LVS+Keepalived实现高可用

LVS的具有强大的负载均衡功能,但是它缺少对负载层节点的健康状态检测功能,也不能对后端服务进行健康状态检测,通过keepalived可以很好地弥补这一缺陷,keepalived是专门用来监控高可用集群架构的中各服务的节点状态,如果某个节点异常或故障,它可以检测到并将故障节点从集群中剔除,当故障节点恢复后,可以自动将该节点加入到集群中。

下面使用LVS+keepalived实现负载均衡的高可用,同样实验过程只实现负载层的高可用功能,拓扑图如下:

《LVS+Keepalived实现高可用》

MASTER点配置

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.214.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_iptables
   vrrp_mcast_group4 224.17.17.17
}




vrrp_instance VI_1 {   #定义虚拟路由实例
    state MASTER       #定义节点为MASTER,要大写
    interface ens33
    virtual_router_id 55   #设置虚拟路由id
    priority 100     #设置主节点优先级
    advert_int 1    #设置主备节点检测时间间隔
#    nopreempt  #状态切换模式:默认抢占(failover) | 非抢占 (nopreempt)
    authentication {   #定义主备间验证方式
        auth_type PASS
        auth_pass 12345678
    }
    virtual_ipaddress {  #设置虚拟路由的VIP
        192.168.214.100
    }

   }



virtual_server 192.168.214.100 80 {     #定义LVS虚拟服务器,设置VIP
        delay_loop 3  #健康状态检测时间间隔
        lb_algo rr      #定义调度算法为轮询 
        lb_kind DR   #定义LVS工作模式
        protocol TCP  #定义使用协议,LVS只能用TCP


        real_server 192.168.214.133 80 {    #定义后端真实主机

                HTTP_GET {   #定义后端主机检测方式,支持http和tcp
                    url {      #定义使用url检测
                        path /     #检测页为首页
                        status_code 200    #定义检测的请求状态码
        }
                connect_timeout 3  #定义连接请求的超时时长
                nb_get_retry 2     #定义超时重试次数
                delay_before_retry 1 # 定义重试间隔时长

        }

        }

         real_server 192.168.214.135 80 {

                HTTP_GET {
                    url {
                        path /
                        status_code 200
        }
                connect_timeout 3
                nb_get_retry 2
                delay_before_retry 1

        }

        }

 }

BACKUP点配置


notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.214.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 vrrp_iptables vrrp_mcast_group4 224.17.17.17 } vrrp_instance VI_1 { interface ens33 priority 90 advert_int 1 # nopreempt authentication { auth_type PASS auth_pass 12345678 } virtual_ipaddress { 192.168.214.100 } } virtual_server 192.168.214.100 80 { delay_loop 3 lb_algo rr lb_kind DR protocol TCP real_server 192.168.214.133 80 { HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 2 delay_before_retry 1 } } real_server 192.168.214.135 80 { HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 2 delay_before_retry 1 } } }

测试

将后端nginx停掉一个查看ipvsadm规则内容

[root@nginx-1 html]# nginx -s stop

[root@node-1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.214.100:80 rr
  -> 192.168.214.135:80           Route   1      0          0  

启动nginx服务

[root@nginx-1 html]# nginx

[root@node-1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.214.100:80 rr
  -> 192.168.214.133:80           Route   1      0          1         
  -> 192.168.214.135:80           Route   1      0          0  

LVS主备切换

关掉MASTER节点,BACKUP节点自动接替工作,并成为MASTER,查看通报信息,可以看到在主备状态间切换速度是非常快的

查看抓包信息:

[root@node-2 ~]# tcpdump -i ens33 -nn host 224.17.17.17
#
23:45:18.601855 IP 192.168.214.148 > 224.17.17.17: VRRPv2, Advertisement, vrid 55, prio 100, authtype simple, intvl 1s, length 20
23:45:18.626644 IP 192.168.214.148 > 224.17.17.17: VRRPv2, Advertisement, vrid 55, prio 0, authtype simple, intvl 1s, length 20
23:45:19.276203 IP 192.168.214.143 > 224.17.17.17: VRRPv2, Advertisement, vrid 55, prio 90, authtype simple, intvl 1s, length 20
23:45:20.284334 IP 192.168.214.143 > 224.17.17.17: VRRPv2, Advertisement, vrid 55, prio 90, authtype simple, intvl 1s, length 20
点赞

发表评论

电子邮件地址不会被公开。 必填项已用*标注