####################
#
# 声明
#
####################
# 参阅了许多网上资料,有些引用此处,特此感谢。
#
#
#
#
# http://sery.blog.51cto.com/10037/204706
#################################################################################################
###### ######
###### LVS 三种工作方式 VS/NAT, VS/DR, VS/TUN ######
###### ######
#################################################################################################
####################
#
# VS/NAT
#
####################
# 环境
________
| |
| client |
|________|
CIP=DGW=192.168.14.x (eth0)
|
|
__________ |
| | | (VIP=192.168.14.22,eth0:1)
| director |---|
|__________| | DIP=SGW=192.168.55.1(eth0)
|
|
-----------------------------------
| |
| |
RIP=192.168.55.100(eth0) RIP=192.168.55.200(eth0)
GW=192.168.55.1 GW=192.168.55.1
____________ ____________
| | | |
| realserver | | realserver |
|____________| |____________|
DR:
----------------------------------------------------
DIP eth0 192.168.55.1
GW_default eth0 192.168.14.233(0.0.0.0)
VIP eth0:1 192.168.14.22
RS:
----------------------------------------------------
RIP_1:
RIP eth0 192.168.55.100
GW_default eth0 192.168.55.1
RIP_1:
RIP eth0 192.168.55.200
GW_default eth0 192.168.55.1
########
# 注意
1. DR做IP转发 故开启IP_forward
2. DR做回流网关 故关闭icmp_redirects
3. DR默认网关的netmask为全零(0.0.0.0)
------------ DR / RS ------------
4. RS不做IP转发关 故关掉IP_forward
#########
# DR
# set ip_forward
echo "1" >/proc/sys/net/ipv4/ip_forward
# turn OFF icmp redirects
echo "0" >/proc/sys/net/ipv4/conf/all/send_redirects
echo "0" >/proc/sys/net/ipv4/conf/default/send_redirects
echo "0" >/proc/sys/net/ipv4/conf/eth0/send_redirects
# setup VIP
/sbin/ifconfig eth0:1 192.168.14.22 broadcast 192.168.14.255 netmask 255.255.255.0
# set default gateway
/sbin/route add default gw 192.168.14.233 netmask 0.0.0.0 metric 1
/sbin/ipvsadm -C
/sbin/ipvsadm -A -t 192.168.14.22:80 -s wlc
/sbin/ipvsadm -a -t 192.168.14.22:80 -r 192.168.55.100:80 -m -w 1
/sbin/ipvsadm -a -t 192.168.14.22:80 -r 192.168.55.200:80 -m -w 1
/sbin/ipvsadm
################
# RS_1 && RS_2
# set ip_forward
echo "0" >/proc/sys/net/ipv4/ip_forward
# set default gateway
/sbin/route add default gw 192.168.55.1
####################
#
# VS/DR
#
####################
# 环境
________
| |
| client |
|________|
CIP=SGW=192.168.14.233 (eth0)
|
|
__________ |
| | | VIP=192.168.14.22 (eth0:1)
| director |---|
|__________| | DIP=192.168.14.200 (eth0)
|
|
-----------------------------------
| |
| |
RIP=192.168.14.211(eth0) RIP=192.168.14.222(eth0)
VIP=192.168.14.22(lo:0) VIP=192.168.14.22(lo:0)
____________ ____________
| | | |
| realserver | | realserver |
|____________| |____________|
DR:
---------------------------
DIP eth0 192.168.14.200
DGW eth0 192.168.14.233
VIP eth0:1 192.168.14.22
RS:
---------------------------
RIP_1:
RIP eth0 192.168.14.211
GW_default eth0 192.168.14.233
VIP lo:0 192.168.14.22
VIP_GW lo:0
RIP_2:
RIP eth0 192.168.14.222
GW_default eth0 192.168.14.233
VIP lo:0 192.168.14.22
VIP_GW lo:0
########
# 注意
1. DR不做IP转发关 故关掉IP_forward
2. DR不做回流网关 故开启icmp_redirects
3. DR的VIP的netmask 取全值 (255.255.255.255)
4. DR的VIP网关指向本接口(dev eth0:1)
------------ DR / RS ------------
