1、查看当前系统ipvs的相关信息:支持的协议和算法;
~]# grep -i “ipvs” -C 10 config-3.10.0-693.el7.x86_64
CONFIG_NETFILTER_XT_MATCH_CPU=m CONFIG_NETFILTER_XT_MATCH_DCCP=m CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m CONFIG_NETFILTER_XT_MATCH_DSCP=m CONFIG_NETFILTER_XT_MATCH_ECN=m CONFIG_NETFILTER_XT_MATCH_ESP=m CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m CONFIG_NETFILTER_XT_MATCH_HELPER=m CONFIG_NETFILTER_XT_MATCH_HL=m CONFIG_NETFILTER_XT_MATCH_IPRANGE=m CONFIG_NETFILTER_XT_MATCH_IPVS=m CONFIG_NETFILTER_XT_MATCH_LENGTH=m CONFIG_NETFILTER_XT_MATCH_LIMIT=m CONFIG_NETFILTER_XT_MATCH_MAC=m CONFIG_NETFILTER_XT_MATCH_MARK=m CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m CONFIG_NETFILTER_XT_MATCH_NFACCT=m CONFIG_NETFILTER_XT_MATCH_OSF=m CONFIG_NETFILTER_XT_MATCH_OWNER=m CONFIG_NETFILTER_XT_MATCH_POLICY=m CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m -- CONFIG_IP_SET_HASH_NET=m CONFIG_IP_SET_HASH_NETPORT=m CONFIG_IP_SET_HASH_NETIFACE=m CONFIG_IP_SET_LIST_SET=m CONFIG_IP_VS=m CONFIG_IP_VS_IPV6=y # CONFIG_IP_VS_DEBUG is not set CONFIG_IP_VS_TAB_BITS=12 # # IPVS transport protocol load balancing support # CONFIG_IP_VS_PROTO_TCP=y CONFIG_IP_VS_PROTO_UDP=y CONFIG_IP_VS_PROTO_AH_ESP=y CONFIG_IP_VS_PROTO_ESP=y CONFIG_IP_VS_PROTO_AH=y CONFIG_IP_VS_PROTO_SCTP=y # # IPVS scheduler # CONFIG_IP_VS_RR=m CONFIG_IP_VS_WRR=m CONFIG_IP_VS_LC=m CONFIG_IP_VS_WLC=m CONFIG_IP_VS_LBLC=m CONFIG_IP_VS_LBLCR=m CONFIG_IP_VS_DH=m CONFIG_IP_VS_SH=m CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m # # IPVS SH scheduler # CONFIG_IP_VS_SH_TAB_BITS=8 # # IPVS application helper # CONFIG_IP_VS_FTP=m CONFIG_IP_VS_NFCT=y CONFIG_IP_VS_PE_SIP=m # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m
2、安装ipvsadm
1> 查看yum仓库中ipvsadm程序包的版本信息
~]# yum info ipvsadm
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: mirrors.aliyun.com
* extras: mirrors.zju.edu.cn
* updates: mirrors.aliyun.com
Available Packages
Name : ipvsadm
Arch : x86_64
Version : 1.27
Release : 7.el7
Size : 45 k
Repo : base/7/x86_64
Summary : Utility to administer the Linux Virtual Server
URL : https://kernel.org/pub/linux/utils/kernel/ipvsadm/
License : GPLv2+
Description : ipvsadm is used to setup, maintain, and inspect the virtual server
: table in the Linux kernel. The Linux Virtual Server can be used to
: build scalable network services based on a cluster of two or more
: nodes. The active node of the cluster redirects service requests to a
: collection of server hosts that will actually perform the
: services. Supported Features include:
: - two transport layer (layer-4) protocols (TCP and UDP)
: - three packet-forwarding methods (NAT, tunneling, and direct routing)
: - eight load balancing algorithms (round robin, weighted round robin,
: least-connection, weighted least-connection, locality-based
: least-connection, locality-based least-connection with
: replication, destination-hashing, and source-hashing)
2>安装ipvsadm
~]# yum -y install ipvsadm
3>查看安装后产生的相关文件
查看安装后产生的目录、文件:
~]# rpm -ql ipvsadm
/etc/sysconfig/ipvsadm-config /usr/lib/systemd/system/ipvsadm.service /usr/sbin/ipvsadm /usr/sbin/ipvsadm-restore /usr/sbin/ipvsadm-save /usr/share/doc/ipvsadm-1.27 /usr/share/doc/ipvsadm-1.27/README /usr/share/man/man8/ipvsadm-restore.8.gz /usr/share/man/man8/ipvsadm-save.8.gz /usr/share/man/man8/ipvsadm.8.gz
查看ipvsadm的’Unit’文件内容:
~]# more /usr/lib/systemd/system/ipvsadm.service
[Unit] Description=Initialise the Linux Virtual Server After=syslog.target network.target [Service] Type=oneshot ExecStart=/bin/bash -c "exec /sbin/ipvsadm-restore < /etc/sysconfig/ipvsadm" ExecStop=/bin/bash -c "exec /sbin/ipvsadm-save -n > /etc/sysconfig/ipvsadm" ExecStop=/sbin/ipvsadm -C RemainAfterExit=yes [Install] WantedBy=multi-user.target
4>ipvsadm命令帮助
~]# ipvsadm -h
ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)
Usage:
ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]] [-M netmask] [--pe persistence_engine] [-b sched-flags]
ipvsadm -D -t|u|f service-address
ipvsadm -C
ipvsadm -R
ipvsadm -S [-n]
ipvsadm -a|e -t|u|f service-address -r server-address [options]
ipvsadm -d -t|u|f service-address -r server-address
ipvsadm -L|l [options]
ipvsadm -Z [-t|u|f service-address]
ipvsadm --set tcp tcpfin udp
ipvsadm --start-daemon state [--mcast-interface interface] [--syncid sid]
ipvsadm --stop-daemon state
ipvsadm -h
Commands:
Either long or short options are allowed.
