Shulou(Shulou.com)06/01 Report--

Persistent connection PPC mode, PCC mode, firewall tag

[LVS] my system is X86

Ipvsadm function is similar to Iptables.

Manage the addition, deletion and modification of cluster services

Manage the addition, deletion and modification of RS

View-L

[sharpening the knife without mistakenly chopping the firewood] look carefully and don't make a mistake.

Both RS install 192.168.3.123 192.168.3.87

Gateways are all the same.

Route add default gw 192.168.3.77

[try out persistent connections on different ports]

Yum-y install telnet-serveryum-y install httpdsetenforce 0service iptables stop

Test the web page

Be sure to ensure the unity of time

Look at the web page

Curl localhost

Look at the head.

Curl-I localhost

DR-LVS host dual network card 172.16.0.43192.168.3.77

Yum-y install ipvsadm

Iptables must be closed

Iptables service iptables stop

Turn on the network card forwarding function

Echo 1 > / proc/sys/net/ipv4/ip_forward

* changed to wr rule * *

Add-Native-rr Rul

Ipvsadm-A-t 172.16.0.43 ipvsadm 80-s rripvsadm-a-t 172.16.0.43 ipvsadm 80-r 192.168.3.87-mipvsadm-a-t 172.16.0.43 mipvsadm 80-r 192.168.3.123-m

View

Ipvsadm-l-n

[Ok test succeeded and two hosts were dispatched successfully]

View statu

Ipvsadm-l-n-- stats

* changed to wr rule weight *

E | e is modified

Ipvsadm-E-t 172.16.0.43 ipvsadm 80-s wrripvsadm-e-t 172.16.0.43 6ipvsadm 80-r 192.168.3.87-m-w 6ipvsadm-e-t 172.16.0.43 6ipvsadm 80-r 192.168.3.123-m-w 1

= local pressure test

Yum-y install httpd*

Open the web service

Service httpd start

Static pressure test

Ab-c 100-n 10000 http://172.16.0.43/index.html

You can see the number of times per host.

Ipvsadm-l-n-stats

Save the rules of writing

Service ipvsadm saveipvsadm: Saving IPVS table to / etc/sysconfig/ipvsadm: [OK]

Look at what's still connected.

Ipvsadm-L-c

* DR model *

VIP 172.16.0.1

DIP 172.16.0.2

[these three are connected to one switch]

[DR:]

Eth0: 172.16.0.2

Eth0:0 172.16.0.1 alias

[RS 1:]

Eth0: 172.16.0.7

Default gw 172.16.0.111

[RS 2:]

Eth0: 172.16.0.8

Default gw 172.16.0.111

[delete the route that added the error]

Route del-net 0.0.0.0 route del 32 gw 192.168.3.4

Close the ARP request for RS1

Cd / proc/sys/net/ipv4/conf/#sysctl-w net.ipv4.conf.eth0.arp_announce=2#sysctl-w net.ipv4.conf.all.arp_announce=2#echo 1 > / proc/sys/net/ipv4/conf/eth0/arp_ignore # echo 1 > / proc/sys/net/ipv4/conf/all/arp_ignore View cat / proc/sys/net/ipv4/conf/eth0/arp_ignore View cat / proc/sys/net/ipv4/conf/all/arp_ignore

Change to VIP ARP test

Ifconfig lo:0 172.16.0.1 ifconfig lo:0 16 [same IP as the host of Derectory]

Win7 to ping 172.16.0.1

Show links that can be used for ping

Find out which MAC responds to this IP in win7.

Arp-a

Interface: 172.16.0.100-0xb

Internet address physical address type

172.16.0.00-0c-29-01-2a-5e dynamic

00-0c-29-01-2a-5e corresponds to Derectory's MAC rather than RS1's

The test was successful!

Close the ARP request for RS2

# echo 2 > / proc/sys/net/ipv4/conf/eth0/arp_announce # echo 2 > / proc/sys/net/ipv4/conf/all/arp_announce # echo 1 > / proc/sys/net/ipv4/conf/eth0/arp_ignore# echo 1 > / proc/sys/net/ipv4/conf/all/arp_ignore# ifconfig lo:0 172.16.0.1 up

Again, ping's is not RS's network card.

[continue to configure RS1]

They are all network addresses, and they are the only ones who broadcast on the intranet.

# ifconfig lo:0 down# ifconfig lo:0 172.16.0.1 broadcast 172.16.0.1 netmask 255.255.255.255 up# route add-host 172.16.0.1 dev lo:0

[continue to configure RS2]

They are all network addresses, and they are the only ones who broadcast on the intranet.

# ifconfig lo:0 down# ifconfig lo:0 172.16.0.1 broadcast 172.16.0.1 netmask 255.255.255.255 up# route add-host 172.16.0.1 dev lo:0 [lo:0 targeting 172.16.0.1 as export device]

[Direc host]

Ipvsadm-L-n view

# route add-host 172.16.0.1 dev eth2:0

[Directory tests RS1 and RS2]

[root@localhost ~] # curl 172.16.0.7 S2 192.168.3.123 [root@localhost ~] # curl 172.16.0.8 LCL 192.168.3.87 Ok!