5. RS不做IP转发关 故关掉IP_forward
6. RS的默认网关指向总网关SGW(绕过DGW)
7. RS的VIP网关指向本接口(dev lo:0)
8. RS的VIP接口,去除ARP
9. RS的VIP的netmask 取全值 (255.255.255.255/0xffffffff)
10. RS的VIP的bordcast 取本值 (192.168.14.22)
#########
# DR
echo "0" >/proc/sys/net/ipv4/ip_forward
echo "1" >/proc/sys/net/ipv4/conf/all/send_redirects
echo "1" >/proc/sys/net/ipv4/conf/default/send_redirects
echo "1" >/proc/sys/net/ipv4/conf/eth0/send_redirects
/sbin/ifconfig eth0 192.168.14.200 broadcast 192.168.14.255 netmask 255.255.255.0
/sbin/ifconfig eth0:1 192.168.14.22 broadcast 192.168.14.22 netmask 255.255.255.255 up
/sbin/route add -host 192.168.14.22 dev eth0:1
/sbin/ipvsadm -C
/sbin/ipvsadm -A -t 192.168.14.22:80 -s rr
/sbin/ipvsadm -a -t 192.168.14.22:80 -r 192.168.14.211 -g -w 1
/sbin/ipvsadm -a -t 192.168.14.22:80 -r 192.168.14.222 -g -w 1
/sbin/ipvsadm
##########
# RS_1
echo "0" >/proc/sys/net/ipv4/ip_forward
/sbin/ifconfig lo:0 192.168.14.22 broadcast 192.168.14.22 netmask 255.25.255.255 up
/sbin/ifconfig eth0 192.168.14.211 broadcast 192.168.14.255 netmask 255.255.255.0
/sbin/route add -host 192.168.14.22 dev lo:0
/sbin/route add default gw 192.168.14.233
echo "1" /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" /proc/sys/net/ipv4/conf/all/arp_announce
# route -n
# ------------------------
# Destination Gateway Genmask Flags Metric Ref Use Iface
# 192.168.14.22 0.0.0.0 255.255.255.255 UH 0 0 0 lo
# 192.168.14.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
# 0.0.0.0 192.168.14.233 0.0.0.0 UG 0 0 0 eth0
##########
# RS_2
echo "0" >/proc/sys/net/ipv4/ip_forward
/sbin/ifconfig lo:0 192.168.14.22 broadcast 192.168.14.22 netmask 255.255.255.255 up
/sbin/ifconfig eth0 192.168.14.222 broadcast 192.168.14.255 netmask 255.255.255.0
/sbin/route add -host 192.168.14.22 dev lo:0
/sbin/route add default gw 192.168.14.233
echo "1" /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" /proc/sys/net/ipv4/conf/all/arp_announce
# route -n
# ------------------------
# Destination Gateway Genmask Flags Metric Ref Use Iface
# 192.168.14.22 0.0.0.0 255.255.255.255 UH 0 0 0 lo
# 192.168.14.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
# 0.0.0.0 192.168.14.233 0.0.0.0 UG 0 0 0 eth0
####################
#
# VS/TUN
#
####################
# 环境
________
| |
| client |
|________|
CIP=192.168.14.233
|
CIP->VIP | | ^
v | | VIP->CIP
|
VIP=192.168.14.22 |
(eth0:1, arps) |
__________ |
| | |
| director |-------
|__________| |
DIP=192.168.14.200 |
(eth0) |
|
DIP->RIP(CIP->VIP) | |
v
-------------------------------------
| |
| |
RIP1=192.168.14.211 RIP2=192.168.14.222 (eth0)
VIP=192.168.14.22 (tunl0,non-arping) VIP=192.168.14.22 (tunl0,non-arping)
_____________ _____________
| | | |
|realserver_1 | |realserver_2 |
|_____________| |_____________|
DR:
---------------------------
DIP eth0 192.168.14.200
DGW eth0 192.168.14.233
VIP tunl0 192.168.14.22
RS:
---------------------------
RIP_1:
RIP eth0 192.168.14.211
GW_default eth0 192.168.14.233
VIP tunl0 192.168.14.22
VIP_GW tunl0
RIP_2:
RIP eth0 192.168.14.222
GW_default eth0 192.168.14.233
VIP tunl0 192.168.14.22
VIP_GW tunl0
########
# 注意
1. DR不做IP转发关 故关掉IP_forward
2. DR不做回流网关 故开启icmp_redirects