--add-service -A add virtual service with options
--edit-service -E edit virtual service with options
--delete-service -D delete virtual service
--clear -C clear the whole table
--restore -R restore rules from stdin
--save -S save rules to stdout
--add-server -a add real server with options
--edit-server -e edit real server with options
--delete-server -d delete real server
--list -L|-l list the table
--zero -Z zero counters in a service or all services
--set tcp tcpfin udp set connection timeout values
--start-daemon start connection sync daemon
--stop-daemon stop connection sync daemon
--help -h display this help message
Options:
--tcp-service -t service-address service-address is host[:port]
--udp-service -u service-address service-address is host[:port]
--fwmark-service -f fwmark fwmark is an integer greater than zero
--ipv6 -6 fwmark entry uses IPv6
--scheduler -s scheduler one of rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq,
the default scheduler is wlc.
--pe engine alternate persistence engine may be sip,
not set by default.
--persistent -p [timeout] persistent service
--netmask -M netmask persistent granularity mask
--real-server -r server-address server-address is host (and port)
--gatewaying -g gatewaying (direct routing) (default)
--ipip -i ipip encapsulation (tunneling)
--masquerading -m masquerading (NAT)
--weight -w weight capacity of real server
--u-threshold -x uthreshold upper threshold of connections
--l-threshold -y lthreshold lower threshold of connections
--mcast-interface interface multicast interface for connection sync
--syncid sid syncid for connection sync (default=255)
--connection -c output of current IPVS connections
--timeout output of timeout (tcp tcpfin udp)
--daemon output of daemon information
--stats output of statistics information
--rate output of rate information
--exact expand numbers (display exact values)
--thresholds output of thresholds information
--persistent-conn output of persistent connection info
--nosort disable sorting output of service/server entries
--sort does nothing, for backwards compatibility
--ops -o one-packet scheduling
--numeric -n numeric output of addresses and ports
--sched-flags -b flags scheduler flags (comma-separated)
3、ipvsadm命令使用
管理集群服务的操作:增、改、删、查;
===================================
增、改:ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]]
删:ipvsadm -D -t|u|f service-address
说明:
-t|u|f service-address:
-t:TCP协议的端口,书写格式为”VIP:TCP_PORT”;
-u:UDP协议的端口,书写格式为”VIP:UDP_PORT”;
-f:firewall MARK,防火墙标记,是一个数字;
-s scheduler:指定集群的调度算法,默认为’wlc’;
管理集群上的RS:增、改、删、查;
=====================================
增、改:ipvsadm -a|e -t|u|f service-address -r server-address [-g|i|m] [-w weight]
删:ipvsadm -d -t|u|f service-address -r server-address
说明:
-g:gatewaying (direct routing) (default);
-i:ipip encapsulation (tunneling);
-m:masquerading (NAT);
清空定义的所有内容:ipvsadm -C
———————————
查看:ipvsadm -L|l [options]
————————————-
options:
–numeric,-n numeric output of addresses and ports
–exact expand numbers (display exact values)
–connection,-c output of current IPVS connections
–stats output of statistics information
–rate output of rate information
举例:
查看连接速率;
~]# ipvsadm -Ln –rate
IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port CPS InPPS OutPPS InBPS OutBPS -> RemoteAddress:Port TCP 192.168.199.145:80 76 529 378 34113 41079 -> 192.168.206.66:80 30 212 151 13633 16193 -> 192.168.206.99:80 45 318 227 20480 24885
CPS:每秒钟建立的连接数;
InPPS:每秒钟入站的报文数;
OutPPS:每秒钟出站的报文数;
InBPS:每秒钟入站的字节数;
OutBPS:每秒钟出站的字节数;
查看连接状态;
~]# ipvsadm -Ln –stats
IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 192.168.199.145:80 1040 7266 5207 473566 564160 -> 192.168.206.66:80 416 2910 2087 189574 222880 -> 192.168.206.99:80 624 4356 3120 283992 341280
查看客户端连接状态;
]# ipvsadm -Ln -c
IPVS connection entries pro expire state source virtual destination TCP 01:16 TIME_WAIT 192.168.199.111:54767 192.168.199.145:80 192.168.206.66:80 TCP 01:16 TIME_WAIT 192.168.199.111:54780 192.168.199.145:80 192.168.206.66:80 TCP 01:16 TIME_WAIT 192.168.199.111:54779 192.168.199.145:80 192.168.206.99:80 TCP 01:16 TIME_WAIT 192.168.199.111:54774 192.168.199.145:80 192.168.206.99:80 TCP 01:17 TIME_WAIT 192.168.199.111:54788 192.168.199.145:80 192.168.206.99:80 TCP 01:14 TIME_WAIT 192.168.199.111:54739 192.168.199.145:80 192.168.206.99:80
保存与重载:
保存当前配置项到文件’/etc/sysconfig/ipvsadm’中;
~]# ipvsadm -S -n > /etc/sysconfig/ipvsadm
~]# ipvsadm -save -n > /etc/sysconfig/ipvsadm
重载配置文件内容到当前环境;
~]# ipvsadm -R < /etc/sysconfig/ipvsadm
~]# ipvsadm-restore < /etc/sysconfig/ipvsadm;
配置IPVS集群注意事项:
1> session会话存储方式;
2> 数据共享存储方式;
3> 集群内各主机的时间同步;