关于网上lvs+keepalived的文章很多,但是多数都是DR模式的方案,对于 nat模式的并不多见,因此,在此写一份nat模式的文章,仅供分享也当笔记保存。

网络拓扑结构:

现在的Linux系统内核都是支持lvs的,所以我们直接可以用yum安装ipvsadm

 

yum 源的替换,将系统的yum源替换成163的yum源

[root@localhost ~]# cd /etc/yum.repos.d/

[root@localhost yum.repos.d]# ls

centos-163.repo  rhel-source.repo.bak

[root@localhost yum.repos.d]# vim centos-163.repo 

#mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=updatesgpgcheck=1gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful[extras]name=CentOS-6 - Extras - 163.combaseurl=http://mirrors.163.com/centos/6/extras/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=extrasgpgcheck=1gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages[centosplus]name=CentOS-6 - Plus - 163.combaseurl=http://mirrors.163.com/centos/6/centosplus/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=centosplusgpgcheck=1enabled=0gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #contrib - packages by Centos Users[contrib]name=CentOS-6 - Contrib - 163.combaseurl=http://mirrors.163.com/centos/6/contrib/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=6&arch=$basearch&repo=contribgpgcheck=1enabled=0gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

 

LVS软件的安装

[root@localhost yum.repos.d]# yum install ipvsadm -y

 

开启路由转发功能

[root@localhost yum.repos.d]# vim /etc/sysctl.conf

将net.ipv4.ip_forward = 0改成net.ipv4.ip_forward = 1

 

使配置生效

[root@localhost yum.repos.d]# sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

net.ipv4.ip_local_port_range = 1024 65000

关闭系统自带防火墙和selinux策略

[root@localhost yum.repos.d]# iptables -F

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

[root@localhost yum.repos.d]# iptables -t nat -F

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

 

Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination         

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

[root@localhost yum.repos.d]# setenforce 0

 

keepalived安装和配置

由于nat模式的realserver的网关为负载服务器的IP。所以做主备的时候,网关也要能跟随外网VIP的切换一同切换,在这里,我们将定义一个vrrp组,一个inside_network,一个outside_network. inside_network的VIP作为RealServer网关地址,outside_network的VIP作为外网访问地址

 

 xf keepalived-1.2.4.tar.gz

[root@localhostyum.repos.d]# yum install gcc*  openssl*  popt-devel  libnl*

[root@localhostyum.repos.d]# cd keepalived-1.2.4

[root@localhost  keepalived-1.2.4]# ./configure  prefix=/usr/local/keepalived

[root@localhost  keepalived-1.2.4]# make;make install

[root@localhost  keepalived-1.2.4]# cd /usr/local/keepalived/etc/keepalived

[root@localhost  keepalived-1.2.4]# cp keepalived.conf  keepalived.conf_bak

[root@localhost  keepalived-1.2.4]#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig

[root@localhost keepalived]# vim /etc/keepalived/keepalived.conf

 

! Configuration File for keepalivedglobal_defs {notification_email {hehui0816@163.com  #主备切换时候收邮件的地址,一行一个847616606@163.com           }notification_email_from   #指定邮件的来源smtp_server 127.0.0.1    #使用本地邮件服务器smtp_connect_timeout 30   #指定邮件连接超时时间router_id LVS_MASTER      #指定router_id标识符 ,主备的可以相同,也可以不相同}vrrp_syncv_group SWJ {    #定义一个虚拟路由组  group {inside_networkoutside_network}}vrrp_instance outside_network {state MASTER   #设置主lvs负载为master ,备用的为BACKUPinterface eth0  #设置VIP的绑定网卡 track_interface {  #定义额外的监听网卡,只要其中一个网卡出现故障就会发生主备切换# eth0eth1}lvs_sync_daemon_inteface eth0   #设置lvs监听网卡virtual_router_id 100           #设置虚拟路由ID号,同一组主备的ID号要一样priority 100             #设置优先级,MASTER的优先级要比BACKUP的高advert_int 1             #设置vrrp检测时间,默认为1Sauthentication {         #设置认证信息,主备要一样auth_type PASSauth_pass 1111}virtual_ipaddress {10.204.172.2/26           #设置外网VIP}}vrrp_instance inside_network {state MASTERinterface eth1track_interface {eth0# eth1}lvs_sync_daemon_inteface eth0virtual_router_id 50priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.1.21/24      #设置网关地址为内网VIP}}virtual_server 10.204.172.2 9912 {  #设置策略 vip+端口 delay_loop 6lb_algo rr   # 设置策略,在这里为轮询模式,也可以设置为wrr或其他lb_kind NAT  #设置为NAT模式,DR模式换为DR即可nat_mask 255.255.255.192#persistence_timeout 50 # 此处注释,不然在50s里面访问的都是同一台后端服务器protocol TCPreal_server 192.168.1.32 9912 {  #设置真实服务器IP+端口weight 1TCP_CHECK {connect_timeout 3nb_get_retry 3delay_before_retry 3connect_port 9912  #设置连接端口}}real_server 192.168.1.31 9912 {weight 1TCP_CHECK {connect_timeout 3nb_get_retry 3delay_before_retry 3connect_port 9912}}}

 

 配置好了之后启动keepalived服务

[root@localhost ~]# /etc/init.d/keepalived restart

Stopping keepalived: [  OK  ]
Starting keepalived: [  OK  ]

查看主lvs的IP

查看备用lvs的IP

查看lvs负载:

查看日志

模拟主设备出现故障,ifdown eth0 或者将keepalived服务关闭

会发现VIP都会切换到备用负载上面去。

通过访问都能正常转发: