lvs+frmark
[root@nagios~]#ln-s/usr/src/kernels/2.6.18-308.13.1.el5-x86_64//usr/src/linux
[root@nagios~]#yuminstallipvsadm
[root@nagios~]#tar-zxvfkeepalived-1.2.7.tar.gz-C/usr/local
[root@nagios~]#cdkeepalived-1.2.7/
[root@nagios~]#./configure
[root@nagios~]#make&&makeinstall
[root@nagios~]#cp/usr/local/etc/rc.d/init.d/keepalived/etc/rc.d/init.d/
[root@nagios~]#cp/usr/local/etc/sysconfig/keepalived/etc/sysconfig/
[root@nagios~]#mkdir/etc/keepalived
[root@nagios~]#cp/usr/local/etc/keepalived/keepalived.conf/etc/keepalived/
[root@nagios~]#cp/usr/local/sbin/keepalived/usr/sbin/
[root@nagios~]#servicekeepalivedstart
[root@nagios~]#vim/etc/keepalived/keepalived.conf
修改配置文件内容如下
!ConfigurationFileforkeepalived
global_defs{
notification_email{
yhl5555@126.com
}
notification_email_fromyhl5555@126.com
smtp_server127.0.0.1
#smtp_connect_timeout30
router_idLVS_DEVEL
}
#VIP1
vrrp_instanceVI_1{
stateMASTER
interfaceeth0
virtual_router_id50
priority100
advert_int1
authentication{
auth_typePASS
auth_pass1111
}
virtual_ipaddress{
172.16.1.160
}
}
virtual_serverfwmark1{
delay_loop6
lb_algowrr
lb_kindDR
#persistence_timeout60
protocolTCP
real_server172.16.1.17180{
weight3
TCP_CHECK{
connect_timeout10
nb_get_retry3
delay_before_retry3
connect_port80
}
}
}
virtual_serverfwmark2{
delay_loop6
lb_algowrr
lb_kindDR
#persistence_timeout60
protocolTCP
real_server172.16.1.17280{
weight3
TCP_CHECK{
connect_timeout10
nb_get_retry3
delay_before_retry3
connect_port80
}
}
}
在lvs调度器上面操作
注意:mangle表的匹配顺序是从下到上
[root@nagios~]#iptables-tmangle-IPREROUTING-s172.16.0.68-ptcp-d172.16.1.160--dport80-jMARK--set-mark1
[root@nagios~]#iptables-tmangle-IPREROUTING-s172.16.1.173-ptcp-d172.16.1.160--dport80-jMARK--set-mark2
分别在两台web服务器上执行realserver.sh绑定虚拟ip,脚本内容如下
#!/bin/bash
SNS_VIP=172.16.1.160
./etc/rc.d/init.d/functions
case"$1"in
start)
ifconfiglo:0$SNS_VIPnetmask255.255.255.255broadcast$SNS_VIP
/sbin/routeadd-host$SNS_VIPdevlo:0
echo"1">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo"2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo"1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo"2">/proc/sys/net/ipv4/conf/all/arp_announce
sysctl-p>/dev/null2>&1
echo"RealServerStartOK"
;;
stop)
ifconfiglo:0down
routedel$SNS_VIP>/dev/null2>&1
echo"0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo"0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo"0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo"0">/proc/sys/net/ipv4/conf/all/arp_announce
echo"RealServerStoped"
;;
*)
echo"Usage:$0{start|stop}"
exit1
esac
exit0
测试效果
1、当来源ip为172.16.0.68的主机访问目标地址172.16.1.160的80端口时,转向了keepalived定义的fwmark1规则
2、当来源ip为172.16.1.173的主机访问目标地址172.16.1.160的80端口时,转向了keepalived定义的fwmark1规则
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
