system:
One centos 6, two centos 7 virtual machines
Introduction to LVS:
Reference: linux server cluster system
Topology:
To build LVS cluster to DR mode:
1. Create a script file lvs_dr.sh on the director server:
#vim lvs_dr.sh
Write the following in the lvs file:
#! /bin/bash echo 1 > /proc/sys/net/ipv4/ip_forward ipv=/sbin/ipvsadm vip=192.168.137.100 rs1=192.168.137.20 rs2=192.168.137.130 ifconfig ens33:0 down ifconfig ens33:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip dev ens33:0
Give the script file execute permission:
chmod +x lvs_dr.sh
implement:
bash lvs_dr.sh
2. Create the script file lvs_realserver.sh on the two realServer servers:
#vim lvs_realserver.sh
Write the following in the file lvs_realserver.sh:
#! /bin/bash vip=192.168.137.100 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p
The scripts of the two realservers are the same, establishing the VIP and modifying the arp response.
Give the script execute permission:
chmod +x lvs_realserver.sh
implement:
bash lvs_realserver.sh
LVS related notes:
Regarding time synchronization: the time deviation between nodes is not greater than 1s, it is recommended to use a unified ntp server to update the time;
MAC broadcast problem of VIP in DR model:
In the DR model, since each node needs to be configured with a VIP, there is a problem of VIP MAC broadcast. In the current Linux kernel, corresponding kernel parameters are provided to manage the MAC broadcast, as follows:
arp_ignore: Defines the response level when an ARP request is received;
0: As long as there is a corresponding address configured locally, it will respond;
1: Respond only when the requested target address is configured on the arriving interface; the DR model uses
arp_announce: Define the announcement level when announcing its own address to the outside world;
0: Advertise any address on any local interface to the outside;
1: Attempt to advertise only addresses matching its network to the target network;
2: Advertise only to networks that match addresses on the local interface; the DR model uses
3. Install the httpd service on both realserver servers:
yum install httpd -y
4. Edit the default page separately (convenient to identify which server is requested)
vim /var/www/html/index.html
Write <h1>192.168.137.130</h1> and <h1>192.168.137.20</h1> respectively
Two realservers start the httpd service:
service httpd start
5. Install the ipvsadm management tool on the main server:
yum install ipvsadm -y
After the installation is complete, use ipvsadm -L -n to view the generated rules:
IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.137.100:80 wrr -> 192.168.137.20:80 Route 1 0 0 -> 192.168.137.130:80 Route 1 0 0
As above, the forwarding rule is normally generated.
6. All three servers, Director and realserver, turn off selinux and firewall:
setenforce 0 service firewalld stop service iptables stop
Use VIP to access the balancer (director server)
Use a browser or curl 192.168.137.100 to access this way
The balancer will schedule the request to the realserver, and view the statistics on the director server through the ipvsadm -L -n --stats command
IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress: Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 192.168.137.100:80 54 448 0 97542 0 -> 192.168.137.20:80 27 342 0 88972 0 -> 192.168.137.130:80 27 106 0 8570 0