试 (1000请求, 10并发):"
ab -n 1000 -c 10 http://$VIP/ 2>&1 | grep -E "Requests per second|Time per request|Failed"
echo -e "\n=========================================="2. 故障切换测试
bash
#!/bin/bash
# failover_test.sh - 故障切换测试
VIP="10.0.0.100"
echo "开始故障切换测试..."
# 1. 查看当前MASTER
echo "1. 当前MASTER节点:"
ssh lvs01 "ip addr show | grep 10.0.0.100"
ssh lvs02 "ip addr show | grep 10.0.0.100"
# 2. 停止主节点Keepalived
echo -e "\n2. 停止主节点Keepalived..."
ssh lvs01 "systemctl stop keepalived"
sleep 5
# 3. 检查VIP是否漂移
echo "3. 检查VIP漂移:"
ssh lvs01 "ip addr show | grep 10.0.0.100"
ssh lvs02 "ip addr show | grep 10.0.0.100"
# 4. 测试服务是否正常
echo -e "\n4. 测试服务可用性:"
curl -s http://$VIP/ | grep -o "Welcome to.*"
# 5. 恢复主节点
echo -e "\n5. 恢复主节点..."
ssh lvs01 "systemctl start keepalived"
sleep 10
# 6. 检查VIP是否回切
echo "6. 检查VIP回切:"
ssh lvs01 "ip addr show | grep 10.0.0.100"
ssh lvs02 "ip addr show | grep 10.0.0.100"
echo -e "\n故障切换测试完成"3. 性能测试
bash
#!/bin/bash
# performance_test.sh - 性能测试
VIP="10.0.0.100"
RESULTS="/tmp/lvs_perf_$(date +%Y%m%d_%H%M%S).txt"
echo "LVS性能测试报告" > $RESULTS
echo "================" >> $RESULTS
echo "测试时间: $(date)" >> $RESULTS
echo "" >> $RESULTS
# 不同并发测试
for CONC in 10 50 100 200 500; do
echo "测试并发: $CONC"
echo "" >> $RESULTS
echo "并发数: $CONC" >> $RESULTS
ab -n 10000 -c $CONC http://$VIP/ 2>&1 | tee -a $RESULTS
echo "----------------------------------------" >> $RESULTS
sleep 5
done
echo "性能测试完成,报告保存在: $RESULTS"九、监控与运维
1. LVS监控脚本
bash
#!/bin/bash
# lvs_monitor.sh - LVS监控脚本
# 配置
VIP="10.0.0.100"
LOG_FILE="/var/log/lvs_monitor.log"
ALERT_EMAIL="admin@example.com"
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE
}
# 检查LVS服务
check_lvs() {
ipvsadm -ln | grep "$VIP:80" > /dev/null 2>&1
if [ $? -ne 0 ]; then
log "ERROR: LVS service for $VIP not found"
return 1
fi
return 0
}
# 检查后端服务器
check_realserver() {
local failed=0
for rs in $(ipvsadm -ln | grep "$VIP:80" | grep Route | awk '{print $2}'); do
curl -s -o /dev/null -w "%{http_code}" http://$rs/health | grep -q "200"
if [ $? -ne 0 ]; then
log "WARNING: Real server $rs is down"
failed=$((failed+1))
fi
done
return $failed
}
# 检查连接数
check_connections() {
local conn=$(ipvsadm -lnc | grep -c "$VIP:80")
if [ $conn -gt 10000 ]; then
log "WARNING: High connections: $conn"
echo "High connections: $conn" | mail -s "LVS Alert" $ALERT_EMAIL
fi
}
# 检查VIP
check_vip() {
ip addr show | grep "$VIP" > /dev/null 2>&1
if [ $? -eq 0 ]; then
log "INFO: VIP $VIP is on this node"
else
log "INFO: VIP $VIP is not on this node"
fi
}
# 主函数
main() {
check_lvs
check_realserver
check_connections
check_vip
}
main2. Keepalived监控
bash
#!/bin/bash
# keepalived_monitor.sh - Keepalived监控
# 检查Keepalived进程
check_keepalived() {
if pgrep keepalived > /dev/null; then
echo "✓ Keepalived running"
return 0
else
echo "✗ Keepalived stopped"
return 1
fi
}
# 检查VRRP状态
check_vrrp() {