3. DR的VIP的netmask 取全值 (255.255.255.255)
4. DR的VIP网关指向本接口(dev tunl0)
------------ DR / RS ------------
5. RS不做IP转发关 故关掉IP_forward
6. RS的默认网关指向总网关SGW(绕过DGW)
7. RS的VIP网关指向本接口(dev tunl0)
8. RS的VIP接口,去除ARP
9. RS的VIP的netmask 取全值 (255.255.255.255/0xffffffff)
10. RS的VIP的bordcast 取本值 (192.168.14.22)
#########
# DR
echo "0" >/proc/sys/net/ipv4/ip_forward
echo "1" >/proc/sys/net/ipv4/conf/all/send_redirects
echo "1" >/proc/sys/net/ipv4/conf/default/send_redirects
echo "1" >/proc/sys/net/ipv4/conf/eth0/send_redirects
/sbin/ifconfig tunl0 192.168.14.22 broadcast 192.168.14.22 netmask 255.255.255.255 up
/sbin/ifconfig eth0 192.168.14.200 broadcast 192.168.14.255 netmask 255.255.255.0
/sbin/route add -host 192.168.14.22 dev tunl0
/sbin/route add default gw 192.168.14.233
/sbin/ipvsadm -C
/sbin/ipvsadm -A -t 192.168.14.22:80 -s wlc
/sbin/ipvsadm -a -t 192.168.14.22:80 -r 192.168.14.211 -i -w 1
/sbin/ipvsadm -a -t 192.168.14.22:80 -r 192.168.14.222 -i -w 1
/sbin/ipvsadm
##########
# RS_1
echo "0" >/proc/sys/net/ipv4/ip_forward
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
echo "1">/proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/tunl0/arp_announce
/sbin/ifconfig tunl0 192.168.14.22 broadcast 192.168.14.22 netmask 255.255.255.255 up
/sbin/ifconfig eth0 192.168.14.211 broadcast 192.168.14.255 netmask 255.255.255.0
/sbin/route add -host 192.168.14.22 dev tunl0
/sbin/route add default gw 192.168.14.233
##########
# RS_2
echo "0" >/proc/sys/net/ipv4/ip_forward
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
echo "1">/proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/tunl0/arp_announce
/sbin/ifconfig tunl0 192.168.14.22 broadcast 192.168.14.22 netmask 255.255.255.255 up
/sbin/ifconfig eth0 192.168.14.222 broadcast 192.168.14.255 netmask 255.255.255.0
/sbin/route add -host 192.168.14.22 dev tunl0
/sbin/route add default gw 192.168.14.233
#################################################################################################
###### ######
###### HA for keepalived ######
###### ######
#################################################################################################
# 环境
________
| |
| client |
|________|
CIP=192.168.14.233
|
CIP->VIP | | ^
v | | VIP->CIP
|
VIP=192.168.14.22 |
|
_____________ | _______________
| | | | |
| director_1 |---------|--------| director_2 |
|_____________| | |_______________|
DIP=192.168.14.100(eth0) | DIP=192.168.14.200(eth0)
HA=10.10.10.1(eth1) | HA=10.10.10.2(eth1)
VIP=192.168.14.22(tunl0) | VIP=192.168.14.22(tunl0)
|
|
DIP->RIP(CIP->VIP) | |
v |
-------------------------------------
| |
| |
_____________ _____________
| | | |
|realserver_1 | |realserver_2 |
|_____________| |_____________|
RIP_1=192.168.14.211(eth0) RIP_2=192.168.14.222 (eth0)
VIP=192.168.14.22(tunl0,non-arping) VIP=192.168.14.22 (all tunl0,non-arping)
##################
#
# ipvs setup
#
##################
aptitude install -y build-essential bzip2 rpm
# 设置内核源码 否则编译报错 下载系统对应版本的内核
wget
tar jxvf linux-2.6.26.2.tar.bz2
mv linux-2.6.26.2 /usr/src/linux
cd ~
wget
rpm -ivh ipvsadm-1.24-6.src.rpm
cp /usr/src/rpm/SOURCES/ipvsadm-1.24.tar.gz .
