LVS负载均衡

服务器IP地址ipvsadm命令详解LVS负载均衡调度算法虚拟服务实例一 添加一个虚拟服务查看lvs路由规则表查看目前ipvs调度状态删除为虚拟服务提供web功能的真实服务器虚拟服务规则表备份与还原　修改虚拟服务的调度算法 虚拟服务实例二 DR模式wrr NAT模式实验 原理关闭iptables和selinux编写执行脚本3更改所有realserver的网关为lvs的ip4测试 测试脚本

服务器IP地址

名称网络接口IP地址lvseth2192.168.1.113lvseth1192.168.139.142web1eth0192.168.139.144web2eth0192.168.139.129web3eth0192.168.139.131

ipvsadm命令详解

ipvsadm 选项 服务器地址 -s 算法 ipvsadm 选项 服务器地址 -r 真实服务器地址 [工作模式] [ 权重]

header 1header 2-A添加一个虚拟服务，使用IP地址、端口号，协议来唯一定义一个虚拟服务-E编辑一个虚拟服务-D删除一个虚拟服务-C清空虚拟服务表-R从标准输入中还原虚拟服务规则-S保存虚拟服务规则值标准输出，输出的规则可以使用-R导入还原-a在虚拟服务中添加一台真实服务器-e在虚拟服务中编辑一台真实服务器-d在虚拟服务中删除一台真实服务器-L显示虚拟服务列表-t使用TCP服务，该参数后需要跟主机与端口信息-u使用udp服务，该参数后需要跟主机与端口信息-s指定lvs的的调度算法-r设置真实服务器IP地址与端口信息-g设置lvs工作模式为DR直接路由模式-i设置lvs工作模式为TUN隧道模式-m设置lvs工作模式为NAT地址转换模式-w指定服务器的权重-c连接状态，配合-L使用-n数字格式输出

LVS负载均衡调度算法

header 1header 2轮询调度RR加权轮询WRR最小连接调度LC加权最小连接WLC基于局部性最少的连接lblc带复制的基于局部性最少的连接lblcr目标地址散列调度DH源地址散列调度SH

虚拟服务实例一

添加一个虚拟服务

ipvsadm -A -t 192.168.1.113:80 -s rr ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.129:80 -m ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.131:80 -m ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.144:80 -m

查看lvs路由规则表

# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.113:80 rr -> 192.168.139.129:80 Masq 1 0 0 -> 192.168.139.131:80 Masq 1 0 0 -> 192.168.139.144:80 Masq 1 0 0

查看目前ipvs调度状态

# ipvsadm -Lnc

删除为虚拟服务提供web功能的真实服务器

# ipvsadm -d -t 192.168.1.113:80 -r 192.168.139.144:80 # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.113:80 rr -> 192.168.139.129:80 Masq 1 0 0 -> 192.168.139.131:80 Masq 1 0 0

虚拟服务规则表备份与还原

# ipvsadm -S > /tmp/ip_vs.bak ##备份规则表 # ls -l /tmp/ip_vs.bak -rw-r--r-- 1 root root 202 Jun 7 20:51 /tmp/ip_vs.bak # ipvsadm -C ##清空规则表 # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn # # ipvsadm -R < /tmp/ip_vs.bak ## 从文件恢复 [root@centos6 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.113:80 rr -> 192.168.139.129:80 Masq 1 0 0 -> 192.168.139.131:80 Masq 1 0 0 -> 192.168.139.144:80 Masq 1 0 0

　修改虚拟服务的调度算法

# ipvsadm -E -t 192.168.1.113:80 -s wrr # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.113:80 wrr -> 192.168.139.129:80 Masq 1 0 0 -> 192.168.139.131:80 Masq 1 0 0 -> 192.168.139.144:80 Masq 1 0 0

虚拟服务实例二

DR模式，wrr

# ipvsadm -A -t 192.168.1.113:80 -s wrr # ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.129:80 -g -w 1 # ipvsadm -a -t 192.168.1.113:80 -r 192.168.139.144:80 -g -w 2 # ipvsadm -e -t 192.168.1.113:80 -r 192.168.139.131:80 -g -w 3 # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.113:80 wrr -> 192.168.139.129:80 Route 1 0 0 -> 192.168.139.131:80 Route 3 0 0 -> 192.168.139.144:80 Route 2 0 0

NAT模式实验

原理

1 关闭iptables和selinux

2 编写执行脚本

#!/bin/bash # director 服务器上开启路由转发功能: echo 1 > /proc/sys/net/ipv4/ip_forward # 关闭 icmp 的重定向 echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects # director 设置 nat 防火墙 /sbin/iptables -t nat -F /sbin/iptables -t nat -X /sbin/iptables -t nat -A POSTROUTING -s 192.168.139.0/24 -j MASQUERADE #这部分是针对回报更改源ip地址的 # director 设置 ipvsadm IPVSADM='/sbin/ipvsadm' $IPVSADM -C $IPVSADM -A -t 192.168.1.199:80 -s rr $IPVSADM -a -t 192.168.1.199:80 -r 192.168.139.254:80 -m #这部分是针对发包更改目标地址的 $IPVSADM -a -t 192.168.1.199:80 -r 192.168.139.253:80 -m $IPVSADM -a -t 192.168.1.199:80 -r 192.168.139.252:80 -m

3更改所有realserver的网关为lvs的ip

4测试

测试脚本

# -*- coding: utf-8 -*- import requests import time def getHTMLText(url): try: r = requests.get(url) r.raise_for_status() r.encoding = r.apparent_encoding #return r.text return r.text except: return '产生异常' if __name__ == "__main__": url = "http://192.168.1.199/" for i in range(1000): time.sleep(2) print(getHTMLText(url) + time.ctime())

tupdump监控的包的时间

tcpdump -nn -i eth0 tcp and port 80 and src host 192.168.1.106 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 22:44:44.674731 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [S], seq 2841949030, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:44:44.675656 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [.], ack 1384177409, win 2053, length 0 22:44:44.675736 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [P.], seq 0:144, ack 1, win 2053, length 144 22:44:44.677485 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [.], ack 290, win 2052, length 0 22:44:44.678669 IP 192.168.1.106.51729 > 192.168.139.252.80: Flags [F.], seq 144, ack 290, win 2052, length 0 22:44:46.698341 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [S], seq 692870389, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:44:46.700948 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [.], ack 2177794250, win 256, length 0 22:44:46.701147 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [P.], seq 0:144, ack 1, win 256, length 144 22:44:46.704619 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [.], ack 290, win 255, length 0 22:44:46.707583 IP 192.168.1.106.51730 > 192.168.139.253.80: Flags [F.], seq 144, ack 290, win 255, length 0 22:44:48.724503 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [S], seq 1622299946, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:44:48.727207 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [.], ack 2671677042, win 256, length 0 22:44:48.727433 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [P.], seq 0:144, ack 1, win 256, length 144 22:44:48.731488 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [.], ack 290, win 255, length 0 22:44:48.735640 IP 192.168.1.106.51731 > 192.168.139.254.80: Flags [F.], seq 144, ack 290, win 255, length 0

python脚本执行结果的输出时间

web3:192.168.139.252 Wed Jun 7 22:44:44 2017 web2:192.168.139.253 Wed Jun 7 22:44:46 2017 web1:192.168.139.254 Wed Jun 7 22:44:48 2017 web3:192.168.139.252

通过时间对比，显示时间是相同的。