Skip to main content

LVS + keepalived

[LVS/NAT + keepalived](#LVS-NAT 模式) | [LVS/DR + keepalived](#LVS-DR 模式)

LVS-NAT 模式

  1. 测试环境
服务器类型公网ip内网ip
LVS VIP172.16.1.99192.168.1.2
Keepalived Master172.16.1.134192.168.1.131
Keepalived Backup172.16.1.138192.168.1.138
Realserver 1192.168.1.130
Realserver 2192.168.1.129

⚠️注意: MASTER和BACKUP主机上需开启net.ipv4.ip_forward内核转发,并且后端RS1和RS2的默认网关应指为192.168.1.2

  1. Keepalived 完整配置文件内容如下
! Configuration File for keepalived

global_defs {
notification_email {
agou-ops@foxmail.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master
vrrp_mcast_group4 224.1.111.1
}

vrrp_sync_group VG1 {
group {
VI_1
VI_GATEWAY
}
}

vrrp_instance VI_1 {
state MASTER # ---备用主机更换为BACKUP
interface ens33
lvs_sync_daemon_inteface ens33
virtual_router_id 51
priority 100 # ---备用主机适当降低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass GU6hbFS4
}
virtual_ipaddress {
172.16.1.99 # LVS VIP公网IP地址
}
}


vrrp_instance VI_GATEWAY {
state MASTER # ---备用主机更换为BACKUP
interface ens37
lvs_sync_daemon_inteface ens37
virtual_router_id 51
priority 100 # ---备用主机适当降低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass GU6hbFS4
}
virtual_ipaddress {
192.168.1.2 # LVS VIP内网IP地址
}
}


virtual_server 172.16.1.99 80 {
delay_loop 1
lb_algo wrr
lb_kind NAT
protocol TCP
sorry_server 127.0.0.1 80

real_server 192.168.1.130 80 { # RS1
weight 2
HTTP_GET {
url {
path /index.html
status_code 200
}
nb_get_retry 3
delay_before_retry 2
connect_timeout 4
}
}
real_server 192.168.1.129 80 { # RS2
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
nb_get_retry 3
delay_before_retry 2
connect_timeout 4
}
}
}
  1. 客户机网站测试
suofeiya@suofeiya-15ISK:~$ while true;do curl 172.16.1.99;sleep 1;done
<h1>Backend RS1</h1>
<h1>Backend RS2</h1>
<h1>Backend RS1</h1>
<h1>Backend RS1</h1>
<h1>Backend RS2</h1>
<h1>Backend RS1</h1>
<h1>Backend RS1</h1>
<h1>Backend RS2</h1>
...

主备节点宕机VIP转移测试

# 手动关闭master节点的keepalived模拟宕机行为
[root@master ~]\# systemctl stop keepalived
# 在备用节点上查看状态
[root@master-1 ~]\# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2020-04-04 18:42:27 CST; 1s ago
Process: 4556 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 4557 (keepalived)
CGroup: /system.slice/keepalived.service
├─4557 /usr/sbin/keepalived -D
├─4558 /usr/sbin/keepalived -D
└─4559 /usr/sbin/keepalived -D

Apr 04 18:42:27 master Keepalived_vrrp[4559]: Unknown keyword 'lvs_sync_daemon_inteface'
Apr 04 18:42:27 master Keepalived_vrrp[4559]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 04 18:42:27 master Keepalived_vrrp[4559]: VRRP_Instance(VI_GATEWAY) removing protocol VIPs.
Apr 04 18:42:27 master Keepalived_vrrp[4559]: Using LinkWatch kernel netlink reflector...
Apr 04 18:42:27 master Keepalived_vrrp[4559]: VRRP_Instance(VI_1) Entering BACKUP STATE
Apr 04 18:42:27 master Keepalived_vrrp[4559]: VRRP_Instance(VI_GATEWAY) Entering BACKUP STATE
Apr 04 18:42:27 master Keepalived_vrrp[4559]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Apr 04 18:42:27 master Keepalived_vrrp[4559]: VRRP sockpool: [ifindex(3), proto(112), unicast(0), fd(12,13)]
Apr 04 18:42:27 master Keepalived_healthcheckers[4558]: Activating healthchecker for service [172.16.1.99]:80
Apr 04 18:42:27 master Keepalived_healthcheckers[4558]: Activating healthchecker for service [172.16.1.99]:80
# 查看VIP是否到手
[root@master ~]\# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:50:bb:aa brd ff:ff:ff:ff:ff:ff
inet 172.16.1.138/24 brd 172.16.1.255 scope global noprefixroute dynamic ens33
valid_lft 1058sec preferred_lft 1058sec
inet` 172.16.1.99/32` scope global ens33
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:50:bb:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.132/24 brd 192.168.1.255 scope global noprefixroute dynamic ens37
valid_lft 1561sec preferred_lft 1561sec
inet 192.168.1.2/32 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::991a:e225:4c8c:1cf9/64 scope link noprefixroute
valid_lft forever preferred_lft forever