tar zxvf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
make
make install
####################
#
# keepalived setup
#
####################
aptitude -y install libcurl4-openssl-dev libpopt-dev
cd ~
wget
tar zxvf keepalived-1.1.19.tar.gz
cd keepalived-1.1.19
./configure -prefix=/usr/local/keepalive1119
make && make install
##########
# DR_1
vim /usr/local/keepalive1119/etc/keepalived/keepalived.conf
--------------------------------------------------------------
global_defs {
router_id LVS_1
}
vrrp_sync_group VG_1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state MASTER
interface eth1
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 200
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.14.22
}
}
virtual_server 192.168.14.22 80 {
delay_loop 6
lb_algo wlc
lb_kind TUN
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.14.211 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.14.222 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
--------------------------------------------------------------
##########
# DR_1
vim /usr/local/keepalive1119/etc/keepalived/keepalived.conf
--------------------------------------------------------------
global_defs {
router_id LVS_2
}
vrrp_sync_group VG_1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 100
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.14.22
}
}
virtual_server 192.168.14.22 80 {
delay_loop 6
lb_algo wlc
lb_kind TUN
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.14.211 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.14.222 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
--------------------------------------------------------------
#################
# RS_1 && RS_2
vim /usr/local/bin/lvs_real
--------------------------------------------------------------
#!/bin/bash
#description : start realserver
VIP=192.168.14.22
/etc/rc.d/init.d/functions
case "$1" in
start)
echo " start LVS of REALServer"
/sbin/ifconfig tunl0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
echo "1">/proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/tunl0/arp_announce
;;
stop)
/sbin/ifconfig tunl0 down
echo "close LVS Directorserver"
echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
echo "0">/proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/tunl0/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
--------------------------------------------------------------
#################################################################################################
###### ######
###### HA for heartbeat ######
###### ######
#################################################################################################
# 环境
________
| |
| client |
|________|
CIP=192.168.14.233
|
CIP->VIP | | ^
v | | VIP->CIP
|
VIP=192.168.14.22 |
|
_____________ | _______________
| | | | |
| director_1 |---------|--------| director_2 |
|_____________| | |_______________|
DIP=192.168.14.100(eth0) | DIP=192.168.14.200(eth0)
HA=10.10.10.1(eth1) | HA=10.10.10.2(eth1)
VIP=192.168.14.22(tunl0) | VIP=192.168.14.22(tunl0)
|
|
DIP->RIP(CIP->VIP) | |
v |
-------------------------------------
| |
| |
_____________ _____________
| | | |
|realserver_1 | |realserver_2 |
|_____________| |_____________|
RIP_1=192.168.14.211(eth0) RIP_2=192.168.14.222 (eth0)
VIP=192.168.14.22(tunl0,non-arping) VIP=192.168.14.22 (all tunl0,non-arping)
##################
#
# ipvs setup
#
##################
aptitude install -y build-essential bzip2 rpm
# 设置内核源码 否则编译报错 下载系统对应版本的内核
wget
tar jxvf linux-2.6.26.2.tar.bz2
mv linux-2.6.26.2 /usr/src/linux
cd ~
wget
rpm -ivh ipvsadm-1.24-6.src.rpm
cp /usr/src/rpm/SOURCES/ipvsadm-1.24.tar.gz .
