实现
1,硬件配置:我本人的实验环境是5台PC机,两台作为LLB,并且在两台LLB上各装两块网卡。另外三台做web服务器 。一台HUB.
2,LLB上的软件配置:
· OS:RedHat Linux 6.2
· Linux Kernel:linux-2.2.17
· ipvsadm: IPVS-0.9.16
· ipchains: ipchains 1.3.9
· Keepalived: keepalived-0.2.7
· Heartbeat:heartbeat-0.4.9
3,软件的安装:
· 安装ipvs-0.9.16-2.2.17.tar.gz
#tar zxvf ipvs-0.9.16-2.2.17.tar.gz
#cd /usr/src/linux
#cat /ipvs-0.9.16-2.2.17.patch | patch -p1
在这一步完成后你必须重新编译Linux的内核,并且确定下面的选项被编译到新的内核中!
Kernel Compile Options:
Code maturity level options ---[*] Prompt for development and/or incomplete code/drivers
Networking options ---[*] Network firewalls
....[*] IP: firewalling
....[*] IP: masquerading
....[*] IP: masquerading virtual server support
(12) IP masquerading table size (the Nth power of 2)
<*> IPVS: round-robin scheduling
<*> IPVS: weighted round-robin scheduling
<*> IPVS: least-connection scheduling
<*> IPVS: weighted least-connection scheduling
....[*] IP: aliasing support
内核编译完后用新的内核重新启动系统。
然后执行下面的命令:
#cd //ipvsadm/
#make
#make install
至此,ipvsadm安装完毕!
· 安装 keepalived-0.2.7.tar.gz,执行下面的命令:
#tar keepalived-0.2.7.tar.gz
#cd keepalived-0.2.7
#make
#make install
· 安装heartbeat-0.4.9.tar.gz
#tar zxvf heartbeat-0.4.9.tar.gz
#cd heartbeat-0.4.9
#make
#make install
4,配置:
IP地址的配置:
用户IP地址:192.168.2.21
两台LLB各有两块网卡:eth0,eth1,
Master LLB eth0: 192.168.2.1
Master LLB eth1: 10.10.10.1
Slave LLB eth0: 192.168.2.2
Slave LLB eth1: 10.10.10.2
Server-1 : 10.10.10.11
Server-2 : 10.10.10.12
Server-3 : 10.10.10.13
另外还有两个特殊的IP地址是最需要注意的,一个是整个集群对外统一使用的IP地址,我们称它为VIP(Virtual IP) ,我们
他设为:192.168.2.11,这个IP地址应该出现在您的DNS中,如:我们配置的这个集群提供的是web服务,则在DNS中应该有这样
的记录:
http://www.your-domain.com/ --> 192.168.2.11
在LLB启动后VIP会运行在LLB的eth0:0上;
另一个特殊的IP是运行在LLB的eth1:0上,这个IP是三台服务器的默认网关,我们称它为V-gate (Virtual gate)。
所有的IP地址的子网掩码全采用255.255.255.0。VIP与V-gate在后面进行配置。到目前为止,网络中应该是一个这样的环境:
client
192.168.2.21
________|__________
| |
| |
Master LLB Slave LLB
eth0:192.168.2.1 eth0:192.168.2.2
eth1:10.10.10.10.1 eth1:10.10.10.2
| |
|_________________|
|
HUB
____________|_______________
| | |
| | |
webserver1 webserver2 webserver3
10.10.10.11 10.10.10.12 10.10.10.13
配置文件:
在LLB中,ipchains与ipvsadm是由keepalived来启动的,keepalived是由heartbeat来启动。Keepalived有两个配置文件:
/etc/keepalived/keepalived.conf和/etc/lvs.conf
/etc/lvs.conf内容如下:
#Configuration file for portFW NAT
#/etc/lvs.conf
#Port forwarding
ipvsadm -A -t 192.168.2.11:80 -s rr
#nat
ipchains -A forward -j MASQ -p tcp -s 10.10.10.0/24 80 -d 0.0.0.0/0
解释:
ipvsadm -A -t 192.168.2.11:80 -s rr
这句的意思是说192.168.2.11是一个集群地址(VIP),并且是针对80端口的,也就是说是一个web集群。在这个集群中采用
Round-Robin(rr)的算法。
ipchains -A forward -j MASQ -p tcp -s 10.10.10.0/24 80 -d 0.0.0.0/0
这句的作用是在服务器给用户做出回应时,将IP地址进行伪装,由10.10.10.11, 10.10.10.12, 10.10.10.13伪
装成192.168.2.11。
/etc/keepalived/keepalived.conf内容如下:
# Configuration File for keepalived
#begin www server config.......
virtual_server 192.168.2.11 80{
lb_algo rr
lb_kind NAT
protocol TCP
real_server 10.10.10.11 80 {
weight 1
ICMP_CHECK
}
real_server 10.10.10.12 80 {
weight 1
ICMP_CHECK
}
real_server 10.10.10.13 80 {
weight 1
ICMP_CHECK
}
}
#end of Fweb config!
解释:在这个文件里对三台服务器进行具体的说明,并且三台服务器有相同的Weight值。Keepalived以Layer3的方式(ICMP_CHECK)工作,
既定期检查服务器是否存在。
heartbeat 有三个配置文件:/etc/ha.d/ha.cf;/etc/ha.d/haresources;/etc/ha.d/ authkeys
/etc/ha.d/ha.cf内容如下:
#
# keepalive: how many seconds between heartbeats
#
keepalive 2
logfile /var/log/ha-log
#
# deadtime: seconds-to-declare-host-dead
#
deadtime 10
# hopfudge maximum hop count minus number of nodes in config
hopfudge 1
#
# What UDP port to use for udp or ppp-udp communication?
#
udpport 1001
# What interfaces to heartbeat over?
udp eth0
#
# Facility to use for syslog()/logger (alternative to log/debugfile)
#
logfacility local0
#
# Tell what machines are in the cluster
# node nodename ... -- must match uname -n
node Master #Master是Master LLB的机器名,必须与uname –n 相一致
node Slave #Slave是Slave LLB的机器名,必须与uname –n 相一致
/etc/ha.d/haresources内容如下:
Master IPaddr::10.10.10.9/24/eth1 IPaddr::192.168.2.11/24/eth0 keepalived
其中10.10.10.9是V-gate的值,192.168.2.11是VIP的值,这两个特殊的IP地址就是在这里设置的。并且说明了Master是主用的LLB,
Keepalived是需要heartbeat启动的程序。Keepalived是在安装Keepalived时自动生成的一个可执行文件,heartbeat会
在/etc/ha.d/resource.d目录下寻找keepalived,所以您需要将可执行的keepalived文件复制到/etc/ha.d/resource.d/目录下。
/etc/ha.d/ authkeys内容如下:
auth 1
1 sha1 cluster
这个文件不是很重要,但一定要有。在这里说明了LLB之间的一种AUTH机制。详细的说明请参考:http://www.linux-ha.org/
至此,所有的安装配置全部完成。一共有五个配置文件:
· /etc/keepalived/keepalived.conf
· /etc/lvs.conf
· /etc/ha.d/ha.cf
· /etc/ha.d/haresources
· /etc/ha.d/ authkeys
请您在仔细检查一下,而且确定这五个文件都安装在了Master LLB与Slave LLB上。下一步就可以启动了。
启动系统:
[root@master heartbeat]#heartbeat start
[root@slave heartbeat ]# heartbeat start
如果没有什么问题,系统已经启动了,以下是我的Master LLB上的一些启动的记录:
heartbeat的/var/log/ha-log如下:
heartbeat: 2001/05/29_10:31:37 info: **************************
heartbeat: 2001/05/29_10:31:37 info: Configuration validated. Starting heartbeat 0.4.9
heartbeat: 2001/05/29_10:31:37 info: heartbeat: version 0.4.9
heartbeat: 2001/05/29_10:31:37 info: Heartbeat generation: 20
heartbeat: 2001/05/29_10:31:37 info: Creating FIFO /var/run/heartbeat-fifo.
heartbeat: 2001/05/29_10:31:37 notice: UDP heartbeat started on port 1001 interface eth0
heartbeat: 2001/05/29_10:31:37 info: Local status now set to: ''up''
heartbeat: 2001/05/29_10:31:37 info: Heartbeat restart on node master
heartbeat: 2001/05/29_10:31:38 info: Link master:eth0 up.
heartbeat: 2001/05/29_10:31:38 info: Running /etc/ha.d/rc.d/ifstat ifstat
heartbeat: 2001/05/29_10:32:08 WARN: node slave: is dead
heartbeat: 2001/05/29_10:32:08 info: Local status now set to: ''active''
heartbeat: 2001/05/29_10:32:08 info: Node master: status up
heartbeat: 2001/05/29_10:32:08 info: Running /etc/ha.d/rc.d/status status
heartbeat: 2001/05/29_10:32:08 info: Running /etc/ha.d/rc.d/status status
heartbeat: 2001/05/29_10:32:08 info: mach_down takeover complete.