# 在master节点上查看组播情况
[root@master ~]\# tcpdump -i ens33 -nn host 224.1.111.1
18:46:04.783459 IP 172.16.1.134 > 224.1.111.1: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
18:46:05.784773 IP 172.16.1.134 > 224.1.111.1: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
18:46:06.786493 IP 172.16.1.134 > 224.1.111.1: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
18:46:07.788104 IP 172.16.1.134 > 224.1.111.1: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
18:46:08.055519 IP 172.16.1.134 > 224.1.111.1: VRRPv2, Advertisement, vrid 51, prio 0, authtype simple, intvl 1s, length 20
18:46:08.680212 IP 172.16.1.138 > 224.1.111.1: VRRPv2, Advertisement, vrid 51, prio 97, authtype simple, intvl 1s, length 20
18:46:09.304072 IP 172.16.1.138 > 224.1.111.1: VRRPv2, Advertisement, vrid 51, prio 97, authtype simple, intvl 1s, length 20
18:46:10.304891 IP 172.16.1.138 > 224.1.111.1: VRRPv2, Advertisement, vrid 51, prio 97, authtype simple, intvl 1s, length 20
# 此处可发现备用节点已收到组播通告

LVS-DR 模式

  1. 测试环境
服务器类型IP地址
Lvs VIP172.16.1.99
Keepalived Master172.16.1.134
Keepalived Backup172.16.1.138
Realserver 1172.16.1.135
Realserver 2172.16.1.136
  1. 后端 RS1和RS2 所需操作(以RS1为例)
# 为方便起见,此处使用shell脚本,脚本内容如下
[root@node01 ~]\# cat lvs-rs.sh
#!/bin/bash
vip='172.16.1.99'
mask='255.255.255.255'
dev='lo:1'

case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#ifconfig $dev $vip netmask $mask
ip addr add $vip/32 label lo:1 dev lo
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac

分别在 RS1和RS2 上执行sh lvs-rs.sh start 命令,然后查看VIP信息(以RS1为例)

[root@node01 ~]\# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet` 172.16.1.99/32` scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
  1. Keepalived 完整配置文件内容如下
! Configuration File for keepalived

global_defs {
notification_email {
agou-ops@foxmail.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master
vrrp_mcast_group4 224.1.111.1
}

vrrp_instance VI_1 {
state MASTER # ---备用主机更换为BACKUP
interface ens33
lvs_sync_daemon_inteface ens33
virtual_router_id 51
priority 100 # ---备用主机适当降低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass GU6hbFS4
}
virtual_ipaddress {
172.16.1.99/32 dev ens33 label ens33:0 # LVS VIP地址
}
}
virtual_server 172.16.1.99 80 {
delay_loop 1
lb_algo wrr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80

real_server 172.16.1.135 80 { # RS1
weight 2
HTTP_GET {
url {
path /index.html
status_code 200
}
nb_get_retry 3
delay_before_retry 2
connect_timeout 4
}
}
real_server 172.16.1.136 80 { # RS2
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
nb_get_retry 3
delay_before_retry 2
connect_timeout 4
}
}
}
  1. 客户端网站测试
suofeiya@suofeiya-15ISK:~$ while true;do curl 172.16.1.99;sleep 1;done
<h1>Backend RS2</h1>
<h1>Backend RS1</h1>
<h1>Backend RS1</h1>
<h1>Backend RS2</h1>
<h1>Backend RS1</h1>
...

主备节点宕机VIP转移测试:参考上面NAT模式的步骤