基于LVS负载均衡集群的架构实现

一、LVS—NAT+持久连接（80+443）-负载均衡部署

1.环境准备

服务器A：负载均衡服务器 IP：172.17.16.173和192.168.16.173
服务器B：real-server  IP：192.168.17.173
服务器C：real-server  IP：192.168.17.174

#服务器B和服务器C开启基于SSL加密的nginx服务
cd /etc/pki/tls/certs/
make nginx.crt
vim /etc/nginx/nginx.conf
#添加下面几行
server {
listen       443;
root         /var/www/html;

ssl_certificate "/etc/pki/tls/certs/nginx.crt";
ssl_certificate_key "/etc/pki/tls/certs/nginx.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout  10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
#去除私钥口令，否则服务无法启动
cp nginx.key nginx.key.bak
openssl rsa -in nginx.key.bak -out nginx.key

systemctl start nginx

2.在VS定义持久连接的绑定端口

iptables -t mangle -A PREROUTING -d 172.17.16.173 -p tcp --dport 80 -j MARK --set-mark 99

iptables -t mangle -A PREROUTING -d 172.17.16.173 -p tcp --dport 443 -j MARK --set-mark 99

3.在VS建立NAT模式虚拟服务并设置RS服务地址

ipvsadm -A -f 99 -s wrr -p
ipvsadm -a -f 99 -r 192.168.17.173 -m
ipvsadm -a -f 99 -r 192.168.17.174 -m

4.VS开启转发功能

vim /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl  -p

5.RS修改网关为DIP

route add default gw 192.168.16.173

二、LVS—DR+持久连接（80+443）-负载均衡部署

1.环境准备

服务器A：负载均衡服务器 VIP：172.17.16.173和DIP:172.17.16.100
服务器B：real-server  RIP：172.17.17.173
服务器C：real-server  RIP：172.17.17.174

#服务器B和服务器C开启基于SSL加密的nginx服务
cd /etc/pki/tls/certs/
make nginx.crt
vim /etc/nginx/nginx.conf
#添加下面几行
server {
listen       443;
root         /var/www/html;

ssl_certificate "/etc/pki/tls/certs/nginx.crt";
ssl_certificate_key "/etc/pki/tls/certs/nginx.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout  10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
#去除私钥口令，否则服务无法启动
cp nginx.key nginx.key.bak
openssl rsa -in nginx.key.bak -out nginx.key

systemctl start nginx

2.在VS定义持久连接的绑定端口

iptables -t mangle -A PREROUTING -d 172.17.16.173 -p tcp --dport 80 -j MARK --set-mark 99

iptables -t mangle -A PREROUTING -d 172.17.16.173 -p tcp --dport 443 -j MARK --set-mark 99

3.在VS建立NAT模式虚拟服务并设置RS服务地址

配置VIP只之广播自己
route add -host 172.17.16.173 dev eth0

ipvsadm -A -f 99 -s wrr -p
ipvsadm -a -f 99 -r 172.17.17.173 -g -w 3
ipvsadm -a -f 99 -r 172.17.17.174 -g -w 3

4.VS开启转发功能

vim /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl  -p

5.在RS上：设置回环网卡别名为VIP，禁止广播回应，回环网卡路由为自己

ifconfig lo:0 172.17.16.173 broadcast 172.17.16.173 netmask 255.255.255.255 up

route add -host 172.17.16.173 lo:0

echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce