我用fwmark来汇聚tcp和udp服务,可以吗?
看官方的 文档,好像都是汇聚tcp服务
我的这些服务都是有状态的,意思是都有个先登陆,再处理的过程.
都是长连接(对于udp我感觉不太对)。
是不是我应该用persitent?
我采用piranha来搭建lvs集群.配置文件:
serial_no = 77
primary = 192.168.1.9
service = lvs
backup = 0.0.0.0
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = direct
debug_level = NONE
virtual server-7 {
active = 1
address = 192.168.1.7 eth0:1
vip_nmask = 255.255.255.255
fwmark = 3
port = 0
send = "s"
expect = "ok"
use_regex = 0
send_program = "/etc/check_state.sh %h"
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server server-17 {
address = 192.168.1.17
active = 1
weight = 1
}
server server-15 {
address = 192.168.1.15
active = 1
weight = 1
}
server server-16 {
address = 192.168.1.16
active = 1
weight = 1
}
}
virtual server-6 {
active = 1
address = 192.168.1.6 eth0:2
vip_nmask = 255.255.255.255
fwmark = 2
expect = "ok"
use_regex = 0
send_program = "/etc/check_state.sh %h"
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server server-15 {
address = 192.168.1.15
active = 1
weight = 1
}
server server-16 {
address = 192.168.1.16
active = 1
weight = 1
}
server server-17 {
address = 192.168.1.17
active = 1
weight = 1
}
}
virtual server-5 {
active = 1
address = 192.168.1.5 eth0:3
vip_nmask = 255.255.255.255
fwmark = 1
expect = "ok"
use_regex = 0
send_program = "/etc/check_state.sh %h"
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server server-15 {
address = 192.168.1.15
active = 1
weight = 1
}
server server-16 {
address = 192.168.1.16
active = 1
weight = 1
}
server server-17 {
address = 192.168.1.17
active = 1
weight = 1
}
}
网关运行状态:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 00000001 wlc
-> 192.168.1.17:0 Route 1 14888 9407
-> 192.168.1.16:0 Route 1 14885 8895
-> 192.168.1.15:0 Route 1 14885 7941
FWM 00000002 wlc
-> 192.168.1.17:0 Route 1 9085 4877
-> 192.168.1.16:0 Route 1 9090 3739
-> 192.168.1.15:0 Route 1 9094 3340
FWM 00000003 wlc
-> 192.168.1.17:0 Route 1 100 5383
-> 192.168.1.16:0 Route 1 111 2590
-> 192.168.1.15:0 Route 1 224 319
InActConn特别多
我的iptables规则:
*mangle
:PREROUTING ACCEPT [482992203:23800912964]
:INPUT ACCEPT [478708261:23487330937]
:FORWARD ACCEPT [4280081:313039481]
:OUTPUT ACCEPT [473064991:30124535488]
:POSTROUTING ACCEPT [477345196:30437589521]
-A PREROUTING -d 192.168.1.5 -p tcp -m tcp --dport 3002 -j MARK --set-mark 0x1
-A PREROUTING -d 192.168.1.5 -p tcp -m tcp --dport 22000 -j MARK --set-mark 0x1
...0x1 tcp rules
-A PREROUTING -d 192.168.1.5 -p udp -m udp --dport 3002 -j MARK --set-mark 0x1
-A PREROUTING -d 192.168.1.5 -p udp -m udp --dport 22000 -j MARK --set-mark 0x1
...0x1 udp rules
-A PREROUTING -d 192.168.1.6 -p tcp -m tcp --dport 3002 -j MARK --set-mark 0x2
-A PREROUTING -d 192.168.1.6 -p tcp -m tcp --dport 22000 -j MARK --set-mark 0x2
...0x2 tcp rules
-A PREROUTING -d 192.168.1.6 -p udp -m udp --dport 3002 -j MARK --set-mark 0x2
-A PREROUTING -d 192.168.1.6 -p udp -m udp --dport 22000 -j MARK --set-mark 0x2
...0x2 udp rules
-A PREROUTING -d 192.168.1.7 -p tcp -m tcp --dport 3002 -j MARK --set-mark 0x3
-A PREROUTING -d 192.168.1.7 -p tcp -m tcp --dport 22000 -j MARK --set-mark 0x3
...0x3 tcp rules
-A PREROUTING -d 192.168.1.7 -p udp -m udp --dport 3002 -j MARK --set-mark 0x3
-A PREROUTING -d 192.168.1.7 -p udp -m udp --dport 22000 -j MARK --set-mark 0x3
...0x3 udp rules