local state=$(ip addr show | grep -A2 "ens33:" | grep "inet 10.0.0.100" | wc -l)
if [ $state -eq 1 ]; then
echo "✓ MASTER mode active"
else
echo "✓ BACKUP mode active"
fi
}
# 查看Keepalived日志
check_logs() {
tail -5 /var/log/messages | grep keepalived
}
check_keepalived
check_vrrp
check_logs3. 性能监控脚本
bash
#!/bin/bash
# perf_monitor.sh - 性能监控
# 监控LVS性能指标
while true; do
clear
echo "LVS性能监控 - $(date)"
echo "========================"
# 连接数统计
echo "连接统计:"
ipvsadm -ln --stats | grep "10.0.0.100"
echo ""
echo "速率统计:"
ipvsadm -ln --rate | grep "10.0.0.100"
echo ""
echo "后端服务器状态:"
ipvsadm -ln | grep "10.0.0.100" -A 5
sleep 5
done十、常见问题与排错
1. LVS常见问题
bash
# 问题1:VIP无法访问
# 检查VIP配置
ip addr show | grep VIP
# 检查ARP抑制
cat /proc/sys/net/ipv4/conf/all/arp_ignore
# 检查路由
route -n
# 问题2:调度不均衡
# 检查调度算法
ipvsadm -ln | grep scheduler
# 检查持久连接
ipvsadm -ln | grep persistent
# 问题3:后端服务器健康检查失败
# 手动测试
curl http://10.0.0.20/health
# 检查防火墙
iptables -L -n
# 问题4:IPVS模块未加载
modprobe ip_vs
lsmod | grep ip_vs2. Keepalived常见问题
bash
# 问题1:VRRP脑裂
# 检查防火墙是否阻止VRRP(协议112)
iptables -I INPUT -p vrrp -j ACCEPT
# 检查配置是否一致
diff /etc/keepalived/keepalived.conf lvs02:/etc/keepalived/keepalived.conf
# 问题2:VIP不漂移
# 检查优先级配置
grep priority /etc/keepalived/keepalived.conf
# 检查认证密码
grep auth_pass /etc/keepalived/keepalived.conf
# 查看Keepalived日志
journalctl -u keepalived -f
# 问题3:健康检查失败
# 测试脚本
/usr/local/bin/check_lvs.sh
echo $? # 应该返回03. 排错脚本
bash
#!/bin/bash
# lvs_troubleshoot.sh - LVS排错脚本
echo "LVS故障排查工具"
echo "================"
# 1. 检查内核模块
echo "1. 内核模块检查:"
lsmod | grep -E "ip_vs|nf_conntrack"
# 2. 检查IPVS规则
echo -e "\n2. IPVS规则:"
ipvsadm -ln
# 3. 检查VIP配置
echo -e "\n3. VIP配置:"
ip addr show | grep -E "ens33|lo"
# 4. 检查ARP配置
echo -e "\n4. ARP配置:"
sysctl net.ipv4.conf.all.arp_ignore
sysctl net.ipv4.conf.all.arp_announce
# 5. 检查路由
echo -e "\n5. 路由表:"
route -n | grep -E "10.0.0.100|ens33"
# 6. 检查Keepalived
echo -e "\n6. Keepalived状态:"
systemctl status keepalived | grep -E "Active|MASTER|BACKUP"
# 7. 检查后端服务器
echo -e "\n7. 后端服务器健康检查:"
for rs in 10.0.0.20 10.0.0.21 10.0.0.22; do
curl -s -o /dev/null -w "$rs: %{http_code}\n" http://$rs/health
done
# 8. 测试访问
echo -e "\n8. VIP访问测试:"
curl -s -o /dev/null -w "VIP访问: %{http_code}\n" http://10.0.0.100/
# 9. 查看日志
echo -e "\n9. 最近错误日志:"
tail -20 /var/log/messages | grep -E "keepalived|LVS"十一、总结
LVS+Keepalived架构优势
| 特性 | 说明 |
|---|---|
| 高可用 | VRRP协议保证故障自动切换 |
| 高性能 | 内核级负载均衡,转发效率高 |
| 可扩展 | 后端服务器可动态增减 |
| 健康检查 | 自动剔除故障节点 |
| 会话保持 | 支持持久连接配置 |
| 多种算法 | 10+种调度算法可选 |
架构选择建议
text
小型应用(<1000并发)
├── Nginx反向代理 + Keepalived
└── 配置简单,功能足够
中型应用(1000-10000并发)
├── LVS/DR + Keepalived
└── 高性能,性价比高
大型应用(>10000并发)
├── LVS + Keepalived + Nginx
├── 四层+七层混合架构
└── 最高性能,最灵活最佳实践
-
网络规划
-
使用独立网段
-
配置内网通信
-
启用巨型帧
-
-
健康检查
-
合理设置超时
-
使用应用层检查
-
避免误判
-
-
监控告警
-
实时监控状态
-
及时发现问题
-
自动故障恢复
-
-
容量规划
-
预估峰值流量
-
预留扩展空间
-
定期压力测试
-