heartbeat: 2001/05/29_10:32:08 info: Running /etc/ha.d/resource.d/IPaddr 192.168.2.11/24/e
th0 status
heartbeat: 2001/05/29_10:32:08 info: Node master: status active
heartbeat: 2001/05/29_10:32:08 info: Resource acquisition completed.
heartbeat: 2001/05/29_10:32:08 info: Running /etc/ha.d/rc.d/status status
heartbeat: 2001/05/29_10:32:08 info: Running /etc/ha.d/rc.d/ip-request ip-request
heartbeat: 2001/05/29_10:32:18 info: Running /etc/ha.d/resource.d/IPaddr 192.168.2.11/24/e
th0 status
heartbeat: 2001/05/29_10:32:18 info: Acquiring resource group: master IPaddr::192.168.2.11/24
/eth0 IPaddr::10.10.10.9/24/eth1 keepalived
heartbeat: 2001/05/29_10:32:18 info: Running /etc/ha.d/resource.d/IPaddr 192.168.2.11/24/e
th0 start
heartbeat: 2001/05/29_10:32:18 info: ifconfig eth0:0 192.168.2.11 netmask 255.255.255.0 br
oadcast 192.168.2.255
heartbeat: 2001/05/29_10:32:18 info: Sending Gratuitous Arp for 192.168.2.11 on eth0:0 [et
h0]
heartbeat: 2001/05/29_10:32:18 info: Running /etc/ha.d/resource.d/IPaddr 10.10.10.9/24/
eth1 start
heartbeat: 2001/05/29_10:32:19 info: ifconfig eth1:0 10.10.10.9 netmask 255.255.255.0
broadcast 192.168.2.255
heartbeat: 2001/05/29_10:32:19 info: Sending Gratuitous Arp for 10.10.10.9 on eth1:0 [e
th1]
heartbeat: 2001/05/29_10:32:19 info: Running /etc/ha.d/resource.d/keepalived
keepalived 的keepalived.log文件如下:
/etc/keepalived/log/keepalived.log
[24/05/01 - 09:39:11] keepalived[709]: Starting keepalived daemon
[24/05/01 - 09:39:11] keepalived[710]: Using LVS dynamic data representation :
[24/05/01 - 09:39:11] keepalived[710]: ------< Global definitions >------
[24/05/01 - 09:39:11] keepalived[710]: LVS ID =
[24/05/01 - 09:39:11] keepalived[710]: Delay loop = , Smtp server =
[24/05/01 - 09:39:11] keepalived[710]: Email notification from =
[24/05/01 - 09:39:11] keepalived[710]: ------< LVS Topology >------
[24/05/01 - 09:39:11] keepalived[710]: VS IP = 192.168.2.11, PORT = 80
[24/05/01 - 09:39:11] keepalived[710]: -> lb_algo = rr, lb_kind = NAT, persistence = , pr
otocol = TCP
[24/05/01 - 09:39:11] keepalived[710]: -> SVR IP = 10.10.10.11, PORT = 80, WEIGHT = 1
[24/05/01 - 09:39:11] keepalived[710]: -> Keepalive method = ICMP_CHECK
[24/05/01 - 09:39:11] keepalived[710]: -> SVR IP = 10.10.10.12, PORT = 80, WEIGHT = 1
[24/05/01 - 09:39:11] keepalived[710]: -> Keepalive method = ICMP_CHECK
[24/05/01 - 09:39:11] keepalived[710]: -> SVR IP = 10.10.10.13, PORT = 80, WEIGHT = 1
[24/05/01 - 09:39:11] keepalived[710]: -> Keepalive method = ICMP_CHECK
我们将一台服务器的网线从网络上拿掉:(keepalived.log文件如下:注意最后两行)
24/05/01 - 09:39:11] keepalived[709]: Starting keepalived daemon
[24/05/01 - 09:39:11] keepalived[710]: Using LVS dynamic data representation :
[24/05/01 - 09:39:11] keepalived[710]: ------< Global definitions >------
[24/05/01 - 09:39:11] keepalived[710]: LVS ID =
[24/05/01 - 09:39:11] keepalived[710]: Delay loop = , Smtp server =
[24/05/01 - 09:39:11] keepalived[710]: Email notification from =
[24/05/01 - 09:39:11] keepalived[710]: ------< LVS Topology >------
[24/05/01 - 09:39:11] keepalived[710]: VS IP = 192.168.2.11, PORT=80
[24/05/01 - 09:39:11] keepalived[710]: -> lb_algo = rr, lb_kind = NAT, persistence = , pr
otocol = TCP
[24/05/01 - 09:39:11] keepalived[710]: -> SVR IP = 10.10.10.11, PORT=80, WEIGHT = 1
[24/05/01 - 09:39:11] keepalived[710]: -> Keepalive method = ICMP_CHECK
[24/05/01 - 09:39:11] keepalived[710]: -> SVR IP = 10.10.10.12, PORT=80, WEIGHT = 1
[24/05/01 - 09:39:11] keepalived[710]: -> Keepalive method = ICMP_CHECK
[24/05/01 - 09:39:11] keepalived[710]: -> SVR IP = 10.10.10.13, PORT=80, WEIGHT = 1
[24/05/01 - 09:39:11] keepalived[710]: -> Keepalive method = ICMP_CHECK
[24/05/01 - 09:48:56] keepalived[710]: ICMP check failed to 10.10.10.13.
