Chinaunix首页 | 论坛 | 博客

birdofpreybirdofprey.blog.chinaunix.net

首页 |  博文目录 |  关于我

niao5929

  • 博客访问: 7094360
  • 博文数量: 3857
  • 博客积分: 6409
  • 博客等级: 准将
  • 技术积分: 15948
  • 用 户 组: 普通用户
  • 注册时间: 2008-09-02 16:48
个人简介

迷彩 潜伏 隐蔽 伪装

文章分类

全部博文(3857)

文章存档

2017年(5)

2016年(63)

2015年(927)

2014年(677)

2013年(807)

2012年(1241)

2011年(67)

2010年(7)

2009年(36)

2008年(28)

我的朋友
最近访客
推荐博文
相关博文
LVS+KEEPALIVED+NAT详解

分类: 系统运维

2013-05-27 09:49:59

原文地址:LVS+KEEPALIVED+NAT详解 作者:那片依然海

       相信大家对LVS + KEEPALIVED已经很熟悉了。LVSLinux Virtual ServerKEEPALIVED是为LVS设计的,主要提供了VRRP功能,解决静态路由的单点故障的问题,并且还能够检测每个服务节点的健康状态,当出现故障节点,keepalived能够剔除该节点,当故障节点回复后,又能够重新加入集群。


       本实验是LVS+KEEPALIVED +NAT模式,在企业里这种模式用的比较少,适合小的访问量。正因如此,此方面的正式文档比较少,这也是我写此博客的原因。NAT模式所有的数据量都需要通过LD,所以LD得负载比较大,为减少LD的负载,可以选择使用TUN模式。

实验架构简图如下:

LD

station1 :外网IP eth0 172.16.1.11

内网IP eth1 192.168.1.11

Station2:外网 IP eth0 172.16.1.12

内网:IP eth1 192.168.1.12

浮动IP 172.16.1.100

网关浮动IP 192.168.1.254


Realserver: Apache1 192.168.1.13

                Apache2 192.168.1.14


下面开始进行配置:

station1
打开路由功能。

安装keepalived-1.2.7


  1. yum -y install gcc make openssl-devel openssl net-snmp net-snmp-devel popt popt-devel
  3. ./configure --prefix=/usr/local/keepalived –enable-snmp
  5. make && make install
  6. ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
  7. ln -s /usr/local/keepalived/etc/keepalived.conf /etc/keepalived.conf

修改主配置文件:


  1. ! Configuration File for keepalived
  3. global_defs {
  4.     router_id KL_HOST1
  5. }
  7. vrrp_instance VI_1 {
  8.     state BACKUP
  9.     interface eth0
  10.     virtual_router_id 51
  11.     priority 150
  12.     nopreempt
  13.     advert_int 1
  14.     authentication {
  15.         auth_type PASS
  16.         auth_pass 1111
  17.     }
  18. virtual_ipaddress {
  19.     172.16.1.100/24
  20.     }
  21. }
  23. vrrp_instance VI_2 {
  24.     state BACKUP
  25.     interface eth1
  26.     nopreempt
  27.     virtual_router_id 52
  28.     priority 150
  29.     advert_int 1
  30.     authentication {
  31.         auth_type PASS
  32.         auth_pass 2222
  33. }
  34. virtual_ipaddress {
  35.     192.168.1.254/24
  36. }
  37. }
  38. vrrp_sync_group VG_1 {
  39.     group {
  40.         VI_1
  41.         VI_2
  42.     }
  43. }
  45. virtual_server 172.16.1.100 80 {
  46.     delay_loop 6
  47.     lb_algo rr
  48.     lb_kind NAT
  49.     nat_mask 255.255.255.0
  50.     persistence_timeout 50
  51.        protocol TCP
  53. # sorry_server 192.168.200.200 1358
  55. real_server 192.168.1.13 80 {
  56.     weight 1
  57.     HTTP_GET {
  58.         url {
  59.             path /urltest/test.html
  60.                digest 37dba1d9a3c103df127b4e957c9de188
  61. }
  62.     connect_timeout 3
  63.     nb_get_retry 3
  64.     delay_before_retry 3
  65.     }
  66. }
  68. real_server 192.168.1.14 80 {
  69.     weight 2
  70.     HTTP_GET {
  71.         url {
  72.             path /urltest/test.html
  73.             digest 37dba1d9a3c103df127b4e957c9de188
  74.     }
  75.     connect_timeout 3
  76.     nb_get_retry 3
  77.     delay_before_retry 3
  78.         }
  79.     }
  80. }

这里面的md5值是使用如下命令生成的。


  1. /usr/local/keepalived/bin/genhash -s 192.168.1.14 -p 80 -u /urltest/test.html

防火墙配置:


  1. [root@station1 tmp]# iptables -L -n
  2. Chain INPUT (policy ACCEPT)
  3. target prot opt source destination
  4. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
  5. ACCEPT 112 -- 0.0.0.0/0 0.0.0.0/0
  6. ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
  7. ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
  8. ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
  9. ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
  10. REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

  12. Chain FORWARD (policy ACCEPT)
  13. target prot opt source destination

  15. Chain OUTPUT (policy ACCEPT)
  16. target prot opt source destination
  17. [root@station1 tmp]# iptables -L -n -t nat
  18. Chain PREROUTING (policy ACCEPT)
  19. target prot opt source destination

  21. Chain POSTROUTING (policy ACCEPT)
  22. target prot opt source destination
  23. MASQUERADE all -- 192.168.1.0/24 0.0.0.0/0

  25. Chain OUTPUT (policy ACCEPT)
  26. target prot opt source destination
  27. [root@station1 tmp]#

station2操作
打开路由功能

安装keepalived-1.2.7


  1. yum -y install gcc make openssl-devel openssl net-snmp net-snmp-devel popt popt-devel
  3. ./configure --prefix=/usr/local/keepalived –enable-snmp
  5. make && make install
  6. ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
  7. ln -s /usr/local/keepalived/etc/keepalived.conf /etc/keepalived.conf

修改主配置文件:


  1. ! Configuration File for keepalived

  3. global_defs {
  4.    router_id KL_HOST2
  5. }

  7. vrrp_instance VI_1 {
  8.     state BACKUP
  9.     interface eth0
  10.     virtual_router_id 51
  11.     priority 100
  12.     advert_int 1
  13.     authentication {
  14.         auth_type PASS
  15.         auth_pass 1111
  16.     }
  17.     virtual_ipaddress {
  18.         172.16.1.100/24
  19.     }
  20. }

  22. vrrp_instance VI_2 {
  23.     state BACKUP
  24.     interface eth1
  25.     virtual_router_id 52
  26.     priority 100
  27.     advert_int 1
  28.     authentication {
  29.     auth_type PASS
  30.     auth_pass 2222
  31.     }
  32.     virtual_ipaddress {
  33.     192.168.1.254/24
  34.     }
  35. }
  36. vrrp_sync_group VG_1 {
  37.     group {
  38.     VI_1
  39.     VI_2
  40.    }
  41. }

  43. virtual_server 172.16.1.100 80 {
  44.     delay_loop 6
  45.     lb_algo rr
  46.     lb_kind NAT
  47.     nat_mask 255.255.255.0
  48.     persistence_timeout 50
  49.     protocol TCP

  51. # sorry_server 192.168.200.200 1358

  53.     real_server 192.168.1.13 80 {
  54.         weight 1
  55.         HTTP_GET {
  56.             url {
  57.               path /urltest/test.html
  58.               digest 37dba1d9a3c103df127b4e957c9de188
  59.             }
  60.             connect_timeout 3
  61.             nb_get_retry 3
  62.             delay_before_retry 3
  63.         }
  64.     }

  66.     real_server 192.168.1.14 80 {
  67.         weight 2
  68.         HTTP_GET {
  69.             url {
  70.               path /urltest/test.html
  71.               digest 37dba1d9a3c103df127b4e957c9de188
  72.             }
  73.             connect_timeout 3
  74.             nb_get_retry 3
  75.             delay_before_retry 3
  76.         }
  77.     }
  78. }

station2的防火墙和station1的完全一样


apache2apache1上做如下相同配置




  1. yum -y install httpd
  2. mkdir /var/www/html/urltest/
  3. echo “this is a test page” > /var/www/html/urltest/test.html
  5. iptables -I INPUT -p tcp –dport 80 -j ACCEPT
  6. service iptables save
  7. service httpd start
  8. chkconfig httpd on

所有配置已经完成

staiton1station2上开启keepalived服务




  1. keepalived -f /etc/keepalived.conf
  2. echo “keepalived -f /etc/keepalived.conf” >> /etc/rc.local


keepalivedvrrp功能和集群功能都没有任何问题!






阅读(829) | 评论(0) | 转发(0) |
0

上一篇:对软件碎片化的看法!!

下一篇:简单双节点高可用搭建

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6