Shulou(Shulou.com)06/02 Report--

LVS load balancing

1. System environment:

System: Centos 6.5mm 64 bit

2. Configuration and deployment of Director and Real Server:

1 director server:VIP/ external network ip:192.168.121.141 private network ip:172.16.2.31

2 real server:172.16.2.21 172.16.2.24 and need to set the private network gateway to director private network ip:172.16.2.31

Director server 2 Nic configuration:

A 172.16.2.31 network card is in bridging mode.

A 192.168.121.141 network card is in nat mode.

It is best to install the eple-release source first

Install nginx service on both real server # install ipvsadm# yum install-y ipvsadm on yum install-y nginxDirector

Configuration of two real server network cards:

Real Servcer1--172.16.2.24 host Nic configuration:

# cat / etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=eth0HWADDR=00:0C:29:7F:32:0FTYPE=EthernetUUID=2d67590f-694e-4491-9e8c-d7757ca7e5c0ONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=staticIPADDR=172.16.2.24PREFIX=24GATEWAY=172.16.2.31

Real Server2--172.16.2.21 host Nic configuration:

# cat ifcfg-eth0DEVICE=eth0HWADDR=00:0C:29:F9:9B:A8TYPE=EthernetUUID=12ad4433-399f-4df2-b3c7-62d78444fa0dONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=staticIPADDR=172.16.2.21PREFIX=24GATEWAY=172.16.2.31

Third, a simple understanding of Iptables rules:

Iptables has built-in four tables, namely, raw table, filter table, nat table and mangle table, which are used to realize the functions of packet filtering, network address translation and packet reconstruction.

Mainly used for network address translation NAT, this table can achieve one-to-one, one-to-many, many-to-many NAT work. Iptables uses this table to achieve shared access to the Internet. NAT table contains PREROUTING chain (modify upcoming packets), POSTROUTING chain (modify outgoing packets), OUTPUT chain (locally generated packets before routing modification).

Iptables parameters:

-n: displays the ip as a number, which displays the ip directly, and if you don't add-n, the ip is inversely resolved to the hostname.

-v: display details

-L: view a list of iptables rules

-s-- source source address or subnet > specify the source address that the packet matches

4. Lvs/nat configuration:

LB cluster is the abbreviation of load balance cluster, which translates into Chinese for load balancing cluster.

LVS is an open source software project to implement load balancing cluster.

LVS architecture can be logically divided into scheduling layer (Director), server cluster layer (Real server) and shared storage layer.

LVS can be divided into three operating modes:

NAT: (the scheduler changes the requested destination ip, that is, the vip address, to the ip of Real server, and the returned packet also passes through the scheduler, and the scheduler modifies the source address to vip)

TUN: (the scheduler forwards the requested packet encapsulation and encryption to the backend real server through the ip tunnel, while real server returns the data directly to the client without going through the scheduler)

DR: (the scheduler changes the destination mac address of the requested packet to the mac address of real server, and returns directly to the client without going through the scheduler)

Scheduling algorithm of LVS:

Round-robin scheduling (Round Robin) (rr for short)

Weighted rotation (Weighted Round Robin) (wrr for short)

Minimum link (least connection) (lc)

Weighted least links (Weighted Least Connections) (wlc), etc.

Fifth, the configuration of Director scheduler:

# create a script and add the following rules:

[root@localhost sbin] # cat / usr nat nat Fiptables Fiptables! / bin/bashecho 1 > / proc/sys/net/ipv4/ip_forwardecho 0 > / proc/sys/net/ipv4/conf/all/send_redirectsecho 0 > / proc/sys/net/ipv4/conf/default/send_redirectsecho 0 > / proc/sys/net/ipv4/conf/eth0/send_redirectsecho 0 > / proc/sys/net/ipv4/conf/eth2/send_redirectsiptables-t nat-Fiptables-t Nat-X#MASQUERADE rewrite packet source IP is firewall IP You can specify the range corresponding to the port, and after this processing, jump directly to the next rule chain (mangle:postrouting). Iptables-t nat-A POSTROUTING-s 172.16.2.0 MASQUERADEIPVSADM='/sbin/ipvsadm'$IPVSADM 24-j MASQUERADEIPVSADM='/sbin/ipvsadm'$IPVSADM-C$IPVSADM-A-t 192.168.121.141 POSTROUTING 80-s wlc$IPVSADM-a-t 192.168.121.141 POSTROUTING 80-r 172.16.2.21 C$IPVSADM 80-m-w 2$ IPVSADM-a-t 192.168.121.141R172.16.2.24R80-m-w 1

# after the addition is completed, run the secondary script to complete the configuration of lvs/nat.

# sh lvs_nat.sh

6. Check whether the ipvs rules are in effect:

[root@localhost] # iptables-t nat-nvLChain PREROUTING (policy ACCEPT 171packets, 10777 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets 0 bytes) pkts bytes target prot opt in out source destination 1 136 MASQUERADE all-* * 172.16.2.0 Plus 24 0.0.0.0 Universe 0 Chain OUTPUT (policy ACCEPT 1 packets 136bytes) pkts bytes target prot opt in out source destination- [root@localhost ~] # ipvsadmipvsadm ipvsadm-restore ipvsadm-save-[root@localhost ~] # ipvsadm- lnIP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.121.141 wlc 80 wlc-> 172.16.2.21 Prot LocalAddress:Port Scheduler Flags 80 Masq 200-> 172.16.2.24 Prot LocalAddress:Port Scheduler Flags 80 Masq 100 [root@localhost network-scripts] # / Etc/init.d/nginx stopStopping nginx: [OK]

Nginx can directly put a file for testing, screenshot lost will not be shown.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.