[24/05/01 - 09:48:56] keepalived[710]: Removing service [10.10.10.13:80] from VS [192.168
.2.11:80]
再将网线插上去后配置文件如下:(keepalived.log文件如下:注意最后两行)
[24/05/01 - 09:39:11] keepalived[709]: Starting keepalived daemon
[24/05/01 - 09:39:11] keepalived[710]: Using LVS dynamic data representation :
[24/05/01 - 09:39:11] keepalived[710]: ------< Global definitions >------
[24/05/01 - 09:39:11] keepalived[710]: LVS ID =
[24/05/01 - 09:39:11] keepalived[710]: Delay loop = , Smtp server =
[24/05/01 - 09:39:11] keepalived[710]: Email notification from =
[24/05/01 - 09:39:11] keepalived[710]: ------< LVS Topology >------
[24/05/01 - 09:39:11] keepalived[710]: VS IP = 192.168.2.11, PORT=80
[24/05/01 - 09:39:11] keepalived[710]: -> lb_algo = rr, lb_kind = NAT, persistence = , pr
otocol = TCP
[24/05/01 - 09:39:11] keepalived[710]: -> SVR IP = 10.10.10.11, PORT=80, WEIGHT = 1
[24/05/01 - 09:39:11] keepalived[710]: -> Keepalive method = ICMP_CHECK
[24/05/01 - 09:39:11] keepalived[710]: -> SVR IP = 10.10.10.12, PORT=80, WEIGHT = 1
[24/05/01 - 09:39:11] keepalived[710]: -> Keepalive method = ICMP_CHECK
[24/05/01 - 09:39:11] keepalived[710]: -> SVR IP = 10.10.10.13, PORT=80, WEIGHT = 1
[24/05/01 - 09:39:11] keepalived[710]: -> Keepalive method = ICMP_CHECK
[24/05/01 - 09:48:56] keepalived[710]: ICMP check failed to 10.10.10.13.
[24/05/01 - 09:48:56] keepalived[710]: Removing service [10.10.10.13:80] from VS [192.168
.2.11:80]
[24/05/01 - 09:51:23] keepalived[710]: ICMP check succeed to 10.10.10.13.
[24/05/01 - 09:51:23] keepalived[710]: Adding service [10.10.10.13:80] to VS [192.168.2.11 80]
总结:本文实现的是一种本地的负载均衡(Local Load balancer),既LLB和服务器都位于同一个LAN中。利用LINUX也可以
实现全球负载均衡(Global Load balancer),既服务器可以位于世界的任何角落。Global Load balancer可以利用BGP协议来实
现,BGP是边界网关协议,他将Internet划分为不同的自治域(AS),利用AS可以实现服务器的定位。Global Load balancer 的
实现与本文的Local Load balancer 的实现方式是完全不同的。本人正在做这方面的实验和研究,有兴趣的读者可以来信交流,
我的信箱是:connili@sina.com
参考文献:
IPCHAINS-HOWTO
IPMASQADM-HOWTO
LVS-HOWTO
IPVSADM(8)
IPCHAINS(8)
http://keepalived.sourceforge.net/documentation.html
http://www.linuxvirtualserver.org/
http://www.linux-ha.org/
http://keepalived.sourceforge.net/
