lvs实验pcc,ppc,fwmark
2012-01-31 14:41
176 查看
实验拓扑,环境和lvs-dr一样。
实验二:pcc
测试ssh22端口和http80端口
-->pcc(persistent client connections) :将同一个用户的请求定向到同一个realserver上,将端口定义为零
[root@slave ~]# ipvsadm -C
[root@slave ~]# ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
[root@slave ~]# ipvsadm -A -t 172.16.8.120:0 -s sed -p 1000
[root@slave ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.8.120:0 sed persistent 1000
[root@slave ~]# ipvsadm -a -t 172.16.8.120:0 -r 172.16.8.6 -g -w 100
[root@slave ~]# ipvsadm -a -t 172.16.8.120:0 -r 172.16.8.7 -g -w 200
[root@slave ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.8.120:0 sed persistent 1000
-> 172.16.8.7:0 Route 200 0 0
-> 172.16.8.6:0 Route 100 0 0
[root@slave ~]# ipvsadm -lcn
IPVS connection entries
pro expire state source virtual destination
TCP 01:46 FIN_WAIT 172.16.0.1:2521 172.16.8.120:80 172.16.8.7:80
TCP 01:44 FIN_WAIT 172.16.0.1:2509 172.16.8.120:80 172.16.8.7:80
TCP 01:43 FIN_WAIT 172.16.0.1:2499 172.16.8.120:80 172.16.8.7:80
TCP 01:40 FIN_WAIT 172.16.0.1:2478 172.16.8.120:80 172.16.8.7:80
TCP 16:26 NONE 172.16.0.1:0 172.16.8.120:0 172.16.8.7:0
TCP 01:44 FIN_WAIT 172.16.0.1:2507 172.16.8.120:80 172.16.8.7:80
TCP 01:44 FIN_WAIT 172.16.0.1:2508 172.16.8.120:80 172.16.8.7:80
TCP 01:44 FIN_WAIT 172.16.0.1:2512 172.16.8.120:80 172.16.8.7:80
TCP 00:40 SYN_RECV 172.16.0.1:2477 172.16.8.120:80 172.16.8.7:80
TCP 01:42 FIN_WAIT 172.16.0.1:2496 172.16.8.120:80 172.16.8.7:80
.....................找一客服端做测试.......................
# ab -c 10 -n 100 http://172.16.8.120/index.html
............................................................
实验三:ppc
-->ppc:将某一用户某一的特定端口的请求定向到同一特定的realserver上
[root@slave ~]# ipvsadm -C
[root@slave ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@slave ~]# ipvsadm -A -t 172.16.8.120:80 -s wlc -p 1000
[root@slave ~]# ipvsadm -A -t 172.16.8.120:23 -s wlc -p 1000
[root@slave ~]# ipvsadm -a -t 172.16.8.120:80 -r 172.16.8.6 -g -w 100
[root@slave ~]# ipvsadm -a -t 172.16.8.120:80 -r 172.16.8.7 -g -w 200
[root@slave ~]# ipvsadm -a -t 172.16.8.120:23 -r 172.16.8.7 -g -w 200
[root@slave ~]# ipvsadm -a -t 172.16.8.120:23 -r 172.16.8.6 -g -w 100
[root@slave ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.8.120:80 wlc persistent 1000
-> 172.16.8.7:80 Route 200 0 0
-> 172.16.8.6:80 Route 100 0 0
TCP 172.16.8.120:23 wlc persistent 1000
-> 172.16.8.6:23 Route 100 0 0
-> 172.16.8.7:23 Route 200 0 0
...........................两个服务器都装上telnet服务并开启,在物理机上测试........................
实验四:端口姻亲关系
将http和https定义为姻亲关系
-->persistent netfilter marked packet persistence(持久防火墙标记(在pre-routing链上打netfilter marked,而且该标记只在防火墙内部有效通常是0-99)--端口殷亲关系http,https--证书应该是同一个证书。):结合iptables让两种或者以上的具有相关联协议的设置一样的标记,定义集群服务的时候,基于-f 1。
实验时候C做ca认证服务器,颁发证书(............过程略............)
A,B装支持http的ssl模块
[root@server75 ~]# yum install mod_ssl
[root@server75 ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html"
ServerName www.magedu.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@server75 ~]# scp !$ 172.16.8.6:/etc/httpd/conf.d/ssl.conf
在C上配置
[root@slave ~]# ipvsadm -C
[root@slave ~]# iptables -t mangle -A PREROUTING -i eth0 -p tcp -d 172.16.8.120 --dport 80 -j MARK --set-mark 80
[root@slave ~]# iptables -t mangle -A PREROUTING -i eth0 -p tcp -d 172.16.8.120 --dport 443 -j MARK --set-mark 80
[root@slave ~]# ipvsadm -A -f 80 -s rr -p 1000
[root@slave ~]# ipvsadm -a -f 80 -r 172.16.100.7 -g
[root@slave ~]# ipvsadm -a -f 80 -r 172.16.100.6 -g
[root@slave ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 80 rr persistent 1000
-> 172.16.100.6:0 Route 1 0 0
-> 172.16.100.7:0 Route 1 0 0
本文出自 “面对自己” 博客,请务必保留此出处http://angus717.blog.51cto.com/1593644/769577
实验二:pcc
测试ssh22端口和http80端口
-->pcc(persistent client connections) :将同一个用户的请求定向到同一个realserver上,将端口定义为零
[root@slave ~]# ipvsadm -C
[root@slave ~]# ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
[root@slave ~]# ipvsadm -A -t 172.16.8.120:0 -s sed -p 1000
[root@slave ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.8.120:0 sed persistent 1000
[root@slave ~]# ipvsadm -a -t 172.16.8.120:0 -r 172.16.8.6 -g -w 100
[root@slave ~]# ipvsadm -a -t 172.16.8.120:0 -r 172.16.8.7 -g -w 200
[root@slave ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.8.120:0 sed persistent 1000
-> 172.16.8.7:0 Route 200 0 0
-> 172.16.8.6:0 Route 100 0 0
[root@slave ~]# ipvsadm -lcn
IPVS connection entries
pro expire state source virtual destination
TCP 01:46 FIN_WAIT 172.16.0.1:2521 172.16.8.120:80 172.16.8.7:80
TCP 01:44 FIN_WAIT 172.16.0.1:2509 172.16.8.120:80 172.16.8.7:80
TCP 01:43 FIN_WAIT 172.16.0.1:2499 172.16.8.120:80 172.16.8.7:80
TCP 01:40 FIN_WAIT 172.16.0.1:2478 172.16.8.120:80 172.16.8.7:80
TCP 16:26 NONE 172.16.0.1:0 172.16.8.120:0 172.16.8.7:0
TCP 01:44 FIN_WAIT 172.16.0.1:2507 172.16.8.120:80 172.16.8.7:80
TCP 01:44 FIN_WAIT 172.16.0.1:2508 172.16.8.120:80 172.16.8.7:80
TCP 01:44 FIN_WAIT 172.16.0.1:2512 172.16.8.120:80 172.16.8.7:80
TCP 00:40 SYN_RECV 172.16.0.1:2477 172.16.8.120:80 172.16.8.7:80
TCP 01:42 FIN_WAIT 172.16.0.1:2496 172.16.8.120:80 172.16.8.7:80
.....................找一客服端做测试.......................
