Menu Close

Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Virtual Server Administration

Red Hat Enterprise Linux 5

Linux Virtual Server (LVS) for Red Hat Enterprise Linux

版 5

Logo

摘要

Building a Linux Virtual Server (LVS) system offers highly-available and scalable solution for production services using specialized routing and load-balancing techniques configured through the PIRANHA. This book discusses the configuration of high-performance systems and services with Red Hat Enterprise Linux and LVS for Red Hat Enterprise Linux 5.

Introduction

This document provides information about installing, configuring, and managing Red Hat Virtual Linux Server (LVS) components. LVS provides load balancing through specialized routing techniques that dispatch traffic to a pool of servers. This document does not include information about installing, configuring, and managing Red Hat Cluster software. Information about that is in a separate document.
The audience of this document should have advanced working knowledge of Red Hat Enterprise Linux and understand the concepts of clusters, storage, and server computing.
This document is organized as follows:
For more information about Red Hat Enterprise Linux 5, refer to the following resources:
  • Red Hat Enterprise Linux Installation Guide — Provides information regarding installation of Red Hat Enterprise Linux 5.
  • Red Hat Enterprise Linux Deployment Guide — Provides information regarding the deployment, configuration and administration of Red Hat Enterprise Linux 5.
For more information about Red Hat Cluster Suite for Red Hat Enterprise Linux 5, refer to the following resources:
  • Red Hat Cluster Suite Overview — Provides a high level overview of the Red Hat Cluster Suite.
  • Configuring and Managing a Red Hat Cluster — Provides information about installing, configuring and managing Red Hat Cluster components.
  • Logical Volume Manager Administration — Provides a description of the Logical Volume Manager (LVM), including information on running LVM in a clustered environment.
  • Global File System: Configuration and Administration — Provides information about installing, configuring, and maintaining Red Hat GFS (Red Hat Global File System).
  • Global File System 2: Configuration and Administration — Provides information about installing, configuring, and maintaining Red Hat GFS2 (Red Hat Global File System 2).
  • Using Device-Mapper Multipath — Provides information about using the Device-Mapper Multipath feature of Red Hat Enterprise Linux 5.
  • Using GNBD with Global File System — Provides an overview on using Global Network Block Device (GNBD) with Red Hat GFS.
  • Red Hat Cluster Suite Release Notes — Provides information about the current release of Red Hat Cluster Suite.
Red Hat Cluster Suite documentation and other Red Hat documents are available in HTML, PDF, and RPM versions on the Red Hat Enterprise Linux Documentation CD and online at http://www.redhat.com/docs/.

1. Feedback

If you spot a typo, or if you have thought of a way to make this manual better, we would love to hear from you. Please submit a report in Bugzilla (http://bugzilla.redhat.com/bugzilla/) against the component Documentation-cluster.
Be sure to mention the manual's identifier:
Virtual_Server_Administration(EN)-5 (2010-02-08T16:55)
By mentioning this manual's identifier, we know exactly which version of the guide you have.
If you have a suggestion for improving the documentation, try to be as specific as possible. If you have found an error, please include the section number and some of the surrounding text so we can find it easily.

第 1 章 Linux 虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​总​​​​​​​览​​​​​​​

Linux 虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​(LVS)是​​​​​​​一​​​​​​​组​​​​​​​用​​​​​​​来​​​​​​​在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​间​​​​​​​平​​​​​​​衡​​​​​​​ IP 负​​​​​​​载​​​​​​​的​​​​​​​整​​​​​​​合​​​​​​​软​​​​​​​件​​​​​​​组​​​​​​​件​​​​​​​。​​​​​​​LVS 在​​​​​​​一​​​​​​​对​​​​​​​配​​​​​​​置​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​计​​​​​​​算​​​​​​​机​​​​​​​中​​​​​​​运​​​​​​​行​​​​​​​:一​​​​​​​个​​​​​​​是​​​​​​​活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​,一​​​​​​​个​​​​​​​是​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​。​​​​​​​活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​有​​​​​​​两​​​​​​​个​​​​​​​作​​​​​​​用​​​​​​​:
  • 平​​​​​​​衡​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​负​​​​​​​载​​​​​​​。​​​​​​​
  • 检​​​​​​​查​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​服​​​​​​​务​​​​​​​的​​​​​​​完​​​​​​​整​​​​​​​性​​​​​​​。​​​​​​​
备​​​​​​​用​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​任​​​​​​​务​​​​​​​是​​​​​​​监​​​​​​​控​​​​​​​活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​并​​​​​​​在​​​​​​​活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​出​​​​​​​错​​​​​​​的​​​​​​​事​​​​​​​件​​​​​​​中​​​​​​​扮​​​​​​​演​​​​​​​它​​​​​​​的​​​​​​​角​​​​​​​色​​​​​​​。​​​​​​​
本​​​​​​​章​​​​​​​提​​​​​​​供​​​​​​​了​​​​​​​ LVS 组​​​​​​​件​​​​​​​和​​​​​​​功​​​​​​​能​​​​​​​的​​​​​​​总​​​​​​​览​​​​​​​,它​​​​​​​们​​​​​​​由​​​​​​​以​​​​​​​下​​​​​​​部​​​​​​​分​​​​​​​组​​​​​​​成​​​​​​​:

1.1. A Basic LVS Configuration

图 1.1 “A Basic LVS Configuration” shows a simple LVS configuration consisting of two layers. On the first layer are two LVS routers — one active and one backup. Each of the LVS routers has two network interfaces, one interface on the Internet and one on the private network, enabling them to regulate traffic between the two networks. For this example the active router is using Network Address Translation or NAT to direct traffic from the Internet to a variable number of real servers on the second layer, which in turn provide the necessary services. Therefore, the real servers in this example are connected to a dedicated private network segment and pass all public traffic back and forth through the active LVS router. To the outside world, the servers appears as one entity.
A Basic LVS Configuration

图 1.1. A Basic LVS Configuration

Service requests arriving at the LVS routers are addressed to a virtual IP address, or VIP. This is a publicly-routable address the administrator of the site associates with a fully-qualified domain name, such as www.example.com, and is assigned to one or more virtual servers. A virtual server is a service configured to listen on a specific virtual IP. Refer to 第 4.6 节 “VIRTUAL SERVERS for more information on configuring a virtual server using the Piranha Configuration Tool. A VIP address migrates from one LVS router to the other during a failover, thus maintaining a presence at that IP address (also known as floating IP addresses).
VIP 地​​​​​​​址​​​​​​​还​​​​​​​可​​​​​​​以​​​​​​​是​​​​​​​同​​​​​​​样​​​​​​​将​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​的​​​​​​​设​​​​​​​备​​​​​​​的​​​​​​​别​​​​​​​名​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:如​​​​​​​果​​​​​​​使​​​​​​​用​​​​​​​ eth0 连​​​​​​​接​​​​​​​到​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​,那​​​​​​​么​​​​​​​多​​​​​​​个​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​就​​​​​​​可​​​​​​​以​​​​​​​别​​​​​​​名​​​​​​​命​​​​​​​名​​​​​​​为​​​​​​​ eth0:1。​​​​​​​另​​​​​​​外​​​​​​​,每​​​​​​​个​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​还​​​​​​​可​​​​​​​以​​​​​​​根​​​​​​​据​​​​​​​服​​​​​​​务​​​​​​​关​​​​​​​联​​​​​​​到​​​​​​​不​​​​​​​同​​​​​​​的​​​​​​​设​​​​​​​备​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:HTTP 流​​​​​​​量​​​​​​​可​​​​​​​由​​​​​​​ eth0:1 处​​​​​​​理​​​​​​​,而​​​​​​​ FTP 流​​​​​​​量​​​​​​​可​​​​​​​由​​​​​​​ eth0:2 处​​​​​​​理​​​​​​​。​​​​​​​
Only one LVS router is active at a time. The role of the active router is to redirect service requests from virtual IP addresses to the real servers. The redirection is based on one of eight supported load-balancing algorithms described further in 第 1.3 节 “LVS 调​​​​​​​度​​​​​​​总​​​​​​​览​​​​​​​”.
活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​还​​​​​​​通​​​​​​​过​​​​​​​ send/expect 脚​​​​​​​本​​​​​​​动​​​​​​​态​​​​​​​监​​​​​​​控​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​特​​​​​​​定​​​​​​​服​​​​​​​务​​​​​​​的​​​​​​​总​​​​​​​体​​​​​​​状​​​​​​​态​​​​​​​。​​​​​​​侦​​​​​​​测​​​​​​​服​​​​​​​务​​​​​​​的​​​​​​​状​​​​​​​态​​​​​​​需​​​​​​​要​​​​​​​动​​​​​​​态​​​​​​​数​​​​​​​据​​​​​​​,比​​​​​​​如​​​​​​​ HTTPS 或​​​​​​​者​​​​​​​ SSL。​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​还​​​​​​​可​​​​​​​以​​​​​​​调​​​​​​​用​​​​​​​外​​​​​​​部​​​​​​​可​​​​​​​执​​​​​​​行​​​​​​​程​​​​​​​序​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​某​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​失​​​​​​​效​​​​​​​,活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​会​​​​​​​停​​​​​​​止​​​​​​​向​​​​​​​该​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​发​​​​​​​送​​​​​​​任​​​​​​​务​​​​​​​,直​​​​​​​到​​​​​​​它​​​​​​​能​​​​​​​够​​​​​​​返​​​​​​​回​​​​​​​正​​​​​​​常​​​​​​​操​​​​​​​作​​​​​​​为​​​​​​​止​​​​​​​。​​​​​​​
备​​​​​​​用​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​是​​​​​​​一​​​​​​​个​​​​​​​替​​​​​​​补​​​​​​​系​​​​​​​统​​​​​​​。​​​​​​​LVS 路​​​​​​​由​​​​​​​器​​​​​​​周​​​​​​​期​​​​​​​性​​​​​​​地​​​​​​​通​​​​​​​过​​​​​​​主​​​​​​​要​​​​​​​外​​​​​​​部​​​​​​​公​​​​​​​共​​​​​​​接​​​​​​​口​​​​​​​交​​​​​​​换​​​​​​​ heartbeat 信​​​​​​​息​​​​​​​,在​​​​​​​失​​​​​​​效​​​​​​​切​​​​​​​换​​​​​​​的​​​​​​​状​​​​​​​态​​​​​​​下​​​​​​​,通​​​​​​​过​​​​​​​专​​​​​​​用​​​​​​​接​​​​​​​口​​​​​​​交​​​​​​​换​​​​​​​。​​​​​​​备​​​​​​​用​​​​​​​节​​​​​​​点​​​​​​​应​​​​​​​该​​​​​​​无​​​​​​​法​​​​​​​在​​​​​​​预​​​​​​​期​​​​​​​间​​​​​​​隔​​​​​​​之​​​​​​​间​​​​​​​接​​​​​​​收​​​​​​​ heartbeat 信​​​​​​​息​​​​​​​,它​​​​​​​会​​​​​​​启​​​​​​​动​​​​​​​一​​​​​​​个​​​​​​​失​​​​​​​效​​​​​​​切​​​​​​​换​​​​​​​,并​​​​​​​假​​​​​​​装​​​​​​​执​​​​​​​行​​​​​​​活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​任​​​​​​​务​​​​​​​。​​​​​​​在​​​​​​​失​​​​​​​效​​​​​​​切​​​​​​​换​​​​​​​中​​​​​​​,备​​​​​​​用​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​接​​​​​​​替​​​​​​​了​​​​​​​由​​​​​​​出​​​​​​​错​​​​​​​的​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​提​​​​​​​供​​​​​​​的​​​​​​​ VIP 地​​​​​​​址​​​​​​​,所​​​​​​​用​​​​​​​技​​​​​​​术​​​​​​​就​​​​​​​是​​​​​​​我​​​​​​​们​​​​​​​知​​​​​​​道​​​​​​​的​​​​​​​ ARP 嗅​​​​​​​探​​​​​​​ — 在​​​​​​​这​​​​​​​里​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​宣​​​​​​​布​​​​​​​它​​​​​​​自​​​​​​​己​​​​​​​成​​​​​​​为​​​​​​​发​​​​​​​往​​​​​​​出​​​​​​​错​​​​​​​节​​​​​​​点​​​​​​​的​​​​​​​ IP 数​​​​​​​据​​​​​​​包​​​​​​​的​​​​​​​目​​​​​​​的​​​​​​​地​​​​​​​。​​​​​​​当​​​​​​​出​​​​​​​错​​​​​​​节​​​​​​​点​​​​​​​又​​​​​​​可​​​​​​​以​​​​​​​提​​​​​​​供​​​​​​​服​​​​​​​务​​​​​​​时​​​​​​​,备​​​​​​​用​​​​​​​节​​​​​​​点​​​​​​​由​​​​​​​将​​​​​​​自​​​​​​​己​​​​​​​设​​​​​​​为​​​​​​​随​​​​​​​时​​​​​​​可​​​​​​​替​​​​​​​换​​​​​​​的​​​​​​​角​​​​​​​色​​​​​​​。​​​​​​​
The simple, two-layered configuration used in 图 1.1 “A Basic LVS Configuration” is best for serving data which does not change very frequently — such as static webpages — because the individual real servers do not automatically sync data between each node.

1.1.1. 在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​之​​​​​​​间​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​重​​​​​​​复​​​​​​​和​​​​​​​数​​​​​​​据​​​​​​​共​​​​​​​享​​​​​​​

因​​​​​​​为​​​​​​​ LVS 中​​​​​​​没​​​​​​​有​​​​​​​可​​​​​​​用​​​​​​​来​​​​​​​在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​之​​​​​​​间​​​​​​​共​​​​​​​享​​​​​​​相​​​​​​​同​​​​​​​数​​​​​​​据​​​​​​​的​​​​​​​内​​​​​​​置​​​​​​​组​​​​​​​件​​​​​​​,所​​​​​​​以​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​有​​​​​​​两​​​​​​​个​​​​​​​基​​​​​​​本​​​​​​​选​​​​​​​择​​​​​​​:
  • 在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​之​​​​​​​间​​​​​​​同​​​​​​​步​​​​​​​数​​​​​​​据​​​​​​​
  • 为​​​​​​​共​​​​​​​享​​​​​​​数​​​​​​​据​​​​​​​的​​​​​​​访​​​​​​​问​​​​​​​在​​​​​​​布​​​​​​​局​​​​​​​中​​​​​​​添​​​​​​​加​​​​​​​第​​​​​​​三​​​​​​​层​​​​​​​
对​​​​​​​于​​​​​​​不​​​​​​​允​​​​​​​许​​​​​​​上​​​​​​​传​​​​​​​大​​​​​​​量​​​​​​​用​​​​​​​户​​​​​​​或​​​​​​​者​​​​​​​在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​进​​​​​​​行​​​​​​​数​​​​​​​据​​​​​​​修​​​​​​​改​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​来​​​​​​​说​​​​​​​,第​​​​​​​一​​​​​​​个​​​​​​​选​​​​​​​择​​​​​​​是​​​​​​​首​​​​​​​选​​​​​​​的​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​配​​​​​​​置​​​​​​​允​​​​​​​许​​​​​​​大​​​​​​​量​​​​​​​用​​​​​​​户​​​​​​​修​​​​​​​改​​​​​​​数​​​​​​​据​​​​​​​,比​​​​​​​如​​​​​​​电​​​​​​​子​​​​​​​商​​​​​​​务​​​​​​​网​​​​​​​站​​​​​​​,最​​​​​​​好​​​​​​​添​​​​​​​加​​​​​​​第​​​​​​​三​​​​​​​层​​​​​​​。​​​​​​​

1.1.1.1. 配​​​​​​​置​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​来​​​​​​​同​​​​​​​步​​​​​​​数​​​​​​​据​​​​​​​

管​​​​​​​理​​​​​​​员​​​​​​​可​​​​​​​用​​​​​​​来​​​​​​​同​​​​​​​步​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​数​​​​​​​据​​​​​​​的​​​​​​​方​​​​​​​法​​​​​​​有​​​​​​​很​​​​​​​多​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:可​​​​​​​采​​​​​​​用​​​​​​​ shell 脚​​​​​​​本​​​​​​​,那​​​​​​​么​​​​​​​如​​​​​​​果​​​​​​​网​​​​​​​页​​​​​​​工​​​​​​​程​​​​​​​师​​​​​​​更​​​​​​​新​​​​​​​了​​​​​​​页​​​​​​​面​​​​​​​,就​​​​​​​可​​​​​​​同​​​​​​​时​​​​​​​将​​​​​​​该​​​​​​​页​​​​​​​面​​​​​​​发​​​​​​​送​​​​​​​到​​​​​​​所​​​​​​​有​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​。​​​​​​​还​​​​​​​有​​​​​​​,系​​​​​​​统​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​可​​​​​​​以​​​​​​​使​​​​​​​用​​​​​​​类​​​​​​​似​​​​​​​ rsync 的​​​​​​​程​​​​​​​序​​​​​​​来​​​​​​​在​​​​​​​设​​​​​​​定​​​​​​​的​​​​​​​间​​​​​​​隔​​​​​​​期​​​​​​​间​​​​​​​重​​​​​​​复​​​​​​​所​​​​​​​有​​​​​​​节​​​​​​​点​​​​​​​中​​​​​​​修​​​​​​​改​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​。​​​​​​​
但​​​​​​​是​​​​​​​,如​​​​​​​果​​​​​​​由​​​​​​​于​​​​​​​用​​​​​​​户​​​​​​​经​​​​​​​常​​​​​​​上​​​​​​​传​​​​​​​文​​​​​​​件​​​​​​​或​​​​​​​者​​​​​​​进​​​​​​​行​​​​​​​数​​​​​​​据​​​​​​​库​​​​​​​传​​​​​​​送​​​​​​​造​​​​​​​成​​​​​​​配​​​​​​​置​​​​​​​超​​​​​​​载​​​​​​​,这​​​​​​​种​​​​​​​数​​​​​​​据​​​​​​​同​​​​​​​步​​​​​​​就​​​​​​​不​​​​​​​是​​​​​​​最​​​​​​​佳​​​​​​​的​​​​​​​同​​​​​​​步​​​​​​​方​​​​​​​法​​​​​​​。​​​​​​​对​​​​​​​于​​​​​​​有​​​​​​​高​​​​​​​负​​​​​​​载​​​​​​​的​​​​​​​配​​​​​​​置​​​​​​​,三​​​​​​​层​​​​​​​布​​​​​​​局​​​​​​​是​​​​​​​最​​​​​​​佳​​​​​​​解​​​​​​​决​​​​​​​方​​​​​​​案​​​​​​​。​​​​​​​

1.2. A Three-Tier LVS Configuration

图 1.2 “A Three-Tier LVS Configuration” shows a typical three-tier LVS topology. In this example, the active LVS router routes the requests from the Internet to the pool of real servers. Each of the real servers then accesses a shared data source over the network.
A Three-Tier LVS Configuration

图 1.2. A Three-Tier LVS Configuration

此​​​​​​​配​​​​​​​置​​​​​​​对​​​​​​​于​​​​​​​繁​​​​​​​忙​​​​​​​的​​​​​​​ FTP 服​​​​​​​务​​​​​​​器​​​​​​​最​​​​​​​合​​​​​​​适​​​​​​​,服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​可​​​​​​​访​​​​​​​问​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​都​​​​​​​被​​​​​​​保​​​​​​​存​​​​​​​在​​​​​​​一​​​​​​​个​​​​​​​集​​​​​​​中​​​​​​​的​​​​​​​高​​​​​​​度​​​​​​​可​​​​​​​用​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​,且​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​都​​​​​​​可​​​​​​​通​​​​​​​过​​​​​​​一​​​​​​​个​​​​​​​导​​​​​​​出​​​​​​​的​​​​​​​ NFS 目​​​​​​​录​​​​​​​或​​​​​​​者​​​​​​​ Samba 共​​​​​​​享​​​​​​​访​​​​​​​问​​​​​​​这​​​​​​​些​​​​​​​数​​​​​​​据​​​​​​​。​​​​​​​我​​​​​​​们​​​​​​​还​​​​​​​推​​​​​​​荐​​​​​​​在​​​​​​​使​​​​​​​用​​​​​​​集​​​​​​​中​​​​​​​、​​​​​​​高​​​​​​​度​​​​​​​可​​​​​​​用​​​​​​​数​​​​​​​据​​​​​​​库​​​​​​​进​​​​​​​行​​​​​​​传​​​​​​​送​​​​​​​的​​​​​​​网​​​​​​​站​​​​​​​使​​​​​​​用​​​​​​​此​​​​​​​布​​​​​​​局​​​​​​​。​​​​​​​另​​​​​​​外​​​​​​​,使​​​​​​​用​​​​​​​Red Hat Cluster Manager的​​​​​​​ active-active 配​​​​​​​置​​​​​​​,管​​​​​​​理​​​​​​​员​​​​​​​可​​​​​​​配​​​​​​​置​​​​​​​一​​​​​​​个​​​​​​​高​​​​​​​度​​​​​​​可​​​​​​​用​​​​​​​的​​​​​​​群​​​​​​​集​​​​​​​来​​​​​​​同​​​​​​​时​​​​​​​扮​​​​​​​演​​​​​​​这​​​​​​​两​​​​​​​个​​​​​​​角​​​​​​​色​​​​​​​。​​​​​​​
上​​​​​​​面​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​提​​​​​​​到​​​​​​​的​​​​​​​第​​​​​​​三​​​​​​​层​​​​​​​不​​​​​​​一​​​​​​​定​​​​​​​要​​​​​​​使​​​​​​​用​​​​​​​Red Hat Cluster Manager,但​​​​​​​无​​​​​​​法​​​​​​​使​​​​​​​用​​​​​​​高​​​​​​​度​​​​​​​可​​​​​​​用​​​​​​​解​​​​​​​决​​​​​​​方​​​​​​​案​​​​​​​会​​​​​​​导​​​​​​​致​​​​​​​严​​​​​​​重​​​​​​​的​​​​​​​单​​​​​​​点​​​​​​​失​​​​​​​败​​​​​​​。​​​​​​​

1.3. LVS 调​​​​​​​度​​​​​​​总​​​​​​​览​​​​​​​

使​​​​​​​用​​​​​​​ LVS 的​​​​​​​优​​​​​​​点​​​​​​​之​​​​​​​一​​​​​​​就​​​​​​​是​​​​​​​它​​​​​​​的​​​​​​​灵​​​​​​​活​​​​​​​性​​​​​​​,即​​​​​​​可​​​​​​​将​​​​​​​ IP 级​​​​​​​别​​​​​​​负​​​​​​​载​​​​​​​均​​​​​​​衡​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​。​​​​​​​这​​​​​​​种​​​​​​​灵​​​​​​​活​​​​​​​性​​​​​​​是​​​​​​​因​​​​​​​为​​​​​​​配​​​​​​​置​​​​​​​ LVS 时​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​可​​​​​​​以​​​​​​​选​​​​​​​择​​​​​​​各​​​​​​​种​​​​​​​调​​​​​​​度​​​​​​​算​​​​​​​法​​​​​​​。​​​​​​​LVS 负​​​​​​​载​​​​​​​平​​​​​​​衡​​​​​​​相​​​​​​​对​​​​​​​较​​​​​​​少​​​​​​​灵​​​​​​​活​​​​​​​性​​​​​​​的​​​​​​​方​​​​​​​法​​​​​​​来​​​​​​​说​​​​​​​更​​​​​​​高​​​​​​​级​​​​​​​一​​​​​​​些​​​​​​​,比​​​​​​​如​​​​​​​轮​​​​​​​叫​​​​​​​ DNS,使​​​​​​​用​​​​​​​这​​​​​​​种​​​​​​​方​​​​​​​法​​​​​​​引​​​​​​​起​​​​​​​的​​​​​​​ DNS 层​​​​​​​级​​​​​​​性​​​​​​​和​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​机​​​​​​​器​​​​​​​缓​​​​​​​存​​​​​​​会​​​​​​​导​​​​​​​致​​​​​​​负​​​​​​​载​​​​​​​失​​​​​​​衡​​​​​​​。​​​​​​​另​​​​​​​外​​​​​​​,LVS 使​​​​​​​用​​​​​​​的​​​​​​​底​​​​​​​层​​​​​​​过​​​​​​​滤​​​​​​​比​​​​​​​应​​​​​​​用​​​​​​​程​​​​​​​序​​​​​​​层​​​​​​​请​​​​​​​求​​​​​​​转​​​​​​​发​​​​​​​更​​​​​​​有​​​​​​​利​​​​​​​,因​​​​​​​为​​​​​​​在​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​级​​​​​​​别​​​​​​​的​​​​​​​平​​​​​​​衡​​​​​​​负​​​​​​​载​​​​​​​引​​​​​​​起​​​​​​​的​​​​​​​计​​​​​​​算​​​​​​​超​​​​​​​载​​​​​​​最​​​​​​​小​​​​​​​,并​​​​​​​可​​​​​​​允​​​​​​​许​​​​​​​更​​​​​​​大​​​​​​​的​​​​​​​可​​​​​​​伸​​​​​​​缩​​​​​​​性​​​​​​​。​​​​​​​
Using scheduling, the active router can take into account the real servers' activity and, optionally, an administrator-assigned weight factor when routing service requests. Using assigned weights gives arbitrary priorities to individual machines. Using this form of scheduling, it is possible to create a group of real servers using a variety of hardware and software combinations and the active router can evenly load each real server.
用​​​​​​​于​​​​​​​ LVS 的​​​​​​​调​​​​​​​度​​​​​​​机​​​​​​​制​​​​​​​是​​​​​​​由​​​​​​​名​​​​​​​为​​​​​​​ IP 虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​或​​​​​​​者​​​​​​​ IPVS 模​​​​​​​块​​​​​​​的​​​​​​​内​​​​​​​核​​​​​​​补​​​​​​​丁​​​​​​​集​​​​​​​合​​​​​​​提​​​​​​​供​​​​​​​的​​​​​​​。​​​​​​​这​​​​​​​些​​​​​​​模​​​​​​​块​​​​​​​启​​​​​​​用​​​​​​​了​​​​​​​ layer 4L4)传​​​​​​​输​​​​​​​层​​​​​​​选​​​​​​​项​​​​​​​,该​​​​​​​选​​​​​​​项​​​​​​​是​​​​​​​设​​​​​​​计​​​​​​​用​​​​​​​来​​​​​​​在​​​​​​​单​​​​​​​一​​​​​​​ IP 地​​​​​​​址​​​​​​​中​​​​​​​更​​​​​​​好​​​​​​​地​​​​​​​使​​​​​​​用​​​​​​​多​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​
要​​​​​​​追​​​​​​​踪​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​并​​​​​​​将​​​​​​​其​​​​​​​有​​​​​​​效​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​,IPVS 会​​​​​​​在​​​​​​​内​​​​​​​核​​​​​​​中​​​​​​​建​​​​​​​立​​​​​​​一​​​​​​​个​​​​​​​ IPVS 表​​​​​​​。​​​​​​​活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​使​​​​​​​用​​​​​​​这​​​​​​​个​​​​​​​列​​​​​​​表​​​​​​​将​​​​​​​来​​​​​​​自​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​地​​​​​​​址​​​​​​​的​​​​​​​请​​​​​​​求​​​​​​​重​​​​​​​新​​​​​​​路​​​​​​​由​​​​​​​并​​​​​​​返​​​​​​​回​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​。​​​​​​​ipvsadm 程​​​​​​​序​​​​​​​可​​​​​​​随​​​​​​​时​​​​​​​更​​​​​​​新​​​​​​​ IPVS 列​​​​​​​表​​​​​​​ — 根​​​​​​​据​​​​​​​其​​​​​​​可​​​​​​​用​​​​​​​性​​​​​​​添​​​​​​​加​​​​​​​和​​​​​​​删​​​​​​​除​​​​​​​群​​​​​​​集​​​​​​​成​​​​​​​员​​​​​​​。​​​​​​​

1.3.1. 调​​​​​​​度​​​​​​​算​​​​​​​法​​​​​​​

The structure that the IPVS table takes depends on the scheduling algorithm that the administrator chooses for any given virtual server. To allow for maximum flexibility in the types of services you can cluster and how these services are scheduled, Red Hat Enterprise Linux provides the following scheduling algorithms listed below. For instructions on how to assign scheduling algorithms refer to 第 4.6.1 节 “「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​”.
Round-Robin Scheduling
连​​​​​​​续​​​​​​​在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​分​​​​​​​配​​​​​​​每​​​​​​​个​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​使​​​​​​​用​​​​​​​此​​​​​​​算​​​​​​​法​​​​​​​,所​​​​​​​有​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​都​​​​​​​会​​​​​​​被​​​​​​​同​​​​​​​等​​​​​​​对​​​​​​​待​​​​​​​,而​​​​​​​不​​​​​​​考​​​​​​​虑​​​​​​​其​​​​​​​容​​​​​​​量​​​​​​​或​​​​​​​者​​​​​​​负​​​​​​​载​​​​​​​。​​​​​​​这​​​​​​​种​​​​​​​调​​​​​​​度​​​​​​​模​​​​​​​式​​​​​​​延​​​​​​​续​​​​​​​了​​​​​​​轮​​​​​​​叫​​​​​​​ DNS 但​​​​​​​更​​​​​​​加​​​​​​​粗​​​​​​​糙​​​​​​​,因​​​​​​​为​​​​​​​它​​​​​​​是​​​​​​​基​​​​​​​于​​​​​​​网​​​​​​​络​​​​​​​连​​​​​​​接​​​​​​​而​​​​​​​不​​​​​​​是​​​​​​​基​​​​​​​于​​​​​​​主​​​​​​​机​​​​​​​。​​​​​​​LVS 轮​​​​​​​叫​​​​​​​调​​​​​​​度​​​​​​​不​​​​​​​会​​​​​​​陷​​​​​​​入​​​​​​​由​​​​​​​ DNS 缓​​​​​​​存​​​​​​​查​​​​​​​询​​​​​​​造​​​​​​​成​​​​​​​的​​​​​​​负​​​​​​​载​​​​​​​失​​​​​​​衡​​​​​​​状​​​​​​​态​​​​​​​。​​​​​​​
Weighted Round-Robin Scheduling
Distributes each request sequentially around the pool of real servers but gives more jobs to servers with greater capacity. Capacity is indicated by a user-assigned weight factor, which is then adjusted upward or downward by dynamic load information. Refer to 第 1.3.2 节 “服​​​​​​​务​​​​​​​器​​​​​​​加​​​​​​​权​​​​​​​和​​​​​​​调​​​​​​​度​​​​​​​” for more on weighting real servers.
如​​​​​​​果​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​之​​​​​​​间​​​​​​​有​​​​​​​显​​​​​​​著​​​​​​​的​​​​​​​差​​​​​​​别​​​​​​​,加​​​​​​​权​​​​​​​轮​​​​​​​叫​​​​​​​调​​​​​​​度​​​​​​​就​​​​​​​是​​​​​​​首​​​​​​​选​​​​​​​。​​​​​​​但​​​​​​​是​​​​​​​,如​​​​​​​果​​​​​​​请​​​​​​​求​​​​​​​的​​​​​​​负​​​​​​​载​​​​​​​有​​​​​​​很​​​​​​​大​​​​​​​不​​​​​​​同​​​​​​​,那​​​​​​​么​​​​​​​加​​​​​​​权​​​​​​​强​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​会​​​​​​​回​​​​​​​应​​​​​​​更​​​​​​​多​​​​​​​的​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​
Least-Connection
为​​​​​​​有​​​​​​​较​​​​​​​少​​​​​​​活​​​​​​​跃​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​发​​​​​​​送​​​​​​​更​​​​​​​多​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​因​​​​​​​为​​​​​​​它​​​​​​​会​​​​​​​通​​​​​​​过​​​​​​​ IPVS 列​​​​​​​表​​​​​​​追​​​​​​​踪​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​活​​​​​​​跃​​​​​​​连​​​​​​​接​​​​​​​,最​​​​​​​小​​​​​​​连​​​​​​​接​​​​​​​是​​​​​​​动​​​​​​​态​​​​​​​调​​​​​​​度​​​​​​​算​​​​​​​法​​​​​​​的​​​​​​​一​​​​​​​类​​​​​​​,在​​​​​​​请​​​​​​​求​​​​​​​负​​​​​​​载​​​​​​​差​​​​​​​别​​​​​​​很​​​​​​​大​​​​​​​时​​​​​​​是​​​​​​​上​​​​​​​佳​​​​​​​选​​​​​​​择​​​​​​​。​​​​​​​它​​​​​​​最​​​​​​​适​​​​​​​用​​​​​​​于​​​​​​​每​​​​​​​个​​​​​​​节​​​​​​​点​​​​​​​有​​​​​​​类​​​​​​​似​​​​​​​容​​​​​​​量​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​一​​​​​​​组​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​有​​​​​​​不​​​​​​​同​​​​​​​的​​​​​​​容​​​​​​​量​​​​​​​,加​​​​​​​权​​​​​​​最​​​​​​​小​​​​​​​连​​​​​​​接​​​​​​​调​​​​​​​度​​​​​​​则​​​​​​​是​​​​​​​更​​​​​​​好​​​​​​​的​​​​​​​选​​​​​​​择​​​​​​​。​​​​​​​
Weighted Least-Connections (default)
Distributes more requests to servers with fewer active connections relative to their capacities. Capacity is indicated by a user-assigned weight, which is then adjusted upward or downward by dynamic load information. The addition of weighting makes this algorithm ideal when the real server pool contains hardware of varying capacity. Refer to 第 1.3.2 节 “服​​​​​​​务​​​​​​​器​​​​​​​加​​​​​​​权​​​​​​​和​​​​​​​调​​​​​​​度​​​​​​​” for more on weighting real servers.
Locality-Based Least-Connection Scheduling
为​​​​​​​与​​​​​​​相​​​​​​​对​​​​​​​它​​​​​​​们​​​​​​​的​​​​​​​目​​​​​​​的​​​​​​​ IP 有​​​​​​​更​​​​​​​少​​​​​​​活​​​​​​​跃​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​分​​​​​​​配​​​​​​​更​​​​​​​多​​​​​​​的​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​这​​​​​​​种​​​​​​​算​​​​​​​法​​​​​​​是​​​​​​​设​​​​​​​计​​​​​​​用​​​​​​​于​​​​​​​代​​​​​​​理​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​缓​​​​​​​存​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​群​​​​​​​集​​​​​​​。​​​​​​​它​​​​​​​会​​​​​​​为​​​​​​​ IP 地​​​​​​​址​​​​​​​将​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,除​​​​​​​非​​​​​​​该​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​已​​​​​​​经​​​​​​​超​​​​​​​过​​​​​​​了​​​​​​​它​​​​​​​的​​​​​​​容​​​​​​​量​​​​​​​,并​​​​​​​另​​​​​​​有​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​只​​​​​​​使​​​​​​​用​​​​​​​了​​​​​​​容​​​​​​​量​​​​​​​的​​​​​​​一​​​​​​​半​​​​​​​,在​​​​​​​这​​​​​​​种​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​,它​​​​​​​会​​​​​​​将​​​​​​​ IP 地​​​​​​​址​​​​​​​分​​​​​​​配​​​​​​​给​​​​​​​最​​​​​​​小​​​​​​​负​​​​​​​载​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​
Locality-Based Least-Connection Scheduling with Replication Scheduling
为​​​​​​​与​​​​​​​相​​​​​​​对​​​​​​​它​​​​​​​们​​​​​​​的​​​​​​​目​​​​​​​的​​​​​​​ IP 有​​​​​​​更​​​​​​​少​​​​​​​活​​​​​​​跃​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​分​​​​​​​配​​​​​​​更​​​​​​​多​​​​​​​的​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​这​​​​​​​种​​​​​​​算​​​​​​​法​​​​​​​是​​​​​​​设​​​​​​​计​​​​​​​用​​​​​​​于​​​​​​​代​​​​​​​理​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​缓​​​​​​​存​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​群​​​​​​​集​​​​​​​。​​​​​​​它​​​​​​​和​​​​​​​使​​​​​​​用​​​​​​​将​​​​​​​目​​​​​​​标​​​​​​​ IP 与​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​的​​​​​​​子​​​​​​​网​​​​​​​络​​​​​​​进​​​​​​​行​​​​​​​映​​​​​​​射​​​​​​​的​​​​​​​局​​​​​​​部​​​​​​​最​​​​​​​小​​​​​​​连​​​​​​​接​​​​​​​调​​​​​​​度​​​​​​​不​​​​​​​同​​​​​​​。​​​​​​​请​​​​​​​求​​​​​​​会​​​​​​​被​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​子​​​​​​​网​​​​​​​络​​​​​​​中​​​​​​​有​​​​​​​最​​​​​​​少​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​目​​​​​​​的​​​​​​​ IP 的​​​​​​​所​​​​​​​有​​​​​​​节​​​​​​​点​​​​​​​都​​​​​​​超​​​​​​​过​​​​​​​了​​​​​​​容​​​​​​​量​​​​​​​,它​​​​​​​会​​​​​​​为​​​​​​​那​​​​​​​个​​​​​​​目​​​​​​​的​​​​​​​ IP 复​​​​​​​制​​​​​​​一​​​​​​​个​​​​​​​新​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,这​​​​​​​可​​​​​​​通​​​​​​​过​​​​​​​将​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​那​​​​​​​个​​​​​​​有​​​​​​​最​​​​​​​小​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​为​​​​​​​目​​​​​​​的​​​​​​​地​​​​​​​址​​​​​​​ IP 添​​​​​​​加​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​子​​​​​​​网​​​​​​​中​​​​​​​实​​​​​​​现​​​​​​​。​​​​​​​然​​​​​​​后​​​​​​​会​​​​​​​从​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​子​​​​​​​网​​​​​​​中​​​​​​​除​​​​​​​去​​​​​​​负​​​​​​​载​​​​​​​最​​​​​​​大​​​​​​​的​​​​​​​节​​​​​​​点​​​​​​​以​​​​​​​免​​​​​​​过​​​​​​​度​​​​​​​重​​​​​​​复​​​​​​​。​​​​​​​
Destination Hash Scheduling
通​​​​​​​过​​​​​​​在​​​​​​​静​​​​​​​态​​​​​​​散​​​​​​​列​​​​​​​列​​​​​​​表​​​​​​​中​​​​​​​查​​​​​​​看​​​​​​​目​​​​​​​的​​​​​​​ IP 来​​​​​​​将​​​​​​​请​​​​​​​求​​​​​​​分​​​​​​​配​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​。​​​​​​​这​​​​​​​个​​​​​​​算​​​​​​​法​​​​​​​是​​​​​​​设​​​​​​​计​​​​​​​用​​​​​​​于​​​​​​​代​​​​​​​理​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​缓​​​​​​​存​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​群​​​​​​​集​​​​​​​。​​​​​​​
Source Hash Scheduling
通​​​​​​​过​​​​​​​在​​​​​​​静​​​​​​​态​​​​​​​散​​​​​​​列​​​​​​​列​​​​​​​表​​​​​​​中​​​​​​​查​​​​​​​看​​​​​​​目​​​​​​​的​​​​​​​ IP 来​​​​​​​将​​​​​​​请​​​​​​​求​​​​​​​分​​​​​​​配​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​。​​​​​​​这​​​​​​​个​​​​​​​算​​​​​​​法​​​​​​​是​​​​​​​为​​​​​​​带​​​​​​​多​​​​​​​个​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​的​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​设​​​​​​​计​​​​​​​的​​​​​​​。​​​​​​​

1.3.2. 服​​​​​​​务​​​​​​​器​​​​​​​加​​​​​​​权​​​​​​​和​​​​​​​调​​​​​​​度​​​​​​​

LVS 管​​​​​​​理​​​​​​​员​​​​​​​可​​​​​​​以​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​的​​​​​​​每​​​​​​​一​​​​​​​个​​​​​​​节​​​​​​​点​​​​​​​分​​​​​​​配​​​​​​​一​​​​​​​个​​​​​​​加​​​​​​​权​​​​​​​。​​​​​​​这​​​​​​​个​​​​​​​加​​​​​​​权​​​​​​​是​​​​​​​一​​​​​​​个​​​​​​​整​​​​​​​数​​​​​​​值​​​​​​​,它​​​​​​​可​​​​​​​成​​​​​​​为​​​​​​​考​​​​​​​虑​​​​​​​加​​​​​​​权​​​​​​​调​​​​​​​度​​​​​​​算​​​​​​​法​​​​​​​的​​​​​​​一​​​​​​​个​​​​​​​因​​​​​​​素​​​​​​​(比​​​​​​​如​​​​​​​加​​​​​​​权​​​​​​​的​​​​​​​最​​​​​​​小​​​​​​​连​​​​​​​接​​​​​​​),且​​​​​​​可​​​​​​​帮​​​​​​​助​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​为​​​​​​​有​​​​​​​不​​​​​​​同​​​​​​​容​​​​​​​量​​​​​​​的​​​​​​​硬​​​​​​​件​​​​​​​更​​​​​​​平​​​​​​​均​​​​​​​地​​​​​​​分​​​​​​​配​​​​​​​负​​​​​​​载​​​​​​​。​​​​​​​
加​​​​​​​权​​​​​​​充​​​​​​​当​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​间​​​​​​​比​​​​​​​例​​​​​​​的​​​​​​​作​​​​​​​用​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:如​​​​​​​果​​​​​​​一​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​加​​​​​​​权​​​​​​​为​​​​​​​ 1,另​​​​​​​一​​​​​​​个​​​​​​​的​​​​​​​加​​​​​​​权​​​​​​​为​​​​​​​ 5,那​​​​​​​么​​​​​​​加​​​​​​​权​​​​​​​为​​​​​​​ 5 的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​每​​​​​​​有​​​​​​​五​​​​​​​个​​​​​​​连​​​​​​​接​​​​​​​时​​​​​​​,加​​​​​​​权​​​​​​​为​​​​​​​ 1 的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​有​​​​​​​一​​​​​​​个​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​默​​​​​​​认​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​加​​​​​​​权​​​​​​​值​​​​​​​为​​​​​​​ 1。​​​​​​​
尽​​​​​​​管​​​​​​​将​​​​​​​加​​​​​​​权​​​​​​​添​​​​​​​加​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​的​​​​​​​不​​​​​​​同​​​​​​​硬​​​​​​​件​​​​​​​配​​​​​​​置​​​​​​​可​​​​​​​使​​​​​​​群​​​​​​​集​​​​​​​的​​​​​​​负​​​​​​​载​​​​​​​平​​​​​​​衡​​​​​​​更​​​​​​​加​​​​​​​有​​​​​​​效​​​​​​​,但​​​​​​​它​​​​​​​也​​​​​​​会​​​​​​​在​​​​​​​将​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​添​​​​​​​加​​​​​​​一​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,或​​​​​​​者​​​​​​​在​​​​​​​调​​​​​​​度​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​使​​​​​​​用​​​​​​​加​​​​​​​权​​​​​​​的​​​​​​​最​​​​​​​小​​​​​​​连​​​​​​​接​​​​​​​时​​​​​​​造​​​​​​​成​​​​​​​暂​​​​​​​时​​​​​​​失​​​​​​​衡​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:假​​​​​​​设​​​​​​​在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​有​​​​​​​三​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,服​​​​​​​务​​​​​​​器​​​​​​​ A 和​​​​​​​ B 为​​​​​​​加​​​​​​​权​​​​​​​ 1 和​​​​​​​ 3,服​​​​​​​务​​​​​​​器​​​​​​​ C 为​​​​​​​加​​​​​​​权​​​​​​​ 2。​​​​​​​如​​​​​​​果​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​ C 由​​​​​​​于​​​​​​​某​​​​​​​种​​​​​​​原​​​​​​​因​​​​​​​当​​​​​​​机​​​​​​​,服​​​​​​​务​​​​​​​器​​​​​​​ A 和​​​​​​​ B 就​​​​​​​会​​​​​​​平​​​​​​​级​​​​​​​分​​​​​​​配​​​​​​​被​​​​​​​丢​​​​​​​弃​​​​​​​的​​​​​​​负​​​​​​​载​​​​​​​。​​​​​​​但​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​ C 重​​​​​​​新​​​​​​​上​​​​​​​线​​​​​​​后​​​​​​​,LVS 路​​​​​​​由​​​​​​​器​​​​​​​会​​​​​​​视​​​​​​​其​​​​​​​为​​​​​​​没​​​​​​​有​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,并​​​​​​​且​​​​​​​将​​​​​​​所​​​​​​​有​​​​​​​进​​​​​​​入​​​​​​​请​​​​​​​求​​​​​​​都​​​​​​​一​​​​​​​股​​​​​​​脑​​​​​​​发​​​​​​​送​​​​​​​到​​​​​​​这​​​​​​​台​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​,直​​​​​​​到​​​​​​​和​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​ A 和​​​​​​​ B 持​​​​​​​平​​​​​​​。​​​​​​​
要​​​​​​​防​​​​​​​止​​​​​​​此​​​​​​​现​​​​​​​象​​​​​​​出​​​​​​​现​​​​​​​,管​​​​​​​理​​​​​​​员​​​​​​​可​​​​​​​将​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​设​​​​​​​为​​​​​​​ quiesce 服​​​​​​​务​​​​​​​器​​​​​​​ — 无​​​​​​​论​​​​​​​何​​​​​​​时​​​​​​​当​​​​​​​有​​​​​​​新​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​上​​​​​​​线​​​​​​​时​​​​​​​,都​​​​​​​将​​​​​​​最​​​​​​​小​​​​​​​连​​​​​​​接​​​​​​​表​​​​​​​重​​​​​​​新​​​​​​​设​​​​​​​为​​​​​​​ 0,且​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​象​​​​​​​所​​​​​​​有​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​都​​​​​​​是​​​​​​​刚​​​​​​​刚​​​​​​​添​​​​​​​加​​​​​​​到​​​​​​​群​​​​​​​集​​​​​​​中​​​​​​​一​​​​​​​样​​​​​​​路​​​​​​​由​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​

1.4. 路​​​​​​​由​​​​​​​方​​​​​​​法​​​​​​​

Red Hat Enterprise Linux 在​​​​​​​利​​​​​​​用​​​​​​​可​​​​​​​用​​​​​​​硬​​​​​​​件​​​​​​​或​​​​​​​者​​​​​​​将​​​​​​​ LVS 整​​​​​​​合​​​​​​​到​​​​​​​现​​​​​​​有​​​​​​​网​​​​​​​络​​​​​​​中​​​​​​​时​​​​​​​,使​​​​​​​用​​​​​​​可​​​​​​​为​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​提​​​​​​​供​​​​​​​极​​​​​​​大​​​​​​​灵​​​​​​​活​​​​​​​性​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​地​​​​​​​址​​​​​​​转​​​​​​​换​​​​​​​或​​​​​​​者​​​​​​​ NAT 路​​​​​​​由​​​​​​​。​​​​​​​

1.4.1. NAT 路​​​​​​​由​​​​​​​

图 1.3 “LVS Implemented with NAT Routing”, illustrates LVS utilizing NAT routing to move requests between the Internet and a private network.
LVS Implemented with NAT Routing

图 1.3. LVS Implemented with NAT Routing

在​​​​​​​本​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​,活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​有​​​​​​​两​​​​​​​个​​​​​​​ NIC。​​​​​​​用​​​​​​​于​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​的​​​​​​​ NIC 在​​​​​​​ eth0 中​​​​​​​有​​​​​​​一​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​ IP 地​​​​​​​址​​​​​​​,并​​​​​​​有​​​​​​​一​​​​​​​个​​​​​​​别​​​​​​​名​​​​​​​为​​​​​​​ eth0:1 的​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​。​​​​​​​用​​​​​​​于​​​​​​​专​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​的​​​​​​​ NIC 在​​​​​​​ eth1 中​​​​​​​有​​​​​​​一​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​ IP 地​​​​​​​址​​​​​​​,并​​​​​​​有​​​​​​​一​​​​​​​个​​​​​​​别​​​​​​​名​​​​​​​为​​​​​​​ eth1:1 的​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​。​​​​​​​在​​​​​​​发​​​​​​​生​​​​​​​失​​​​​​​效​​​​​​​切​​​​​​​换​​​​​​​时​​​​​​​,面​​​​​​​向​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​的​​​​​​​虚​​​​​​​拟​​​​​​​接​​​​​​​口​​​​​​​和​​​​​​​面​​​​​​​向​​​​​​​虚​​​​​​​拟​​​​​​​接​​​​​​​口​​​​​​​的​​​​​​​专​​​​​​​用​​​​​​​接​​​​​​​口​​​​​​​同​​​​​​​时​​​​​​​由​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​取​​​​​​​代​​​​​​​。​​​​​​​所​​​​​​​有​​​​​​​位​​​​​​​于​​​​​​​专​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​中​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​为​​​​​​​ NAT 路​​​​​​​由​​​​​​​器​​​​​​​使​​​​​​​用​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​,因​​​​​​​为​​​​​​​它​​​​​​​们​​​​​​​默​​​​​​​认​​​​​​​路​​​​​​​由​​​​​​​是​​​​​​​和​​​​​​​活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​沟​​​​​​​通​​​​​​​,以​​​​​​​便​​​​​​​不​​​​​​​会​​​​​​​影​​​​​​​响​​​​​​​到​​​​​​​对​​​​​​​来​​​​​​​自​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​请​​​​​​​求​​​​​​​的​​​​​​​回​​​​​​​应​​​​​​​。​​​​​​​
In this example, the LVS router's public LVS floating IP address and private NAT floating IP address are aliased to two physical NICs. While it is possible to associate each floating IP address to its own physical device on the LVS router nodes, having more than two NICs is not a requirement.
使​​​​​​​用​​​​​​​这​​​​​​​种​​​​​​​布​​​​​​​局​​​​​​​,活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​可​​​​​​​接​​​​​​​收​​​​​​​请​​​​​​​求​​​​​​​并​​​​​​​将​​​​​​​其​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​适​​​​​​​当​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​然​​​​​​​后​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​处​​​​​​​理​​​​​​​该​​​​​​​请​​​​​​​求​​​​​​​并​​​​​​​将​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​返​​​​​​​回​​​​​​​到​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​,该​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​使​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​地​​​​​​​址​​​​​​​转​​​​​​​换​​​​​​​将​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​中​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​地​​​​​​​址​​​​​​​替​​​​​​​换​​​​​​​为​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​公​​​​​​​共​​​​​​​ VIP 地​​​​​​​址​​​​​​​。​​​​​​​这​​​​​​​个​​​​​​​过​​​​​​​程​​​​​​​被​​​​​​​称​​​​​​​为​​​​​​​ IP 伪​​​​​​​装​​​​​​​,因​​​​​​​为​​​​​​​发​​​​​​​出​​​​​​​请​​​​​​​求​​​​​​​的​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​无​​​​​​​法​​​​​​​看​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​实​​​​​​​际​​​​​​​ IP 地​​​​​​​址​​​​​​​。​​​​​​​
使​​​​​​​用​​​​​​​这​​​​​​​种​​​​​​​ NAT 路​​​​​​​由​​​​​​​,真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​可​​​​​​​以​​​​​​​是​​​​​​​运​​​​​​​行​​​​​​​各​​​​​​​种​​​​​​​操​​​​​​​作​​​​​​​系​​​​​​​统​​​​​​​的​​​​​​​机​​​​​​​器​​​​​​​。​​​​​​​最​​​​​​​大​​​​​​​的​​​​​​​缺​​​​​​​点​​​​​​​就​​​​​​​是​​​​​​​在​​​​​​​较​​​​​​​大​​​​​​​群​​​​​​​集​​​​​​​部​​​​​​​署​​​​​​​中​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​可​​​​​​​能​​​​​​​会​​​​​​​成​​​​​​​为​​​​​​​瓶​​​​​​​颈​​​​​​​,因​​​​​​​为​​​​​​​它​​​​​​​必​​​​​​​须​​​​​​​处​​​​​​​理​​​​​​​外​​​​​​​发​​​​​​​和​​​​​​​进​​​​​​​入​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​

1.4.2. 直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​

建​​​​​​​立​​​​​​​使​​​​​​​用​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​的​​​​​​​ LVS 设​​​​​​​置​​​​​​​和​​​​​​​其​​​​​​​它​​​​​​​ LVS 联​​​​​​​网​​​​​​​布​​​​​​​局​​​​​​​相​​​​​​​比​​​​​​​有​​​​​​​更​​​​​​​好​​​​​​​的​​​​​​​性​​​​​​​能​​​​​​​。​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​允​​​​​​​许​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​将​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​直​​​​​​​接​​​​​​​处​​​​​​​理​​​​​​​并​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​发​​​​​​​出​​​​​​​请​​​​​​​求​​​​​​​的​​​​​​​用​​​​​​​户​​​​​​​,而​​​​​​​不​​​​​​​是​​​​​​​将​​​​​​​所​​​​​​​有​​​​​​​外​​​​​​​发​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​通​​​​​​​过​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​发​​​​​​​送​​​​​​​给​​​​​​​用​​​​​​​户​​​​​​​。​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​通​​​​​​​过​​​​​​​将​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​任​​​​​​​务​​​​​​​变​​​​​​​为​​​​​​​仅​​​​​​​仅​​​​​​​处​​​​​​​理​​​​​​​进​​​​​​​入​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​,从​​​​​​​而​​​​​​​降​​​​​​​低​​​​​​​了​​​​​​​出​​​​​​​现​​​​​​​网​​​​​​​络​​​​​​​性​​​​​​​能​​​​​​​问​​​​​​​题​​​​​​​的​​​​​​​可​​​​​​​能​​​​​​​性​​​​​​​。​​​​​​​
LVS Implemented with Direct Routing

图 1.4. LVS Implemented with Direct Routing

在​​​​​​​典​​​​​​​型​​​​​​​的​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​设​​​​​​​置​​​​​​​中​​​​​​​,LVS 路​​​​​​​由​​​​​​​器​​​​​​​通​​​​​​​过​​​​​​​虚​​​​​​​拟​​​​​​​ IP(VIP)接​​​​​​​收​​​​​​​进​​​​​​​入​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​请​​​​​​​求​​​​​​​,使​​​​​​​用​​​​​​​调​​​​​​​度​​​​​​​算​​​​​​​法​​​​​​​将​​​​​​​请​​​​​​​求​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​。​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​会​​​​​​​处​​​​​​​理​​​​​​​这​​​​​​​些​​​​​​​请​​​​​​​求​​​​​​​,并​​​​​​​将​​​​​​​回​​​​​​​复​​​​​​​绕​​​​​​​过​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​直​​​​​​​接​​​​​​​发​​​​​​​送​​​​​​​给​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​。​​​​​​​这​​​​​​​种​​​​​​​路​​​​​​​由​​​​​​​方​​​​​​​法​​​​​​​允​​​​​​​许​​​​​​​在​​​​​​​不​​​​​​​增​​​​​​​加​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​将​​​​​​​外​​​​​​​发​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​从​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​负​​​​​​​担​​​​​​​的​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​添​​​​​​​加​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​能​​​​​​​力​​​​​​​,以​​​​​​​免​​​​​​​在​​​​​​​网​​​​​​​络​​​​​​​负​​​​​​​载​​​​​​​较​​​​​​​重​​​​​​​的​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​形​​​​​​​成​​​​​​​瓶​​​​​​​颈​​​​​​​。​​​​​​​

1.4.2.1. 直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​和​​​​​​​ ARP 限​​​​​​​制​​​​​​​

虽​​​​​​​然​​​​​​​在​​​​​​​ LVS 中​​​​​​​使​​​​​​​用​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​有​​​​​​​很​​​​​​​多​​​​​​​优​​​​​​​点​​​​​​​,但​​​​​​​也​​​​​​​有​​​​​​​一​​​​​​​些​​​​​​​局​​​​​​​限​​​​​​​。​​​​​​​LVS 使​​​​​​​用​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​最​​​​​​​常​​​​​​​见​​​​​​​的​​​​​​​问​​​​​​​题​​​​​​​就​​​​​​​出​​​​​​​现​​​​​​​在​​​​​​​地​​​​​​​址​​​​​​​解​​​​​​​析​​​​​​​协​​​​​​​议​​​​​​​ARP)。​​​​​​​
In typical situations, a client on the Internet sends a request to an IP address. Network routers typically send requests to their destination by relating IP addresses to a machine's MAC address with ARP. ARP requests are broadcast to all connected machines on a network, and the machine with the correct IP/MAC address combination receives the packet. The IP/MAC associations are stored in an ARP cache, which is cleared periodically (usually every 15 minutes) and refilled with IP/MAC associations.
在​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​ LVS 设​​​​​​​置​​​​​​​中​​​​​​​出​​​​​​​现​​​​​​​ ARP 请​​​​​​​求​​​​​​​问​​​​​​​题​​​​​​​就​​​​​​​是​​​​​​​因​​​​​​​为​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​对​​​​​​​某​​​​​​​个​​​​​​​ IP 地​​​​​​​址​​​​​​​的​​​​​​​请​​​​​​​求​​​​​​​必​​​​​​​须​​​​​​​与​​​​​​​要​​​​​​​处​​​​​​​理​​​​​​​请​​​​​​​求​​​​​​​的​​​​​​​ MAC 地​​​​​​​址​​​​​​​关​​​​​​​联​​​​​​​,LVS系​​​​​​​统​​​​​​​的​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​也​​​​​​​必​​​​​​​须​​​​​​​与​​​​​​​ MAC 关​​​​​​​联​​​​​​​。​​​​​​​但​​​​​​​由​​​​​​​于​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​和​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​有​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​ VIP,因​​​​​​​此​​​​​​​ ARP 请​​​​​​​求​​​​​​​会​​​​​​​被​​​​​​​广​​​​​​​播​​​​​​​到​​​​​​​与​​​​​​​该​​​​​​​ VIP 关​​​​​​​联​​​​​​​的​​​​​​​所​​​​​​​机​​​​​​​器​​​​​​​。​​​​​​​这​​​​​​​会​​​​​​​引​​​​​​​发​​​​​​​一​​​​​​​些​​​​​​​问​​​​​​​题​​​​​​​,比​​​​​​​如​​​​​​​完​​​​​​​全​​​​​​​绕​​​​​​​过​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​将​​​​​​​ VIP 直​​​​​​​接​​​​​​​关​​​​​​​联​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​之​​​​​​​一​​​​​​​并​​​​​​​直​​​​​​​接​​​​​​​处​​​​​​​理​​​​​​​请​​​​​​​求​​​​​​​,与​​​​​​​设​​​​​​​置​​​​​​​ LVS 的​​​​​​​初​​​​​​​衷​​​​​​​项​​​​​​​背​​​​​​​。​​​​​​​
要​​​​​​​解​​​​​​​决​​​​​​​这​​​​​​​个​​​​​​​问​​​​​​​题​​​​​​​,请​​​​​​​确​​​​​​​定​​​​​​​总​​​​​​​是​​​​​​​将​​​​​​​进​​​​​​​入​​​​​​​请​​​​​​​求​​​​​​​发​​​​​​​送​​​​​​​到​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​,而​​​​​​​不​​​​​​​是​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​使​​​​​​​用​​​​​​​ arptables_jf 或​​​​​​​者​​​​​​​ iptables 数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​工​​​​​​​具​​​​​​​即​​​​​​​可​​​​​​​达​​​​​​​到​​​​​​​此​​​​​​​目​​​​​​​的​​​​​​​,理​​​​​​​由​​​​​​​如​​​​​​​下​​​​​​​:
  • arptables_jf 可​​​​​​​防​​​​​​​止​​​​​​​ ARP 将​​​​​​​ VIP 与​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​关​​​​​​​联​​​​​​​。​​​​​​​
  • iptables 方​​​​​​​法​​​​​​​完​​​​​​​全​​​​​​​避​​​​​​​免​​​​​​​了​​​​​​​ ARP 问​​​​​​​题​​​​​​​,因​​​​​​​为​​​​​​​它​​​​​​​从​​​​​​​来​​​​​​​没​​​​​​​有​​​​​​​在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​配​​​​​​​置​​​​​​​ VIP。​​​​​​​

1.5. 持​​​​​​​久​​​​​​​性​​​​​​​和​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​

在​​​​​​​特​​​​​​​殊​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​,可​​​​​​​能​​​​​​​会​​​​​​​需​​​​​​​要​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​重​​​​​​​复​​​​​​​地​​​​​​​重​​​​​​​新​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​同​​​​​​​一​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,而​​​​​​​不​​​​​​​是​​​​​​​让​​​​​​​ LVS 负​​​​​​​载​​​​​​​平​​​​​​​衡​​​​​​​算​​​​​​​法​​​​​​​将​​​​​​​请​​​​​​​求​​​​​​​发​​​​​​​送​​​​​​​到​​​​​​​最​​​​​​​可​​​​​​​用​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​有​​​​​​​关​​​​​​​示​​​​​​​例​​​​​​​包​​​​​​​括​​​​​​​多​​​​​​​屏​​​​​​​幕​​​​​​​网​​​​​​​页​​​​​​​表​​​​​​​格​​​​​​​、​​​​​​​cookies、​​​​​​​SSL 和​​​​​​​ FTP 连​​​​​​​接​​​​​​​。​​​​​​​在​​​​​​​这​​​​​​​些​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​,如​​​​​​​果​​​​​​​传​​​​​​​送​​​​​​​不​​​​​​​是​​​​​​​由​​​​​​​同​​​​​​​一​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​处​​​​​​​理​​​​​​​来​​​​​​​保​​​​​​​持​​​​​​​上​​​​​​​下​​​​​​​文​​​​​​​环​​​​​​​境​​​​​​​,客​​​​​​​户​​​​​​​端​​​​​​​可​​​​​​​能​​​​​​​无​​​​​​​法​​​​​​​正​​​​​​​常​​​​​​​工​​​​​​​作​​​​​​​。​​​​​​​LVS 为​​​​​​​处​​​​​​​理​​​​​​​这​​​​​​​种​​​​​​​情​​​​​​​况​​​​​​​提​​​​​​​供​​​​​​​了​​​​​​​两​​​​​​​个​​​​​​​不​​​​​​​同​​​​​​​的​​​​​​​特​​​​​​​性​​​​​​​:持​​​​​​​久​​​​​​​性​​​​​​​和​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​。​​​​​​​

1.5.1. 持​​​​​​​久​​​​​​​性​​​​​​​

启​​​​​​​用​​​​​​​后​​​​​​​,持​​​​​​​久​​​​​​​性​​​​​​​起​​​​​​​到​​​​​​​定​​​​​​​时​​​​​​​器​​​​​​​的​​​​​​​作​​​​​​​用​​​​​​​。​​​​​​​当​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​连​​​​​​​接​​​​​​​一​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​时​​​​​​​,LVS 会​​​​​​​在​​​​​​​指​​​​​​​定​​​​​​​的​​​​​​​时​​​​​​​间​​​​​​​内​​​​​​​记​​​​​​​住​​​​​​​最​​​​​​​后​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​具​​​​​​​有​​​​​​​相​​​​​​​同​​​​​​​ IP 地​​​​​​​址​​​​​​​的​​​​​​​客​​​​​​​户​​​​​​​在​​​​​​​这​​​​​​​段​​​​​​​时​​​​​​​间​​​​​​​内​​​​​​​再​​​​​​​次​​​​​​​进​​​​​​​行​​​​​​​连​​​​​​​接​​​​​​​,它​​​​​​​将​​​​​​​被​​​​​​​送​​​​​​​往​​​​​​​和​​​​​​​上​​​​​​​次​​​​​​​连​​​​​​​接​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​ — 忽​​​​​​​略​​​​​​​负​​​​​​​载​​​​​​​平​​​​​​​衡​​​​​​​机​​​​​​​制​​​​​​​。​​​​​​​而​​​​​​​当​​​​​​​连​​​​​​​接​​​​​​​在​​​​​​​这​​​​​​​段​​​​​​​时​​​​​​​间​​​​​​​外​​​​​​​发​​​​​​​生​​​​​​​,它​​​​​​​会​​​​​​​按​​​​​​​照​​​​​​​适​​​​​​​当​​​​​​​的​​​​​​​调​​​​​​​度​​​​​​​规​​​​​​​则​​​​​​​进​​​​​​​行​​​​​​​处​​​​​​​理​​​​​​​。​​​​​​​
持​​​​​​​久​​​​​​​性​​​​​​​还​​​​​​​允​​​​​​​许​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​指​​​​​​​定​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​ IP 地​​​​​​​址​​​​​​​测​​​​​​​试​​​​​​​使​​​​​​​用​​​​​​​的​​​​​​​子​​​​​​​网​​​​​​​掩​​​​​​​码​​​​​​​,它​​​​​​​可​​​​​​​作​​​​​​​为​​​​​​​工​​​​​​​具​​​​​​​来​​​​​​​控​​​​​​​制​​​​​​​什​​​​​​​么​​​​​​​地​​​​​​​址​​​​​​​可​​​​​​​用​​​​​​​有​​​​​​​更​​​​​​​高​​​​​​​级​​​​​​​别​​​​​​​的​​​​​​​持​​​​​​​久​​​​​​​性​​​​​​​,从​​​​​​​而​​​​​​​将​​​​​​​连​​​​​​​接​​​​​​​分​​​​​​​组​​​​​​​到​​​​​​​那​​​​​​​个​​​​​​​子​​​​​​​网​​​​​​​中​​​​​​​。​​​​​​​
将​​​​​​​目​​​​​​​的​​​​​​​地​​​​​​​址​​​​​​​为​​​​​​​不​​​​​​​同​​​​​​​端​​​​​​​口​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​分​​​​​​​组​​​​​​​对​​​​​​​使​​​​​​​用​​​​​​​多​​​​​​​个​​​​​​​端​​​​​​​口​​​​​​​进​​​​​​​行​​​​​​​沟​​​​​​​通​​​​​​​的​​​​​​​协​​​​​​​议​​​​​​​很​​​​​​​重​​​​​​​要​​​​​​​,比​​​​​​​如​​​​​​​ FTP。​​​​​​​但​​​​​​​持​​​​​​​久​​​​​​​性​​​​​​​在​​​​​​​处​​​​​​​理​​​​​​​将​​​​​​​目​​​​​​​的​​​​​​​地​​​​​​​址​​​​​​​为​​​​​​​不​​​​​​​同​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​进​​​​​​​行​​​​​​​分​​​​​​​组​​​​​​​时​​​​​​​并​​​​​​​不​​​​​​​是​​​​​​​最​​​​​​​有​​​​​​​效​​​​​​​的​​​​​​​方​​​​​​​法​​​​​​​。​​​​​​​在​​​​​​​这​​​​​​​种​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​,最​​​​​​​佳​​​​​​​方​​​​​​​案​​​​​​​是​​​​​​​使​​​​​​​用​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​。​​​​​​​

1.5.2. 防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​

防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​是​​​​​​​为​​​​​​​用​​​​​​​于​​​​​​​某​​​​​​​个​​​​​​​协​​​​​​​议​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​进​​​​​​​行​​​​​​​分​​​​​​​组​​​​​​​或​​​​​​​者​​​​​​​为​​​​​​​相​​​​​​​关​​​​​​​协​​​​​​​议​​​​​​​进​​​​​​​行​​​​​​​分​​​​​​​组​​​​​​​的​​​​​​​简​​​​​​​便​​​​​​​、​​​​​​​有​​​​​​​效​​​​​​​的​​​​​​​方​​​​​​​法​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​,如​​​​​​​果​​​​​​​将​​​​​​​ LVS 部​​​​​​​署​​​​​​​到​​​​​​​某​​​​​​​个​​​​​​​电​​​​​​​子​​​​​​​商​​​​​​​务​​​​​​​网​​​​​​​站​​​​​​​中​​​​​​​,可​​​​​​​使​​​​​​​用​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​将​​​​​​​ HTTP 连​​​​​​​接​​​​​​​绑​​​​​​​定​​​​​​​到​​​​​​​端​​​​​​​口​​​​​​​ 80,将​​​​​​​ HTTPS 连​​​​​​​接​​​​​​​固​​​​​​​定​​​​​​​到​​​​​​​端​​​​​​​口​​​​​​​ 443。​​​​​​​通​​​​​​​过​​​​​​​为​​​​​​​每​​​​​​​个​​​​​​​协​​​​​​​议​​​​​​​将​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​价​​​​​​​分​​​​​​​配​​​​​​​到​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​,就​​​​​​​可​​​​​​​以​​​​​​​保​​​​​​​留​​​​​​​传​​​​​​​送​​​​​​​的​​​​​​​状​​​​​​​态​​​​​​​信​​​​​​​息​​​​​​​,因​​​​​​​为​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​会​​​​​​​在​​​​​​​打​​​​​​​开​​​​​​​某​​​​​​​个​​​​​​​连​​​​​​​接​​​​​​​后​​​​​​​将​​​​​​​所​​​​​​​有​​​​​​​请​​​​​​​求​​​​​​​都​​​​​​​转​​​​​​​发​​​​​​​到​​​​​​​同​​​​​​​一​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​。​​​​​​​
由​​​​​​​于​​​​​​​其​​​​​​​高​​​​​​​效​​​​​​​、​​​​​​​易​​​​​​​用​​​​​​​,LVS 管​​​​​​​理​​​​​​​员​​​​​​​应​​​​​​​该​​​​​​​在​​​​​​​任​​​​​​​何​​​​​​​可​​​​​​​能​​​​​​​需​​​​​​​要​​​​​​​对​​​​​​​连​​​​​​​接​​​​​​​进​​​​​​​行​​​​​​​分​​​​​​​组​​​​​​​时​​​​​​​使​​​​​​​用​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​而​​​​​​​不​​​​​​​是​​​​​​​持​​​​​​​久​​​​​​​性​​​​​​​。​​​​​​​但​​​​​​​是​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​应​​​​​​​该​​​​​​​仍​​​​​​​然​​​​​​​在​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​添​​​​​​​加​​​​​​​持​​​​​​​久​​​​​​​性​​​​​​​,使​​​​​​​之​​​​​​​与​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​合​​​​​​​并​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​确​​​​​​​保​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​在​​​​​​​一​​​​​​​段​​​​​​​特​​​​​​​定​​​​​​​时​​​​​​​间​​​​​​​内​​​​​​​会​​​​​​​重​​​​​​​复​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​同​​​​​​​一​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​

1.6. LVS — 框​​​​​​​图​​​​​​​

LVS routers use a collection of programs to monitor cluster members and cluster services. 图 1.5 “LVS Components” illustrates how these various programs on both the active and backup LVS routers work together to manage the cluster.
LVS Components

图 1.5. LVS Components

活​​​​​​​跃​​​​​​​和​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​都​​​​​​​会​​​​​​​运​​​​​​​行​​​​​​​ pulse 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​。​​​​​​​在​​​​​​​备​​​​​​​用​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​,pulse 向​​​​​​​活​​​​​​​跃​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​公​​​​​​​共​​​​​​​接​​​​​​​口​​​​​​​发​​​​​​​送​​​​​​​一​​​​​​​个​​​​​​​ heartbeat 来​​​​​​​确​​​​​​​定​​​​​​​活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​仍​​​​​​​可​​​​​​​正​​​​​​​常​​​​​​​工​​​​​​​作​​​​​​​。​​​​​​​在​​​​​​​活​​​​​​​跃​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​,pulse 启​​​​​​​动​​​​​​​ lvs 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​,并​​​​​​​回​​​​​​​应​​​​​​​来​​​​​​​自​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​ heartbeat 查​​​​​​​询​​​​​​​。​​​​​​​
启​​​​​​​动​​​​​​​后​​​​​​​,lvs 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​调​​​​​​​用​​​​​​​ ipvsadm 程​​​​​​​序​​​​​​​来​​​​​​​配​​​​​​​置​​​​​​​和​​​​​​​维​​​​​​​护​​​​​​​内​​​​​​​核​​​​​​​中​​​​​​​的​​​​​​​ IPVS 路​​​​​​​由​​​​​​​表​​​​​​​,并​​​​​​​为​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​配​​​​​​​置​​​​​​​的​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​启​​​​​​​动​​​​​​​ nanny 进​​​​​​​程​​​​​​​,同​​​​​​​时​​​​​​​告​​​​​​​知​​​​​​​ lvs 该​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​是​​​​​​​否​​​​​​​正​​​​​​​常​​​​​​​工​​​​​​​作​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​发​​​​​​​现​​​​​​​故​​​​​​​障​​​​​​​,lvs 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​会​​​​​​​向​​​​​​​ ipvsadm 发​​​​​​​出​​​​​​​指​​​​​​​令​​​​​​​将​​​​​​​那​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​从​​​​​​​ IPVS 路​​​​​​​由​​​​​​​表​​​​​​​中​​​​​​​删​​​​​​​除​​​​​​​。​​​​​​​
如​​​​​​​果​​​​​​​备​​​​​​​用​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​没​​​​​​​有​​​​​​​收​​​​​​​到​​​​​​​来​​​​​​​自​​​​​​​活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​响​​​​​​​应​​​​​​​,它​​​​​​​会​​​​​​​通​​​​​​​过​​​​​​​调​​​​​​​用​​​​​​​ send_arp 启​​​​​​​动​​​​​​​失​​​​​​​效​​​​​​​切​​​​​​​换​​​​​​​来​​​​​​​将​​​​​​​所​​​​​​​有​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​重​​​​​​​新​​​​​​​分​​​​​​​配​​​​​​​到​​​​​​​备​​​​​​​用​​​​​​​节​​​​​​​点​​​​​​​的​​​​​​​ NIC 硬​​​​​​​件​​​​​​​地​​​​​​​址​​​​​​​(MAC 地​​​​​​​址​​​​​​​),并​​​​​​​通​​​​​​​过​​​​​​​公​​​​​​​共​​​​​​​和​​​​​​​专​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​向​​​​​​​活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​发​​​​​​​送​​​​​​​一​​​​​​​个​​​​​​​命​​​​​​​令​​​​​​​来​​​​​​​关​​​​​​​闭​​​​​​​活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​ lvs 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​,启​​​​​​​动​​​​​​​备​​​​​​​用​​​​​​​节​​​​​​​点​​​​​​​中​​​​​​​的​​​​​​​ lvs 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​来​​​​​​​为​​​​​​​配​​​​​​​置​​​​​​​的​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​接​​​​​​​收​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​

1.6.1. LVS Components

第 1.6.1.1 节 “pulse shows a detailed list of each software component in an LVS router.

1.6.1.1. pulse

This is the controlling process which starts all other daemons related to LVS routers. At boot time, the daemon is started by the /etc/rc.d/init.d/pulse script. It then reads the configuration file /etc/sysconfig/ha/lvs.cf. On the active router, pulse starts the LVS daemon. On the backup router, pulse determines the health of the active router by executing a simple heartbeat at a user-configurable interval. If the active router fails to respond after a user-configurable interval, it initiates failover. During failover, pulse on the backup router instructs the pulse daemon on the active router to shut down all LVS services, starts the send_arp program to reassign the floating IP addresses to the backup router's MAC address, and starts the lvs daemon.

1.6.1.2. lvs

一​​​​​​​旦​​​​​​​被​​​​​​​ pulse 调​​​​​​​用​​​​​​​,lvs 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​就​​​​​​​运​​​​​​​行​​​​​​​在​​​​​​​活​​​​​​​动​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​。​​​​​​​它​​​​​​​读​​​​​​​取​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​ /etc/sysconfig/ha/lvs.cf,调​​​​​​​用​​​​​​​ ipvsadm 工​​​​​​​具​​​​​​​来​​​​​​​构​​​​​​​建​​​​​​​和​​​​​​​维​​​​​​​护​​​​​​​ IPVS 路​​​​​​​由​​​​​​​表​​​​​​​,并​​​​​​​为​​​​​​​每​​​​​​​个​​​​​​​配​​​​​​​置​​​​​​​的​​​​​​​ LVS 服​​​​​​​务​​​​​​​分​​​​​​​配​​​​​​​ nanny 进​​​​​​​程​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​ nanny 报​​​​​​​告​​​​​​​某​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​关​​​​​​​闭​​​​​​​了​​​​​​​,lvs 将​​​​​​​指​​​​​​​引​​​​​​​ ipvsadm 工​​​​​​​具​​​​​​​从​​​​​​​ IPVS 路​​​​​​​由​​​​​​​表​​​​​​​中​​​​​​​删​​​​​​​除​​​​​​​这​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​

1.6.1.3. ipvsadm

这​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​更​​​​​​​新​​​​​​​内​​​​​​​核​​​​​​​中​​​​​​​的​​​​​​​ IPVS 路​​​​​​​由​​​​​​​表​​​​​​​。​​​​​​​lvs 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​通​​​​​​​过​​​​​​​调​​​​​​​用​​​​​​​ ipvsadm 来​​​​​​​添​​​​​​​加​​​​​​​、​​​​​​​修​​​​​​​改​​​​​​​或​​​​​​​者​​​​​​​删​​​​​​​除​​​​​​​ IPVS 路​​​​​​​由​​​​​​​表​​​​​​​中​​​​​​​的​​​​​​​条​​​​​​​目​​​​​​​来​​​​​​​设​​​​​​​置​​​​​​​和​​​​​​​管​​​​​​​理​​​​​​​ LVS。​​​​​​​

1.6.1.4. nanny

nanny 监​​​​​​​控​​​​​​​运​​​​​​​行​​​​​​​在​​​​​​​活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​。​​​​​​​通​​​​​​​过​​​​​​​这​​​​​​​个​​​​​​​守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​,活​​​​​​​跃​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​可​​​​​​​确​​​​​​​定​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​状​​​​​​​态​​​​​​​,有​​​​​​​时​​​​​​​还​​​​​​​可​​​​​​​以​​​​​​​监​​​​​​​控​​​​​​​其​​​​​​​工​​​​​​​作​​​​​​​负​​​​​​​载​​​​​​​。​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​定​​​​​​​义​​​​​​​的​​​​​​​每​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​都​​​​​​​有​​​​​​​一​​​​​​​个​​​​​​​独​​​​​​​立​​​​​​​进​​​​​​​程​​​​​​​为​​​​​​​其​​​​​​​运​​​​​​​行​​​​​​​。​​​​​​​

1.6.1.5. /etc/sysconfig/ha/lvs.cf

这​​​​​​​是​​​​​​​ LVS 配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​。​​​​​​​所​​​​​​​有​​​​​​​守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​都​​​​​​​直​​​​​​​接​​​​​​​或​​​​​​​者​​​​​​​间​​​​​​​接​​​​​​​地​​​​​​​从​​​​​​​这​​​​​​​个​​​​​​​文​​​​​​​件​​​​​​​中​​​​​​​获​​​​​​​得​​​​​​​它​​​​​​​们​​​​​​​的​​​​​​​配​​​​​​​置​​​​​​​信​​​​​​​息​​​​​​​。​​​​​​​

1.6.1.6. Piranha Configuration Tool

这​​​​​​​是​​​​​​​用​​​​​​​来​​​​​​​监​​​​​​​控​​​​​​​、​​​​​​​配​​​​​​​置​​​​​​​和​​​​​​​管​​​​​​​理​​​​​​​ LVS 的​​​​​​​网​​​​​​​页​​​​​​​工​​​​​​​具​​​​​​​。​​​​​​​它​​​​​​​是​​​​​​​用​​​​​​​来​​​​​​​维​​​​​​​护​​​​​​​ /etc/sysconfig/ha/lvs.cf LVS 配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​的​​​​​​​默​​​​​​​认​​​​​​​工​​​​​​​具​​​​​​​。​​​​​​​

1.6.1.7. send_arp

在​​​​​​​失​​​​​​​效​​​​​​​切​​​​​​​换​​​​​​​过​​​​​​​程​​​​​​​中​​​​​​​,当​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​在​​​​​​​节​​​​​​​点​​​​​​​间​​​​​​​进​​​​​​​行​​​​​​​更​​​​​​​改​​​​​​​时​​​​​​​,这​​​​​​​个​​​​​​​程​​​​​​​序​​​​​​​发​​​​​​​送​​​​​​​ ARP 广​​​​​​​播​​​​​​​。​​​​​​​
第 2 章 初​​​​​​​始​​​​​​​ LVS 配​​​​​​​置​​​​​​​ reviews important post-installation configuration steps you should take before configuring Red Hat Enterprise Linux to be an LVS router.

第 2 章 初​​​​​​​始​​​​​​​ LVS 配​​​​​​​置​​​​​​​

安​​​​​​​装​​​​​​​Red Hat Enterprise Linux 后​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​执​​​​​​​行​​​​​​​一​​​​​​​些​​​​​​​基​​​​​​​本​​​​​​​操​​​​​​​作​​​​​​​步​​​​​​​骤​​​​​​​来​​​​​​​设​​​​​​​置​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​和​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​(real server)。​​​​​​​本​​​​​​​章​​​​​​​对​​​​​​​这​​​​​​​些​​​​​​​初​​​​​​​始​​​​​​​化​​​​​​​步​​​​​​​骤​​​​​​​进​​​​​​​行​​​​​​​了​​​​​​​详​​​​​​​细​​​​​​​的​​​​​​​论​​​​​​​述​​​​​​​。​​​​​​​

注意

当​​​​​​​启​​​​​​​动​​​​​​​群​​​​​​​集​​​​​​​后​​​​​​​,LVS 路​​​​​​​由​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​就​​​​​​​成​​​​​​​为​​​​​​​活​​​​​​​跃​​​​​​​节​​​​​​​点​​​​​​​,也​​​​​​​叫​​​​​​​主​​​​​​​节​​​​​​​点​​​​​​​。​​​​​​​在​​​​​​​配​​​​​​​置​​​​​​​ LVS 时​​​​​​​,请​​​​​​​使​​​​​​​用​​​​​​​主​​​​​​​节​​​​​​​点​​​​​​​中​​​​​​​的​​​​​​​ Piranha Configuration Tool。​​​​​​​

2.1. 在​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​配​​​​​​​置​​​​​​​服​​​​​​​务​​​​​​​

Red Hat Enterprise Linux 安​​​​​​​装​​​​​​​程​​​​​​​序​​​​​​​会​​​​​​​安​​​​​​​装​​​​​​​所​​​​​​​有​​​​​​​设​​​​​​​置​​​​​​​ LVS 所​​​​​​​需​​​​​​​要​​​​​​​的​​​​​​​组​​​​​​​件​​​​​​​,但​​​​​​​必​​​​​​​须​​​​​​​在​​​​​​​配​​​​​​​置​​​​​​​群​​​​​​​集​​​​​​​前​​​​​​​激​​​​​​​活​​​​​​​正​​​​​​​确​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​。​​​​​​​请​​​​​​​为​​​​​​​两​​​​​​​个​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​启​​​​​​​动​​​​​​​正​​​​​​​确​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​。​​​​​​​Red Hat Enterprise Linux 中​​​​​​​有​​​​​​​三​​​​​​​个​​​​​​​主​​​​​​​要​​​​​​​的​​​​​​​工​​​​​​​具​​​​​​​可​​​​​​​用​​​​​​​来​​​​​​​将​​​​​​​服​​​​​​​务​​​​​​​设​​​​​​​置​​​​​​​为​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​激​​​​​​​活​​​​​​​,它​​​​​​​们​​​​​​​是​​​​​​​命​​​​​​​令​​​​​​​行​​​​​​​程​​​​​​​序​​​​​​​chkconfig、​​​​​​​ncurses-based 程​​​​​​​序​​​​​​​ ntsysv 和​​​​​​​图​​​​​​​形​​​​​​​界​​​​​​​面​​​​​​​程​​​​​​​序​​​​​​​ Services Configuration Tool。​​​​​​​这​​​​​​​些​​​​​​​工​​​​​​​具​​​​​​​都​​​​​​​要​​​​​​​求​​​​​​​有​​​​​​​根​​​​​​​访​​​​​​​问​​​​​​​才​​​​​​​可​​​​​​​以​​​​​​​使​​​​​​​用​​​​​​​。​​​​​​​

注意

要​​​​​​​获​​​​​​​得​​​​​​​根​​​​​​​访​​​​​​​问​​​​​​​权​​​​​​​限​​​​​​​,请​​​​​​​在​​​​​​​ shell 提​​​​​​​示​​​​​​​符​​​​​​​后​​​​​​​输​​​​​​​入​​​​​​​ su - 命​​​​​​​令​​​​​​​和​​​​​​​根​​​​​​​密​​​​​​​码​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:
$ su - root password
在​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​,需​​​​​​​要​​​​​​​将​​​​​​​三​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​设​​​​​​​置​​​​​​​为​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​激​​​​​​​活​​​​​​​:
  • piranha-gui 服​​​​​​​务​​​​​​​(只​​​​​​​用​​​​​​​于​​​​​​​主​​​​​​​节​​​​​​​点​​​​​​​)
  • pulse 服​​​​​​​务​​​​​​​
  • sshd 服​​​​​​​务​​​​​​​
如​​​​​​​果​​​​​​​您​​​​​​​正​​​​​​​在​​​​​​​群​​​​​​​集​​​​​​​多​​​​​​​端​​​​​​​口​​​​​​​服​​​​​​​务​​​​​​​或​​​​​​​者​​​​​​​正​​​​​​​在​​​​​​​使​​​​​​​用​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​,您​​​​​​​还​​​​​​​必​​​​​​​须​​​​​​​启​​​​​​​用​​​​​​​ iptables 服​​​​​​​务​​​​​​​。​​​​​​​
最​​​​​​​好​​​​​​​是​​​​​​​将​​​​​​​这​​​​​​​些​​​​​​​服​​​​​​​务​​​​​​​设​​​​​​​置​​​​​​​为​​​​​​​在​​​​​​​运​​​​​​​行​​​​​​​级​​​​​​​别​​​​​​​ 3 和​​​​​​​运​​​​​​​行​​​​​​​级​​​​​​​别​​​​​​​ 5 都​​​​​​​激​​​​​​​活​​​​​​​。​​​​​​​要​​​​​​​达​​​​​​​到​​​​​​​此​​​​​​​目​​​​​​​的​​​​​​​,请​​​​​​​使​​​​​​​用​​​​​​​ chkconfig,并​​​​​​​为​​​​​​​每​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​输​​​​​​​入​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/sbin/chkconfig --level 35 daemon on
在​​​​​​​上​​​​​​​面​​​​​​​的​​​​​​​命​​​​​​​令​​​​​​​中​​​​​​​,请​​​​​​​使​​​​​​​用​​​​​​​您​​​​​​​想​​​​​​​要​​​​​​​激​​​​​​​活​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​名​​​​​​​称​​​​​​​替​​​​​​​换​​​​​​​ daemon。​​​​​​​要​​​​​​​获​​​​​​​得​​​​​​​系​​​​​​​统​​​​​​​中​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​及​​​​​​​在​​​​​​​什​​​​​​​么​​​​​​​运​​​​​​​行​​​​​​​级​​​​​​​别​​​​​​​将​​​​​​​其​​​​​​​设​​​​​​​定​​​​​​​为​​​​​​​激​​​​​​​活​​​​​​​的​​​​​​​列​​​​​​​表​​​​​​​,请​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/sbin/chkconfig --list

警告

Turning any of the above services on using chkconfig does not actually start the daemon. To do this use the /sbin/service command. See 第 2.3 节 “启​​​​​​​动​​​​​​​ Piranha Configuration Tool服​​​​​​​务​​​​​​​” for an example of how to use the /sbin/service command.
For more information on runlevels and configuring services with ntsysv and the Services Configuration Tool, refer to the chapter titled "Controlling Access to Services" in the Red Hat Enterprise Linux System Administration Guide.

2.2. 为​​​​​​​ Piranha Configuration Tool设​​​​​​​置​​​​​​​密​​​​​​​码​​​​​​​

第​​​​​​​一​​​​​​​次​​​​​​​在​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​使​​​​​​​用​​​​​​​ Piranha Configuration Tool之​​​​​​​前​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​创​​​​​​​建​​​​​​​一​​​​​​​个​​​​​​​密​​​​​​​码​​​​​​​来​​​​​​​限​​​​​​​制​​​​​​​对​​​​​​​它​​​​​​​的​​​​​​​访​​​​​​​问​​​​​​​。​​​​​​​创​​​​​​​建​​​​​​​密​​​​​​​码​​​​​​​时​​​​​​​,请​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​登​​​​​​​录​​​​​​​,并​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/usr/sbin/piranha-passwd
输​​​​​​​入​​​​​​​此​​​​​​​命​​​​​​​令​​​​​​​后​​​​​​​,根​​​​​​​据​​​​​​​提​​​​​​​示​​​​​​​创​​​​​​​建​​​​​​​管​​​​​​​理​​​​​​​密​​​​​​​码​​​​​​​。​​​​​​​

警告

比​​​​​​​较​​​​​​​安​​​​​​​全​​​​​​​的​​​​​​​密​​​​​​​码​​​​​​​不​​​​​​​可​​​​​​​以​​​​​​​是​​​​​​​专​​​​​​​有​​​​​​​名​​​​​​​词​​​​​​​、​​​​​​​常​​​​​​​用​​​​​​​缩​​​​​​​写​​​​​​​或​​​​​​​者​​​​​​​可​​​​​​​在​​​​​​​任​​​​​​​意​​​​​​​语​​​​​​​言​​​​​​​字​​​​​​​典​​​​​​​中​​​​​​​查​​​​​​​到​​​​​​​的​​​​​​​单​​​​​​​词​​​​​​​。​​​​​​​不​​​​​​​要​​​​​​​在​​​​​​​系​​​​​​​统​​​​​​​中​​​​​​​留​​​​​​​下​​​​​​​任​​​​​​​何​​​​​​​未​​​​​​​加​​​​​​​密​​​​​​​的​​​​​​​密​​​​​​​码​​​​​​​。​​​​​​​
如​​​​​​​果​​​​​​​要​​​​​​​在​​​​​​​激​​​​​​​活​​​​​​​的​​​​​​​ Piranha Configuration Tool会​​​​​​​话​​​​​​​中​​​​​​​修​​​​​​​改​​​​​​​密​​​​​​​码​​​​​​​,系​​​​​​​统​​​​​​​会​​​​​​​为​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​提​​​​​​​示​​​​​​​输​​​​​​​入​​​​​​​新​​​​​​​密​​​​​​​码​​​​​​​。​​​​​​​

2.3. 启​​​​​​​动​​​​​​​ Piranha Configuration Tool服​​​​​​​务​​​​​​​

在​​​​​​​您​​​​​​​为​​​​​​​ Piranha Configuration Tool设​​​​​​​定​​​​​​​密​​​​​​​码​​​​​​​后​​​​​​​,请​​​​​​​启​​​​​​​动​​​​​​​或​​​​​​​者​​​​​​​重​​​​​​​启​​​​​​​位​​​​​​​于​​​​​​​ /etc/rc.d/init.d/piranha-gui 的​​​​​​​ piranha-gui 服​​​​​​​务​​​​​​​。​​​​​​​此​​​​​​​时​​​​​​​请​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​身​​​​​​​份​​​​​​​输​​​​​​​入​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/sbin/service piranha-gui start
or
/sbin/service piranha-gui restart
Issuing this command starts a private session of the Apache HTTP Server by calling the symbolic link /usr/sbin/piranha_gui -> /usr/sbin/httpd. For security reasons, the piranha-gui version of httpd runs as the piranha user in a separate process. The fact that piranha-gui leverages the httpd service means that:
  1. 必​​​​​​​须​​​​​​​在​​​​​​​系​​​​​​​统​​​​​​​中​​​​​​​安​​​​​​​装​​​​​​​ Apache HTTP Server。​​​​​​​
  2. 通​​​​​​​过​​​​​​​用​​​​​​​ service 命​​​​​​​令​​​​​​​终​​​​​​​止​​​​​​​ piranha-gui 服​​​​​​​务​​​​​​​来​​​​​​​终​​​​​​​止​​​​​​​或​​​​​​​者​​​​​​​重​​​​​​​启​​​​​​​ Apache HTTP Server。​​​​​​​

警告

如​​​​​​​果​​​​​​​是​​​​​​​在​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​使​​​​​​​用​​​​​​​ /sbin/service httpd stop 或​​​​​​​者​​​​​​​ /sbin/service httpd restart 命​​​​​​​令​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​启​​​​​​​动​​​​​​​ piranha-gui 服​​​​​​​务​​​​​​​:
/sbin/service piranha-gui start
The piranha-gui service is all that is necessary to begin configuring LVS. However, if you are configuring LVS remotely, the sshd service is also required. You do not need to start the pulse service until configuration using the Piranha Configuration Tool is complete. See 第 4.8 节 “启​​​​​​​动​​​​​​​ LVS” for information on starting the pulse service.

2.3.1. 配​​​​​​​置​​​​​​​ Piranha Configuration Tool网​​​​​​​页​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​端​​​​​​​口​​​​​​​

默​​​​​​​认​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​,Piranha Configuration Tool在​​​​​​​端​​​​​​​口​​​​​​​ 3636 运​​​​​​​行​​​​​​​。​​​​​​​要​​​​​​​更​​​​​​​改​​​​​​​此​​​​​​​端​​​​​​​口​​​​​​​号​​​​​​​,请​​​​​​​在​​​​​​​ piranha-gui 网​​​​​​​页​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​ /etc/sysconfig/ha/conf/httpd.conf 中​​​​​​​修​​​​​​​改​​​​​​​第​​​​​​​二​​​​​​​部​​​​​​​分​​​​​​​的​​​​​​​ Listen 3636 行​​​​​​​。​​​​​​​
要​​​​​​​使​​​​​​​用​​​​​​​ Piranha Configuration Tool,您​​​​​​​至​​​​​​​少​​​​​​​需​​​​​​​要​​​​​​​一​​​​​​​个​​​​​​​文​​​​​​​本​​​​​​​网​​​​​​​页​​​​​​​浏​​​​​​​览​​​​​​​器​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​您​​​​​​​在​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​启​​​​​​​动​​​​​​​了​​​​​​​网​​​​​​​页​​​​​​​浏​​​​​​​览​​​​​​​器​​​​​​​,请​​​​​​​打​​​​​​​开​​​​​​​位​​​​​​​置​​​​​​​ http://localhost:3636。​​​​​​​您​​​​​​​可​​​​​​​以​​​​​​​用​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​主​​​​​​​机​​​​​​​名​​​​​​​或​​​​​​​者​​​​​​​ IP 地​​​​​​​址​​​​​​​替​​​​​​​换​​​​​​​ localhost,以​​​​​​​便​​​​​​​通​​​​​​​过​​​​​​​网​​​​​​​页​​​​​​​浏​​​​​​​览​​​​​​​器​​​​​​​从​​​​​​​任​​​​​​​意​​​​​​​位​​​​​​​置​​​​​​​进​​​​​​​入​​​​​​​ Piranha Configuration Tool。​​​​​​​
当​​​​​​​您​​​​​​​的​​​​​​​浏​​​​​​​览​​​​​​​器​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​ Piranha Configuration Tool时​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​登​​​​​​​录​​​​​​​来​​​​​​​访​​​​​​​问​​​​​​​配​​​​​​​置​​​​​​​服​​​​​​​务​​​​​​​。​​​​​​​在​​​​​​​「​​​​​​​用​​​​​​​户​​​​​​​名​​​​​​​」​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​ piranha,在​​​​​​​「​​​​​​​密​​​​​​​码​​​​​​​」​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​ piranha-passwd。​​​​​​​
现​​​​​​​在​​​​​​​ Piranha Configuration Tool正​​​​​​​在​​​​​​​运​​​​​​​行​​​​​​​,您​​​​​​​可​​​​​​​能​​​​​​​想​​​​​​​要​​​​​​​考​​​​​​​虑​​​​​​​要​​​​​​​对​​​​​​​网​​​​​​​络​​​​​​​中​​​​​​​访​​​​​​​问​​​​​​​此​​​​​​​工​​​​​​​具​​​​​​​的​​​​​​​人​​​​​​​员​​​​​​​进​​​​​​​行​​​​​​​限​​​​​​​制​​​​​​​。​​​​​​​下​​​​​​​面​​​​​​​的​​​​​​​部​​​​​​​分​​​​​​​就​​​​​​​是​​​​​​​总​​​​​​​结​​​​​​​如​​​​​​​何​​​​​​​达​​​​​​​到​​​​​​​此​​​​​​​目​​​​​​​的​​​​​​​。​​​​​​​

2.4. 限​​​​​​​制​​​​​​​对​​​​​​​ Piranha Configuration Tool的​​​​​​​访​​​​​​​问​​​​​​​

Piranha Configuration Tool提​​​​​​​示​​​​​​​一​​​​​​​个​​​​​​​可​​​​​​​用​​​​​​​的​​​​​​​用​​​​​​​户​​​​​​​名​​​​​​​和​​​​​​​密​​​​​​​码​​​​​​​组​​​​​​​合​​​​​​​。​​​​​​​但​​​​​​​所​​​​​​​有​​​​​​​传​​​​​​​递​​​​​​​给​​​​​​​ Piranha Configuration Tool的​​​​​​​数​​​​​​​据​​​​​​​都​​​​​​​是​​​​​​​明​​​​​​​文​​​​​​​的​​​​​​​,因​​​​​​​此​​​​​​​建​​​​​​​议​​​​​​​您​​​​​​​将​​​​​​​对​​​​​​​它​​​​​​​的​​​​​​​访​​​​​​​问​​​​​​​限​​​​​​​制​​​​​​​在​​​​​​​可​​​​​​​信​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​或​​​​​​​者​​​​​​​本​​​​​​​地​​​​​​​机​​​​​​​器​​​​​​​。​​​​​​​
The easiest way to restrict access is to use the Apache HTTP Server's built in access control mechanisms by editing /etc/sysconfig/ha/web/secure/.htaccess. After altering the file you do not have to restart the piranha-gui service because the server checks the .htaccess file each time it accesses the directory.
默​​​​​​​认​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​,对​​​​​​​此​​​​​​​目​​​​​​​录​​​​​​​的​​​​​​​访​​​​​​​问​​​​​​​控​​​​​​​制​​​​​​​允​​​​​​​许​​​​​​​任​​​​​​​何​​​​​​​人​​​​​​​浏​​​​​​​览​​​​​​​目​​​​​​​录​​​​​​​内​​​​​​​容​​​​​​​。​​​​​​​以​​​​​​​下​​​​​​​就​​​​​​​是​​​​​​​默​​​​​​​认​​​​​​​访​​​​​​​文​​​​​​​件​​​​​​​的​​​​​​​形​​​​​​​式​​​​​​​:
Order deny,allow
Allow from all
要​​​​​​​将​​​​​​​对​​​​​​​ Piranha Configuration Tool的​​​​​​​访​​​​​​​问​​​​​​​限​​​​​​​制​​​​​​​在​​​​​​​只​​​​​​​允​​​​​​​许​​​​​​​本​​​​​​​地​​​​​​​主​​​​​​​机​​​​​​​访​​​​​​​问​​​​​​​,请​​​​​​​将​​​​​​​ .htaccess 文​​​​​​​件​​​​​​​修​​​​​​​改​​​​​​​为​​​​​​​只​​​​​​​允​​​​​​​许​​​​​​​来​​​​​​​自​​​​​​​回​​​​​​​送​​​​​​​设​​​​​​​备​​​​​​​(127.0.0.1)的​​​​​​​访​​​​​​​问​​​​​​​。​​​​​​​有​​​​​​​关​​​​​​​回​​​​​​​送​​​​​​​设​​​​​​​备​​​​​​​的​​​​​​​详​​​​​​​情​​​​​​​请​​​​​​​参​​​​​​​考​​​​​​​Red Hat Enterprise Linux Reference Guide的​​​​​​​网​​​​​​​络​​​​​​​脚​​​​​​​本​​​​​​​一​​​​​​​章​​​​​​​。​​​​​​​
Order deny,allow
Deny from all
Allow from 127.0.0.1
本​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​您​​​​​​​还​​​​​​​可​​​​​​​以​​​​​​​允​​​​​​​许​​​​​​​特​​​​​​​定​​​​​​​主​​​​​​​机​​​​​​​或​​​​​​​者​​​​​​​子​​​​​​​网​​​​​​​:
Order deny,allow
Deny from all
Allow from 192.168.1.100
Allow from 172.16.57
在​​​​​​​本​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​,只​​​​​​​有​​​​​​​来​​​​​​​自​​​​​​​ IP 地​​​​​​​址​​​​​​​为​​​​​​​ 192.168.1.100 和​​​​​​​ 172.16.57/24 网​​​​​​​络​​​​​​​中​​​​​​​的​​​​​​​机​​​​​​​器​​​​​​​使​​​​​​​用​​​​​​​的​​​​​​​网​​​​​​​页​​​​​​​浏​​​​​​​览​​​​​​​器​​​​​​​可​​​​​​​访​​​​​​​问​​​​​​​ Piranha Configuration Tool。​​​​​​​

警告

编​​​​​​​辑​​​​​​​ Piranha Configuration Tool .htaccess 文​​​​​​​件​​​​​​​可​​​​​​​限​​​​​​​制​​​​​​​对​​​​​​​位​​​​​​​于​​​​​​​ /etc/sysconfig/ha/web/secure/ 目​​​​​​​录​​​​​​​中​​​​​​​的​​​​​​​配​​​​​​​置​​​​​​​页​​​​​​​的​​​​​​​访​​​​​​​问​​​​​​​,但​​​​​​​不​​​​​​​会​​​​​​​限​​​​​​​制​​​​​​​登​​​​​​​录​​​​​​​和​​​​​​​对​​​​​​​位​​​​​​​于​​​​​​​ /etc/sysconfig/ha/web/ 目​​​​​​​录​​​​​​​的​​​​​​​帮​​​​​​​助​​​​​​​页​​​​​​​的​​​​​​​访​​​​​​​问​​​​​​​。​​​​​​​要​​​​​​​限​​​​​​​制​​​​​​​对​​​​​​​此​​​​​​​目​​​​​​​录​​​​​​​的​​​​​​​访​​​​​​​问​​​​​​​,请​​​​​​​在​​​​​​​ /etc/sysconfig/ha/web/ 目​​​​​​​录​​​​​​​中​​​​​​​创​​​​​​​建​​​​​​​ .htaccess 文​​​​​​​件​​​​​​​,并​​​​​​​使​​​​​​​用​​​​​​​和​​​​​​​ /etc/sysconfig/ha/web/secure/.htaccess 文​​​​​​​件​​​​​​​一​​​​​​​样​​​​​​​的​​​​​​​ order、​​​​​​​allow 和​​​​​​​ deny 行​​​​​​​。​​​​​​​

2.5. 启​​​​​​​动​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​转​​​​​​​发​​​​​​​

要​​​​​​​让​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​将​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​正​​​​​​​确​​​​​​​转​​​​​​​发​​​​​​​给​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,那​​​​​​​么​​​​​​​每​​​​​​​个​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​必​​​​​​​须​​​​​​​在​​​​​​​内​​​​​​​核​​​​​​​中​​​​​​​打​​​​​​​开​​​​​​​ IP 转​​​​​​​发​​​​​​​功​​​​​​​能​​​​​​​。​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​登​​​​​​​录​​​​​​​,将​​​​​​​ /etc/sysctl.conf 文​​​​​​​件​​​​​​​中​​​​​​​的​​​​​​​ net.ipv4.ip_forward = 0 改​​​​​​​为​​​​​​​:
net.ipv4.ip_forward = 1
重​​​​​​​启​​​​​​​系​​​​​​​统​​​​​​​即​​​​​​​可​​​​​​​使​​​​​​​修​​​​​​​改​​​​​​​生​​​​​​​效​​​​​​​。​​​​​​​
要​​​​​​​检​​​​​​​查​​​​​​​是​​​​​​​否​​​​​​​打​​​​​​​开​​​​​​​了​​​​​​​ IP 转​​​​​​​发​​​​​​​,请​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​身​​​​​​​份​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/sbin/sysctl net.ipv4.ip_forward
如​​​​​​​果​​​​​​​以​​​​​​​上​​​​​​​命​​​​​​​令​​​​​​​返​​​​​​​回​​​​​​​结​​​​​​​果​​​​​​​为​​​​​​​ 1,那​​​​​​​么​​​​​​​ IP 转​​​​​​​发​​​​​​​就​​​​​​​启​​​​​​​用​​​​​​​了​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​返​​​​​​​回​​​​​​​的​​​​​​​结​​​​​​​果​​​​​​​是​​​​​​​ 0,那​​​​​​​么​​​​​​​您​​​​​​​就​​​​​​​需​​​​​​​要​​​​​​​用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​手​​​​​​​动​​​​​​​打​​​​​​​开​​​​​​​此​​​​​​​功​​​​​​​能​​​​​​​:
/sbin/sysctl -w net.ipv4.ip_forward=1

2.6. 在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​配​​​​​​​置​​​​​​​服​​​​​​​务​​​​​​​

如​​​​​​​果​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​是​​​​​​​Red Hat Enterprise Linux 系​​​​​​​统​​​​​​​,您​​​​​​​可​​​​​​​设​​​​​​​置​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​激​​​​​​​活​​​​​​​适​​​​​​​当​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​。​​​​​​​这​​​​​​​些​​​​​​​守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​包​​​​​​​括​​​​​​​网​​​​​​​页​​​​​​​服​​​​​​​务​​​​​​​的​​​​​​​ httpd 或​​​​​​​者​​​​​​​ FTP 和​​​​​​​ Telnet 服​​​​​​​务​​​​​​​的​​​​​​​ xinetd。​​​​​​​
还​​​​​​​可​​​​​​​以​​​​​​​远​​​​​​​程​​​​​​​访​​​​​​​问​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,这​​​​​​​就​​​​​​​需​​​​​​​要​​​​​​​安​​​​​​​装​​​​​​​并​​​​​​​运​​​​​​​行​​​​​​​ sshd 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​。​​​​​​​

第 3 章 设​​​​​​​置​​​​​​​ LVS

LVS 群​​​​​​​集​​​​​​​包​​​​​​​括​​​​​​​两​​​​​​​个​​​​​​​基​​​​​​​本​​​​​​​群​​​​​​​组​​​​​​​:LVS 路​​​​​​​由​​​​​​​器​​​​​​​和​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​要​​​​​​​防​​​​​​​止​​​​​​​单​​​​​​​点​​​​​​​失​​​​​​​败​​​​​​​,每​​​​​​​个​​​​​​​群​​​​​​​组​​​​​​​应​​​​​​​该​​​​​​​包​​​​​​​含​​​​​​​至​​​​​​​少​​​​​​​两​​​​​​​个​​​​​​​成​​​​​​​员​​​​​​​系​​​​​​​统​​​​​​​。​​​​​​​
LVS 路​​​​​​​由​​​​​​​器​​​​​​​群​​​​​​​组​​​​​​​应​​​​​​​该​​​​​​​包​​​​​​​括​​​​​​​两​​​​​​​个​​​​​​​相​​​​​​​同​​​​​​​或​​​​​​​者​​​​​​​非​​​​​​​常​​​​​​​类​​​​​​​似​​​​​​​的​​​​​​​运​​​​​​​行​​​​​​​Red Hat Enterprise Linux 的​​​​​​​系​​​​​​​统​​​​​​​。​​​​​​​其​​​​​​​中​​​​​​​一​​​​​​​个​​​​​​​作​​​​​​​为​​​​​​​活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​使​​​​​​​用​​​​​​​,同​​​​​​​时​​​​​​​另​​​​​​​一​​​​​​​个​​​​​​​处​​​​​​​于​​​​​​​热​​​​​​​等​​​​​​​待​​​​​​​模​​​​​​​式​​​​​​​,因​​​​​​​此​​​​​​​它​​​​​​​们​​​​​​​需​​​​​​​要​​​​​​​有​​​​​​​尽​​​​​​​可​​​​​​​能​​​​​​​相​​​​​​​似​​​​​​​的​​​​​​​容​​​​​​​量​​​​​​​。​​​​​​​
在​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​组​​​​​​​群​​​​​​​选​​​​​​​择​​​​​​​和​​​​​​​配​​​​​​​置​​​​​​​硬​​​​​​​件​​​​​​​时​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​决​​​​​​​定​​​​​​​使​​​​​​​用​​​​​​​三​​​​​​​种​​​​​​​ LVS 布​​​​​​​局​​​​​​​中​​​​​​​的​​​​​​​哪​​​​​​​一​​​​​​​种​​​​​​​。​​​​​​​

3.1. NAT LVS 网​​​​​​​络​​​​​​​

NAT 布​​​​​​​局​​​​​​​允​​​​​​​许​​​​​​​大​​​​​​​限​​​​​​​度​​​​​​​利​​​​​​​用​​​​​​​现​​​​​​​有​​​​​​​硬​​​​​​​件​​​​​​​,但​​​​​​​因​​​​​​​为​​​​​​​所​​​​​​​有​​​​​​​进​​​​​​​出​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​都​​​​​​​经​​​​​​​过​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​,所​​​​​​​以​​​​​​​会​​​​​​​限​​​​​​​制​​​​​​​其​​​​​​​处​​​​​​​理​​​​​​​大​​​​​​​负​​​​​​​载​​​​​​​的​​​​​​​能​​​​​​​力​​​​​​​。​​​​​​​
网​​​​​​​络​​​​​​​布​​​​​​​局​​​​​​​
使​​​​​​​用​​​​​​​ NAT 路​​​​​​​由​​​​​​​的​​​​​​​ LVS 布​​​​​​​局​​​​​​​是​​​​​​​根​​​​​​​据​​​​​​​网​​​​​​​络​​​​​​​方​​​​​​​案​​​​​​​透​​​​​​​视​​​​​​​进​​​​​​​行​​​​​​​配​​​​​​​置​​​​​​​的​​​​​​​最​​​​​​​简​​​​​​​单​​​​​​​的​​​​​​​方​​​​​​​法​​​​​​​,因​​​​​​​为​​​​​​​只​​​​​​​需​​​​​​​要​​​​​​​一​​​​​​​个​​​​​​​切​​​​​​​入​​​​​​​点​​​​​​​访​​​​​​​问​​​​​​​公​​​​​​​共​​​​​​​网​​​​​​​络​​​​​​​。​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​会​​​​​​​将​​​​​​​所​​​​​​​有​​​​​​​请​​​​​​​求​​​​​​​返​​​​​​​回​​​​​​​到​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​,这​​​​​​​样​​​​​​​就​​​​​​​可​​​​​​​以​​​​​​​让​​​​​​​它​​​​​​​们​​​​​​​在​​​​​​​其​​​​​​​专​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​中​​​​​​​了​​​​​​​。​​​​​​​
硬​​​​​​​件​​​​​​​
从​​​​​​​硬​​​​​​​件​​​​​​​考​​​​​​​虑​​​​​​​,NAT 布​​​​​​​局​​​​​​​是​​​​​​​最​​​​​​​灵​​​​​​​活​​​​​​​的​​​​​​​布​​​​​​​局​​​​​​​,因​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​不​​​​​​​一​​​​​​​定​​​​​​​是​​​​​​​ Linux 机​​​​​​​器​​​​​​​才​​​​​​​能​​​​​​​正​​​​​​​常​​​​​​​工​​​​​​​作​​​​​​​。​​​​​​​在​​​​​​​ NAT 布​​​​​​​局​​​​​​​中​​​​​​​,每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​只​​​​​​​需​​​​​​​要​​​​​​​一​​​​​​​个​​​​​​​ NIC,因​​​​​​​为​​​​​​​它​​​​​​​只​​​​​​​响​​​​​​​应​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​。​​​​​​​另​​​​​​​一​​​​​​​方​​​​​​​面​​​​​​​,LVS 路​​​​​​​由​​​​​​​器​​​​​​​需​​​​​​​要​​​​​​​两​​​​​​​个​​​​​​​ NIC 来​​​​​​​在​​​​​​​两​​​​​​​个​​​​​​​网​​​​​​​络​​​​​​​间​​​​​​​路​​​​​​​由​​​​​​​流​​​​​​​量​​​​​​​。​​​​​​​因​​​​​​​为​​​​​​​此​​​​​​​布​​​​​​​局​​​​​​​在​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​产​​​​​​​生​​​​​​​了​​​​​​​网​​​​​​​络​​​​​​​瓶​​​​​​​颈​​​​​​​,所​​​​​​​以​​​​​​​可​​​​​​​以​​​​​​​在​​​​​​​每​​​​​​​个​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​部​​​​​​​署​​​​​​​千​​​​​​​兆​​​​​​​以​​​​​​​太​​​​​​​网​​​​​​​ NIC(gigabit Ethernet NIC)来​​​​​​​提​​​​​​​高​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​可​​​​​​​处​​​​​​​理​​​​​​​的​​​​​​​带​​​​​​​宽​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​在​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​使​​​​​​​用​​​​​​​了​​​​​​​千​​​​​​​兆​​​​​​​以​​​​​​​太​​​​​​​网​​​​​​​ NIC,每​​​​​​​个​​​​​​​连​​​​​​​接​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​和​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​开​​​​​​​关​​​​​​​必​​​​​​​须​​​​​​​至​​​​​​​少​​​​​​​有​​​​​​​两​​​​​​​个​​​​​​​千​​​​​​​兆​​​​​​​以​​​​​​​太​​​​​​​网​​​​​​​端​​​​​​​口​​​​​​​来​​​​​​​有​​​​​​​效​​​​​​​处​​​​​​​理​​​​​​​负​​​​​​​载​​​​​​​。​​​​​​​
软​​​​​​​件​​​​​​​
因​​​​​​​为​​​​​​​ NAT 布​​​​​​​局​​​​​​​需​​​​​​​要​​​​​​​使​​​​​​​用​​​​​​​ iptables 进​​​​​​​行​​​​​​​某​​​​​​​些​​​​​​​配​​​​​​​置​​​​​​​,所​​​​​​​以​​​​​​​在​​​​​​​ Piranha Configuration Tool之​​​​​​​外​​​​​​​还​​​​​​​需​​​​​​​要​​​​​​​配​​​​​​​置​​​​​​​相​​​​​​​当​​​​​​​数​​​​​​​量​​​​​​​的​​​​​​​软​​​​​​​件​​​​​​​。​​​​​​​特​​​​​​​别​​​​​​​是​​​​​​​在​​​​​​​使​​​​​​​用​​​​​​​FTP 服​​​​​​​务​​​​​​​和​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​时​​​​​​​需​​​​​​​要​​​​​​​额​​​​​​​外​​​​​​​手​​​​​​​动​​​​​​​配​​​​​​​置​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​以​​​​​​​便​​​​​​​正​​​​​​​确​​​​​​​路​​​​​​​由​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​

3.1.1. 为​​​​​​​带​​​​​​​ NAT 的​​​​​​​ LVS 配​​​​​​​置​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​

To set up LVS with NAT, you must first configure the network interfaces for the public network and the private network on the LVS routers. In this example, the LVS routers' public interfaces (eth0) will be on the 192.168.26/24 network (I know, I know, this is not a routable IP, but let us pretend there is a firewall in front of the LVS router for good measure) and the private interfaces which link to the real servers (eth1) will be on the 10.11.12/24 network.
So on the active or primary LVS router node, the public interface's network script, /etc/sysconfig/network-scripts/ifcfg-eth0, could look something like this:
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.26.9
NETMASK=255.255.255.0
GATEWAY=192.168.26.254
专​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​ NAT 接​​​​​​​口​​​​​​​的​​​​​​​ /etc/sysconfig/network-scripts/ifcfg-eth1 应​​​​​​​类​​​​​​​似​​​​​​​如​​​​​​​下​​​​​​​:
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.11.12.9
NETMASK=255.255.255.0
In this example, the VIP for the LVS router's public interface will be 192.168.26.10 and the VIP for the NAT or private interface will be 10.11.12.10. So, it is essential that the real servers route requests back to the VIP for the NAT interface.

重要

The sample Ethernet interface configuration settings in this section are for the real IP addresses of an LVS router and not the floating IP addresses. To configure the public and private floating IP addresses the administrator should use the Piranha Configuration Tool, as shown in 第 4.4 节 “GLOBAL SETTINGS and 第 4.6.1 节 “「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​”.
After configuring the primary LVS router node's network interfaces, configure the backup LVS router's real network interfaces — taking care that none of the IP address conflict with any other IP addresses on the network.

重要

请​​​​​​​确​​​​​​​定​​​​​​​每​​​​​​​个​​​​​​​位​​​​​​​于​​​​​​​备​​​​​​​用​​​​​​​节​​​​​​​点​​​​​​​接​​​​​​​口​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​提​​​​​​​供​​​​​​​与​​​​​​​主​​​​​​​节​​​​​​​点​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​接​​​​​​​口​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​,如​​​​​​​果​​​​​​​在​​​​​​​主​​​​​​​节​​​​​​​点​​​​​​​中​​​​​​​使​​​​​​​用​​​​​​​ eth0 连​​​​​​​接​​​​​​​到​​​​​​​公​​​​​​​共​​​​​​​网​​​​​​​络​​​​​​​,那​​​​​​​么​​​​​​​也​​​​​​​要​​​​​​​使​​​​​​​用​​​​​​​它​​​​​​​在​​​​​​​备​​​​​​​用​​​​​​​节​​​​​​​点​​​​​​​连​​​​​​​接​​​​​​​公​​​​​​​共​​​​​​​网​​​​​​​络​​​​​​​。​​​​​​​

3.1.2. 在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​路​​​​​​​由​​​​​​​

在​​​​​​​配​​​​​​​置​​​​​​​ NAT 布​​​​​​​局​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​时​​​​​​​,最​​​​​​​重​​​​​​​要​​​​​​​的​​​​​​​是​​​​​​​要​​​​​​​记​​​​​​​住​​​​​​​为​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​ NAT 浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​设​​​​​​​定​​​​​​​网​​​​​​​关​​​​​​​。​​​​​​​在​​​​​​​本​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​,该​​​​​​​地​​​​​​​址​​​​​​​应​​​​​​​该​​​​​​​是​​​​​​​ 10.11.12.10。​​​​​​​

注意

Once the network interfaces are up on the real servers, the machines will be unable to ping or connect in other ways to the public network. This is normal. You will, however, be able to ping the real IP for the LVS router's private interface, in this case 10.11.12.8.
So the real server's /etc/sysconfig/network-scripts/ifcfg-eth0 file could look similar to this:
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.11.12.1
NETMASK=255.255.255.0
GATEWAY=10.11.12.10

警告

如​​​​​​​果​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​有​​​​​​​超​​​​​​​过​​​​​​​一​​​​​​​个​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​配​​​​​​​置​​​​​​​了​​​​​​​ GATEWAY= 行​​​​​​​,第​​​​​​​一​​​​​​​个​​​​​​​出​​​​​​​现​​​​​​​的​​​​​​​将​​​​​​​是​​​​​​​网​​​​​​​关​​​​​​​。​​​​​​​因​​​​​​​此​​​​​​​,如​​​​​​​果​​​​​​​同​​​​​​​时​​​​​​​配​​​​​​​置​​​​​​​了​​​​​​​ eth0 和​​​​​​​ eth1,而​​​​​​​且​​​​​​​ eth1 用​​​​​​​于​​​​​​​ LVS,真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​可​​​​​​​能​​​​​​​无​​​​​​​法​​​​​​​正​​​​​​​确​​​​​​​路​​​​​​​由​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​
最​​​​​​​好​​​​​​​是​​​​​​​在​​​​​​​他​​​​​​​们​​​​​​​位​​​​​​​于​​​​​​​ /etc/sysconfig/network-scripts/ 目​​​​​​​录​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​脚​​​​​​​本​​​​​​​ ONBOOT=no 中​​​​​​​设​​​​​​​定​​​​​​​关​​​​​​​闭​​​​​​​无​​​​​​​关​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​,或​​​​​​​者​​​​​​​确​​​​​​​定​​​​​​​在​​​​​​​第​​​​​​​一​​​​​​​个​​​​​​​要​​​​​​​出​​​​​​​现​​​​​​​的​​​​​​​接​​​​​​​口​​​​​​​中​​​​​​​正​​​​​​​确​​​​​​​设​​​​​​​置​​​​​​​了​​​​​​​网​​​​​​​关​​​​​​​。​​​​​​​

3.1.3. 启​​​​​​​动​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​ NAT 路​​​​​​​由​​​​​​​

In a simple NAT LVS configuration where each clustered service uses only one port, like HTTP on port 80, the administrator needs only to enable packet forwarding on the LVS routers for the requests to be properly routed between the outside world and the real servers. See 第 2.5 节 “启​​​​​​​动​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​转​​​​​​​发​​​​​​​” for instructions on turning on packet forwarding. However, more configuration is necessary when the clustered services require more than one port to go to the same real server during a user session. For information on creating multi-port services using firewall marks, see 第 3.4 节 “多​​​​​​​端​​​​​​​口​​​​​​​服​​​​​​​务​​​​​​​和​​​​​​​ LVS ”.
Once forwarding is enabled on the LVS routers and the real servers are set up and have the clustered services running, use the Piranha Configuration Tool to configure LVS as shown in 第 4 章 用​​​​​​​ Piranha Configuration Tool配​​​​​​​置​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​.

警告

When finished, start the pulse service as shown in 第 4.8 节 “启​​​​​​​动​​​​​​​ LVS”. Once pulse is up and running, the active LVS router will begin routing requests to the pool of real servers.

3.2. 使​​​​​​​用​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​的​​​​​​​ LVS

As mentioned in 第 1.4.2 节 “直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​”, direct routing allows real servers to process and route packets directly to a requesting user rather than passing outgoing packets through the LVS router. Direct routing requires that the real servers be physically connected to a network segment with the LVS router and be able to process and direct outgoing packets as well.
网​​​​​​​络​​​​​​​布​​​​​​​局​​​​​​​
在​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​ LVS 设​​​​​​​置​​​​​​​中​​​​​​​,LVS 路​​​​​​​由​​​​​​​器​​​​​​​需​​​​​​​要​​​​​​​接​​​​​​​收​​​​​​​进​​​​​​​入​​​​​​​请​​​​​​​求​​​​​​​,并​​​​​​​将​​​​​​​其​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​适​​​​​​​当​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​进​​​​​​​行​​​​​​​处​​​​​​​理​​​​​​​。​​​​​​​接​​​​​​​着​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​需​​​​​​​要​​​​​​​直​​​​​​​接​​​​​​​将​​​​​​​响​​​​​​​应​​​​​​​路​​​​​​​由​​​​​​​给​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:如​​​​​​​果​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​在​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​中​​​​​​​并​​​​​​​通​​​​​​​过​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​向​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​发​​​​​​​送​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​,那​​​​​​​么​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​必​​​​​​​须​​​​​​​可​​​​​​​以​​​​​​​通​​​​​​​过​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​直​​​​​​​接​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​。​​​​​​​这​​​​​​​可​​​​​​​通​​​​​​​过​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​配​​​​​​​置​​​​​​​网​​​​​​​关​​​​​​​来​​​​​​​将​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​发​​​​​​​送​​​​​​​到​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​中​​​​​​​。​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​的​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​可​​​​​​​以​​​​​​​有​​​​​​​它​​​​​​​们​​​​​​​独​​​​​​​立​​​​​​​的​​​​​​​网​​​​​​​关​​​​​​​(且​​​​​​​每​​​​​​​个​​​​​​​网​​​​​​​关​​​​​​​都​​​​​​​有​​​​​​​其​​​​​​​自​​​​​​​身​​​​​​​的​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​连​​​​​​​接​​​​​​​),这​​​​​​​可​​​​​​​允​​​​​​​许​​​​​​​最​​​​​​​大​​​​​​​限​​​​​​​度​​​​​​​的​​​​​​​吞​​​​​​​吐​​​​​​​量​​​​​​​和​​​​​​​可​​​​​​​伸​​​​​​​缩​​​​​​​性​​​​​​​。​​​​​​​但​​​​​​​对​​​​​​​于​​​​​​​典​​​​​​​型​​​​​​​ LVS 设​​​​​​​置​​​​​​​,真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​可​​​​​​​通​​​​​​​过​​​​​​​一​​​​​​​个​​​​​​​网​​​​​​​关​​​​​​​(也​​​​​​​就​​​​​​​是​​​​​​​一​​​​​​​个​​​​​​​网​​​​​​​络​​​​​​​连​​​​​​​接​​​​​​​)进​​​​​​​行​​​​​​​沟​​​​​​​通​​​​​​​。​​​​​​​

重要

我​​​​​​​们​​​​​​​不​​​​​​​推​​​​​​​荐​​​​​​​您​​​​​​​将​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​作​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​网​​​​​​​关​​​​​​​使​​​​​​​用​​​​​​​,因​​​​​​​为​​​​​​​这​​​​​​​样​​​​​​​会​​​​​​​带​​​​​​​来​​​​​​​不​​​​​​​必​​​​​​​要​​​​​​​的​​​​​​​对​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​复​​​​​​​杂​​​​​​​设​​​​​​​置​​​​​​​和​​​​​​​网​​​​​​​络​​​​​​​负​​​​​​​载​​​​​​​,这​​​​​​​些​​​​​​​内​​​​​​​容​​​​​​​我​​​​​​​们​​​​​​​将​​​​​​​在​​​​​​​ NAT 路​​​​​​​由​​​​​​​中​​​​​​​存​​​​​​​在​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​瓶​​​​​​​颈​​​​​​​中​​​​​​​再​​​​​​​次​​​​​​​论​​​​​​​述​​​​​​​。​​​​​​​
硬​​​​​​​件​​​​​​​
使​​​​​​​用​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​的​​​​​​​ LVS 系​​​​​​​统​​​​​​​的​​​​​​​硬​​​​​​​件​​​​​​​要​​​​​​​求​​​​​​​与​​​​​​​其​​​​​​​它​​​​​​​ LVS 布​​​​​​​局​​​​​​​类​​​​​​​似​​​​​​​。​​​​​​​当​​​​​​​需​​​​​​​要​​​​​​​在​​​​​​​Red Hat Enterprise Linux 中​​​​​​​运​​​​​​​行​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​来​​​​​​​处​​​​​​​理​​​​​​​进​​​​​​​入​​​​​​​请​​​​​​​求​​​​​​​并​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​执​​​​​​​行​​​​​​​负​​​​​​​载​​​​​​​平​​​​​​​衡​​​​​​​时​​​​​​​,真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​不​​​​​​​一​​​​​​​定​​​​​​​是​​​​​​​ Linux 机​​​​​​​器​​​​​​​才​​​​​​​可​​​​​​​正​​​​​​​常​​​​​​​工​​​​​​​作​​​​​​​。​​​​​​​每​​​​​​​个​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​需​​​​​​​要​​​​​​​一​​​​​​​个​​​​​​​或​​​​​​​者​​​​​​​两​​​​​​​个​​​​​​​ NIC(要​​​​​​​看​​​​​​​是​​​​​​​否​​​​​​​有​​​​​​​备​​​​​​​用​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​)。​​​​​​​您​​​​​​​可​​​​​​​以​​​​​​​用​​​​​​​两​​​​​​​个​​​​​​​ NIC 来​​​​​​​缓​​​​​​​解​​​​​​​配​​​​​​​置​​​​​​​并​​​​​​​完​​​​​​​全​​​​​​​分​​​​​​​离​​​​​​​流​​​​​​​量​​​​​​​ — 进​​​​​​​入​​​​​​​请​​​​​​​求​​​​​​​由​​​​​​​一​​​​​​​个​​​​​​​ NIC 处​​​​​​​理​​​​​​​,用​​​​​​​另​​​​​​​一​​​​​​​个​​​​​​​ NIC 将​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​
因​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​会​​​​​​​绕​​​​​​​过​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​并​​​​​​​将​​​​​​​外​​​​​​​发​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​直​​​​​​​接​​​​​​​发​​​​​​​送​​​​​​​给​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​,所​​​​​​​以​​​​​​​需​​​​​​​要​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​的​​​​​​​网​​​​​​​关​​​​​​​。​​​​​​​要​​​​​​​获​​​​​​​得​​​​​​​最​​​​​​​高​​​​​​​性​​​​​​​能​​​​​​​和​​​​​​​可​​​​​​​用​​​​​​​性​​​​​​​,每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​应​​​​​​​使​​​​​​​用​​​​​​​独​​​​​​​立​​​​​​​网​​​​​​​关​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​,这​​​​​​​些​​​​​​​独​​​​​​​立​​​​​​​网​​​​​​​关​​​​​​​有​​​​​​​其​​​​​​​专​​​​​​​用​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​载​​​​​​​体​​​​​​​网​​​​​​​络​​​​​​​(比​​​​​​​如​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​或​​​​​​​者​​​​​​​内​​​​​​​部​​​​​​​网​​​​​​​络​​​​​​​)。​​​​​​​
软​​​​​​​件​​​​​​​
There is some configuration outside of Piranha Configuration Tool that needs to be done, especially for administrators facing ARP issues when using LVS via direct routing. Refer to 第 3.2.1 节 “直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​及​​​​​​​ arptables_jf or 第 3.2.2 节 “直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​及​​​​​​​ iptables for more information.

3.2.1. 直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​及​​​​​​​ arptables_jf

In order to configure direct routing using arptables_jf, each real server must have their virtual IP address configured, so they can directly route packets. ARP requests for the VIP are ignored entirely by the real servers, and any ARP packets that might otherwise be sent containing the VIPs are mangled to contain the real server's IP instead of the VIPs.
用​​​​​​​ arptables_jf 方​​​​​​​法​​​​​​​,可​​​​​​​将​​​​​​​应​​​​​​​用​​​​​​​程​​​​​​​序​​​​​​​绑​​​​​​​定​​​​​​​到​​​​​​​每​​​​​​​个​​​​​​​ VIP 或​​​​​​​者​​​​​​​所​​​​​​​有​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​服​​​​​​​务​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:arptables_jf 方​​​​​​​法​​​​​​​允​​​​​​​许​​​​​​​ Apache HTTP Server 的​​​​​​​多​​​​​​​个​​​​​​​事​​​​​​​件​​​​​​​明​​​​​​​确​​​​​​​绑​​​​​​​定​​​​​​​到​​​​​​​系​​​​​​​统​​​​​​​中​​​​​​​的​​​​​​​不​​​​​​​同​​​​​​​ VIP 而​​​​​​​运​​​​​​​行​​​​​​​。​​​​​​​使​​​​​​​用​​​​​​​ arptables_jf 的​​​​​​​ IPTables 选​​​​​​​项​​​​​​​还​​​​​​​有​​​​​​​非​​​​​​​常​​​​​​​优​​​​​​​越​​​​​​​的​​​​​​​性​​​​​​​能​​​​​​​。​​​​​​​
但​​​​​​​使​​​​​​​用​​​​​​​ arptables_jf 方​​​​​​​法​​​​​​​,无​​​​​​​法​​​​​​​使​​​​​​​用​​​​​​​标​​​​​​​准​​​​​​​Red Hat Enterprise Linux 系​​​​​​​统​​​​​​​配​​​​​​​置​​​​​​​工​​​​​​​具​​​​​​​将​​​​​​​ VIP 配​​​​​​​置​​​​​​​为​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​启​​​​​​​动​​​​​​​。​​​​​​​
要​​​​​​​将​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​配​​​​​​​置​​​​​​​为​​​​​​​忽​​​​​​​略​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​的​​​​​​​ ARP 请​​​​​​​求​​​​​​​,请​​​​​​​按​​​​​​​以​​​​​​​下​​​​​​​步​​​​​​​骤​​​​​​​操​​​​​​​作​​​​​​​:
  1. 为​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​每​​​​​​​个​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​创​​​​​​​建​​​​​​​ ARP 表​​​​​​​条​​​​​​​目​​​​​​​(均​​​​​​​衡​​​​​​​器​​​​​​​使​​​​​​​用​​​​​​​ real_ip 作​​​​​​​为​​​​​​​联​​​​​​​络​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​ IP,通​​​​​​​常​​​​​​​此​​​​​​​ IP 会​​​​​​​绑​​​​​​​定​​​​​​​到​​​​​​​ eth0):
    arptables -A IN -d <virtual_ip> -j DROP
    arptables -A OUT -s <virtual_ip> -j mangle --mangle-ip-s <real_ip>
    
    这​​​​​​​会​​​​​​​导​​​​​​​致​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​忽​​​​​​​略​​​​​​​所​​​​​​​有​​​​​​​来​​​​​​​自​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​的​​​​​​​ ARP 请​​​​​​​求​​​​​​​,并​​​​​​​修​​​​​​​改​​​​​​​可​​​​​​​能​​​​​​​包​​​​​​​含​​​​​​​虚​​​​​​​拟​​​​​​​ IP 的​​​​​​​外​​​​​​​发​​​​​​​ ARP 响​​​​​​​应​​​​​​​,以​​​​​​​便​​​​​​​其​​​​​​​包​​​​​​​含​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​真​​​​​​​正​​​​​​​ IP。​​​​​​​Piranha 唯​​​​​​​一​​​​​​​应​​​​​​​该​​​​​​​回​​​​​​​应​​​​​​​ ARP 请​​​​​​​求​​​​​​​的​​​​​​​节​​​​​​​点​​​​​​​应​​​​​​​该​​​​​​​为​​​​​​​目​​​​​​​前​​​​​​​活​​​​​​​跃​​​​​​​的​​​​​​​ LVS 节​​​​​​​点​​​​​​​。​​​​​​​
  2. 为​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​完​​​​​​​成​​​​​​​此​​​​​​​操​​​​​​​作​​​​​​​后​​​​​​​,在​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​输​​​​​​​入​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​保​​​​​​​存​​​​​​​ ARP 表​​​​​​​条​​​​​​​目​​​​​​​:
    service arptables_jf save
    chkconfig --level 2345 arptables_jf on
    chkconfig 命​​​​​​​令​​​​​​​将​​​​​​​导​​​​​​​致​​​​​​​系​​​​​​​统​​​​​​​在​​​​​​​重​​​​​​​新​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​重​​​​​​​新​​​​​​​载​​​​​​​入​​​​​​​ arptables 配​​​​​​​置​​​​​​​ — 在​​​​​​​启​​​​​​​动​​​​​​​网​​​​​​​络​​​​​​​之​​​​​​​前​​​​​​​。​​​​​​​
  3. 在​​​​​​​所​​​​​​​有​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​使​​​​​​​用​​​​​​​ ifconfig 命​​​​​​​令​​​​​​​配​​​​​​​置​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​来​​​​​​​生​​​​​​​成​​​​​​​ IP 别​​​​​​​名​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:
    # ifconfig eth0:1 192.168.76.24 netmask 255.255.252.0 broadcast 192.168.79.255 up
    或​​​​​​​者​​​​​​​用​​​​​​​利​​​​​​​用​​​​​​​ ip 命​​​​​​​令​​​​​​​的​​​​​​​ iproute2,例​​​​​​​如​​​​​​​:
    # ip addr add 192.168.76.24 dev eth0
    如​​​​​​​前​​​​​​​所​​​​​​​述​​​​​​​,使​​​​​​​用​​​​​​​红​​​​​​​帽​​​​​​​系​​​​​​​统​​​​​​​配​​​​​​​置​​​​​​​工​​​​​​​具​​​​​​​无​​​​​​​法​​​​​​​将​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​配​​​​​​​置​​​​​​​为​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​启​​​​​​​动​​​​​​​。​​​​​​​一​​​​​​​种​​​​​​​解​​​​​​​决​​​​​​​方​​​​​​​法​​​​​​​就​​​​​​​是​​​​​​​将​​​​​​​这​​​​​​​些​​​​​​​命​​​​​​​令​​​​​​​放​​​​​​​在​​​​​​​ /etc/rc.d/rc.local 文​​​​​​​件​​​​​​​中​​​​​​​。​​​​​​​

3.2.2. 直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​及​​​​​​​ iptables

您​​​​​​​可​​​​​​​能​​​​​​​还​​​​​​​会​​​​​​​通​​​​​​​过​​​​​​​创​​​​​​​建​​​​​​​ iptables 防​​​​​​​火​​​​​​​墙​​​​​​​规​​​​​​​则​​​​​​​使​​​​​​​用​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​方​​​​​​​法​​​​​​​处​​​​​​​理​​​​​​​ ARP 事​​​​​​​件​​​​​​​。​​​​​​​要​​​​​​​使​​​​​​​用​​​​​​​ iptables 配​​​​​​​置​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​添​​​​​​​加​​​​​​​可​​​​​​​生​​​​​​​成​​​​​​​透​​​​​​​明​​​​​​​代​​​​​​​理​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​规​​​​​​​则​​​​​​​,以​​​​​​​便​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​可​​​​​​​在​​​​​​​系​​​​​​​统​​​​​​​中​​​​​​​并​​​​​​​不​​​​​​​存​​​​​​​在​​​​​​​的​​​​​​​ VIP 地​​​​​​​址​​​​​​​的​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​还​​​​​​​可​​​​​​​将​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​发​​​​​​​送​​​​​​​到​​​​​​​ VIP 地​​​​​​​址​​​​​​​。​​​​​​​
iptables 方​​​​​​​法​​​​​​​是​​​​​​​比​​​​​​​ arptables_jf 更​​​​​​​简​​​​​​​单​​​​​​​的​​​​​​​配​​​​​​​置​​​​​​​方​​​​​​​法​​​​​​​。​​​​​​​此​​​​​​​方​​​​​​​法​​​​​​​还​​​​​​​可​​​​​​​完​​​​​​​全​​​​​​​绕​​​​​​​过​​​​​​​ LVS ARP 事​​​​​​​件​​​​​​​,因​​​​​​​为​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​只​​​​​​​存​​​​​​​在​​​​​​​于​​​​​​​活​​​​​​​跃​​​​​​​的​​​​​​​ LVS 负​​​​​​​载​​​​​​​均​​​​​​​衡​​​​​​​器​​​​​​​(LVS director)中​​​​​​​。​​​​​​​
但​​​​​​​是​​​​​​​与​​​​​​​ arptables_jf 相​​​​​​​比​​​​​​​,使​​​​​​​用​​​​​​​ iptables 方​​​​​​​法​​​​​​​有​​​​​​​一​​​​​​​些​​​​​​​性​​​​​​​能​​​​​​​上​​​​​​​的​​​​​​​问​​​​​​​题​​​​​​​,因​​​​​​​为​​​​​​​每​​​​​​​次​​​​​​​在​​​​​​​转​​​​​​​发​​​​​​​/伪​​​​​​​装​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​时​​​​​​​都​​​​​​​会​​​​​​​超​​​​​​​载​​​​​​​。​​​​​​​
您​​​​​​​还​​​​​​​无​​​​​​​法​​​​​​​重​​​​​​​新​​​​​​​利​​​​​​​用​​​​​​​使​​​​​​​用​​​​​​​ iptables 方​​​​​​​法​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​,无​​​​​​​法​​​​​​​将​​​​​​​两​​​​​​​个​​​​​​​独​​​​​​​立​​​​​​​ Apache HTTP Server 服​​​​​​​务​​​​​​​绑​​​​​​​定​​​​​​​到​​​​​​​端​​​​​​​口​​​​​​​ 80,因​​​​​​​为​​​​​​​它​​​​​​​们​​​​​​​必​​​​​​​须​​​​​​​绑​​​​​​​定​​​​​​​到​​​​​​​ INADDR_ANY 而​​​​​​​不​​​​​​​是​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​。​​​​​​​
要​​​​​​​使​​​​​​​用​​​​​​​ iptables 方​​​​​​​法​​​​​​​配​​​​​​​置​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​,请​​​​​​​执​​​​​​​行​​​​​​​以​​​​​​​下​​​​​​​步​​​​​​​骤​​​​​​​:
  1. 在​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​,为​​​​​​​每​​​​​​​个​​​​​​​ VIP、​​​​​​​端​​​​​​​口​​​​​​​和​​​​​​​协​​​​​​​议​​​​​​​(TCP 或​​​​​​​者​​​​​​​ UDP)组​​​​​​​合​​​​​​​运​​​​​​​行​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​使​​​​​​​其​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​服​​​​​​​务​​​​​​​:
    iptables -t nat -A PREROUTING -p <tcp|udp> -d <vip> --dport <port> -j REDIRECT
    此​​​​​​​命​​​​​​​令​​​​​​​可​​​​​​​使​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​处​​​​​​​理​​​​​​​目​​​​​​​的​​​​​​​地​​​​​​​址​​​​​​​为​​​​​​​ VIP 和​​​​​​​给​​​​​​​定​​​​​​​端​​​​​​​口​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​。​​​​​​​
  2. 在​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​保​​​​​​​存​​​​​​​配​​​​​​​置​​​​​​​:
    # service iptables save
    # chkconfig --level 2345 iptables on
    以​​​​​​​上​​​​​​​命​​​​​​​令​​​​​​​可​​​​​​​使​​​​​​​系​​​​​​​统​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​重​​​​​​​新​​​​​​​载​​​​​​​入​​​​​​​ iptables 配​​​​​​​置​​​​​​​ — 在​​​​​​​启​​​​​​​动​​​​​​​网​​​​​​​络​​​​​​​前​​​​​​​。​​​​​​​

3.3. 将​​​​​​​配​​​​​​​置​​​​​​​组​​​​​​​合​​​​​​​到​​​​​​​一​​​​​​​起​​​​​​​

在​​​​​​​决​​​​​​​定​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​上​​​​​​​哪​​​​​​​种​​​​​​​路​​​​​​​由​​​​​​​方​​​​​​​法​​​​​​​后​​​​​​​,应​​​​​​​该​​​​​​​在​​​​​​​网​​​​​​​络​​​​​​​中​​​​​​​将​​​​​​​硬​​​​​​​件​​​​​​​链​​​​​​​接​​​​​​​起​​​​​​​来​​​​​​​。​​​​​​​

重要

必​​​​​​​须​​​​​​​将​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​适​​​​​​​配​​​​​​​器​​​​​​​设​​​​​​​备​​​​​​​配​​​​​​​置​​​​​​​为​​​​​​​可​​​​​​​访​​​​​​​问​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:如​​​​​​​果​​​​​​​ eth0 连​​​​​​​接​​​​​​​的​​​​​​​是​​​​​​​公​​​​​​​共​​​​​​​网​​​​​​​络​​​​​​​,eth1 连​​​​​​​接​​​​​​​的​​​​​​​是​​​​​​​专​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​,那​​​​​​​么​​​​​​​在​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​设​​​​​​​备​​​​​​​必​​​​​​​须​​​​​​​连​​​​​​​接​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​。​​​​​​​
还​​​​​​​有​​​​​​​,要​​​​​​​将​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​第​​​​​​​一​​​​​​​个​​​​​​​出​​​​​​​现​​​​​​​的​​​​​​​接​​​​​​​口​​​​​​​列​​​​​​​出​​​​​​​的​​​​​​​网​​​​​​​关​​​​​​​添​​​​​​​加​​​​​​​到​​​​​​​路​​​​​​​由​​​​​​​表​​​​​​​中​​​​​​​,之​​​​​​​后​​​​​​​忽​​​​​​​略​​​​​​​所​​​​​​​有​​​​​​​在​​​​​​​其​​​​​​​它​​​​​​​接​​​​​​​口​​​​​​​中​​​​​​​列​​​​​​​出​​​​​​​的​​​​​​​网​​​​​​​关​​​​​​​。​​​​​​​这​​​​​​​在​​​​​​​配​​​​​​​置​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​时​​​​​​​要​​​​​​​特​​​​​​​别​​​​​​​重​​​​​​​点​​​​​​​考​​​​​​​虑​​​​​​​。​​​​​​​
请​​​​​​​在​​​​​​​物​​​​​​​理​​​​​​​连​​​​​​​接​​​​​​​硬​​​​​​​件​​​​​​​后​​​​​​​,配​​​​​​​置​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​和​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​。​​​​​​​这​​​​​​​可​​​​​​​使​​​​​​​用​​​​​​​类​​​​​​​似​​​​​​​ system-config-network 的​​​​​​​图​​​​​​​形​​​​​​​程​​​​​​​序​​​​​​​或​​​​​​​者​​​​​​​手​​​​​​​动​​​​​​​编​​​​​​​辑​​​​​​​网​​​​​​​络​​​​​​​脚​​​​​​​本​​​​​​​完​​​​​​​成​​​​​​​。​​​​​​​有​​​​​​​关​​​​​​​使​​​​​​​用​​​​​​​ system-config-network 添​​​​​​​加​​​​​​​设​​​​​​​备​​​​​​​的​​​​​​​详​​​​​​​情​​​​​​​请​​​​​​​参​​​​​​​考​​​​​​​Red Hat Enterprise Linux 部​​​​​​​署​​​​​​​指​​​​​​​南​​​​​​​中​​​​​​​网​​​​​​​络​​​​​​​配​​​​​​​置​​​​​​​一​​​​​​​章​​​​​​​。​​​​​​​本​​​​​​​章​​​​​​​剩​​​​​​​余​​​​​​​的​​​​​​​内​​​​​​​容​​​​​​​,即​​​​​​​有​​​​​​​关​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​更​​​​​​​换​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​所​​​​​​​述​​​​​​​的​​​​​​​内​​​​​​​容​​​​​​​可​​​​​​​通​​​​​​​过​​​​​​​手​​​​​​​动​​​​​​​编​​​​​​​辑​​​​​​​或​​​​​​​者​​​​​​​使​​​​​​​用​​​​​​​ Piranha Configuration Tool程​​​​​​​序​​​​​​​完​​​​​​​成​​​​​​​。​​​​​​​

3.3.1. 通​​​​​​​用​​​​​​​ LVS 联​​​​​​​网​​​​​​​提​​​​​​​示​​​​​​​

在​​​​​​​试​​​​​​​图​​​​​​​使​​​​​​​用​​​​​​​ Piranha Configuration Tool配​​​​​​​置​​​​​​​ LVS 前​​​​​​​,请​​​​​​​配​​​​​​​置​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​公​​​​​​​共​​​​​​​和​​​​​​​专​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​ IP 地​​​​​​​址​​​​​​​。​​​​​​​每​​​​​​​个​​​​​​​布​​​​​​​局​​​​​​​的​​​​​​​这​​​​​​​一​​​​​​​部​​​​​​​分​​​​​​​都​​​​​​​给​​​​​​​出​​​​​​​示​​​​​​​例​​​​​​​网​​​​​​​络​​​​​​​地​​​​​​​址​​​​​​​,但​​​​​​​需​​​​​​​要​​​​​​​配​​​​​​​置​​​​​​​实​​​​​​​际​​​​​​​使​​​​​​​用​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​地​​​​​​​址​​​​​​​。​​​​​​​以​​​​​​​下​​​​​​​是​​​​​​​一​​​​​​​些​​​​​​​使​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​或​​​​​​​者​​​​​​​检​​​​​​​查​​​​​​​其​​​​​​​状​​​​​​​态​​​​​​​的​​​​​​​命​​​​​​​令​​​​​​​。​​​​​​​
使​​​​​​​用​​​​​​​真​​​​​​​实​​​​​​​联​​​​​​​网​​​​​​​接​​​​​​​口​​​​​​​
要​​​​​​​使​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​,请​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​身​​​​​​​份​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​,其​​​​​​​中​​​​​​​使​​​​​​​用​​​​​​​接​​​​​​​口​​​​​​​对​​​​​​​应​​​​​​​的​​​​​​​数​​​​​​​字​​​​​​​替​​​​​​​换​​​​​​​ Neth0 和​​​​​​​ eth1)。​​​​​​​
/sbin/ifup ethN

警告

Do not use the ifup scripts to bring up any floating IP addresses you may configure using Piranha Configuration Tool (eth0:1 or eth1:1). Use the service command to start pulse instead (see 第 4.8 节 “启​​​​​​​动​​​​​​​ LVS” for details).
关​​​​​​​闭​​​​​​​真​​​​​​​实​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​
要​​​​​​​关​​​​​​​闭​​​​​​​某​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​,请​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​身​​​​​​​份​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​,并​​​​​​​用​​​​​​​相​​​​​​​关​​​​​​​接​​​​​​​口​​​​​​​数​​​​​​​替​​​​​​​换​​​​​​​ Neth0 和​​​​​​​ eth1)。​​​​​​​
/sbin/ifdown ethN
查​​​​​​​看​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​状​​​​​​​态​​​​​​​
如​​​​​​​果​​​​​​​您​​​​​​​需​​​​​​​要​​​​​​​在​​​​​​​任​​​​​​​意​​​​​​​时​​​​​​​间​​​​​​​检​​​​​​​查​​​​​​​哪​​​​​​​些​​​​​​​接​​​​​​​口​​​​​​​是​​​​​​​打​​​​​​​开​​​​​​​的​​​​​​​,请​​​​​​​输​​​​​​​入​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/sbin/ifconfig
要​​​​​​​浏​​​​​​​览​​​​​​​某​​​​​​​台​​​​​​​机​​​​​​​器​​​​​​​的​​​​​​​路​​​​​​​由​​​​​​​表​​​​​​​格​​​​​​​,请​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/sbin/route

3.4. 多​​​​​​​端​​​​​​​口​​​​​​​服​​​​​​​务​​​​​​​和​​​​​​​ LVS

LVS routers under any topology require extra configuration when creating multi-port LVS services. Multi-port services can be created artificially by using firewall marks to bundle together different, but related protocols, such as HTTP (port 80) and HTTPS (port 443), or when LVS is used with true multi-port protocols, such as FTP. In either case, the LVS router uses firewall marks to recognize that packets destined for different ports, but bearing the same firewall mark, should be handled identically. Also, when combined with persistence, firewall marks ensure connections from the client machine are routed to the same host, as long as the connections occur within the length of time specified by the persistence parameter. For more on assigning persistence to a virtual server, see 第 4.6.1 节 “「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​”.
遗​​​​​​​憾​​​​​​​的​​​​​​​是​​​​​​​,用​​​​​​​来​​​​​​​平​​​​​​​衡​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​负​​​​​​​载​​​​​​​的​​​​​​​机​​​​​​​制​​​​​​​ — IPVS — 可​​​​​​​以​​​​​​​识​​​​​​​别​​​​​​​为​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​分​​​​​​​配​​​​​​​的​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​,但​​​​​​​无​​​​​​​法​​​​​​​自​​​​​​​己​​​​​​​分​​​​​​​配​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​。​​​​​​​分​​​​​​​配​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​的​​​​​​​工​​​​​​​作​​​​​​​必​​​​​​​须​​​​​​​由​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​器​​​​​​​ iptables 在​​​​​​​ Piranha Configuration Tool之​​​​​​​外​​​​​​​执​​​​​​​行​​​​​​​。​​​​​​​

3.4.1. 分​​​​​​​配​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​

要​​​​​​​为​​​​​​​目​​​​​​​的​​​​​​​地​​​​​​​址​​​​​​​为​​​​​​​特​​​​​​​定​​​​​​​端​​​​​​​口​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​分​​​​​​​配​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​,管​​​​​​​理​​​​​​​员​​​​​​​必​​​​​​​须​​​​​​​使​​​​​​​用​​​​​​​ iptables。​​​​​​​
This section illustrates how to bundle HTTP and HTTPS as an example; however, FTP is another commonly clustered multi-port protocol. If an LVS is used for FTP services, refer to 第 3.5 节 “配​​​​​​​置​​​​​​​ FTP” for configuration details.
在​​​​​​​使​​​​​​​用​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​时​​​​​​​要​​​​​​​记​​​​​​​住​​​​​​​的​​​​​​​最​​​​​​​基​​​​​​​本​​​​​​​规​​​​​​​则​​​​​​​就​​​​​​​是​​​​​​​在​​​​​​​ Piranha Configuration Tool使​​​​​​​用​​​​​​​的​​​​​​​每​​​​​​​一​​​​​​​个​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​都​​​​​​​必​​​​​​​须​​​​​​​有​​​​​​​一​​​​​​​个​​​​​​​相​​​​​​​应​​​​​​​的​​​​​​​ iptables 规​​​​​​​则​​​​​​​来​​​​​​​将​​​​​​​标​​​​​​​记​​​​​​​分​​​​​​​配​​​​​​​给​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​。​​​​​​​
在​​​​​​​创​​​​​​​建​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​器​​​​​​​规​​​​​​​则​​​​​​​前​​​​​​​,请​​​​​​​确​​​​​​​定​​​​​​​没​​​​​​​有​​​​​​​规​​​​​​​则​​​​​​​在​​​​​​​运​​​​​​​行​​​​​​​。​​​​​​​要​​​​​​​做​​​​​​​到​​​​​​​这​​​​​​​一​​​​​​​点​​​​​​​,请​​​​​​​在​​​​​​​ shell 提​​​​​​​示​​​​​​​符​​​​​​​后​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​身​​​​​​​份​​​​​​​登​​​​​​​录​​​​​​​,并​​​​​​​输​​​​​​​入​​​​​​​:
/sbin/service iptables status
如​​​​​​​果​​​​​​​没​​​​​​​有​​​​​​​运​​​​​​​行​​​​​​​ iptables,提​​​​​​​示​​​​​​​符​​​​​​​会​​​​​​​马​​​​​​​上​​​​​​​重​​​​​​​新​​​​​​​出​​​​​​​现​​​​​​​。​​​​​​​
如​​​​​​​果​​​​​​​激​​​​​​​活​​​​​​​了​​​​​​​ iptables,它​​​​​​​会​​​​​​​显​​​​​​​示​​​​​​​一​​​​​​​组​​​​​​​规​​​​​​​则​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​显​​​​​​​示​​​​​​​了​​​​​​​规​​​​​​​则​​​​​​​,请​​​​​​​输​​​​​​​入​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/sbin/service iptables stop
如​​​​​​​果​​​​​​​正​​​​​​​在​​​​​​​运​​​​​​​行​​​​​​​的​​​​​​​规​​​​​​​则​​​​​​​很​​​​​​​重​​​​​​​要​​​​​​​,请​​​​​​​检​​​​​​​查​​​​​​​ /etc/sysconfig/iptables 中​​​​​​​的​​​​​​​内​​​​​​​容​​​​​​​并​​​​​​​在​​​​​​​操​​​​​​​作​​​​​​​前​​​​​​​将​​​​​​​有​​​​​​​保​​​​​​​留​​​​​​​价​​​​​​​值​​​​​​​的​​​​​​​规​​​​​​​则​​​​​​​复​​​​​​​制​​​​​​​到​​​​​​​一​​​​​​​个​​​​​​​安​​​​​​​全​​​​​​​的​​​​​​​地​​​​​​​方​​​​​​​。​​​​​​​
以​​​​​​​下​​​​​​​是​​​​​​​分​​​​​​​配​​​​​​​了​​​​​​​相​​​​​​​同​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​ 80 的​​​​​​​规​​​​​​​则​​​​​​​,它​​​​​​​们​​​​​​​在​​​​​​​端​​​​​​​口​​​​​​​ 80 和​​​​​​​ 443 接​​​​​​​收​​​​​​​目​​​​​​​的​​​​​​​地​​​​​​​址​​​​​​​为​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​ n.n.n.n 的​​​​​​​进​​​​​​​入​​​​​​​流​​​​​​​量​​​​​​​。​​​​​​​
/sbin/modprobe ip_tables
/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 --dport 80 -j MARK --set-mark 80
/sbin/iptables -t mangle-A PREROUTING -p tcp -d n.n.n.n/32 --dport 443 -j MARK --set-mark 80
For instructions on assigning the VIP to the public network interface, see 第 4.6.1 节 “「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​”. Also note that you must log in as root and load the module for iptables before issuing rules for the first time.
在​​​​​​​以​​​​​​​上​​​​​​​的​​​​​​​ iptables 中​​​​​​​,应​​​​​​​该​​​​​​​使​​​​​​​用​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​浮​​​​​​​动​​​​​​​ IP 替​​​​​​​换​​​​​​​您​​​​​​​的​​​​​​​ HTTP 和​​​​​​​ HTTPS n.n.n.n。​​​​​​​这​​​​​​​些​​​​​​​命​​​​​​​令​​​​​​​具​​​​​​​有​​​​​​​为​​​​​​​在​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​为​​​​​​​ 80 的​​​​​​​适​​​​​​​当​​​​​​​端​​​​​​​口​​​​​​​将​​​​​​​所​​​​​​​有​​​​​​​流​​​​​​​量​​​​​​​分​​​​​​​配​​​​​​​到​​​​​​​ VIP 地​​​​​​​址​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​效​​​​​​​应​​​​​​​,这​​​​​​​些​​​​​​​流​​​​​​​量​​​​​​​可​​​​​​​依​​​​​​​次​​​​​​​由​​​​​​​ IPVS 识​​​​​​​别​​​​​​​并​​​​​​​进​​​​​​​行​​​​​​​正​​​​​​​确​​​​​​​转​​​​​​​发​​​​​​​。​​​​​​​

3.5. 配​​​​​​​置​​​​​​​ FTP

文​​​​​​​件​​​​​​​传​​​​​​​输​​​​​​​协​​​​​​​议​​​​​​​(FTP)是​​​​​​​一​​​​​​​个​​​​​​​古​​​​​​​老​​​​​​​而​​​​​​​且​​​​​​​复​​​​​​​杂​​​​​​​的​​​​​​​多​​​​​​​端​​​​​​​口​​​​​​​协​​​​​​​议​​​​​​​,会​​​​​​​为​​​​​​​ LVS 环​​​​​​​境​​​​​​​带​​​​​​​来​​​​​​​很​​​​​​​多​​​​​​​复​​​​​​​杂​​​​​​​的​​​​​​​情​​​​​​​况​​​​​​​。​​​​​​​要​​​​​​​了​​​​​​​解​​​​​​​这​​​​​​​些​​​​​​​情​​​​​​​况​​​​​​​的​​​​​​​实​​​​​​​质​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​首​​​​​​​先​​​​​​​了​​​​​​​解​​​​​​​有​​​​​​​关​​​​​​​ FTP 网​​​​​​​络​​​​​​​的​​​​​​​一​​​​​​​些​​​​​​​关​​​​​​​键​​​​​​​问​​​​​​​题​​​​​​​。​​​​​​​

3.5.1. FTP 是​​​​​​​如​​​​​​​何​​​​​​​工​​​​​​​作​​​​​​​的​​​​​​​?

和​​​​​​​大​​​​​​​多​​​​​​​数​​​​​​​其​​​​​​​它​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​关​​​​​​​系​​​​​​​一​​​​​​​样​​​​​​​,客​​​​​​​户​​​​​​​端​​​​​​​会​​​​​​​在​​​​​​​某​​​​​​​个​​​​​​​特​​​​​​​定​​​​​​​端​​​​​​​口​​​​​​​打​​​​​​​开​​​​​​​一​​​​​​​个​​​​​​​到​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​,然​​​​​​​后​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​在​​​​​​​那​​​​​​​个​​​​​​​端​​​​​​​口​​​​​​​对​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​进​​​​​​​行​​​​​​​响​​​​​​​应​​​​​​​。​​​​​​​当​​​​​​​ FTP 客​​​​​​​户​​​​​​​端​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​ FTP 服​​​​​​​务​​​​​​​器​​​​​​​时​​​​​​​,它​​​​​​​会​​​​​​​打​​​​​​​开​​​​​​​一​​​​​​​个​​​​​​​到​​​​​​​控​​​​​​​制​​​​​​​端​​​​​​​口​​​​​​​ 21 的​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​然​​​​​​​后​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​会​​​​​​​告​​​​​​​知​​​​​​​ FTP 服​​​​​​​务​​​​​​​器​​​​​​​是​​​​​​​建​​​​​​​立​​​​​​​主​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​还​​​​​​​是​​​​​​​被​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​由​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​选​​​​​​​择​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​类​​​​​​​型​​​​​​​决​​​​​​​定​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​如​​​​​​​何​​​​​​​进​​​​​​​行​​​​​​​响​​​​​​​应​​​​​​​以​​​​​​​及​​​​​​​在​​​​​​​什​​​​​​​么​​​​​​​端​​​​​​​口​​​​​​​进​​​​​​​行​​​​​​​传​​​​​​​输​​​​​​​。​​​​​​​
数​​​​​​​据​​​​​​​连​​​​​​​接​​​​​​​有​​​​​​​两​​​​​​​种​​​​​​​类​​​​​​​型​​​​​​​:
主​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​
当​​​​​​​建​​​​​​​立​​​​​​​了​​​​​​​主​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​,服​​​​​​​务​​​​​​​器​​​​​​​会​​​​​​​在​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​机​​​​​​​器​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​ 20 或​​​​​​​者​​​​​​​更​​​​​​​高​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​打​​​​​​​开​​​​​​​一​​​​​​​个​​​​​​​到​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​所​​​​​​​有​​​​​​​来​​​​​​​自​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​都​​​​​​​会​​​​​​​通​​​​​​​过​​​​​​​此​​​​​​​连​​​​​​​接​​​​​​​传​​​​​​​输​​​​​​​。​​​​​​​
被​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​
当​​​​​​​建​​​​​​​立​​​​​​​了​​​​​​​被​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​时​​​​​​​,客​​​​​​​户​​​​​​​端​​​​​​​会​​​​​​​要​​​​​​​求​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​在​​​​​​​高​​​​​​​于​​​​​​​ 10,000 的​​​​​​​端​​​​​​​口​​​​​​​中​​​​​​​建​​​​​​​立​​​​​​​一​​​​​​​个​​​​​​​被​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​端​​​​​​​口​​​​​​​。​​​​​​​接​​​​​​​着​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​会​​​​​​​为​​​​​​​此​​​​​​​次​​​​​​​会​​​​​​​话​​​​​​​绑​​​​​​​定​​​​​​​到​​​​​​​此​​​​​​​高​​​​​​​数​​​​​​​值​​​​​​​端​​​​​​​口​​​​​​​,并​​​​​​​将​​​​​​​此​​​​​​​端​​​​​​​口​​​​​​​号​​​​​​​转​​​​​​​交​​​​​​​会​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​。​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​的​​​​​​​每​​​​​​​个​​​​​​​数​​​​​​​据​​​​​​​请​​​​​​​求​​​​​​​都​​​​​​​会​​​​​​​形​​​​​​​成​​​​​​​一​​​​​​​个​​​​​​​独​​​​​​​立​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​最​​​​​​​先​​​​​​​进​​​​​​​的​​​​​​​ FTP 客​​​​​​​户​​​​​​​端​​​​​​​会​​​​​​​在​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​发​​​​​​​出​​​​​​​数​​​​​​​据​​​​​​​请​​​​​​​求​​​​​​​时​​​​​​​试​​​​​​​图​​​​​​​建​​​​​​​立​​​​​​​被​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​

注意

客​​​​​​​户​​​​​​​端​​​​​​​决​​​​​​​定​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​类​​​​​​​型​​​​​​​,不​​​​​​​是​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​这​​​​​​​就​​​​​​​是​​​​​​​说​​​​​​​对​​​​​​​于​​​​​​​有​​​​​​​效​​​​​​​的​​​​​​​群​​​​​​​集​​​​​​​ FTP 来​​​​​​​说​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​将​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​配​​​​​​​置​​​​​​​为​​​​​​​既​​​​​​​可​​​​​​​处​​​​​​​理​​​​​​​主​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​也​​​​​​​可​​​​​​​处​​​​​​​理​​​​​​​被​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​
FTP 客​​​​​​​户​​​​​​​端​​​​​​​/服​​​​​​​务​​​​​​​器​​​​​​​关​​​​​​​系​​​​​​​有​​​​​​​可​​​​​​​能​​​​​​​打​​​​​​​开​​​​​​​大​​​​​​​量​​​​​​​ Piranha Configuration Tool和​​​​​​​ IPVS 都​​​​​​​不​​​​​​​了​​​​​​​解​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​。​​​​​​​

3.5.2. 这​​​​​​​对​​​​​​​ LVS 路​​​​​​​由​​​​​​​有​​​​​​​什​​​​​​​么​​​​​​​影​​​​​​​响​​​​​​​?

IPVS 数​​​​​​​据​​​​​​​包​​​​​​​转​​​​​​​发​​​​​​​只​​​​​​​允​​​​​​​许​​​​​​​在​​​​​​​识​​​​​​​别​​​​​​​其​​​​​​​端​​​​​​​口​​​​​​​号​​​​​​​或​​​​​​​者​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​的​​​​​​​基​​​​​​​础​​​​​​​上​​​​​​​接​​​​​​​入​​​​​​​或​​​​​​​者​​​​​​​接​​​​​​​出​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​群​​​​​​​集​​​​​​​之​​​​​​​外​​​​​​​的​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​试​​​​​​​图​​​​​​​打​​​​​​​开​​​​​​​一​​​​​​​个​​​​​​​ IPVS 无​​​​​​​法​​​​​​​处​​​​​​​理​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​,连​​​​​​​接​​​​​​​就​​​​​​​会​​​​​​​断​​​​​​​开​​​​​​​。​​​​​​​同​​​​​​​样​​​​​​​,如​​​​​​​果​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​试​​​​​​​图​​​​​​​在​​​​​​​某​​​​​​​个​​​​​​​ IPVS 不​​​​​​​了​​​​​​​解​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​打​​​​​​​开​​​​​​​返​​​​​​​回​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​,连​​​​​​​接​​​​​​​也​​​​​​​会​​​​​​​断​​​​​​​开​​​​​​​。​​​​​​​这​​​​​​​就​​​​​​​是​​​​​​​说​​​​​​​所​​​​​​​有​​​​​​​来​​​​​​​自​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​的​​​​​​​ FTP 连​​​​​​​接​​​​​​​必​​​​​​​须​​​​​​​分​​​​​​​配​​​​​​​了​​​​​​​同​​​​​​​一​​​​​​​个​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​,而​​​​​​​且​​​​​​​所​​​​​​​有​​​​​​​来​​​​​​​自​​​​​​​ FTP 服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​都​​​​​​​必​​​​​​​须​​​​​​​使​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​规​​​​​​​则​​​​​​​进​​​​​​​行​​​​​​​了​​​​​​​正​​​​​​​确​​​​​​​转​​​​​​​发​​​​​​​。​​​​​​​

3.5.3. 创​​​​​​​建​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​规​​​​​​​则​​​​​​​

Before assigning any iptables rules for FTP service, review the information in 第 3.4.1 节 “分​​​​​​​配​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​” concerning multi-port services and techniques for checking the existing network packet filtering rules.
Below are rules which assign the same firewall mark, 21, to FTP traffic. For these rules to work properly, you must also use the VIRTUAL SERVER subsection of Piranha Configuration Tool to configure a virtual server for port 21 with a value of 21 in the Firewall Mark field. See 第 4.6.1 节 “「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​” for details.

3.5.3.1. 主​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​规​​​​​​​则​​​​​​​

主​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​规​​​​​​​则​​​​​​​告​​​​​​​知​​​​​​​内​​​​​​​核​​​​​​​接​​​​​​​受​​​​​​​并​​​​​​​转​​​​​​​发​​​​​​​在​​​​​​​端​​​​​​​口​​​​​​​ 20(FTP 数​​​​​​​据​​​​​​​端​​​​​​​口​​​​​​​)中​​​​​​​进​​​​​​​入​​​​​​​内​​​​​​​部​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​
以​​​​​​​下​​​​​​​ iptables 命​​​​​​​令​​​​​​​允​​​​​​​许​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​接​​​​​​​受​​​​​​​ IPVS 不​​​​​​​了​​​​​​​解​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​外​​​​​​​发​​​​​​​连​​​​​​​接​​​​​​​。​​​​​​​
/sbin/iptables -t nat -A POSTROUTING -p tcp -s n.n.n.0/24 --sport 20 -j MASQUERADE
In the iptables command, n.n.n should be replaced with the first three values for the floating IP for the NAT interface's internal network interface defined in the GLOBAL SETTINGS panel of Piranha Configuration Tool.

3.5.3.2. 被​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​规​​​​​​​则​​​​​​​

被​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​规​​​​​​​则​​​​​​​为​​​​​​​来​​​​​​​自​​​​​​​互​​​​​​​联​​​​​​​网​​​​​​​到​​​​​​​浮​​​​​​​动​​​​​​​ IP 的​​​​​​​连​​​​​​​接​​​​​​​分​​​​​​​配​​​​​​​适​​​​​​​当​​​​​​​的​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​, 这​​​​​​​些​​​​​​​标​​​​​​​记​​​​​​​为​​​​​​​端​​​​​​​口​​​​​​​范​​​​​​​围​​​​​​​ — 10,000 到​​​​​​​ 20,000 的​​​​​​​服​​​​​​​务​​​​​​​。​​​​​​​

警告

如​​​​​​​果​​​​​​​您​​​​​​​要​​​​​​​为​​​​​​​被​​​​​​​动​​​​​​​连​​​​​​​接​​​​​​​限​​​​​​​制​​​​​​​端​​​​​​​口​​​​​​​范​​​​​​​围​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​还​​​​​​​要​​​​​​​配​​​​​​​置​​​​​​​ VSFTP 服​​​​​​​务​​​​​​​器​​​​​​​使​​​​​​​用​​​​​​​一​​​​​​​个​​​​​​​观​​​​​​​察​​​​​​​端​​​​​​​口​​​​​​​范​​​​​​​围​​​​​​​。​​​​​​​在​​​​​​​ /etc/vsftpd.conf 文​​​​​​​件​​​​​​​中​​​​​​​添​​​​​​​加​​​​​​​以​​​​​​​下​​​​​​​行​​​​​​​即​​​​​​​可​​​​​​​达​​​​​​​到​​​​​​​此​​​​​​​目​​​​​​​的​​​​​​​:
pasv_min_port=10000
pasv_max_port=20000
您​​​​​​​还​​​​​​​必​​​​​​​须​​​​​​​控​​​​​​​制​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​为​​​​​​​被​​​​​​​动​​​​​​​ FTP 连​​​​​​​接​​​​​​​向​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​显​​​​​​​示​​​​​​​的​​​​​​​地​​​​​​​址​​​​​​​。​​​​​​​在​​​​​​​使​​​​​​​用​​​​​​​ NAT 进​​​​​​​行​​​​​​​路​​​​​​​由​​​​​​​的​​​​​​​ LVS 系​​​​​​​统​​​​​​​中​​​​​​​,在​​​​​​​ /etc/vsftpd.conf 文​​​​​​​件​​​​​​​中​​​​​​​添​​​​​​​加​​​​​​​以​​​​​​​下​​​​​​​行​​​​​​​来​​​​​​​覆​​​​​​​盖​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​ VIP 的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​ IP 地​​​​​​​址​​​​​​​,该​​​​​​​地​​​​​​​址​​​​​​​就​​​​​​​是​​​​​​​可​​​​​​​用​​​​​​​的​​​​​​​可​​​​​​​以​​​​​​​在​​​​​​​连​​​​​​​接​​​​​​​中​​​​​​​看​​​​​​​到​​​​​​​的​​​​​​​地​​​​​​​址​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​:
pasv_address=n.n.n.n
使​​​​​​​用​​​​​​​ LVS 系​​​​​​​统​​​​​​​的​​​​​​​ VIP 地​​​​​​​址​​​​​​​替​​​​​​​换​​​​​​​ n.n.n.n。​​​​​​​
要​​​​​​​配​​​​​​​置​​​​​​​其​​​​​​​它​​​​​​​ FTP 服​​​​​​​务​​​​​​​器​​​​​​​,请​​​​​​​参​​​​​​​考​​​​​​​有​​​​​​​关​​​​​​​文​​​​​​​档​​​​​​​。​​​​​​​
范​​​​​​​围​​​​​​​的​​​​​​​幅​​​​​​​度​​​​​​​应​​​​​​​该​​​​​​​适​​​​​​​用​​​​​​​与​​​​​​​大​​​​​​​多​​​​​​​数​​​​​​​情​​​​​​​况​​​​​​​,但​​​​​​​您​​​​​​​可​​​​​​​修​​​​​​​改​​​​​​​命​​​​​​​令​​​​​​​中​​​​​​​的​​​​​​​ 10000:20000,将​​​​​​​其​​​​​​​增​​​​​​​加​​​​​​​到​​​​​​​包​​​​​​​含​​​​​​​所​​​​​​​有​​​​​​​可​​​​​​​用​​​​​​​的​​​​​​​不​​​​​​​安​​​​​​​全​​​​​​​端​​​​​​​口​​​​​​​,以​​​​​​​下​​​​​​​为​​​​​​​ 1024:65535。​​​​​​​
下​​​​​​​面​​​​​​​的​​​​​​​ iptables 命​​​​​​​令​​​​​​​有​​​​​​​可​​​​​​​将​​​​​​​任​​​​​​​意​​​​​​​地​​​​​​​址​​​​​​​为​​​​​​​浮​​​​​​​动​​​​​​​ IP 的​​​​​​​流​​​​​​​量​​​​​​​分​​​​​​​配​​​​​​​给​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​为​​​​​​​ 21 的​​​​​​​适​​​​​​​当​​​​​​​端​​​​​​​口​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​效​​​​​​​应​​​​​​​,然​​​​​​​后​​​​​​​这​​​​​​​些​​​​​​​地​​​​​​​址​​​​​​​可​​​​​​​由​​​​​​​ IPVS 识​​​​​​​别​​​​​​​,并​​​​​​​正​​​​​​​确​​​​​​​转​​​​​​​发​​​​​​​:
/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 --dport 21 -j MARK --set-mark 21
/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 --dport 10000:20000 -j MARK --set-mark 21
在​​​​​​​ iptables 命​​​​​​​令​​​​​​​中​​​​​​​,可​​​​​​​使​​​​​​​用​​​​​​​在​​​​​​​ Piranha Configuration Tool的​​​​​​​「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​中​​​​​​​定​​​​​​​义​​​​​​​的​​​​​​​ FTP 虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​替​​​​​​​换​​​​​​​ n.n.n.n。​​​​​​​

3.6. 保​​​​​​​存​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​设​​​​​​​置​​​​​​​

在​​​​​​​为​​​​​​​您​​​​​​​的​​​​​​​系​​​​​​​统​​​​​​​配​​​​​​​置​​​​​​​了​​​​​​​正​​​​​​​确​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​器​​​​​​​之​​​​​​​后​​​​​​​,请​​​​​​​保​​​​​​​存​​​​​​​设​​​​​​​置​​​​​​​以​​​​​​​便​​​​​​​在​​​​​​​重​​​​​​​启​​​​​​​后​​​​​​​可​​​​​​​重​​​​​​​新​​​​​​​载​​​​​​​入​​​​​​​。​​​​​​​对​​​​​​​于​​​​​​​ iptables,请​​​​​​​输​​​​​​​入​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/sbin/service iptables save
这​​​​​​​可​​​​​​​将​​​​​​​这​​​​​​​些​​​​​​​设​​​​​​​置​​​​​​​保​​​​​​​存​​​​​​​到​​​​​​​ /etc/sysconfig/iptables 文​​​​​​​件​​​​​​​中​​​​​​​以​​​​​​​便​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​重​​​​​​​新​​​​​​​调​​​​​​​用​​​​​​​。​​​​​​​
Once this file is written, you are able to use the /sbin/service command to start, stop, and check the status (using the status switch) of iptables. The /sbin/service will automatically load the appropriate module for you. For an example of how to use the /sbin/service command, see 第 2.3 节 “启​​​​​​​动​​​​​​​ Piranha Configuration Tool服​​​​​​​务​​​​​​​”.
下​​​​​​​面​​​​​​​的​​​​​​​一​​​​​​​章​​​​​​​将​​​​​​​论​​​​​​​述​​​​​​​如​​​​​​​何​​​​​​​使​​​​​​​用​​​​​​​ Piranha Configuration Tool 配​​​​​​​置​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​,并​​​​​​​描​​​​​​​述​​​​​​​了​​​​​​​激​​​​​​​活​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​所​​​​​​​需​​​​​​​的​​​​​​​步​​​​​​​骤​​​​​​​。​​​​​​​

