Ngnix:
1, work on the seven layers of the network, you can do a number of applications for http diversion strategies, such as for the domain name, the directory structure;
2, Nginx dependent on the network is relatively small, it can theoretically be able to ping load function;
3, Nginx is relatively simple to install and configure, test more convenient;
4, can also bear a high load pressure and stable, generally support more than 10,000 concurrent times;
5, check the health of the back-end server to support only detected by the port does not support detected by url.
6, Nginx asynchronous processing request can help reduce the load on the server node;
. 7, can only support the Nginx http, https and Email protocols, so that a smaller scope.
8, does not support direct keep the Session, but can ip_hash to resolve. Support for Big request header is not very good,
9, supports load balancing algorithms: Round-robin (round robin), Weight-round-robin (weighted round robin), Ip-hash (Ip hash)
10, Nginx also Web Cache server can do that is function. HAProxy features are: 1, Agent supports two modes: the TCP (four), and HTTP (seven), supports virtual host; 2, some drawbacks can be added such as the Session held Nginx, Cookie, etc. of the guide 3, support the problem detection server detects the rear end of the url will be a good help. 4, more load balancing strategies such as: Dynamic Weighted Round Robin (Dynamic Round Robin), weighted source address hash (Weighted Source Hash), weighted and weighted parameters URL hash hash (Weighted Parameter Hash) has been achieved
5, purely in terms of efficiency from the HAProxy more than Nginx has better load balancing speed.
6, HAProxy can load balance Mysql, the rear end of the DB nodes to detect and load balancing.
9, supports load balancing algorithms: Round-robin (round robin), Weight-round-robin (weighted round robin), source (original address remains), RI (request URL), rdp-cookie (based on the cookie)
10, can not do a Web server that is Cache.
Clusters: Multiple hosts provide services
load balancing cluster
high availability cluster
load balancing:
Software:
Lvs, nginx, HAProxy
Hardware:
F5
LVS:
1, 7 anti-load capacity, high performance, can reach 60% F5 hardware; memory cpu resource consumption and low
2, 4 in the working layer of the network, forwarding the vrrp protocol (the distribution purposes only), the specific processing flow of the linux kernel, so no flow.
2, stability, reliability, itself has a perfect Redundancy; (eg: the LVS Keepalived +)
. 3, relatively wide range of applications, load balancing can be done for all applications;
4, does not support regular process, do not separate movement .
5, supports load balancing algorithms: rr (round robin), WRR (Weighted Round Robin), LC (minimum connection), WLC (weighted least connections)
10 kinds of algorithm
6, complex configuration, dependent on the network is relatively large, very stable high.
Three modes:
dr route
nat mode
tun tunnel mode
-A: Add a virtual service (add vip) [equivalent to which server load balancing]
-E: Edit to modify a virtual service
-D: delete the virtual service
-C: Clear rules table
-R: from standard input restore the rule table
--save | -S: Saves the current rules in memory to standard output
-a: Specifies the RS add a node in the virtual server [add back-end web server]
-e: Specifies the editorial changes in the virtual service node RS
-d: delete the specified RS node in the virtual server
-L | -l: display lvs rules in the ipvsadm -L -n --stats table <<
-Z: counter clear
-t service-address [: port] : the rule is to make the request for scheduling protocol tcp
-u service-address [: port] : the rule is to make the request for the udp protocol scheduling
-f: indicates that the request is the result of iptables marked with the service type
-r: Specifies the real address of the server (Remote)
-s scheduler: scheduling algorithms that specify the use of rule 192. (rr | wrr | lc | wlc | lblc | lblcr | dh | sh | sed | NQ)
-p [time]: specify a plurality of times within a time, the same client on the same schedule to the rear end node, the default time 300S
-w: the RS node weights
-g: Specifies the DR mode ( default)
-i: specified with the tunnel mode
-m: Specifies the pattern with nat
DS:net:192.168.126.7
255.255.255.0
192.168.192.2
vmnet2:192.168.100.5
255.255.255.0
RS1:192.168.100.6
255.255.255.0
192.168.100.5
RS2:192.168.100.8
255.255.255.0
192.168.100.5
#挂在本地镜像
mount /dev/cdrom /mnt/
cd /mnt/Packages/
#安装ipvsadm包
rpm -ivh ipvsadm-1.27-7.el7.x86_64.rpm
#开启转发模式
