freebsd7.2 负载均衡器负载均衡+冗余【不错的负载均衡方案】

测试结果:
# curl 192.168.0.11
<html><body><h1>the is 10.0.0.13!</h1></body></html>
# curl 192.168.0.11
<html><body><h1>the is 10.0.0.10</h1></body></html>
# curl 192.168.0.11
<html><body><h1>the is 10.0.0.12!</h1></body></html>
# curl 192.168.0.11
<html><body><h1>the is 10.0.0.11</h1></body></html>
# curl 192.168.0.11
<html><body><h1>the is 10.0.0.13!</h1></body></html>
实做双网关负载均衡,使用haproxy转发请求至后端服务器,看图   已经测试,无故障运行

配置
freebsd7.2 内核不支持pfsync与carp,请重新编译内核,加入pfsync与carp支持,二台负载均衡器,四台WEB SERVER
Carp地址,对外192.168.0.11,对内10.0.0.1

          fw1 ————–fw2
            |         pfsync     |
            |                        |
_________________________
            | carp1:10.0.0.1|
                        |
                        |
                   web server
负载均衡器1配置:
/boot/loader.conf加入以下内容,以开机启动PF模块
pf_load=”YES”
pflog_load=”YES”
/etc/rc.conf配置
pf_enable=”YES”
pf_rules=”/etc/pf.conf”
pflog_enable=”YES”
pflog_logfile=”/var/log/pflog”

#ext_if
ifconfig_le0=”inet 192.168.0.10/24″
defaultrouter=”192.168.0.1″
分别创建carp0与carp1
cloned_interfaces=”carp0 carp1″
ifconfig_carp0=”vhid 1 pass jazz 192.168.0.11/24″

#int_if
ifconfig_le1=”inet 10.0.0.3/24″
ifconfig_carp1=”vhid 2 pass jazz 10.0.0.1/24″
#pfsync
ifconfig_le2=”inet 10.1.1.2/24″
ifconfig_pfsync0=”syncdev le2 up”
gateway_enable=”YES”
安装haproxy
cd /usr/ports/net/haproxy-devel
make
make install
配置文件在/usr/local/etc
复制haproxy.conf-dist为 haproxy.conf.
haproxy.conf文件内容如下:

global
        maxconn 4096
        uid 65534
        gid 65534
        daemon
        #debug
        quiet
        nbproc 2
        pidfile /var/run/haproxy.pid

defaults
        log        global
        mode        http
        option        httplog
        option        dontlognull
        log 127.0.0.1 local0 notice
        retries        3
        maxconn        2000
        contimeout        5000
        clitimeout        50000
        srvtimeout        50000

listen        HTTP_SERVER 192.168.0.11:80
        mode http
        option dontlognull
        log 127.0.0.1 local0
        cookie        SERVERID rewrite
        option httplog
        option httpchk
        option httpclose
        stats  uri /stats
        stats auth root:root
        balance        roundrobin   #轮转算法
        server  app1 10.0.0.10 cookie app1inst2 check inter 2000 rise 2 fall 5
        server  app2 10.0.0.11 cookie app1inst2 check inter 2000 rise 2 fall 5
                server  app3 10.0.0.12 cookie app1inst2 check inter 2000 rise 2 fall 5
                server  app4 10.0.0.13 cookie app1inst2 check inter 2000 rise 2 fall 5

启动haproxy
# /usr/local/etc/rc.d/haproxy start
Starting haproxy.

 
FW2配置:
/etc/rc.confpf_enable=”YES”
pf_rules=”/etc/pf.conf”
pflog_enable=”YES”
pflog_logfile=”/var/log/pflog”
#ext_if
ifconfig_le0=”inet 192.168.0.14/24″
defaultrouter=”192.168.0.1″
cloned_interfaces=”carp0 carp1″
ifconfig_carp0=”vhid 1 pass jazz 192.168.0.11/24″

#int_if
ifconfig_le1=”inet 10.0.0.4/24″
ifconfig_carp1=”vhid 2 pass jazz 10.0.0.1/24″

#pfsync
ifconfig_le2=”inet 10.1.1.1/24″
ifconfig_pfsync0=”syncdev le2 up”
gateway_enable=”YES”

安装haproxy
# cd /usr/ports/net/haproxy-devel
# make
===>  Vulnerability check disabled, database not found
=> haproxy-1.3.15.5.tar.gz doesn’t seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://haproxy.1wt.eu/download/1.3/src/haproxy-1.3.15.5.tar.gz                        
0% of  490 kB    0  Bphaproxy-1.3.15.5.tar.gz  
0% of  490 kB   18 kBphaproxy-1.3.15.5.tar.gz                        
5% of  490 kB   25 kBphaproxy-1.3.15.5.tar.gz                      
13% of  490 kB   28 kBphaproxy-1.3.15.5.tar.gz                       
17% of  490 kB   27 kBphaproxy-1.3.15.5.tar.gz                       
20% of  490 kB   24 kBphaproxy-1.3.15.5.tar.gz                       

haproxy.conf配置文件与fw1一样
现在重启任何一台机器,他都可以接管服务

# sysctl -a|grep carp
net.inet.ip.same_prefix_carp_only: 0
net.inet.carp.allow: 1
net.inet.carp.preempt: 1
net.inet.carp.log: 1
net.inet.carp.arpbalance: 0
net.inet.carp.suppress_preempt: 0
CARP配置如上,sysctl.conf增加以上内容
运行状态可以看图,其它pf的RDR重定向可以替代HAPROXY,但是其不支持健康状况检查,所以拿HAPROXY,现在关闭fw1 与fw2其中的任意一台,另一台则接管其工作。
pf的rdr实现如下:
web_servers = “{ 10.0.0.10, 10.0.0.11, 10.0.0.13, 10.0.0.12 }”

rdr on $ext_if proto tcp from any to any port 80 -> $web_servers \
    round-robin sticky-address

用PF RDR性能要比HAPROXY要好!pf是聚成到内核里的。

转载 http://bbs3.chinaunix.net/thread-1459327-1-1.html

© 版权声明
THE END
喜欢就支持以下吧
点赞0
分享