LVS+Keepalived for high availability and load balancing

I. Experimental environment:

[root@a ~]# cat /etc/redhat-release 
CentOS Linux release 7.71908. (Core)

[root@a ~]# uname -a
Linux a 3.10. 0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019X86_64 x86_64 GNU/Linux IP address assignment:10.1010.11.Keepalived:10.1010.14.Web1:10.1010.12.Web2:10.1010.13.VIP:10.1010.100.
Copy the code

Ii. Experimental Purpose:

Services are not affected when the LVS scheduler or web server is down

Three, experimental principle:

1. The client sends a request to the LVS VIP. The source IP address and destination IP address are CIP and VIP respectively, and the source MAC address and destination MAC address are CMAC and DMAC 2 respectively. After receiving the request, LVS dispatches a realserver to respond to the request. The MAC address in the source request is its own MAC address and the destination MAC address is changed to the MAC address of the Realserver. In this case, the source MAC address and destination MAC address are DMAC and RMAC respectively. After receiving the packet, the switch forwards the request to the back-end Realserver based on the destination MAC address. 3. When the Realserver detects that the MAC address in the request packet is the same as that in the destination MAC address, the Realserver receives and processes the request packet. Note: The VIP whose lo interface needs to be configured cannot respond to ARP requests on the local network.

Iv. Experimental Part:

(1) Construct LVS-DR mode

1Stop the NIC daemon (all) systemctl stop NetworkManager && systemctl disable networkManager.service2VIP [root@a ~]# CD /etc/sysconfig/network-scripts/ [root@a network-scripts]# cp -a ifcfg-ens32 ifcfg-ens32:0
[root@a network-scripts]# cat ifcfg-ens32:0
BOOTPROTO=static
DEVICE=ens32:0
ONBOOT=yes
IPADDR=10.1010.100.
PREFIX=24
[root@a network-scripts]# systemctl restart network

3[root@a network-scripts]# echo0 > /proc/sys/net/ipv4/conf/all/send_redirects
[root@a network-scripts]# echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects 
[root@a network-scripts]# echo 0 > /proc/sys/net/ipv4/conf/ens32/send_redirects

4[root@a network-scripts]# yum install -y ipvsadm LVS management tool5Selinux [root@a network-scripts]# systemctl stop firewalld [root@a network-scripts]# systemctl disable firewalld [root@a network-scripts]# setenforce0RS configuration (all) :1[root@a ~]# yum install -y HTTPD [root@a ~]# echo"this is server 1" >> /var/www/html/index.html
[root@a ~]# systemctl restart httpd
[root@a ~]# systemctl enable httpd
[root@a ~]# curl localhost
this is server 1

2VIP [root@a ~]# CD /etc/sysconfig/network-scripts/ [root@a network-scripts]# cp -a ifcfg-lo ifcfg-lo:0
[root@a network-scripts]# cat ifcfg-lo:0
DEVICE=lo:0
IPADDR=10.1010.100.
NETMASK=255.255255.255.
NETWORK=127.0. 0. 0
# If you'Re having problems with making 127.0.0.0/8 a Martian, # you can change this to something else (255.255.255.255, For example) BROADCAST=127.255.255.255 ONBOOT=yes NAME=loopback [root@a network-scripts]# systemctl restart network 3, ARP behavior control [root @ a network - scripts] # echo "1" > / proc/sys/net/ipv4 / conf/lo/arp_ignore [root @ a network - scripts] # echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce [root@a network-scripts]# echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore [root @ a network - scripts] # echo "2" > / proc/sys/net/ipv4 / conf/all/arp_announce refresh [root @ a network - scripts] # sysctl -p [root@a network-scripts]# route add-host 10.10.10.100 dev lo:0 [root@a network-scripts]# echo "route add-host 5, disable firewall and selinux [root@a network-scripts]# systemctl stop firewalld [root@a Network-scripts]# systemctl disable firewalld [root@a network-scripts]# setenforce 0 6. Set the LBC parameters. TCP -s: algorithm -r: real server -g: DR mode [root@a ~]# ipvsadm-a-t 10.10.10.100:80-s RR [root@a ~]# ipvsadm-a-t 10.10.10.100:80-r 10.10.10.12:80-g [root@a ~]# ipvsadm-a-t 10.10.10.100:80 -r 10.10.10.13:80 -g [root@a ~]# ipvsadm-ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.10.10.100:80 rr -> 10.10.10.12:80 Route 100 -> 10.10.10.13:80 Route 100 [root@a ~]# ipvsadm --save > /etc/sysconfig/ipvsadm [root@a ~]# systemctl start ipvsadm.service [root@a ~]# systemctl enable ipvsadm.service The LVS will route the request to RS [root@a network-scripts]# ipvsadm-ln --stats IP Virtual Server version 1.2.1 (size=4096) Prot as rr LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 10.10.10.1001:80 24 164 0 24880 0 -> 10.10.10.12:80 12 94 0 16209 0 -> 10.10.10.13:80 12 70 0 8671 0Copy the code

(2) deployment keepalived

[root@a ~]# CD /etc/sysconfig/network-scripts/ [root@a ~]# SCP./ifcfg-ens32:0 10.1010.14.:/etc/sysconfig/network-scripts/ifcfg-ens32:0/ root @ a ~ # yum install - y keepalived # configuration keepalived configuration file/root @ a ~ # cat/etc/keepalived/keepalived conf | head -50
! Configuration File for keepalived

global_defs {
   router_id R1
}

vrrp_instance VI_1 {
    state MASTER
    interface ens32
    virtual_router_id 66
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
	10.1010.100.    
}
}

virtual_server 10.1010.100. 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 10.1010.12. 80 {
        weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80        
}
}
real_server 10.1010.13. 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80}}} The configurations on secondary nodes are the same. Modify the following Settings: Router_id R2 state SLAVE Priority20Ipvsadm [root@a network-scripts]# yum install -y ipvsadm [root@a network-scripts]# ipvsadm -l IP Virtual Server version1.21. (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn [root@a network-scripts]# systemctl restart Keepalived [root@a network-scripts]# ipvsadm  -Ln IP Virtual Server version1.21. (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.1010.100.:80 rr persistent 50
  -> 10.1010.12.:80             Route   1      0          0         
  -> 10.1010.13.:80             Route   1      0          0     
Copy the code

(3) Test

Disconnect the NETWORK card of the LVS scheduler and test again Disconnect the Web1 server