[root@db1 ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@db1 ~]#echo 1 > /proc/sys/net/ipv4/ip_forward
或者
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
#配置nat模式
╭─root@zxw7 /etc/sysconfig/network-scripts
╰─➤ ipvsadm -A -t 192.168.126.7:80 -s rr
╭─root@zxw7 /etc/sysconfig/network-scripts
╰─➤ ipvsadm -a -t 192.168.126.7:80 -r 192.168.100.6 -m 127 ↵
╭─root@zxw7 /etc/sysconfig/network-scripts
╰─➤ ipvsadm -a -t 192.168.126.7:80 -r 192.168.100.8 -m
#如果想让配置保存下来需要 #查看ipvsadm包的文件位置
[root@db1 ~]# rpm -ql ipvsadm-1.27-7.el7.x86_64
/etc/sysconfig/ipvsadm-config
/usr/lib/systemd/system/ipvsadm.service
/usr/sbin/ipvsadm /usr/sbin/ipvsadm-restore
/usr/sbin/ipvsadm-save /usr/share/doc/ipvsadm-1.27
/usr/share/doc/ipvsadm-1.27/README /usr/share/man/man8/ipvsadm-restore.8.gz
/usr/share/man/man8/ipvsadm-save.8.gz /usr/share/man/man8/ipvsadm.8.gz
#查看ipvsadm.service服务的结构可以看到配置未见在/etc/sysconfig/ipvsadm
[root@db1 ~]# cat /usr/lib/systemd/system/ipvsadm.service
那么我们只需要ipvsadm -S > /etc/sysconfig/ipvsadm就可以把配置文件保存在配置文件中
ipvsadm -R < /etc/sysconfig/ipvsadm就可以从配置文件中恢复到当前配置
DR模式
direct_server:192.168.254.17
real_server:192.168.254.18
real_server:192.168.254.19
#vip为虚拟服务ip
vip:192.168.254.250
direct_server:
yum install ipvsadm
老板
direct_server:
ipvsadm -C #清除配置信息
#添加对外提供的服务ip
ipvsadm -A -t 192.168.254.250:80 -s rr #-A为ADD -t为tcp -s rr为设置算法为轮叫算法
#添加2台real_server主机
ipvsadm -a -t 192.168.254.250:80 -r 192.168.254.18:80 -g #-a为add -t为tcp -r为realserver -g为DR路由模式
ipvsadm -a -t 192.168.254.250:80 -r 192.168.254.19:80 -g #-a为add -t为tcp -r为realserver -g为DR路由模式
#配置网卡的子网口为vip,ip地址为192.168.254.250
ifconfig ens33:0 192.168.254.250 broadcast 192.168.254.250 netmask 255.255.255.255 up
#添加路由(访问192.168.254.250都走ens33:0这个网卡)
route add -host 192.168.254.250 dev ens33:0
员工1 | 员工2
real_server:
#在回环地址的子网口上配置服务ip(vip)
ifconfig lo:0 192.168.254.250 broadcast 192.168.254.250 netmask 255.255.255.255 up
#添加路由
route add -host 192.168.254.250 dev lo:0
echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
arp_ignore:定义接收到ARP请求时的响应级别
0:默认,只用本地配置的有响应地址都给予响应
1:仅仅在目标IP是本地地址,并且是配置在请求进来的接口上的时候才给予响应
(仅在请求的目标地址配置请求到达的接口上的时候,才给予响应)
arp_announce:定义将自己的地址向外通告时的级别
0:默认,表示使用配置在任何接口的任何地址向外通告
1:尽量仅向目标网络通告与其网络匹配的地址
2:仅向与本地接口上地址匹配的网络进行通告
DR模式
direct_server:192.168.126.7
real_server:192.168.126.6
real_server:192.168.126.8
#vip为虚拟服务ip
vip:192.168.126.5
第一步:下载
direct_server:
yum install ipvsadm -y
老板
第二步:清空配置信息
direct_server:
ipvsadm -C #清除配置信息
第三步:添加对外提供的服务ip
ipvsadm -A -t 192.168.126.5:80 -s rr #-A为ADD -t为tcp -s rr为设置算法为轮叫算法
第四步:配置网卡的子网口为vip,ip地址为192.168.126.5
net-tools
ifconfig ens33:0 192.168.126.5 broadcast 192.168.126.5 netmask 255.255.255.255 up
第五步:添加路由(访问192.168.126.5都走ens33:0这个网卡)
route add -host 192.168.126.5 dev ens33:0
─root@zxw7 ~
╰─➤ route -n
╭─root@zxw7 ~
╰─➤ ifconfig ens33:0 down
第六步:添加2台real_server主机
ipvsadm -a -t 192.168.126.5:80 -r 192.168.126.6:80 -g #-a为add -t为tcp -r为realserver -g为DR路由模式
ipvsadm -a -t 192.168.126.5:80 -r 192.168.126.8:80 -g #-a为add -t为tcp -r为realserver -g为DR路由模式
员工1 | 员工2
real_server:
#在回环地址的子网口上配置服务ip(vip)
ifconfig lo:0 192.168。126.5 broadcast 192.168.126.5 netmask 255.255.255.255 up
#添加路由
route add -host 192.168.126.5 dev lo:0
echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
arp_ignore:定义接收到ARP请求时的响应级别
0:默认,只用本地配置的有响应地址都给予响应
1:仅仅在目标IP是本地地址,并且是配置在请求进来的接口上的时候才给予响应
(仅在请求的目标地址配置请求到达的接口上的时候,才给予响应)
arp_announce:定义将自己的地址向外通告时的级别
0:默认,表示使用配置在任何接口的任何地址向外通告
1:尽量仅向目标网络通告与其网络匹配的地址
2:仅向与本地接口上地址匹配的网络进行通告
╭─root@zxw7 ~
╰─➤ cat server.yaml
- hosts: zxw
remote_user: root
tasks:
- name: yum install net-tools -y
yum: name=net-tools state=latest
- name: ifconfig
command: ifconfig lo:0 192.168.126.5 broadcast 192.168.126.5 netmask 255.255.255.255 up
ignore_errors: yes
- name: route add -host 192.168.126.5 dev lo:0
command: route add -host 192.168.126.5 dev lo:0
ignore_errors: yes
- name: echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
shell: echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
- name: echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
shell: echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
- name: echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
shell: echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
- name: echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
shell: echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
╭─root@zxw7 ~
╰─➤ cat /etc/ansible/hosts
[zxw]
192.168.126.6 ansible_ssh_user=root ansible_ssh_port=22 ansible_ssh_pass=123
192.168.126.8 ansible_ssh_user=root ansible_ssh_port=22 ansible_ssh_pass=123
─root@zxw7 ~
╰─➤ ansible-playbook --syntax-check