首页 > 代码库 > LVS之简单搭建LVS-NAT(一)
LVS之简单搭建LVS-NAT(一)
一、规划
lvs01
eth0:192.168.240.134
eth1:192.168.253.130
rs01
eth0:192.168.253.128
gateway:192.168.253.130
rs02
eth0:192.168.253.129
gateway:192.168.253.130
192.168.240.0网段供外网访问,使用NAT
192.168.253.0网段为内网段,使用hostonly
vip(外网):192.168.240.144
dip(内网):192.168.253.131
二、负载均衡器安装配置
1、查看ipvs相关信息:
[root@LVS01 network-scripts]# grep -i ‘vs‘ /boot/config-2.6.32-358.el6.x86_64
CONFIG_GENERIC_TIME_VSYSCALL=y
# CONFIG_X86_VSMP is not set
CONFIG_HIBERNATION_NVS=y
CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
# IPVS transport protocol load balancing support
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
# IPVS scheduler 【支持10种算法】
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
# IPVS application helper
CONFIG_IP_VS_FTP=m
CONFIG_OPENVSWITCH=m
CONFIG_MTD_BLKDEVS=m
CONFIG_SCSI_MVSAS=m
# CONFIG_SCSI_MVSAS_DEBUG is not set
CONFIG_VMWARE_PVSCSI=m
CONFIG_MOUSE_VSXXXAA=m
CONFIG_MAX_RAW_DEVS=8192
CONFIG_USB_SEVSEG=m
CONFIG_USB_VST=m
2、安装命令行工具
[root@LVS01 ~]# yum install ipvsadm -y
[root@LVS01 ~]# lsmod |grep ip_vs
没有安装输出,需要加载模块
[root@LVS01 ~]# modprobe ip_vs
[root@LVS01 ~]# lsmod |grep ip_vs
ip_vs 115643 0
libcrc32c 1246 1 ip_vs
ipv6 321422 142 ip_vs,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
3、开启路由转发功能
[root@LVS01 ~]# vim /proc/sys/net/ipv4/ip_forward
或者
[root@LVS01 ~]# vim /etc/sysctl.conf
将net.ipv4.ip_forward = 0 --> 改成 1
启用:
[root@LVS01 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
4、将两台RS服务器网关设置为LVS的内网口地址
5、配置NTP,使各个服务器时间进行同步
5.1、搭建NTP服务
可参考:http://zyan.cc/post/281/
服务器端需要安装:
[root@LVS01 ~]# yum install ntp
允许任何IP的客户机都可以进行时间同步将“restrict default kod nomodify notrap nopeer noquery”这行修改成:
restrict default nomodify
[root@LVS01 ~]# vim /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
PS : 以上配置需要联网才能同步,另外,我们可以设置成:若无法通过网络同步时间,则使用本地时间进行同步
则需要将以下代码添加到配置文件
server 127.0.0.1
fudge 127.0.0.1 stratum 5
5.2、客户端时间同步
手动同步:
[root@RS01 ~]# ntpdate 192.168.253.130
10 Sep 20:01:42 ntpdate[2352]: step time server 192.168.253.130 offset -28800.064241 sec
[root@RS02 ~]# ntpdate 192.168.253.130
10 Sep 20:01:36 ntpdate[2388]: adjust time server 192.168.253.130 offset 0.000067 sec
PS:手动同步时,可能会出现
[root@RS01 ~]# ntpdate 192.168.253.130
11 Sep 03:30:35 ntpdate[2314]: no server suitable for synchronization found
可能是由于ntp服务器防火墙没有关闭,或者ntp服务器还未与ntp server同步时间。
设置计划任务:
[root@RS02 cron.d]# vim /etc/crontab
20 * * * * /usr/sbin/ntpdate 192.168.253.130
每20分钟同步一次
6、提供页面
分别在RS上安装测试环境(httpd) 并创建两个不同页面,以示区分
以其中一台为例:
先关闭防火墙:
[root@RS02 ~]# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@RS02 ~]# chkconfig iptables off
[root@RS02 ~]# yum install httpd
[root@RS02 ~]# echo "RS1:192.168.253.129" > /var/www/html/index.html
[root@RS02 ~]# service httpd start
测试:
7、配置LVS调度器
配置外网口vip:
[root@LVS01 ~]# ifconfig eth0:0 192.168.240.144 netmask 255.255.255.0 up
[root@LVS01 ~]# ipvsadm -A -t 192.168.240.144:80 -s rr
| --add-service -A add virtual service with options | 添加虚拟服务选项 |
| --tcp-service -t service-address service-address is host[:port] | 指定tcp服务地址、端口 |
| [-s scheduler] | 指定算法 |
[root@LVS01 ~]# ipvsadm -a -t 192.168.240.144:80 -r 192.168.253.128 -m
[root@LVS01 ~]# ipvsadm -a -t 192.168.240.144:80 -r 192.168.253.129 -m
--add-server -a add real server with options | 添加真是服务器选项 |
| --tcp-service -t service-address service-address is host[:port] | 添加tcp服务地址、端口 |
| --real-server -r server-address server-address is host (and port) | 添加真是服务器地址(端口) |
--masquerading -m masquerading (NAT) | NAT伪装 |
增加真实服务器,以NAT方式,增加指向至各真实服务器(RS)
最好写成脚本,以保证每次重启后都能自动运行
8、测试
[root@LVS01 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.240.144:http rr
-> 192.168.253.128:http Masq 1 0 7
-> 192.168.253.129:http Masq 1 0 7
本文出自 “习惯” 博客,请务必保留此出处http://xiguanmin.blog.51cto.com/4857855/1551336
LVS之简单搭建LVS-NAT(一)