Lvs+KeepAlived高可用高性能負(fù)載均衡

這篇具有很好參考價值的文章主要介紹了Lvs+KeepAlived高可用高性能負(fù)載均衡。希望對大家有所幫助。如果存在錯誤或未考慮完全的地方，請大家不吝賜教，您也可以點(diǎn)擊"舉報違法"按鈕提交疑問。

1.環(huán)境介紹

2.配置keepalived

?3.測試

1.測試負(fù)載均衡

2.測試RS高可用

3.測試LVS高可用

3.1測試lvs主服務(wù)宕機(jī)

3.2.測試lvs主服務(wù)器恢復(fù)

4.我在實(shí)驗(yàn)中遇到的錯誤

1.環(huán)境介紹

環(huán)境：centos7

RS1---RIP1:192.168.163.145

? ? ? ? ? ?VIP 192.168.163.200

RS2---RIP2:192.168.163.146

? ? ? ? ? ?VIP 192.168.163.200

LVS_MASTER : DIP 192.168.163.144

? ? ? ? ? ? ? ? ? ? ? ? ? ?VIP:192.168.163.200

LVS_BACKUP: DIP 192.168.163.150

? ? ? ? ? ? ? ? ? ? ? ? ? ? ?VIP:192.168.163.200

CLIENT :192.168.163.151

Lvs+KeepAlived高可用高性能負(fù)載均衡,lvs,負(fù)載均衡,服務(wù)器

我使用的是LVS-DR模式來負(fù)載均衡，詳情請見http://t.csdn.cn/iiU4s

?ipvsadm 已經(jīng)在這篇文章搭建好

2.配置keepalived

現(xiàn)在我們需要在兩臺LVS服務(wù)器都下載keepalivd

yum install keepalived -y

下載號后，我們會在/etc/keepalived的目錄下找一個配置文件文件

[root@lvs-backup ~]# cd /etc/keepalived/
[root@lvs-backup keepalived]# ll
total 4
-rw-r--r--. 1 root root 1376 Aug 31 12:12 keepalived.conf

里面內(nèi)容如下

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
#上面的配置無需關(guān)注，重點(diǎn)關(guān)注和修改下面的配置
vrrp_instance VI_1 {
    state MASTER#標(biāo)識當(dāng)前l(fā)vs是主，根據(jù)實(shí)際lvs服務(wù)器規(guī)劃確定，可選值MASTER和BACKUP
    interface eth0#lvs服務(wù)器提供服務(wù)器的網(wǎng)卡，根據(jù)實(shí)際服務(wù)器網(wǎng)卡進(jìn)行修改
    virtual_router_id 51#lvs提供的服務(wù)所屬ID，目前無需修改
    priority 100#lvs服務(wù)器的優(yōu)先級，主服務(wù)器最高，備份服務(wù)器要低于主服務(wù)器
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    #virtual_ipaddress用于配置VIP和LVS服務(wù)器的網(wǎng)卡綁定關(guān)系，一般需要修改
    #示例: 192.168.116.134/24 dev ens33 label ens33:9
    virtual_ipaddress {
        192.168.200.16
        192.168.200.17
        192.168.200.18
    }
}
#配置lvs服務(wù)策略，相當(dāng)于ipvsadm -A -t 192.168.116.134:80 -s rr，一般需要修改
virtual_server 192.168.200.100 443 {
    delay_loop 6
    lb_algo rr#配置lvs調(diào)度算法，默認(rèn)輪詢
    lb_kind NAT#配置lvs工作模式，可以改為DR
    persistence_timeout 50#用于指定同一個client在多久內(nèi)，只去請求第一次提供服務(wù)的RS，為查看輪詢效                        果，這里需要改為0
    protocol TCP#TCP協(xié)議
   #配置RS信息，相當(dāng)于ipvsadm -a -t 192.168.116.134:80 -r 192.168.116.131 -g
    real_server 192.168.201.100 443 {
        weight 1#當(dāng)前RS的權(quán)重
        SSL_GET {#SSL_GET健康檢查，一般改為HTTP_GET
         #兩個url可以刪除一個，url內(nèi)的內(nèi)容改為path /和status_code 200，digest刪除
            url {
              path /
              digest ff20ad2481f97b1754ef3e12ecd3a9cc
            }
            url {
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
#下面的配置實(shí)際是兩組lvs服務(wù)的配置，含義和上面的lvs服務(wù)配置一致。如果用不到，下面的配置可以全部刪除
virtual_server 10.10.10.2 1358 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

    sorry_server 192.168.200.200 1358

    real_server 192.168.200.2 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl3/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.200.3 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334c
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334c
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

virtual_server 10.10.10.3 1358 {
    delay_loop 3
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

    real_server 192.168.200.4 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl3/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.200.5 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl3/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

在兩臺機(jī)器上修改我們需要修改的配置

LVS_MASTER

[root@lvs ~]# cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
         192.168.163.200/24 brd 192.168.163.255  dev ens33 label ens33:200
    }
}

virtual_server 192.168.163.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 0
    protocol TCP

    real_server 192.168.163.145 80 {
        weight 1
        HTTP_GET {
            url {
              path /index.html
	       status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
   real_server 192.168.163.146 80 {
        weight 1
        HTTP_GET {
            url {
              path /index.html
	      status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

}

LVS_BACKUP

[root@lvs-backup keepalived]# cat keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 180
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
         192.168.163.200/24 brd 192.168.163.255  dev ens33 label ens33:200
    }
}

virtual_server 192.168.163.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 0
    protocol TCP

    real_server 192.168.163.145 80 {
        weight 1
        HTTP_GET {
            url {
              path /index.html
	       status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
   real_server 192.168.163.146 80 {
        weight 1
        HTTP_GET {
            url {
              path /index.html
	      status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

}

注意：主服務(wù)的優(yōu)先級要高于備份服務(wù)器

在兩臺服務(wù)器上開啟keepalived服務(wù)

[root@lvs ~]# systemctl restart keepalived

上述步驟執(zhí)行完畢后，可以在lvs主服務(wù)器和備份服務(wù)器分別執(zhí)行ifconfig命令，可以查看到VIP被綁定到了主服務(wù)器，如下:

[root@lvs ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.163.144  netmask 255.255.255.0  broadcast 192.168.163.255
        inet6 fe80::491f:4a6e:f34:a1b9  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a3:4f:a2  txqueuelen 1000  (Ethernet)
        RX packets 156094  bytes 70487425 (67.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 195001  bytes 16040484 (15.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.163.200  netmask 255.255.255.0  broadcast 192.168.163.255
        ether 00:0c:29:a3:4f:a2  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 331  bytes 28808 (28.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 331  bytes 28808 (28.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@lvs ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.163.200:80 rr
  -> 192.168.163.145:80           Route   1      0          0         
  -> 192.168.163.146:80           Route   1      0          0

?3.測試

1.測試負(fù)載均衡

[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .

2.測試RS高可用

關(guān)閉一臺RS后(這里可以使用ifconfig 網(wǎng)卡名 down命令暫時關(guān)閉網(wǎng)卡)，客戶端繼續(xù)發(fā)起請求，查看是否可以正常訪問，如下:

[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .

會發(fā)現(xiàn)，此時客戶端可以正常訪問，但只有RS2在提供服務(wù)。這說明，keepAlived檢測到了RS1服務(wù)器異常，將其剔除了。

此時再啟動RS1服務(wù)器，客戶端繼續(xù)訪問，會發(fā)現(xiàn)響應(yīng)結(jié)果如下，keepAlived檢測到RS1服務(wù)器恢復(fù)正常，又將其加入服務(wù)列表了。

[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .

3.測試LVS高可用

這里主要進(jìn)行兩個測試

3.1測試lvs主服務(wù)宕機(jī)

使用ifconfig 網(wǎng)卡名 down命令，關(guān)閉主服務(wù)器網(wǎng)卡，此時主服務(wù)器不能提供服務(wù)。觀察備份服務(wù)器是否將VIP綁定到自己，以及客戶端是否可以繼續(xù)正常訪問。如下：

關(guān)閉主服務(wù)器網(wǎng)卡

[root@lvs ~]# ifconfig ens33 down

觀察備份服務(wù)器，會發(fā)現(xiàn)VIP已經(jīng)綁定過來了。這里實(shí)際是keepAlived檢測到了主服務(wù)器的異常，而做出的故障轉(zhuǎn)移和自動切換。

[root@lvs-backup keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.163.150  netmask 255.255.255.0  broadcast 192.168.163.255
        inet6 fe80::94e3:7456:5dc9:ce5d  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::9aec:8c8f:ee55:a8eb  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c0:57:db  txqueuelen 1000  (Ethernet)
        RX packets 43484  bytes 5026535 (4.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12787  bytes 1188939 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.163.200  netmask 255.255.255.0  broadcast 192.168.163.255
        ether 00:0c:29:c0:57:db  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

用客戶進(jìn)行測試

[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145  .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146  .

3.2.測試lvs主服務(wù)器恢復(fù)

上述測試通過后，可以開啟主服務(wù)器網(wǎng)卡，讓其能夠提供服務(wù)，然后觀察VIP是否會回到主服務(wù)器。

開啟主服務(wù)器網(wǎng)卡

[root@lvs ~]# ifconfig ens33 up

我們會發(fā)現(xiàn)，在主服務(wù)器開啟端口后，VIP又換綁到主服務(wù)器上了

[root@lvs ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.163.144  netmask 255.255.255.0  broadcast 192.168.163.255
        inet6 fe80::491f:4a6e:f34:a1b9  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a3:4f:a2  txqueuelen 1000  (Ethernet)
        RX packets 157697  bytes 70649781 (67.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 200310  bytes 16401598 (15.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.163.200  netmask 255.255.255.0  broadcast 192.168.163.255
        ether 00:0c:29:a3:4f:a2  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 331  bytes 28808 (28.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 331  bytes 28808 (28.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@lvs-backup keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.163.150  netmask 255.255.255.0  broadcast 192.168.163.255
        inet6 fe80::94e3:7456:5dc9:ce5d  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::9aec:8c8f:ee55:a8eb  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c0:57:db  txqueuelen 1000  (Ethernet)
        RX packets 43995  bytes 5081851 (4.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13240  bytes 1226592 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

4.我在實(shí)驗(yàn)中遇到的錯誤

在測試階段，我發(fā)現(xiàn)即使我的VIP已經(jīng)成功和服務(wù)器綁定，也有當(dāng)前ipvs模塊中記錄的鏈接，但就是無法通過VIP連接，這是因?yàn)樵趉eepalived配置文件中，關(guān)于vrrp協(xié)議的vrrp_strict是默認(rèn)打開的我們需要把他注釋掉，這樣就能順利連接了文章來源地址http://www.zghlxwxcb.cn/news/detail-689941.html

到了這里，關(guān)于Lvs+KeepAlived高可用高性能負(fù)載均衡的文章就介紹完了。如果您還想了解更多內(nèi)容，請?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！