Build the DR mode of LVS and configure keepalived+LVS 02/23 Update SLTechnology News&Howtos

Build the DR mode of LVS and configure keepalived+LVS

2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

This article shares with you how to build the DR mode of LVS and how to configure keepalived+LVS. The editor thought it was very practical, so I shared it with you to learn. The following information is about keepalived and lvs-DR.

What is Keepalived?

Keepalived uses VRRP hot backup protocol to realize the multi-machine hot backup function of Linux server.

VRRP, virtual routing jumbled protocol, is a backup solution for routers.

Keepalived can achieve multi-machine hot backup, each hot backup group can have multiple servers, the most commonly used is dual-machine hot backup.

The failover of double-click hot backup is realized by the elegant virtual IP address, which is suitable for all kinds of application servers.

LVS-DR 's ARP problem in the LVS-DR load balancer cluster, the load balancer and the node server have to configure the same VIP address and have the same IP address in the local area network, which is bound to cause the server APR communication disorder when an ARP broadcast is sent to the LVS-DR cluster, because the load balancer and the node server are connected to the same network. They all receive ARP broadcasts and only the front-end load balancer responds. Other node servers should not respond to ARP broadcast LVS-DR 's ARP problem solution to deal with node servers so that they do not respond to ARP requests for VIP. Use virtual interface lo:0 host VIP address to set kernel parameters arp_ignore=1: the system only responds to the ARP request that the destination IP is the local IP. Let's do the experimental planning.

We need five virtual machines.

DR1 master server 192.168.100.201

DR4 backup server 192.168.100.202

Web 5 192.168.100.221

Web 7 192.168.100.222

Vip 192.168.100.10

Clent 192.168.100.50

Install the required LVS module, keepalived,http, respectively, # 1 root@localhost 4 [root@localhost ~] # yum install ipvsadm keepalived-yqiang 5 yum install httpd-y 7 [root@localhost ~] # yum install httpd-y the first main load balancer chooses host-only mode and configures the network card

[root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 BOOTPROTO=static # static DEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=849aa04e-1874-490f-8cb0-b2fde4b9a6f8DEVICE=ens33ONBOOT=yesIPADDR=192.168.100.201 # address NETMASK=255.255.255.0 # Subnet Mask GATEWAY=192.168.100.1 # Gateway [root@localhost ~] # systemctl restart network # ch restart network service [root@localhost ~] # ifconfig # check whether the fixed address Effective second 4 backup load balancer Bind host-only mode and configure the network card