# ab -c 10 -n 100 http://172.16.8.120/index.html
............................................................
实验三:ppc
-->ppc:将某一用户某一的特定端口的请求定向到同一特定的realserver上
[root@slave ~]# ipvsadm -C
[root@slave ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@slave ~]# ipvsadm -A -t 172.16.8.120:80 -s wlc -p 1000
[root@slave ~]# ipvsadm -A -t 172.16.8.120:23 -s wlc -p 1000
[root@slave ~]# ipvsadm -a -t 172.16.8.120:80 -r 172.16.8.6 -g -w 100
[root@slave ~]# ipvsadm -a -t 172.16.8.120:80 -r 172.16.8.7 -g -w 200
[root@slave ~]# ipvsadm -a -t 172.16.8.120:23 -r 172.16.8.7 -g -w 200
[root@slave ~]# ipvsadm -a -t 172.16.8.120:23 -r 172.16.8.6 -g -w 100
[root@slave ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.8.120:80 wlc persistent 1000
-> 172.16.8.7:80 Route 200 0 0
-> 172.16.8.6:80 Route 100 0 0
TCP 172.16.8.120:23 wlc persistent 1000
-> 172.16.8.6:23 Route 100 0 0
-> 172.16.8.7:23 Route 200 0 0
...........................两个服务器都装上telnet服务并开启,在物理机上测试........................
实验四:端口姻亲关系
将http和https定义为姻亲关系
-->persistent netfilter marked packet persistence(持久防火墙标记(在pre-routing链上打netfilter marked,而且该标记只在防火墙内部有效通常是0-99)--端口殷亲关系http,https--证书应该是同一个证书。):结合iptables让两种或者以上的具有相关联协议的设置一样的标记,定义集群服务的时候,基于-f 1。
实验时候C做ca认证服务器,颁发证书(............过程略............)
A,B装支持http的ssl模块
[root@server75 ~]# yum install mod_ssl
[root@server75 ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html"
ServerName www.magedu.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@server75 ~]# scp !$ 172.16.8.6:/etc/httpd/conf.d/ssl.conf
在C上配置
[root@slave ~]# ipvsadm -C
[root@slave ~]# iptables -t mangle -A PREROUTING -i eth0 -p tcp -d 172.16.8.120 --dport 80 -j MARK --set-mark 80
[root@slave ~]# iptables -t mangle -A PREROUTING -i eth0 -p tcp -d 172.16.8.120 --dport 443 -j MARK --set-mark 80
[root@slave ~]# ipvsadm -A -f 80 -s rr -p 1000
[root@slave ~]# ipvsadm -a -f 80 -r 172.16.100.7 -g
[root@slave ~]# ipvsadm -a -f 80 -r 172.16.100.6 -g
[root@slave ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 80 rr persistent 1000
-> 172.16.100.6:0 Route 1 0 0
-> 172.16.100.7:0 Route 1 0 0
本文出自 “面对自己” 博客,请务必保留此出处http://angus717.blog.51cto.com/1593644/769577
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- LVS持久连接(PPC+PCC+PNMPP)
- LVS 持久连接 PPC模式、PCC模式、防火墙标记
- LVS 群集持久连接配置(pcc+ppc+防火墙标示)
- LVS 集群中持久连接详解(PPC+PCC+PNMPP)
- LVS-DR模型测试实验
- ubuntu server 10.4下LVS-DR实验
- ubuntu server 10.4下LVS-DR实验
- lvs-dr实验搭建
- lvs集群服务的DR模式和NAT模式详解及实验
- LVS DR 实验环境部署脚本
- MySQL + KeepAlived + LVS 单点写入主主同步高可用架构实验
- 位于2个网段的LVS的DR模型实验
- lvs-nat负载均衡实验
- 实验LVS+keepalived
- 在RHEL6.6环境下进行LVS-NAT实验(Vmware模式)
- LVS:DR模式(Direct Routing)部署实验
- LVS+keepalived构建高可用负载均衡群集实验纯文本
- LVS:DR模式(Direct Routing)部署实验
- 高可用集群实验一:lvs的NAT模式、DR模式搭建及性能对比
- 实验LVS+keepalived