centos 7 LVS keepalived nat 配置

xiaoxiao2021-03-01  19

 

参考链接

https://www.cnblogs.com/mchina/archive/2012/08/27/2644391.html

https://yq.aliyun.com/articles/38538

vmware虚拟出4台主机,LVS服务器两张网卡,一桥接模式,一张仅主机模式,两台服务器都为仅主机模式。

LVS_master的桥接网卡ip 为192.168.1.196,内网ip:10.0.0.49。

lvs-backup:外网192.168.1.197,内网为::10.0.0.52。

两台web服务器的ip为10.0.0.51,10.0.0.52.

虚拟IP为192.168.1.198,虚拟网关为10.0.0.100 系统版本:CentOS Linux release 7.3.1611 (Core) 

拓扑图:

【1】安装ipvsadm和keepalived

在LVS_master和LVS_backup两台机器上安装ipvsadm和keepalived

[root@localhost ~]# yum install -y ipvsadm [root@localhost ~]# yum install -y keepalived

【2】配置主从LVS服务器

a,开户路由转发功能

[root@localhost ~]# vim /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.ip_forward = 1 [root@localhost ~]# sysctl -p net.ipv4.ip_forward = 1

注意:删除配置文件中的 vrrp_strict,否则会导致不能ping能虚拟出来的VIP和虚拟网关,导致访问服务失败。

b,lvs_master keepalived配置文件

[root@localhost keepalived]# cat keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_MASTER vrrp_skip_check_adv_addr vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.198 } } vrrp_instance LAN_GATEWAY { state MASTER interface ens37 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 111 } virtual_ipaddress { 10.0.0.100 } } virtual_server 192.168.1.198 80 { delay_loop 6 lb_algo rr lb_kind NAT # persistence_timeout 50 protocol TCP real_server 10.0.0.51 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.52 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }

c,lvs_backup keepalived配置文件

[root@localhost keepalived]# cat keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_BACK vrrp_skip_check_adv_addr vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.198 } } vrrp_instance LAN_GATEWAY { state BACKUP interface ens37 virtual_router_id 52 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 111 } virtual_ipaddress { 10.0.0.100 } } virtual_server 192.168.1.198 80 { delay_loop 6 lb_algo rr lb_kind NAT # persistence_timeout 50 protocol TCP real_server 10.0.0.51 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.52 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }

d,在两台LVS上运行keepalived服务

[root@localhost ~]# systemctl start keepalived

e,配置两台WEB服务

将两台WEB服务器的网关设置成10.0.0.100.

 配置WEB服务略。内容不一样即可,只做简单测试。

【3】结果

a,从局域网中的一台机器ping VIP 192.168.1.198可以ping通。

b,在LVS_master查看

[root@localhost ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.198:80 rr -> 10.0.0.51:80 Masq 1 0 0 -> 10.0.0.52:80 Masq 1 0 0

 c,ens33 有VIP,ens37下有虚拟网关

[root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:76:4b:2d brd ff:ff:ff:ff:ff:ff inet 192.168.1.196/24 brd 192.168.1.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.1.198/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe76:4b2d/64 scope link valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:76:4b:37 brd ff:ff:ff:ff:ff:ff inet 10.0.0.49/24 brd 10.0.0.255 scope global ens37 valid_lft forever preferred_lft forever inet 10.0.0.100/32 scope global ens37 valid_lft forever preferred_lft forever inet6 fe80::3dcf:cdc5:fb91:b4a4/64 scope link valid_lft forever preferred_lft forever 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000 link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000 link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff

d,在WEB1中ping 虚拟网关可以ping通

[root@localhost keepalived]# ping 10.0.0.100 PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data. 64 bytes from 10.0.0.100: icmp_seq=1 ttl=64 time=0.353 ms 64 bytes from 10.0.0.100: icmp_seq=2 ttl=64 time=0.325 ms 64 bytes from 10.0.0.100: icmp_seq=3 ttl=64 time=0.390 ms 64 bytes from 10.0.0.100: icmp_seq=4 ttl=64 time=0.554 ms 64 bytes from 10.0.0.100: icmp_seq=5 ttl=64 time=0.354 ms

e,在LVS_master,使用curl验证

[root@localhost ~]# curl 192.168.1.198 rs1rs1 [root@localhost ~]# curl 192.168.1.198 rs2rs2

f,在局域网中验证

【3】热备验证

1,关闭LVS_master

[root@localhost ~]# shutdown -h now

2,在LVS_backup查看

VIP和虚拟网关自动绑定到LVS_backup上

[root@localhost keepalived]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8a:7a:01 brd ff:ff:ff:ff:ff:ff inet 192.168.1.197/24 brd 192.168.1.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.1.198/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::8209:4d1d:a7e4:8658/64 scope link valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8a:7a:0b brd ff:ff:ff:ff:ff:ff inet 10.0.0.50/24 brd 10.0.0.255 scope global ens37 valid_lft forever preferred_lft forever inet 192.168.200.131/24 brd 192.168.200.255 scope global dynamic ens37 valid_lft 1432sec preferred_lft 1432sec inet 10.0.0.100/32 scope global ens37 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe8a:7a0b/64 scope link valid_lft forever preferred_lft forever 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000 link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000 link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff [root@localhost ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.198:80 rr -> 10.0.0.51:80 Masq 1 0 1 -> 10.0.0.52:80 Masq 1 0 1

局域网上机器仍能正常访问

 关闭WEB1中的web服务

[root@localhost ~]# systemctl stop nginx

 集群中服务只剩下WEB2了。

[root@localhost ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.198:80 rr -> 10.0.0.52:80 Masq 1 0

开启WEB1中的web服务

[root@localhost ~]# systemctl start nginx

集群中服务又恢复正常

[root@localhost ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.198:80 rr -> 10.0.0.51:80 Masq 1 0 0 -> 10.0.0.52:80 Masq 1 0 0

 

转载请注明原文地址: https://www.6miu.com/read-4049923.html

最新回复(0)