[root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 BOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=447e510f-fea3-4b6c-8f47-d0c6319ead28DEVICE=ens33ONBOOT=yesIPADDR=192.168.100.222NETMASK=255.255.255.0GATEWAY=192.168.100.1 [root@localhost ~] # systemctl restart network [root@localhost ~] # ifconfig configure the first 1 master server [root@localhost ~] # vim / etc/sysctl.confnet.ipv4.ip_forward=1#proc response gate Closed redirect function net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0 [root@localhost ~] # sysctl-p # effective net.ipv4.ip_forward = 1net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0 create virtual network card [root@localhost ~] # cd / etc/sysconfig/ Network-scripts/ [root@localhost network-scripts] # cp-p ifcfg-ens33 ifcfg-ens33:0 [root@localhost network-scripts] # vim ifcfg-ens33:0100ddDEVICE=ens33:0ONBOOT=yesIPADDR=192.168.100.10NETMASK=255.255.255.0 [root@localhost network-scripts] # ifup ens33:0 # enable the network card This gateway is used to make virtual IP. It is equivalent to giving access to the entry [root@localhost network-scripts] # ifconfig [root@localhost network-scripts] # cd / etc/init.d/ [root@localhost init.d] # vim dr.shenqqbinGWANGBINGWANG192.168.100.1VIP1RIP1192.168.100.221RIP2192.168.100.222case "$1" instart) / sbin/ipvsadm-- save > / etc/sysconfig/ipvsadm systemctl start ipvsadm / sbin/ifconfig ens33:0$ VIP Broadcast $VIP netmask 255.255.255.255 broadcast $VIP up / sbin/route add-host $VIP dev ens33:0 / sbin/ipvsadm-A-t $VIP:80-s rr / sbin/ipvsadm-a-t $VIP:80-r $RIP1:80-g / sbin/ipvsadm-a-t $VIP:80-r $RIP2:80-g echo "ipvsadm starting-[ok]" ; stop) / sbin/ipvsadm-C systemctl stop ipvsadm ifconfig ens33:0 down route del $VIP echo "ipvsadm stoped- [ok]";; status) if [!-e / var/lock/subsys/ipvsadm] Then echo "ipvsadm stoped-" exit 1 else echo "ipvsamd Runing-[ok]" fi *) echo "Usage: $0 {start | stop | status}" exit 1 esac exit 0 [root@localhost init.d] # service dr.sh startipvsadm starting-[ok] [root@localhost init.d] # systemctl status ipvsadm configure the first 5web server [root@localhost ~] # systemctl start httpd.service [root@localhost ~] # systemctl stop firewalld.service [root@localhost ~] # setenforce 0 [root@localhost ~] # cd / var/www/html/ [root@localhost html] # echo "this is accp web" > index.html [root@localhost html] # cd / etc/sysconfig/network-scripts/ [root@localhost network-scripts] # cp ifcfg-lo ifcfg-lo:0 [root@localhost network-scripts] # vim ifcfg-lo:0DEVICE=lo:0IPADDR=192.168.100.10NETMASK=255.255.255.0ONBOOT=yes [root@localhost network-scripts] # cd / etc/init.d/ [ Root@localhost init.d] # vim web.sh# write a script so that it can respond to the control of the scheduling server Service startup and shutdown #! / bin/bashVIP=192.168.100.10 case "$1" in start) ifconfig lo:0$ VIP netmask 255.255.255.255 broadcast $VIP / sbin/route add-host $VIP dev lo:0 echo "1" > / proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" > / proc/sys / net/ipv4/conf/lo/arp_announce echo "1" > / proc/sys/net/ipv4/conf/all/arp_ignore echo "2" > / proc/sys/net/ipv4/conf/all/arp_announce sysctl-p > / dev/null 2 > & 1 echo "RealServer Start OK" Stop) ifconfig lo:0 down route del $VIP / dev/null 2 > & 1 echo "0" > / proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" > / proc/sys/net/ipv4/conf/lo/arp_announce echo "0" > / proc/sys/net/ipv4/conf/all/arp_ignore Echo "0" > / proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stopd" *) echo "Usage: $0 {start | stop}" exit 1 esac exit 0 [root@localhost init.d] # chmod + x web.sh [root@localhost init.d] # service web.sh startRealServer Start OK [root@localhost init.d] # ifup lo:0 # enable the virtual network card [root@localhost network-scripts] # ifconfiglo:0: flags=73 mtu 65536 inet 192.168.100.10 netmask 255.255.255.0 loop txqueuelen 1 (Local Loopback) [root@localhost network-scripts] # firefox "http://127.0.0.1/" & # use Firefox to access the return address Run [2] 17973 in the background

Configure the second 7web server [root@localhost ~] # systemctl start httpd [root@localhost ~] # systemctl stop firewalld.service [root@localhost ~] # setenforce 0 [root@localhost ~] # cd / var/www/html/ [root@localhost html] # echo "this is kgv web" > index.html [root@localhost html] # cd / etc/sysconfig/network-scripts/ [root@localhost network-scripts] # cp ifcfg-lo ifcfg-lo:0 [root@localhost network-scripts] # vim ifcfg- Lo:0DEVICE=lo:0IPADDR=192.168.100.10NETMASK=255.255.255.0ONBOOT=yes [root@localhost network-scripts] # cd / etc/init.d/ [root@localhost init.d] # vim web.shrunken binhVIPcards 192.168.100.10 case "$1" in start) ifconfig lo:0$ VIP netmask 255.255.255.255 broadcast $VIP / sbin/route add-host $VIP dev lo:0 Echo "1" > / proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" > / proc/sys/net/ipv4/conf/lo/arp_announce echo "1" > / proc/sys/net/ipv4/conf/all/arp_ignore echo "2" > / proc/sys/net/ipv4/conf/all/arp_announce sysctl-p > / dev / null 2 > & 1 echo "RealServer Start OK" Stop) ifconfig lo:0 down route del $VIP / dev/null 2 > & 1 echo "0" > / proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" > / proc/sys/net/ipv4/conf/lo/arp_announce echo "0" > / proc/sys/net/ipv4/conf/all/arp_ignore Echo "0" > / proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stopd" ; *) echo "Usage: $0 {start | stop}" exit 1 esac exit 0 [root@localhost init.d] # chmod + x web.sh [root@localhost init.d] # ifup lo:0 [root@localhost init.d] # service web.sh startRealServer Start OK [root@localhost init.d] # firefox "http://127.0.0.1/" & [1] 17916

Go to the client to test it, and first set the address of the same network segment

Go to 1 master server to test whether you can Ping two web servers [root@localhost init.d] # ping 192.168.100.221PING 192.168.100.221 (192.168.100.221) 56 (84) bytes of data.64 bytes from 192.168.100.221: icmp_seq=1 ttl=64 time=0.416 ms64 bytes from 192.168.100.221: icmp_seq=2 ttl=64 time=0.420 ms [root@localhost init.d] # ping 192.168.100.222PING 192.168.100. 222 (192.168.100.222) 56 (84) bytes of data.64 bytes from 192.168.100.222: icmp_seq=1 ttl=64 time=0.348 ms64 bytes from 192.168.100.222: icmp_seq=2 ttl=64 time=0.490 ms go to the client to test again There is no problem with our LVS (we will jump out of the second page after a refresh)