* wlc rules *

[settings for Directory DIP]

Add-Native-wlc Rul

# ipvsadm-A-t 172.16.0.1 wlc# ipvsadm 80-s wlc# ipvsadm-a-t 172.16.0.1 nIP Virtual Server version 80-r 172.16.0.7 ipvsadm-a-t 172.16.0.1 nIP Virtual Server version 80-r 172.16.0.8 ipvsadm-L-nIP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172 16.0.1 wlc 80 wlc-> 172.16.0.7 Route 80 Route 500-> 172.16.0.8 Route 200 # service iptables stop# echo 1 > / proc/sys/net/ipv4/ip_forward# setenforce 0win7 visit 172.16.0.1 successfully schedule RS1 and RS2

[shell Array exercise]

[root@localhost ~] # RS= ("192.168.0.1"172.168.0.4") [root@localhost ~] # echo ${RS} 192.168.0.1 [root@localhost] # echo ${# RS} 11 [root@localhost ~] # echo ${# RS [0]} 11 [root@localhost ~] # echo ${# RS [*]} 2 [root@localhost ~] # echo ${# RS [*]} [root@localhost ~] # echo ${RS [*]} 192.168.0.1 172.168.0.4

* DR model LVS *

[shortcomings] casually shut down a RS machine, and when DIP points to this machine, the browser will not respond and does not support health check

[extension] the use of deletions such as

Ipvsadm-d-t 172.16.0.1 80-r 127.0.0.1

Add the local DIP 172.16.0.2 to VIP 172.16.0.1

Decisively start the native web service test

Ipvsadm-a-t 172.16.0.1 ipvsadm 80-r 172.16.0.2 ipvsadm 80-g-w 5ipvsadm-a-t 172.16.0.1 80-r 127.0.0.1-g-w 5

The two effects are the same.

Ipvsadm-L-n view

* LVS Health Management *

Ipvsadm-L-n view

Bash-x health.sh execution

RS is the back server VIP

Machines can be automatically added and eliminated according to the health status of RS.

The premise is that you initialize the two executing services, otherwise you will not be able to add them automatically.

[root@localhost] # ipvsadm-l-nIP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.16.0.1 Prot LocalAddress:Port Scheduler Flags 80 wlc-> 172.16.0.7 nIP Virtual Server version 80 Route 200-> 172.16.0.8 nIP Virtual Server version 80 Route 100 0

RS Health check script sample version 1:

#! / bin/bashVIP=172.16.0.1CPORT=80FAIL_BACK=127.0.0.1RS= ("172.16.0.7"172.16.0.8") RSTATUS= ("1"1") RW= ("2"1") RPORT=80TYPE=gadd () {ipvsadm-a-t $VIP:$CPORT-r $1:$RPORT-$TYPE-w $2 [?-eq 0] & & return 0 | | return 1} del () {ipvsadm- D-t $VIP:$CPORT-r $1:$RPORT [$?-eq 0] & & return 0 | | return 1} while: Do let COUNT=0 for I in ${RS [*]}; do if curl-- connect-timeout 1 http://$I & > / dev/null; then if [${RSTATUS [$COUNT]}-eq 0]; then add $I ${RW [$COUNT]} [$?-eq 0] & & RSTATUS [$COUNT] = 1 fi else if [${RSTATUS [$COUNT]}-eq 1] Then del $I [$?-eq 0] & & RSTATUS [$COUNT] = 0 fi fi let COUNT++ done sleep 5 minutes *

Sample RS health check script version 2:

Check the number of times before CHKLOOP=3 kicks you out.

Tail-f / var/log/ipvsmonitor.log

There are records of when they disappeared and when they came back.

#! / bin/bash#VIP=192.168.10.3CPORT=80FAIL_BACK=127.0.0.1RS= ("192.168.10.7"192.168.10.8") declare-a RSSTATUSRW= ("2"1") RPORT=80TYPE=gCHKLOOP=3LOG=/var/log/ipvsmonitor.logaddrs () {ipvsadm-a-t $VIP:$CPORT-r $1:$RPORT-$TYPE-w $2 [$?-eq 0] & & return 0 | | return 1} delrs () {ipvsadm-d-t $VIP:$CPORT -r $1:$RPORT [$?-eq 0] & & return 0 | | return 1} checkrs () {local item1 while [$I-le $CHKLOOP] Do if curl-- connect-timeout 1 http://$1 & > / dev/null; then return 0 fi let Illustration + done return 1} initstatus () {local I local COUNT=0; for I in ${RS [*]}; do if ipvsadm-L-n | grep "$I:$RPORT" & & > / dev/null; then RSSTATUS [$COUNT] = 1 else RSSTATUS [$COUNT] = 0 fi let COUNT++ done} initstatuswhile:; do let COUNT=0 for I in ${RS [*]}; do if checkrs $I Then if [${RSSTATUS [$COUNT]}-eq 0]; then addrs $I ${RW [$COUNT]} [$?-eq 0] & & RSSTATUS [$COUNT] = 1 & & echo "`date +'% F% date% MVR% S'`, $I is back." > > $LOG fi else if [${RSSTATUS [$COUNT]}-eq 1] Then delrs $I [$?-eq 0] & & RSSTATUS [$COUNT] = 0 & & echo "`date +'% F% HGV% MV% S``, $I is gone." > > $LOG fi fi let COUNT++ done sleep 5 million dollars

