Current location - Plastic Surgery and Aesthetics Network - Plastic surgery and beauty - How to realize Vip and rip in LVSD mode simultaneously by using public IP?
How to realize Vip and rip in LVSD mode simultaneously by using public IP?
Using a public IP address to realize the DR mode of LVS (using php to solve the problem of session stickiness).

Last year, a friend asked me how a single public ip can use the DR mode of LVS. I didn't think so at the time. I thought their company was really stingy, so stingy with public ip. As a result, this question came to me today.

It's not because the other company doesn't have a public IP, but because of security considerations, they don't want to expose the server, and people don't want to buy a firewall because of this small project, so they put forward this requirement.

I said, can't you use NAT? But people say that the server as a distributor must wear many hats and can't burden her any more ... X﹏X

When the demand is put forward, I will start to implement it! However, there is little information in this regard. I found an article on Dr. Zhang's website, which only said that I could do it, but didn't say how to do it, and it seemed that I had to put forward a _ sharing package (⊙ o ⊙ o ⊙) .............................................................................................

How can it be achieved? At this time, tian teacher reminded me, "Say that a public IP can also do DR, just add a router in front." But he hasn't tried it yet, so let me test it myself. I started the test as soon as I heard it, hehe.

The concrete structure is just like the picture above, (you can make do with whatever you draw (* _ _ *) hee hee ...)

The principle is to let the router distribute all 80 requests to VIP, and the distributor then distributes them to various web servers. After processing the request, the web server will not go to the distributor, but directly go to the external network through the router, which realizes the DR mode and can only use a public network IP. The specific configuration is as follows.

First, I found three servers from the intranet, namely:

Website 1. 1.65438

192. 168. 1. 167

192.168.1.160 Distributor

192. 168. 1. 169 VIP

192. 168. 1 router Intranet ip (Gateway) router is a randomly found tplink adal router for testing.

211.83.13.119 router's WAN port IP (whatever it is, don't be surprised to repeat it).

Just install ipvsadm first, and yum will install ipvsadm directly, not much to say.

I use keepalived, which is a good tool. As for the installation, I won't talk about it. Please refer to the keepalived manual written by tian teacher. There is a download link in my blog.

I also have his test in my blog.

Just paste the configuration file. This is the setting on the distributor.

global_defs {

Notification _ Mail {

ufo@xman.com

}

Email notification from Alexandria. Cassen@firewall.loc

Smtp _ Server smtp.qq.com

Smtp _ Connection _ Timeout 30

Development of router identification LVS

}

vrrp_sync_group VG 1 {

Group {

VI_ 1

}

}

vrrp_instance VI_ 1 {

Master of the country

Interface eth0

Virtual router id 5 1

Priority 100

advert_int 1

Authentication {

Verification type passed.

Authorization _ Pass 332 10

}

Virtual IP address {

192. 168. 1. 169

}

Virtual server192.168.1.169 80 {

Delay _ Loop 6

lb_algo rr

lb_kind DR

Protocol TCP

real _ server 192. 168. 1. 166 80 {

Weight 1

Do not open the fault

TCP_CHECK {

Connection timeout 5

Nb _ get _ retry 3

Delay before retry 3

Connection port 80

}

}

real _ server 192. 168. 1. 167 80 {

Weight 1

Do not open the fault

TCP_CHECK {

Connection timeout 5

Nb _ get _ retry 3

Delay before retry 3

Connection port 80

}

}

The configuration file is completed, and then it is

By default, Mkdir /etc/keepalived # system will look for configuration files here.

CP/usr/local/keepalive/etc/keepalived/keepalived . conf/etc/keepalived/

CP/usr/local/keepalive/etc/RC . d/init . d/keepalived/etc/init . d/

CP/usr/local/keepalive/etc/sys config/keepalived/etc/sys config/

CP/usr/local/keepalive/sbin/keepalived/bin/# Put the executable program into the sbin or bin directory.

vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

Execute sysctl -p after saving and exiting.

Add default GW192.168.1.1Add the routing intranet address as the default gateway.

Web server settings

The two web servers also need to modify /etc/sysctl.conf as follows

vim /etc/sysctl.conf

# LVS

net . IP v4 . conf . all . ARP _ ignore = 1

net . IP v4 . conf . all . ARP _ announce = 2

net . IP v4 . conf . lo . ARP _ ignore = 1

net . IP v4 . conf . lo . ARP _ announce = 2

System control language

After that, vip will be added.

Ifconfig lo:1192.168.1.169 netmask 255.255 Don't forget to add it to rc.local

Add default GW192.168.1.1Add the routing intranet address as the default gateway.

Router settings

There is nothing to say about router settings. In addition to Internet settings, we also need to make a port mapping, that is, map port 80 to vip, which is192.168.1.169.

Now start to stay alive.

/etc/init.d/keepalived start

At first, it was slow. After about 1 minute, the following records appear in the system log and are OK.

Avahi-daemon[30 12]: register the new address record of192.168.1.169 on eth0.

Let's visit http://211.83.113.119.

Haha, it worked. I put our application on it and run it. The test passed, and it was faster. Hehe, the test was successful.

ipvsadm -L -n

IP virtual server version 1.2. 1 (size =4096)

Port local address: port scheduler flag

-& gt; RemoteAddress: port forwarding weight ActiveConn InActConn

TCP 192. 168. 1. 169:80 RR

-& gt; 192.168.1.166: 80 route 1 5 6

-& gt; 192.168.1.167: 80 route 1 3 9

Later, I met a problem. Because this application is in the background of a big website, most requests come from the same IP address, and some programs need to make a session sticky for each connection.

So I can't use the -p parameter of lvs to set the ip sticky time. If lvs sticky time is used, most requests will be distributed to the same web server (note: this is session sticky rather than IP sticky).

Lvs can't do this. What should we do?

I asked on the cu forum and learned that many friends have done similar projects. Their solution is to enjoy the conversation, and there are many choices where to enjoy it.

We give all php sessions of web servers to memcached, so that no matter which web server the distributor assigns ip connections to, there will be no problem. The configuration method is simple, and it is in the php configuration file.

Just add one sentence, but only if you install the memcache module.

[conversation]

; A handler for storing/retrieving data.

session.save_handler = memcache

session . save _ path = " TCP:// 192. 168. 1. 1: 1 12 13 "