2台 Centos6.2 服务器配置VS/DR+keepalived【既做转发有做realserver】问题

Submitted by wwlahtc on 周三, 2012-06-20 15:57

我也一样有此需求，内部测试可以正常访问Realserver的测试web页面。可到生产环境中，上线不到20分钟我前端防火墙CPU就冲高到60%，用测试脚本访问VIP，发现总是延时在3～5s，页面访问很慢。寻明白人指点迷津，我的配置如下：
######keeplived配置
! Configuration File for keepalived
global_defs {
router_id LVS_MASTER
}

vrrp_sync_group VG1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state MASTER
interface bond0
lvs_sync_daemon_inteface bond0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2111
}
virtual_ipaddress {
10.10.1.35
10.10.1.36
}
}
virtual_server 10.10.1.35 80 {
delay_loop 5 #5秒检测一次realserver
lb_algo wrr #负载均衡算法 wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50 #(同一IP的连接，在该秒内被分配到同一台realserver)
protocol TCP

virtual_server 10.10.1.36 80 {
delay_loop 5
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP

real_server 10.10.1.31 80 {
weight 10
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
connect_port 80
}
}
real_server 10.10.1.32 80 {
weight 10
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
connect_port 80
}
}
}
############同时在两台服务器上运行realserver.sh
#!/bin/bash
SNS_VIP='10.10.1.35 10.10.1.36'
. /etc/rc.d/init.d/functions
case "$1" in
start)
NUM=1
for VIP in $SNS_VIP
do
ifconfig lo:$NUM $VIP netmask 255.255.255.255 broadcast $IP
NUM=`expr $NUM + 1`
done

echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "1" > /proc/sys/net/ipv4/ip_forward
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
NUM=1
for VIP in $SNS_VIP
do
ifconfig lo:$NUM $VIP down
NUM=`expr $NUM + 1`
done

echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "0" > /proc/sys/net/ipv4/ip_forward
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0