lvs+keepalive笔记nat模式
-
- 最近在整理用于测试的站点,最近在也仔细阅读秋香的书;受益良多。虽然nat模式在实际应用可能不多,
- 但是本着学习LVS的想法,开始了。以我的小站为例!具体记录下:
-
- 1、安装lvs+keepalve (略)安装方法见:http://myhat.blog.51cto.com/391263/616571
- 2、nat模式下,ADSL动态IP侦测脚本(略)(仅针对测试环境,真实环境估计没人用ADSL。呵),具体脚本见:
- http://myhat.blog.51cto.com/391263/616468
- 3、lvs_real脚本
- 4、keepalived.conf配置文件
-
- 拓补:
- [互联网]----[ADSL]----[Lvs_Keepalive_Nat]----[lvs1] [lvs2]
-
- lvs_keepalive_nat 角色:nat,lvs,keepalive,iptables
-
- 当时,在这里做了端口映射,lvs_keepalive_nat 死不成功!查看keepalive权威指南后,发现因为
- keepalive的构架里有关于iptables的内容,而如果我们再使用了iptables的话,会造成lvs_keepalive_nat不能用!
-
- # iptables -L -t nat #只有一条nat,没有端口映射相关。
- Chain PREROUTING (policy ACCEPT)
- target prot opt source destination
-
- Chain POSTROUTING (policy ACCEPT)
- target prot opt source destination
- MASQUERADE all -- 192.168.10.0/24 anywhere
-
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
-
- ==============================================================
- 3、lvs_real脚本
- 因为是动态IP,客户端也必须要侦测VIP的地址,因为他们会随时变动!因为客户端方的VIP地址,
- 使用的还是上次的VIP地址,为此,需要让客户不定期的去更新VIP的地址!
- 操作方法:让客户端定期的去执行lvs_real check,以便更新VIP的地址。
- # cat /sbin/lvs_real
- #!/bin/bash
- #description:start realserver
- vip=`ping postfixlinux.3322.org -c 1 | grep from | cut -d ":" -f 1 | cut -d " " -f 4`
- now_ip=`ifconfig lo:0 | grep addr | awk -F ":" '{print $2}' | cut -d " " -f 1`
-
- source /etc/rc.d/init.d/functions
-
- case $1 in
-
- start)
- echo "Start Realserver"
- /sbin/ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
- echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
- echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
- echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
- echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
- ;;
-
- stop)
- echo "Stop Realserver"
- /sbin/ifconfig lo:0 down
- echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
- echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
- echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
- echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
- ;;
-
- check)
- echo "Check Vip address"
- if [ "$vip" != "$now_ip" ];then
- /sbin/ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
- echo "Vip address is update!"
- else
- echo "You VIP address is OK!"
- fi
-
- ;;
-
- *)
- echo "Usage: $0 (start | stop | check)"
- exit 1
- esac
-
- 4、keepalived.conf配置文件
- [root@fw01 ~]# cat /etc/keepalived/keepalived.conf
- ! Configuration File for keepalived
-
- global_defs {
- notification_email {
- xx@xx.com
- }
- notification_email_from xxx@163.com
- vrrp_instance VI_1 {
- state MASTER
- interface eth0
- virtual_router_id 51
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.10.38
- }
- }
- #这个IP是经常性的变动的!因为是ADSL自动攻取的。
- virtual_server 183.39.113.73 8080 {
- delay_loop 6
- lb_algo wlc
- lb_kind NAT
- nat_mask 255.255.255.0
- virtual_server 8080 {
- protocol TCP
-
- real_server 192.168.10.6 80 {
- weight 100
- TCP_CHECK {
- connect_timeout 3
- nb_get_retry 3
- delay_before_retry 3
- connect_port 80
- }
- }
-
- real_server 192.168.10.17 80 {
- weight 50
- TCP_CHECK {
- connect_timeout 3
- nb_get_retry 3
- delay_before_retry 3
- connect_port 80
- }
- }
-
-
- 查看具体的分配情况!
- # ipvsadm -lnc
- IPVS connection entries
- pro expire state source virtual destination
- TCP 00:42 TIME_WAIT 1.202.220.2:30100 183.39.113.73:8080 192.168.10.17:80
- TCP 14:57 ESTABLISHED 119.137.96.120:1952 183.39.113.73:8080 192.168.10.6:80
- TCP 00:44 TIME_WAIT 1.202.220.2:30735 183.39.113.73:8080 192.168.10.6:80
-
- 因为是单个主机,所以VRRP的部分,基本没改!
本文出自 “潜入技术的海洋” 博客,请务必保留此出处http://myhat.blog.51cto.com/391263/616615
