LVS + keepalived can achieve very good (high availability systems, system scalability, load balancing), LVS provides load balancing, keepalived provide health checks, failover, improve system availability.
Keepalived works
Keepalived is a protocol based on VRRP, LVS service availability solutions Virtual Router Redundancy Protocol (Virtual Router Redundancy Protocol, referred to as VRRP) to achieve, you can use it to avoid a single point of failure.
Virtual routing redundancy protocol, protocol router can be considered highly available, about to stage N routers provide the same functionality of a router group, the group which has a master and multiple backup, there is a vip provide services outside of the master above ( default other machines within the LAN router is routing for vip), master will send multicast, when the backup does not receive packets vrrp considers that the master dawdle out, then you need a backup when the election according to priority of VRRP master. So we can ensure high availability of the router.
Introduction and LVS works
LVS is short for Linux Virtual Server, which means Linux virtual server is a virtual server cluster. The project was founded by Dr. Zhang Wen-song in 1998, it is one of free software projects in China first appeared.
There are currently three IP load balancing technology:
DR (Direct Routing)
NAT (Network Address Translation)
TUN
Ten kinds of scheduling algorithms (rrr | wrr | lc | wlc | lblc | lblcr | dh | sh | sed | nq).
LVS is mainly used for server load balancing cluster. It operates at the network layer, can achieve high performance, high availability server clustering technology. It is inexpensive, the combination of a number of low-performance servers together to form a super server. It is easy to use, simple configuration, and a variety of load balancing methods. It is stable and reliable, a server does not work even in a server cluster, it does not affect the overall results. In addition scalability is also very good.
(1) LVS is a four-layer load balancing, that is built on the fourth layer of the OSI model - above the transport layer, the transport layer has a familiar TCP / UDP, LVS supports TCP / UDP load balancing. Because LVS load balancing is four, so it is relative to other high-level load balancing solutions, such as alternate DNS domain name resolution, application layer load scheduling, client scheduling, its efficiency is very high.
(2) LVS forwarding primarily achieved by modifying the IP addresses (NAT mode, into the source address and destination address modification modifications SNAT DNAT), modify the destination MAC (DR mode).
Mode NAT: Network Address Translation
NAT (Network Address Translation) is a technology network and external network address mappings. NAT mode, network packets in and out to go through the LVS process. LVS needed as a gateway RS (real server). When the packet reaches the LVS, LVS target do address translation (DNAT), the destination IP to IP RS. After receiving the RS package, if it is sent directly to the client of the same. RS processed, a response is returned, IP RS is the source IP, destination IP client's IP. Then RS package through a gateway (LVS) transit, LVS will do source NAT (SNAT), the source address of the packet is changed to VIP, so this package to the client looks as if LVS is returned directly to it. The client can not perceive the presence of the back-end RS.
DR Mode: direct routing
needs LVS and DR mode RS clusters bind the same VIP (the VIP binding by RS loopback implementation), but differs in that NAT: receiving a request from the LVS, the real server to provide services ( RealServer, RS) directly returned to the user, when returned without LVS. Details of view, when a request came, the LVS MAC address of the network only need to modify the frame of RS of a MAC, the packet will be forwarded to the corresponding RS processing. Note that the source and destination IP no change, LVS just do a bit deceitful. RS receives the packet forwarded by LVS, Link Layer Discovery MAC their own, to the upper network layer, also find his IP, then the packet is legally accepted, RS imperceptible LVS has previously exist. When the RS returns a response, returned directly to the source as long as the IP (i.e., the user's IP) can, without undergoing LVS.
(3) DR load balancing mode data distribution process does not change the IP address, only modify mac address, since the actual real physical process request data requesting the IP address and destination IP address match, address translation is not required by the load balancing server, the response packet is returned directly to the user's browser, server load balancing to avoid a bottleneck bandwidth of the NIC. Therefore, DR model has better performance, large-scale site is currently the most widely used means of a load-balancing.
Actual: LVS + Keepalived-DR Mode
Prepare the environment:
Centos6 four servers (two of which do LVS)
Service iptables STOP
setenforce 0
LVS of the primary and standby operation, and must be installed ipvsadmi keepalived
#yum the ipvsadm keepalived -Y
Operation on the primary LVS
Change keepalive configuration file
[root@ localhost ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER \\初始状态
interface eth0 \\VIP的网卡
virtual_router_id 51
priority 100 \\优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.189.181 \\VIP地址
}
}
virtual_server 192.168.189.181 80 { \\虚拟服务器
delay_loop 6
lb_algo rr \\算法
lb_kind DR \\模式
nat_mask 255.255.255.0 \\子网掩码
protocol TCP \\虚拟服务器协议
real_server 192.168.189.163 80 { \\真实服务器web1的ip地址和端口
weight 1 \\权重
TCP_CHECK { \\健康检查模块
connect_timeout 3
connect_port 80
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.189.164 80 { \\真实服务器web2的ip地址和端口
weight 1 \\权重
TCP_CHECK { \\健康检查模块
connect_timeout 3
connect_port 80
nb_get_retry 3
delay_before_retry 3
}
}
}
Once configured, turn off the firewall and start keepalived
Service keepalived Start
to see whether the VIP generation
ip a
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:fc:d6:23 brd ff:ff:ff:ff:ff:ff
inet 192.168.189.161/24 brd 192.168.189.255 scope global eth0
inet 192.168.189.181/32 scope global eth0
LVS backup host operation
备份主机keepalived的配置文件和主的基本相同,需要修改初始状态和优先级即可
vrrp_instance VI_1 {
state BACKUP \\初始状态BACKUP
interface eth0 \\VIP的网卡
virtual_router_id 51
priority 90 \\优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.189.181 \\VIP地址
}
}
其他配置和LVS主机一样
配置完毕后关闭防火墙并启动keepalived
service iptables stop
setenforce 0
service keepalived start
web service configuration
configuration and content as before
1. Install httpd and create a test page
2. Increase lo: 0, and bind and VIP
3. Modify arp level
4. Increase the Static Routing
5. turn off the firewall
After all the configuration is complete, execute the following command on the primary LVS, LVS rules to see whether the increased success
ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.189.181:80 rr
-> 192.168.189.163:80 Route 1 0 0
-> 192.168.189.164:80 Route 1 0 0
若有规则输出说明成功
VIP access to test results
And stop the Lord's VIP keepalived test of whether elegant LVS backup host, if successful elegant, and can be a normal visit, that we realized the LVS + keepalvied cluster configuration,
the successful implementation of highly available LVS
