keepalived LVS DR模式搭建一个高可用的nginx负载

LVS作为第四层的负载均衡,效率比NGINX HA等方式搭建的负载均衡效率要高些,在企业中使用DR模式又比使用NAT模式的场景更广,下面就是一个简单的实验。

  • 环境准备
vip 172.16.50.65
Real server 1: 172.16.50.66
Real server 2: 172.16.50.67
Director Server: 172.16.50.10(MASTER)
Director Server: 172.16.50.11(BACKUP)
  • Director Server关闭selinux和防火墙功能 安装 keepalived 和 ipvsadm
  • 172.16.50.10上面keepalived.conf的配置文件为:
! Configuration File for keepalived

global_defs {
   notification_email {
    qq@qq.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface ens32
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass yourpassword
    }
    virtual_ipaddress {
        172.16.50.65
    }
}

virtual_server 172.16.50.65 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP

    real_server 172.16.50.66 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 2
        }
    }

    real_server 172.16.50.67 80 {
        weight 2
        TCP_CHECK {
            connect_port 80
            connect_timeout 2
        }
    }
}
  • 172.16.50.11上面keepalived.conf的配置文件为:
! Configuration File for keepalived

global_defs {
   notification_email {
    qq@qq.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens32
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass yourpassword
    }
    virtual_ipaddress {
        172.16.50.65
    }
}

virtual_server 172.16.50.65 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP

    real_server 172.16.50.66 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 2
        }
    }

    real_server 172.16.50.67 80 {
        weight 2
        TCP_CHECK {
            connect_port 80
            connect_timeout 2
        }
    }
}
  • 在Real server中配置NGINX VIP和添加路由
ifconfig lo:0 172.16.50.65 netmask 255.255.255.255 broadcast 172.16.50.65
route add -host 172.16.50.65  dev lo:0
  • 在Real server修改内核参数,控制Real server的响应模式
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2