查看系统是否支持IPVS功能
[root@nginx ~]# grep -i 'ipvs' /boot/config-2.6.18-308.el5
# IPVS transport protocol load balancing support
# IPVS scheduler
# IPVS application helper
[root@nginx ~]# grep -i 'vs' /boot/config-2.6.18-308.el5
# CONFIG_X86_VSMP is not set
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
# IPVS transport protocol load balancing support
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
# IPVS scheduler
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
# IPVS application helper
CONFIG_IP_VS_FTP=m
CONFIG_SCSI_MVSAS=m
CONFIG_MOUSE_VSXXXAA=m
CONFIG_MAX_RAW_DEVS=8192
安装ipvsadm
[root@nginx yum.repos.d]# yum install ipvsadm
Loaded plugins: katello, product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ipvsadm.x86_64 0:1.24-13.el5 set to be updated
--> Finished Dependency Resolution Dependencies Resolved ===========================================================================================================================================
Package Arch Version Repository Size
===========================================================================================================================================
Installing:
ipvsadm x86_64 1.24-13.el5 Cluster 34 k Transaction Summary
===========================================================================================================================================
Install 1 Package(s)
Upgrade 0 Package(s) Total download size: 34 k
Is this ok [y/N]: y
一、配置不带权重的NAT模式
配置RealServer的IP,指定路由route add -net 128.0.0.0 netmask 255.255.2550 -gw 128.10.10.7。在RS1和RS2上安装httpd的服务,并在主目录中指定index.html。
[root@saltstack1 ~]# ifconfig
eth1 Link encap:Ethernet HWaddr 00:50:56:BF:16:DF
inet addr:128.10.10.8 Bcast:128.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:febf:16df/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15733 errors:0 dropped:0 overruns:0 frame:0
TX packets:5082 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1404837 (1.3 MiB) TX bytes:551125 (538.2 KiB) [root@saltstack1 ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
128.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 128.10.10.7 0.0.0.0 UG 0 0 0 eth1
在Director上配置管理集群服务和RealServer。
[root@nginx ~]# ipvsadm -A -t 192.168.144.44:80 -s rr
[root@nginx ~]# ipvsadm -a -t 192.168.144.44:80 -r 128.10.10.8 -m
[root@nginx ~]# ipvsadm -a -t 192.168.144.44:80 -r 128.10.10.9 -m
[root@nginx ~]# ipvsadm -L -n
配置完成即可访问页面,可以在另一台机器上利用ab访问Director。
[root@redhat5 ~]# ab -n 1000 -c 100 http://192.168.144.44/index.html
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/ Benchmarking 192.168.144.44 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Finished 1000 requests Server Software: Apache/2.2.3
Server Hostname: 192.168.144.44
Server Port: 80 Document Path: /index.html
Document Length: 19 bytes Concurrency Level: 100
Time taken for tests: 0.164052 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 287000 bytes
HTML transferred: 19000 bytes
Requests per second: 6095.63 [#/sec] (mean)
Time per request: 16.405 [ms] (mean)
Time per request: 0.164 [ms] (mean, across all concurrent requests)
Transfer rate: 1706.78 [Kbytes/sec] received Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.9 1 3
Processing: 2 7 1.7 7 12
Waiting: 1 6 1.5 6 11
Total: 3 8 1.6 8 14
WARNING: The median and mean for the initial connection time are not within a normal deviation
These results are probably not that reliable. Percentage of the requests served within a certain time (ms)
50% 8
66% 9
75% 9
80% 10
90% 10
95% 11
98% 11
99% 12
100% 14 (longest request)
查看LB的结果:
[root@nginx conf]# ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.144.44:80 2153 10768 10714 829842 1180968
-> 128.10.10.9:80 1077 5388 5350 415182 590281
-> 128.10.10.8:80 1076 5380 5364 414660 590687
二、配置带权重的NAT模式
在Director上修改配置
[root@nginx conf]# ipvsadm -E -t 192.168.144.44:80 -s wrr
[root@nginx conf]# ipvsadm -e -t 192.168.144.44:80 -r 128.10.10.8 -m -w 1
[root@nginx conf]# ipvsadm -e -t 192.168.144.44:80 -r 128.10.10.9 -m -w 3
利用ab测试
[root@redhat5 ~]# ab -n 10000 -c 1000 http://192.168.144.44/index.html
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/ Benchmarking 192.168.144.44 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests Server Software: Apache/2.2.3
Server Hostname: 192.168.144.44
Server Port: 80 Document Path: /index.html
Document Length: 19 bytes Concurrency Level: 1000
Time taken for tests: 3.244388 seconds
Complete requests: 10000
Failed requests: 0
Write errors: 0
Total transferred: 2870000 bytes
HTML transferred: 190000 bytes
Requests per second: 3082.25 [#/sec] (mean)
Time per request: 324.439 [ms] (mean)
Time per request: 0.324 [ms] (mean, across all concurrent requests)
Transfer rate: 863.65 [Kbytes/sec] received Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 30 290.9 0 3001
Processing: 0 112 437.9 21 3047
Waiting: 0 111 437.9 21 3046
Total: 0 143 524.1 22 3079 Percentage of the requests served within a certain time (ms)
50% 22
66% 23
75% 23
80% 24
90% 54
95% 656
98% 3003
99% 3056
100% 3079 (longest request)
查看IPVS结果:
[root@nginx conf]# ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.144.44:80 15622 79622 76600 6055987 8484211
-> 128.10.10.9:80 11179 57362 54470 4394656 6034844
-> 128.10.10.8:80 4443 22260 22130 1661331 2449367
三、配置DR模型,规划如下:
DIP:192.168.144.44
VIP:192.168.144.45 RS1:192.168.144.49
RS2:192.168.144.50
首先在RS上配置IP和路由,因为每台RS上都需要配置VIP,因此需要设置参数arp_ignore和arp_announce,这两个参数的含义如下:
arp_ignore:接收到ARP请求时的响应级别
:只要本地配置有相应地址就会响应
:仅仅在目标IP是本地地址并且配置在请求进来的接口上时才进行响应
arp_announce:将自己地址向外通告时的通告级别
:将本机上的任何接口的任何地址向外通告;
:试图仅向目标网络通告与其网络匹配的地址;
:仅向与本地接口上地址匹配的网络进行通告; #echo > /proc/sys/net/ipv4/conf/eth0/arp_ignore
#echo > /proc/sys/net/ipv4/conf/all/arp_ignore
#echo > /proc/sys/net/ipv4/conf/eth0/arp_announce
#echo > /proc/sys/net/ipv4/conf/all/arp_announce
配置好这两个参数之后才可以进行IP和路由的配置(如果RS上的VIP和CIP不在同一网段,那么必须通过路由出去)
# ifconfig lo: 192.168.144.45 netmask 255.255.255.255 broadcast 192.168.144.45 up
# route add -host 192.168.144.45 dev lo:
最后在Director的服务器上配置虚拟IP和路由:
# ifconfig eth0: 192.168.144.45/.
# route add -host 192.168.144.45 dev eth0:
然后在Director上设置IPVS的管理集群服务:
ipvsadm -A -t 192.168.144.45: -s rr
ipvsadm -a -t 192.168.144.45: -r 192.168.144.49 -g -w
ipvsadm -a -t 192.168.144.45: -r 192.168.144.50 -g -w
LVS持久连接:
无论使用什么算法,LVS持久连接都能实现在一定时间内,将来自同一客户端请求派发至此前选定的RS。
持久连接模板(内存缓冲区):
每一个客户端以及分配给它的RS的映射关系
ipvsadm -A|E ...-p timeout:
timeout:默认300s
PPC:将来自同一个客户端对同一个集群服务的请求始终定向至此前选定的RS,持久端口连接。
PCC:将来自同一个客户端对所有端口的请求,始终定向至此前选定的RS,持久客户端连接。
PNMPP:持久防火墙标记连接
iptables -t mangle -A PREROUTING -d $VIP -p tcp --dport $ClusterPORT -i $INCARD -j MARK --set-mark $VALUE