Go to master server 1 to configure keepalive [root@localhost keepalived] # vim keepalived.conf 10 smtp_server 127.0.0.1 12 router_id LVS_0122 virtual_router_id 10 27 auth_pass abc12330 192.168.100.10 # delete the original we only need a 36 virtual_server 192.168.100.10 80 {39 lb_kind DR45 TCP_CHECK {43 real_server 192.168 . 100.221 80 {44 weight 1 45 TCP_CHECK {46 connect_port 80 47 connect_timeout 3 48 nb_get_retry 3 49 delay_before_retry 3 50} 51} 52 real_server 192.168.100.222 80 {53 weight 1 54 TCP_CHECK {55 Connect_port 80 56 connect_timeout 3 [root@localhost keepalived] # systemctl start keepalived.service [root@localhost keepalived] # systemctl status keepalived.service # View status If you don't get up, open [root@localhost keepalived] # ip addr show dev ens33:0 # once to see if the network card has been activated 2: ens33: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:c9:dd:05 brd ff:ff:ff:ff:ff:ff inet 192.168.100.201 brd 24 brd 192.168.100.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.100. 10 take 24 brd 192.168.100.255 scope global secondary ens33:0 valid_lft forever preferred_lft forever inet6 fe80::e3c7:14af:6e4d:7216/64 scope link valid_lft forever preferred_lft forever same configuration 4 servers for second backup [root@localhost ~] # systemctl stop firewalld.service [root@localhost ~] # setenforce 0 [root@localhost ~] # vim / etc/sysctl.confnet.ipv4.ip_forward=1#proc respond to shutdown redirection Function net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0 [root@localhost ~] # sysctl-p # effective net.ipv4.ip_forward = 1net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0 create virtual network card [root@localhost ~] # cd / etc/sysconfig/network-scripts/ [root@localhost network-scripts] # cp-p ifcfg-ens33 ifcfg-ens33:0 [root@localhost network-scripts] # vim ifcfg-ens33:0100ddDEVICE=ens33:0ONBOOT=yesIPADDR=192.168.100.10NETMASK=255.255.255.0 [root@localhost network-scripts] # service network restartRestarting network (via systemctl): [OK] [root@localhost network-scripts] # ifup ens33:0 # enable the network card This gateway is used to make virtual IP. It is equivalent to giving access to the entry [root@localhost network-scripts] # ifconfig [root@localhost network-scripts] # cd / etc/init.d/ [root@localhost init.d] # vim dr.shenqqbinGWANGBINGWANG192.168.100.1VIP1RIP1192.168.100.221RIP2192.168.100.222case "$1" instart) / sbin/ipvsadm-- save > / etc/sysconfig/ipvsadm systemctl start ipvsadm / sbin/ifconfig ens33:0$ VIP Broadcast $VIP netmask 255.255.255.255 broadcast $VIP up / sbin/route add-host $VIP dev ens33:0 / sbin/ipvsadm-A-t $VIP:80-s rr / sbin/ipvsadm-a-t $VIP:80-r $RIP1:80-g / sbin/ipvsadm-a-t $VIP:80-r $RIP2:80-g echo "ipvsadm starting-[ok]" ; stop) / sbin/ipvsadm-C systemctl stop ipvsadm ifconfig ens33:0 down route del $VIP echo "ipvsadm stoped- [ok]";; status) if [!-e / var/lock/subsys/ipvsadm] Then echo "ipvsadm stoped-" exit 1 else echo "ipvsamd Runing-[ok]" fi *) echo "Usage: $0 {start | stop | status}" exit 1 esac exit 0 [root@localhost init.d] # chmod + x dr.sh [root@localhost init.d] # service dr.sh startipvsadm starting-[ok] [root@localhost init.d] # cd / etc/keepalived/ [root@localhost keepalived] # vim keepalived.conf 10 smtp_server 127.0.0 .1 12 router_id LVS_02 20 state BACKUP 22 virtual_router_id 10 23 priority 9927 auth_pass abc12330 192.168.100.10 [root@localhost keepalived] # systemctl start keepalived.service [root@localhost keepalived] # systemctl status keepalived.service # View status If we don't get up and turn it on again, let's shut down the main server 1 and go to the client to test if we can still Ping.

[root@localhost keepalived] # ifdown ens33:0

C:\ Users\ CHEN > ping 192.168.100.10 Ping 192.168.100.10 has 32 bytes of data: reply from 192.168.100.10: byte = 32 time

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.