网站服务器集群构建之:Real Server篇

  作者:Amteam.org
2008/9/18 23:25:00
本文关键字: 存储 磁带 VTL

在做完load balancing之后我们就要做提供真实服务的Real 服务器了。

    如果使用nat模式,这个没有什么问题,非常简单,只要每台机器的内容及服务正常就可以了,如果使用DR模式的话需要注意本地的网卡的广播问题,要不然就会出现只往一台服务器上发请求,而其他服务器无请求的情况,这里有几种解决方法。
 

lvs dr Disable ARP for VIP
1. Using arp_tables_jf to disable ARP
arptables -F
arptables -A IN -d $VIP -j DROP
arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP
2. Using arp announce/arp ignore to disable ARP
arp_announce - INTEGER
Define different restriction levels for announcing the local
source IP address from IP packets in ARP requests sent on
interface:
0 - (default) Use any local address, configured on any interface
1 - Try to avoid local addresses that are not in the target
's
subnet for this interface. This mode is useful when target
hosts reachable via this interface require the source IP
address in ARP requests to be part of their logical network
configured on the receiving interface. When we generate the
request we will check all our subnets that include the
target IP and will preserve the source address if it is from
such subnet. If there is no such subnet we select source
address according to the rules for level 2.
2 - Always use the best local address for this target.
In this mode we ignore the source address in the IP packet
and try to select local address that we prefer for talks with
the target host. Such local address is selected by looking
for primary IP addresses on all our subnets on the outgoing
interface that include the target IP address. If no suitable
local address is found we select the first local address
we have on the outgoing interface or on all other interfaces,
with the hope we will receive reply for our request and
even sometimes no matter the source IP address we announce.
The max value from conf/{all,interface}/arp_announce is used.
Increasing the restriction level gives more chance for
receiving answer from the resolved target while decreasing
the level announces more valid sender'
s information.
arp_ignore - INTEGER
Define different modes for sending replies in response to
received ARP requests that resolve local target IP addresses:
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender
's IP address are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses
The max value from conf/{all,interface}/arp_ignore is used
when ARP request is received on the {interface}
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
3. Using the hidden interface to disable ARP
Linux kernel 2.4 and 2.6, you need to apply the hidden patch
# Start the hiding interface functionality
echo 1 > /proc/sys/net/ipv4/conf/all/hidden
# Hide all addresses for this interface
echo 1 > /proc/sys/net/ipv4/conf//hidden
# Insert the ipip module
insmod ipip
# Make the tunl0 device up
ifconfig tunl0 up
# Start the hiding interface functionality
echo 1 > /proc/sys/net/ipv4/conf/all/hidden
# Hide all addresses for this tunnel device
echo 1 > /proc/sys/net/ipv4/conf/tunl0/hidden
# Configure a VIP on an alias of tunnel device
ifconfig tunl0:0 up
4. Using redirect to disable ARP
iptables -t nat -A PREROUTING -p tcp -d --dport -j REDIRECT --to-port
5. Using policy routing to disable ARP
# Block access from the LAN to the real server'
s VIP. By
# this way we ignore the router
's ARP probes. The drawback:
# we ignore the client'
s probes too. We have to do this
# because the client on the LAN can receive replies from all
# real servers
ip rule add prio 99 from 172.26.20/24 table 99
ip route add table 99 blackhole 172.26.20.118
# Now accept locally any other traffic, i.e. not from
# 172.26.20/24
ip rule add prio 100 table 100
ip route add table 100 local 172.26.20.118 dev lo
6. Using the noarp module to disable ARP
http://www.masarlabs.com/noarp/
noarpctl add VIP RIP

还有一点需要注意,尤其是在udp的服务器中更要注意:
在DR方式下,服务器程序需要bind到VIP地址上,这样响应报文的源地址是VIP,对客户端程序来说这样的响应报文是有效的。注:如果监听 0.0.0.0 在udp服务的包中默认使用网卡的实际地址回报,而不是vip地址,这样客户端访问就会出现问题。

【相关文章】

责编:
vsharing微信扫一扫实时了解行业动态
portalart微信扫一扫分享本文给好友

著作权声明:kaiyun体育官方人口 文章著作权分属kaiyun体育官方人口 、网友和合作伙伴,部分非原创文章作者信息可能有所缺失,如需补充或修改请与我们联系,工作人员会在1个工作日内配合处理。
最新专题
IT系统一体化时代来了

2009年Oracle 用Exadata服务器告诉企业,数据中心的IT服务一体化解决方案才是大势所趋,而当前企业对大数据处理的..

高性能计算——企业未来发展的必备..

“天河二号”问鼎最新全球超级计算机500强,更新的Linpack值让世界认识到了“中国速度”。但超算不能只停留于追求..

    畅享
    首页
    返回
    顶部
    ×
      信息化规划
      IT总包
      供应商选型
      IT监理
      开发维护外包
      评估维权
    客服电话
    400-698-9918
    Baidu
    map