tar zxvf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
make
make install
##################
#
# heart-beat
#
##################
# /etc/init.d/heartbeat 两台DR负载分发器之间做心跳检测 做HA
# /etc/ha.d/ha.cf heartbeat主配置文件
# /etc/ha.d/authkeys 验证配置文件
# /etc/ha.d/haresources 负载分发器之前的资源列表
aptitude -y install autoconf libtool python2.5 python2.5-dev libextutils-pkgconfig-perl libglib2.0-dev libnet1 libnet1-dev
aptitude -y install heartbeat-2
groupadd -g 65 haclient
useradd -g 65 -u 17 hacluster
cd ~
wget
tar jxvf STABLE-2.1.4.tar.bz2
cp /Heartbeat-STABLE-2-1-STABLE-2.1.4/doc/ha.cf authkeys haresources /etc/ha.d/
##################
#
# ldirectord-2
#
##################
# /etc/init.d/ldirectord 检测RS真实机的健康情况
# /etc/ha.d/ldirectord.cf ldirectord 主配置文件
aptitude -y install ldirectord-2
cp /root/Heartbeat-STABLE-2-1-STABLE-2.1.4/ldirectord/ldirectord.cf /etc/ha.d/
##########
# DR_1
# ha.cf
vim /etc/ha.d/ha.cf
--------------------------------
debugfile /var/log/ha-debug
logfile /var/log/ha-log
logfacility local0
keepalive 2
warntime 10
initdead 120
udpport 694
ucast eth1 10.10.10.2
auto_failback on
node DR_1
node DR_2
ping 192.168.14.233
respawn hacluster /usr/lib/heartbeat/ipfail
apiauth ipfail gid=haclient uid=hacluster
--------------------------------
# ldirectord
vim /etc/ha.d/ldirectord.cf
--------------------------------
# Global Directives
checktimeout=3
checkinterval=1
#fallback=127.0.0.1:80
autoreload=yes
logfile="/var/log/ldirectord.log"
logfile="local0"
#emailalert="admin@x.y.z"
#emailalertfreq=3600
#emailalertstatus=all
quiescent=yes
# Sample for an http virtual service
virtual=192.168.14.22:80
real=192.168.14.211:80 ipip
real=192.168.14.222:80 ipip
# real=192.168.6.6:80 gate
# fallback=127.0.0.1:80 gate
service=http
request="check.html"
receive="Test Page"
# virtualhost=some.domain.com.au
scheduler=rr
#persistent=600
#netmask=255.255.255.255
protocol=tcp
checktype=negotiate
checkport=80
# 相应的在RIP的web页面目录里建立check.html页面,内容为“Test Page”以便内容检测
--------------------------------
# haresources
vim /etc/ha.d/haresources
--------------------------------
DR_2 10.10.10.2
--------------------------------
##########
# DR_1
# ha.cf
vim /etc/ha.d/ha.cf
--------------------------------
debugfile /var/log/ha-debug
logfile /var/log/ha-log
logfacility local0
keepalive 2
warntime 10
initdead 120
udpport 694
ucast eth1 10.10.10.1
auto_failback on
node DR_1
node DR_2
ping 192.168.14.233
respawn hacluster /usr/lib/heartbeat/ipfail
apiauth ipfail gid=haclient uid=hacluster
--------------------------------
# ldirectord
vim /etc/ha.d/ldirectord.cf
--------------------------------
# Global Directives
checktimeout=3
checkinterval=1
#fallback=127.0.0.1:80
autoreload=yes
logfile="/var/log/ldirectord.log"
logfile="local0"
#emailalert="admin@x.y.z"
#emailalertfreq=3600
#emailalertstatus=all
quiescent=yes
# Sample for an http virtual service
virtual=192.168.14.22:80
real=192.168.14.211:80 ipip
real=192.168.14.222:80 ipip
# real=192.168.6.6:80 gate
# fallback=127.0.0.1:80 gate
service=http
request="check.html"
receive="Test Page"
# virtualhost=some.domain.com.au
scheduler=rr
#persistent=600
#netmask=255.255.255.255
protocol=tcp
checktype=negotiate
checkport=80
# 相应的在RIP的web页面目录里建立check.html页面,内容为“Test Page”以便内容检测
--------------------------------
# haresources
vim /etc/ha.d/haresources
--------------------------------
DR_2 10.10.10.2
--------------------------------
#################################################################################################
###### ######
###### 其它 ######
###### ######
#################################################################################################
######################
#
# webbench 压力测试
#
#####################
aptitude install g++ ctags
wget http://blog.s135.com/soft/linux/webbench/webbench-1.5.tar.gz
tar zxvf webbench-1.5.tar.gz
cd webbench-1.5
make && make install
webbench -c 500 -t 30
参数说明:-c表示并发数,-t表示时间(秒)
阅读(1170) | 评论(0) | 转发(0) |