[persistent connection PPC mode]

Default 300 seconds

[root@localhost] # ipvsadm-L-cIPVS connection entriespro expire state source virtual destinationTCP 01:50 FIN_WAIT 172.16.0.100 purl 58792 172.16.0.1:http 172.16.0.7:http

Modify the scheduling algorithm to polling

Ipvsadm-E-t 172.16.0.1 80-s rr

Modify the scheduling algorithm to polling. The default-p 300 seconds can be changed to 600 seconds without writing.

Ipvsadm-E-t 172.16.0.1 80-s rr-p 600

Now no matter how I refresh the page, http://172.16.0.1/ has always been the same page.

View persistent connection status

Ipvsadm-L-n-- persistent-conn

Configure RS server, both need to be configured.

Chkconfig telnet onservice xinetd restartnetstat-tnlp to see if port 23 is enabled. Root login is not allowed by default. Add an ordinary user hadoopuseradd hadooppasswd hadoop.

Both do connection tests.

Connection Test Xshell:\ > telnet 172.16.0.8

View Nic information $/ sbin/ifconfig

Put telnet service into LVS

# ipvsadm-A-t 172.16.0.1 ipvsadm 23-s rr# ipvsadm-a-t 172.16.0.1 ipvsadm 23-r 172.16.0.7-g-w. 0. 7-g-w 1

Login test Xshell:\ > telnet 172.16.0.1 test several times / sbin/ifconfig can see which RS provides the service

Tletnet persistent connection ipvsadm-E-t 172.16.0.1 rr 23-s rr-p 4000

Xshell:\ > telnet 172.16.0.1 will last for the first time

No matter how many times you log in in 4000 seconds, this RS will still serve you.

At this time, it is in PPC mode, which is persistent for only one port. It is not persistent because it accesses different service ports like IP.

-

Look at persistent connection information

Ipvsadm-l-n-cIPVS connection entriespro expire state source virtual destinationTCP 14:19 ESTABLISHED 172.16.0.100 172.16.0.8:23TCP 59564 172.16.0.1 172.16.0.8:23TCP 00:47 ESTABLISHED 172.16.0.100 ESTABLISHED 59441 172.16.0.1 ESTABLISHED 23 172.16.0.8

Persistent connection PCC mode

Clear ipvsadm-C

Ps-aux to see if there is a messy bash script

Port 0 defines all ports as cluster services and forwards them to RS.

# ipvsadm-A-t 172.16.0.1 ipvsadm 0-s rr-p 60 ipvsadm-a-t 172.16.0.1 ipvsadm-a-t 172.16.0.7-g-w ipvsadm-a-t 172.16.0.1 ipvsadm-a-t 172.16.0.1 ipvsadm-L-nIP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.16 .0.1Route 0 rr persistent 600-> 172.16.0.7 Route 0 Route 200-> 172.16.0.8 Route 200 [root@localhost ~] #

Now no matter whether you open web,telnet,ssh, service, for your IP, it is a fixed RS for you.

Look at persistent connection information

Ipvsadm-l-n-cIPVS connection entriespro expire state source virtual destinationTCP 14:19 ESTABLISHED 172.16.0.100 172.16.0.8:23TCP 59564 172.16.0.1 172.16.0.8:23TCP 00:47 ESTABLISHED 172.16.0.100 ESTABLISHED 59441 172.16.0.1 ESTABLISHED 23 172.16.0.8

Firewall tagging

Emptying rule

Mark 0-99, as long as you don't repeat it.

Read the network card carefully before writing! -w 2 weight can not be written, there is no persistent connection for the time being.

Ipvsadm-Ciptables-F-t mangleiptables-t mangle-A PREROUTING-d 172.16.0.1-I eth2-p tcp-- dport 80-j MARK-- set-mark 8iptables-t mangle-A PREROUTING-d 172.16.0.1-I eth2-p tcp-dport 23-j MARK-- set-mark 8ipvsadm-A-f 8-s rripvsadm-a-f 8-r 172.16.0.7-g-w 2ipvsadm-a-f 8-r 172.16.0.8-g-w 2

At this point, my IP access telnet and web will be provided by the same RS.

This is the persistent connection.

Ipvsadm-A-f 8-s rr-p 600

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.