第 4 章 用​​​​​​​ Piranha Configuration Tool配​​​​​​​置​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​

Piranha Configuration Tool提​​​​​​​供​​​​​​​结​​​​​​​构​​​​​​​方​​​​​​​法​​​​​​​来​​​​​​​为​​​​​​​ LVS 创​​​​​​​建​​​​​​​所​​​​​​​需​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​ — /etc/sysconfig/ha/lvs.cf。​​​​​​​本​​​​​​​章​​​​​​​论​​​​​​​述​​​​​​​了​​​​​​​ Piranha Configuration Tool的​​​​​​​基​​​​​​​本​​​​​​​操​​​​​​​作​​​​​​​,以​​​​​​​及​​​​​​​如​​​​​​​何​​​​​​​在​​​​​​​完​​​​​​​成​​​​​​​配​​​​​​​置​​​​​​​后​​​​​​​激​​​​​​​活​​​​​​​群​​​​​​​集​​​​​​​。​​​​​​​

重要

LVS 的​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​有​​​​​​​很​​​​​​​严​​​​​​​格​​​​​​​的​​​​​​​格​​​​​​​式​​​​​​​规​​​​​​​则​​​​​​​。​​​​​​​使​​​​​​​用​​​​​​​ Piranha Configuration Tool是​​​​​​​最​​​​​​​好​​​​​​​的​​​​​​​预​​​​​​​防​​​​​​​在​​​​​​​ lvs.cf 中​​​​​​​出​​​​​​​现​​​​​​​语​​​​​​​法​​​​​​​错​​​​​​​误​​​​​​​的​​​​​​​方​​​​​​​法​​​​​​​,并​​​​​​​可​​​​​​​因​​​​​​​此​​​​​​​防​​​​​​​止​​​​​​​软​​​​​​​件​​​​​​​失​​​​​​​败​​​​​​​。​​​​​​​

4.1. 必​​​​​​​需​​​​​​​的​​​​​​​软​​​​​​​件​​​​​​​

必​​​​​​​须​​​​​​​要​​​​​​​在​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​运​​​​​​​行​​​​​​​ piranha-gui 服​​​​​​​务​​​​​​​才​​​​​​​可​​​​​​​使​​​​​​​用​​​​​​​ Piranha Configuration Tool。​​​​​​​要​​​​​​​配​​​​​​​置​​​​​​​ LVS,您​​​​​​​至​​​​​​​少​​​​​​​需​​​​​​​要​​​​​​​一​​​​​​​个​​​​​​​只​​​​​​​显​​​​​​​示​​​​​​​文​​​​​​​本​​​​​​​的​​​​​​​网​​​​​​​页​​​​​​​浏​​​​​​​览​​​​​​​器​​​​​​​,比​​​​​​​如​​​​​​​ links。​​​​​​​如​​​​​​​果​​​​​​​您​​​​​​​从​​​​​​​其​​​​​​​它​​​​​​​机​​​​​​​器​​​​​​​访​​​​​​​问​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​,您​​​​​​​还​​​​​​​需​​​​​​​要​​​​​​​作​​​​​​​为​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​使​​​​​​​用​​​​​​​ ssh 连​​​​​​​接​​​​​​​到​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​。​​​​​​​
当​​​​​​​配​​​​​​​置​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​时​​​​​​​,最​​​​​​​好​​​​​​​在​​​​​​​终​​​​​​​端​​​​​​​窗​​​​​​​口​​​​​​​中​​​​​​​保​​​​​​​持​​​​​​​共​​​​​​​存​​​​​​​的​​​​​​​ ssh 连​​​​​​​接​​​​​​​。​​​​​​​该​​​​​​​连​​​​​​​接​​​​​​​提​​​​​​​供​​​​​​​了​​​​​​​一​​​​​​​个​​​​​​​重​​​​​​​启​​​​​​​ pulse 和​​​​​​​其​​​​​​​它​​​​​​​服​​​​​​​务​​​​​​​、​​​​​​​配​​​​​​​置​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​以​​​​​​​及​​​​​​​在​​​​​​​故​​​​​​​障​​​​​​​排​​​​​​​除​​​​​​​时​​​​​​​监​​​​​​​控​​​​​​​ /var/log/messages 文​​​​​​​件​​​​​​​的​​​​​​​安​​​​​​​全​​​​​​​方​​​​​​​法​​​​​​​。​​​​​​​
以​​​​​​​下​​​​​​​的​​​​​​​四​​​​​​​个​​​​​​​部​​​​​​​分​​​​​​​将​​​​​​​分​​​​​​​别​​​​​​​对​​​​​​​ Piranha Configuration Tool的​​​​​​​配​​​​​​​置​​​​​​​页​​​​​​​进​​​​​​​行​​​​​​​说​​​​​​​明​​​​​​​,并​​​​​​​给​​​​​​​出​​​​​​​使​​​​​​​用​​​​​​​此​​​​​​​工​​​​​​​具​​​​​​​设​​​​​​​置​​​​​​​ LVS 的​​​​​​​具​​​​​​​体​​​​​​​操​​​​​​​作​​​​​​​。​​​​​​​

4.2. 登​​​​​​​录​​​​​​​到​​​​​​​ Piranha Configuration Tool

When configuring LVS, you should always begin by configuring the primary router with the Piranha Configuration Tool. To do this,verify that the piranha-gui service is running and an administrative password has been set, as described in 第 2.2 节 “为​​​​​​​ Piranha Configuration Tool设​​​​​​​置​​​​​​​密​​​​​​​码​​​​​​​”.
If you are accessing the machine locally, you can open http://localhost:3636 in a Web browser to access the Piranha Configuration Tool. Otherwise, type in the hostname or real IP address for the server followed by :3636. Once the browser connects, you will see the screen shown in 图 4.1 “The Welcome Panel”.
The Welcome Panel

图 4.1. The Welcome Panel

点​​​​​​​击​​​​​​​「​​​​​​​登​​​​​​​录​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​,并​​​​​​​在​​​​​​​「​​​​​​​用​​​​​​​户​​​​​​​名​​​​​​​」​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​ piranha,在​​​​​​​「​​​​​​​密​​​​​​​码​​​​​​​」​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​您​​​​​​​生​​​​​​​成​​​​​​​的​​​​​​​管​​​​​​​理​​​​​​​密​​​​​​​码​​​​​​​。​​​​​​​
Piranha Configuration Tool由​​​​​​​四​​​​​​​个​​​​​​​主​​​​​​​要​​​​​​​界​​​​​​​面​​​​​​​或​​​​​​​者​​​​​​​面​​​​​​​板​​​​​​​组​​​​​​​成​​​​​​​。​​​​​​​另​​​​​​​外​​​​​​​,「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​面​​​​​​​板​​​​​​​包​​​​​​​括​​​​​​​四​​​​​​​个​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​。​​​​​​​「​​​​​​​控​​​​​​​制​​​​​​​/监​​​​​​​控​​​​​​​(CONTROL/MONITORING」​​​​​​​面​​​​​​​板​​​​​​​是​​​​​​​登​​​​​​​录​​​​​​​屏​​​​​​​幕​​​​​​​之​​​​​​​后​​​​​​​出​​​​​​​现​​​​​​​的​​​​​​​第​​​​​​​一​​​​​​​个​​​​​​​界​​​​​​​面​​​​​​​。​​​​​​​

4.3. CONTROL/MONITORING

「​​​​​​​控​​​​​​​制​​​​​​​/监​​​​​​​控​​​​​​​」​​​​​​​面​​​​​​​板​​​​​​​列​​​​​​​出​​​​​​​了​​​​​​​ LVS 的​​​​​​​受​​​​​​​限​​​​​​​的​​​​​​​运​​​​​​​行​​​​​​​时​​​​​​​间​​​​​​​状​​​​​​​态​​​​​​​。​​​​​​​它​​​​​​​显​​​​​​​示​​​​​​​了​​​​​​​ pulse 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​、​​​​​​​LVS 路​​​​​​​由​​​​​​​表​​​​​​​和​​​​​​​ LVS 生​​​​​​​成​​​​​​​的​​​​​​​ nanny 进​​​​​​​程​​​​​​​的​​​​​​​状​​​​​​​态​​​​​​​。​​​​​​​

注意

The fields for CURRENT LVS ROUTING TABLE and CURRENT LVS PROCESSES remain blank until you actually start LVS, as shown in 第 4.8 节 “启​​​​​​​动​​​​​​​ LVS”.
The CONTROL/MONITORING Panel

图 4.2. The CONTROL/MONITORING Panel

Auto update
本​​​​​​​页​​​​​​​面​​​​​​​显​​​​​​​示​​​​​​​的​​​​​​​状​​​​​​​态​​​​​​​可​​​​​​​在​​​​​​​用​​​​​​​户​​​​​​​可​​​​​​​配​​​​​​​置​​​​​​​的​​​​​​​界​​​​​​​面​​​​​​​中​​​​​​​自​​​​​​​动​​​​​​​更​​​​​​​新​​​​​​​。​​​​​​​要​​​​​​​启​​​​​​​用​​​​​​​此​​​​​​​性​​​​​​​能​​​​​​​,请​​​​​​​点​​​​​​​击​​​​​​​「​​​​​​​自​​​​​​​动​​​​​​​更​​​​​​​新​​​​​​​」​​​​​​​复​​​​​​​选​​​​​​​框​​​​​​​,并​​​​​​​在​​​​​​​「​​​​​​​更​​​​​​​新​​​​​​​频​​​​​​​率​​​​​​​(Update frequency in seconds)」​​​​​​​文​​​​​​​本​​​​​​​栏​​​​​​​中​​​​​​​设​​​​​​​定​​​​​​​所​​​​​​​需​​​​​​​更​​​​​​​新​​​​​​​频​​​​​​​率​​​​​​​(默​​​​​​​认​​​​​​​值​​​​​​​为​​​​​​​ 10 秒​​​​​​​)。​​​​​​​
我​​​​​​​们​​​​​​​不​​​​​​​建​​​​​​​议​​​​​​​将​​​​​​​自​​​​​​​动​​​​​​​更​​​​​​​新​​​​​​​的​​​​​​​时​​​​​​​间​​​​​​​间​​​​​​​隔​​​​​​​设​​​​​​​置​​​​​​​为​​​​​​​小​​​​​​​于​​​​​​​ 10 秒​​​​​​​。​​​​​​​这​​​​​​​样​​​​​​​使​​​​​​​重​​​​​​​新​​​​​​​配​​​​​​​置​​​​​​​「​​​​​​​自​​​​​​​动​​​​​​​更​​​​​​​新​​​​​​​」​​​​​​​时​​​​​​​间​​​​​​​间​​​​​​​隔​​​​​​​变​​​​​​​得​​​​​​​困​​​​​​​难​​​​​​​,因​​​​​​​为​​​​​​​页​​​​​​​面​​​​​​​会​​​​​​​过​​​​​​​于​​​​​​​频​​​​​​​繁​​​​​​​地​​​​​​​更​​​​​​​新​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​您​​​​​​​遇​​​​​​​到​​​​​​​这​​​​​​​个​​​​​​​问​​​​​​​题​​​​​​​,只​​​​​​​要​​​​​​​点​​​​​​​击​​​​​​​另​​​​​​​外​​​​​​​一​​​​​​​个​​​​​​​面​​​​​​​板​​​​​​​即​​​​​​​可​​​​​​​返​​​​​​​回​​​​​​​「​​​​​​​控​​​​​​​制​​​​​​​/监​​​​​​​控​​​​​​​」​​​​​​​面​​​​​​​板​​​​​​​。​​​​​​​
「​​​​​​​自​​​​​​​动​​​​​​​更​​​​​​​新​​​​​​​」​​​​​​​性​​​​​​​能​​​​​​​不​​​​​​​适​​​​​​​用​​​​​​​于​​​​​​​所​​​​​​​有​​​​​​​浏​​​​​​​览​​​​​​​器​​​​​​​,比​​​​​​​如​​​​​​​ Mozilla。​​​​​​​
Update information now
您​​​​​​​可​​​​​​​以​​​​​​​点​​​​​​​击​​​​​​​此​​​​​​​按​​​​​​​钮​​​​​​​手​​​​​​​动​​​​​​​更​​​​​​​新​​​​​​​状​​​​​​​态​​​​​​​信​​​​​​​息​​​​​​​。​​​​​​​
CHANGE PASSWORD
点​​​​​​​击​​​​​​​这​​​​​​​个​​​​​​​按​​​​​​​钮​​​​​​​会​​​​​​​使​​​​​​​您​​​​​​​进​​​​​​​入​​​​​​​一​​​​​​​个​​​​​​​帮​​​​​​​助​​​​​​​屏​​​​​​​幕​​​​​​​,上​​​​​​​面​​​​​​​有​​​​​​​如​​​​​​​何​​​​​​​修​​​​​​​改​​​​​​​ Piranha Configuration Tool管​​​​​​​理​​​​​​​密​​​​​​​码​​​​​​​的​​​​​​​信​​​​​​​息​​​​​​​。​​​​​​​

4.4. GLOBAL SETTINGS

The GLOBAL SETTINGS panel is where the you define the networking details for the primary LVS router's public and private network interfaces.
The GLOBAL SETTINGS Panel

图 4.3. The GLOBAL SETTINGS Panel

Primary server public IP
在​​​​​​​此​​​​​​​字​​​​​​​段​​​​​​​,为​​​​​​​主​​​​​​​ LVS 节​​​​​​​点​​​​​​​输​​​​​​​入​​​​​​​可​​​​​​​公​​​​​​​开​​​​​​​路​​​​​​​由​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​ IP 地​​​​​​​址​​​​​​​。​​​​​​​
Primary server private IP
Enter the real IP address for an alternative network interface on the primary LVS node. This address is used solely as an alternative heartbeat channel for the backup router and does not have to correlate to the real private IP address assigned in 第 3.1.1 节 “为​​​​​​​带​​​​​​​ NAT 的​​​​​​​ LVS 配​​​​​​​置​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​”. You may leave this field blank, but doing so will mean there is no alternate heartbeat channel for the backup LVS router to use and therefore will create a single point of failure.

注意

「​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​」​​​​​​​配​​​​​​​置​​​​​​​不​​​​​​​需​​​​​​​要​​​​​​​专​​​​​​​用​​​​​​​ IP 地​​​​​​​址​​​​​​​,因​​​​​​​为​​​​​​​所​​​​​​​有​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​ 以​​​​​​​及​​​​​​​ LVS 主​​​​​​​控​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​共​​​​​​​享​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​,并​​​​​​​应​​​​​​​该​​​​​​​有​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​ IP 路​​​​​​​由​​​​​​​配​​​​​​​置​​​​​​​。​​​​​​​

注意

The primary LVS router's private IP can be configured on any interface that accepts TCP/IP, whether it be an Ethernet adapter or a serial port.
Use network type
点​​​​​​​击​​​​​​​「​​​​​​​NAT」​​​​​​​按​​​​​​​钮​​​​​​​选​​​​​​​择​​​​​​​ NAT 路​​​​​​​由​​​​​​​。​​​​​​​
点​​​​​​​击​​​​​​​「​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​选​​​​​​​择​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​。​​​​​​​
The next three fields deal specifically with the NAT router's virtual network interface connecting the private network with the real servers. These fields do not apply to the direct routing network type.
NAT Router IP
在​​​​​​​此​​​​​​​文​​​​​​​本​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​专​​​​​​​用​​​​​​​浮​​​​​​​动​​​​​​​ IP,该​​​​​​​浮​​​​​​​动​​​​​​​ IP 应​​​​​​​该​​​​​​​作​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​网​​​​​​​关​​​​​​​使​​​​​​​用​​​​​​​。​​​​​​​
NAT Router netmask
If the NAT router's floating IP needs a particular netmask, select it from drop-down list.
NAT Router device
使​​​​​​​用​​​​​​​此​​​​​​​文​​​​​​​本​​​​​​​字​​​​​​​段​​​​​​​为​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​定​​​​​​​义​​​​​​​设​​​​​​​备​​​​​​​名​​​​​​​称​​​​​​​,比​​​​​​​如​​​​​​​ eth1:1。​​​​​​​

注意

您​​​​​​​应​​​​​​​该​​​​​​​为​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​专​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​的​​​​​​​以​​​​​​​太​​​​​​​网​​​​​​​接​​​​​​​口​​​​​​​定​​​​​​​义​​​​​​​ NAT 浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​别​​​​​​​名​​​​​​​。​​​​​​​在​​​​​​​本​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​,专​​​​​​​用​​​​​​​网​​​​​​​络​​​​​​​为​​​​​​​ eth1 接​​​​​​​口​​​​​​​,因​​​​​​​此​​​​​​​ eth1:1 就​​​​​​​是​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​。​​​​​​​

警告

完​​​​​​​成​​​​​​​此​​​​​​​页​​​​​​​面​​​​​​​设​​​​​​​置​​​​​​​后​​​​​​​,点​​​​​​​击​​​​​​​「​​​​​​​接​​​​​​​受​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​确​​​​​​​定​​​​​​​您​​​​​​​没​​​​​​​有​​​​​​​在​​​​​​​选​​​​​​​择​​​​​​​新​​​​​​​的​​​​​​​面​​​​​​​板​​​​​​​时​​​​​​​丢​​​​​​​失​​​​​​​任​​​​​​​何​​​​​​​修​​​​​​​改​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​。​​​​​​​

4.5. REDUNDANCY

「​​​​​​​冗​​​​​​​余​​​​​​​」​​​​​​​面​​​​​​​板​​​​​​​允​​​​​​​许​​​​​​​您​​​​​​​配​​​​​​​置​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​并​​​​​​​设​​​​​​​置​​​​​​​不​​​​​​​同​​​​​​​的​​​​​​​ heartbeat 监​​​​​​​控​​​​​​​选​​​​​​​项​​​​​​​。​​​​​​​

注意

The first time you visit this screen, it displays an "inactive" Backup status and an ENABLE button. To configure the backup LVS router, click on the ENABLE button so that the screen matches 图 4.4 “The REDUNDANCY Panel”.
The REDUNDANCY Panel

图 4.4. The REDUNDANCY Panel

Redundant server public IP
为​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​输​​​​​​​入​​​​​​​公​​​​​​​共​​​​​​​真​​​​​​​实​​​​​​​ IP 地​​​​​​​址​​​​​​​。​​​​​​​
Redundant server private IP
Enter the backup node's private real IP address in this text field.
如​​​​​​​果​​​​​​​您​​​​​​​没​​​​​​​有​​​​​​​看​​​​​​​到​​​​​​​「​​​​​​​冗​​​​​​​余​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​专​​​​​​​用​​​​​​​ IP」​​​​​​​,请​​​​​​​返​​​​​​​回​​​​​​​「​​​​​​​全​​​​​​​局​​​​​​​设​​​​​​​置​​​​​​​」​​​​​​​面​​​​​​​板​​​​​​​并​​​​​​​输​​​​​​​入​​​​​​​「​​​​​​​主​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​专​​​​​​​用​​​​​​​ IP」​​​​​​​地​​​​​​​址​​​​​​​并​​​​​​​点​​​​​​​击​​​​​​​「​​​​​​​接​​​​​​​受​​​​​​​」​​​​​​​。​​​​​​​
面​​​​​​​板​​​​​​​的​​​​​​​其​​​​​​​余​​​​​​​部​​​​​​​分​​​​​​​为​​​​​​​配​​​​​​​置​​​​​​​ heartbeat 频​​​​​​​道​​​​​​​,该​​​​​​​频​​​​​​​道​​​​​​​是​​​​​​​用​​​​​​​来​​​​​​​让​​​​​​​备​​​​​​​用​​​​​​​节​​​​​​​点​​​​​​​监​​​​​​​控​​​​​​​主​​​​​​​节​​​​​​​点​​​​​​​的​​​​​​​错​​​​​​​误​​​​​​​。​​​​​​​
Heartbeat Interval (seconds)
此​​​​​​​字​​​​​​​段​​​​​​​设​​​​​​​置​​​​​​​ heartbeat 间​​​​​​​隔​​​​​​​的​​​​​​​时​​​​​​​间​​​​​​​(秒​​​​​​​)— 即​​​​​​​备​​​​​​​用​​​​​​​节​​​​​​​点​​​​​​​检​​​​​​​查​​​​​​​主​​​​​​​ LVS 节​​​​​​​点​​​​​​​功​​​​​​​能​​​​​​​状​​​​​​​态​​​​​​​的​​​​​​​间​​​​​​​隔​​​​​​​时​​​​​​​间​​​​​​​。​​​​​​​
Assume dead after (seconds)
如​​​​​​​果​​​​​​​主​​​​​​​ LVS 节​​​​​​​点​​​​​​​在​​​​​​​这​​​​​​​段​​​​​​​时​​​​​​​间​​​​​​​内​​​​​​​没​​​​​​​有​​​​​​​响​​​​​​​应​​​​​​​,备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​将​​​​​​​启​​​​​​​动​​​​​​​失​​​​​​​效​​​​​​​切​​​​​​​换​​​​​​​。​​​​​​​
Heartbeat runs on port
此​​​​​​​字​​​​​​​段​​​​​​​设​​​​​​​定​​​​​​​ heartbeat 和​​​​​​​主​​​​​​​ LVS 节​​​​​​​点​​​​​​​进​​​​​​​行​​​​​​​沟​​​​​​​通​​​​​​​所​​​​​​​使​​​​​​​用​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​该​​​​​​​字​​​​​​​段​​​​​​​是​​​​​​​空​​​​​​​白​​​​​​​,即​​​​​​​使​​​​​​​用​​​​​​​默​​​​​​​认​​​​​​​端​​​​​​​口​​​​​​​ 539。​​​​​​​

警告

请​​​​​​​记​​​​​​​住​​​​​​​在​​​​​​​修​​​​​​​改​​​​​​​此​​​​​​​面​​​​​​​板​​​​​​​中​​​​​​​的​​​​​​​内​​​​​​​容​​​​​​​后​​​​​​​点​​​​​​​击​​​​​​​「​​​​​​​接​​​​​​​受​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​,以​​​​​​​确​​​​​​​定​​​​​​​在​​​​​​​选​​​​​​​择​​​​​​​新​​​​​​​面​​​​​​​板​​​​​​​时​​​​​​​没​​​​​​​有​​​​​​​丢​​​​​​​失​​​​​​​您​​​​​​​所​​​​​​​做​​​​​​​的​​​​​​​修​​​​​​​改​​​​​​​。​​​​​​​

4.6. VIRTUAL SERVERS

「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​面​​​​​​​板​​​​​​​显​​​​​​​示​​​​​​​每​​​​​​​个​​​​​​​当​​​​​​​前​​​​​​​定​​​​​​​义​​​​​​​的​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​信​​​​​​​息​​​​​​​。​​​​​​​表​​​​​​​格​​​​​​​里​​​​​​​的​​​​​​​每​​​​​​​个​​​​​​​条​​​​​​​目​​​​​​​都​​​​​​​显​​​​​​​示​​​​​​​了​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​状​​​​​​​态​​​​​​​、​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​名​​​​​​​称​​​​​​​、​​​​​​​分​​​​​​​配​​​​​​​的​​​​​​​ IP 地​​​​​​​址​​​​​​​、​​​​​​​虚​​​​​​​拟​​​​​​​ IP 的​​​​​​​掩​​​​​​​码​​​​​​​、​​​​​​​服​​​​​​​务​​​​​​​端​​​​​​​口​​​​​​​、​​​​​​​使​​​​​​​用​​​​​​​的​​​​​​​协​​​​​​​议​​​​​​​以​​​​​​​及​​​​​​​虚​​​​​​​拟​​​​​​​设​​​​​​​备​​​​​​​接​​​​​​​口​​​​​​​。​​​​​​​
The VIRTUAL SERVERS Panel

图 4.5. The VIRTUAL SERVERS Panel

「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​面​​​​​​​板​​​​​​​中​​​​​​​显​​​​​​​示​​​​​​​的​​​​​​​每​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​都​​​​​​​可​​​​​​​以​​​​​​​在​​​​​​​接​​​​​​​下​​​​​​​来​​​​​​​的​​​​​​​屏​​​​​​​幕​​​​​​​或​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​(subsections)中​​​​​​​进​​​​​​​行​​​​​​​配​​​​​​​置​​​​​​​。​​​​​​​
点​​​​​​​击​​​​​​​「​​​​​​​添​​​​​​​加​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​可​​​​​​​以​​​​​​​添​​​​​​​加​​​​​​​一​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​。​​​​​​​要​​​​​​​删​​​​​​​除​​​​​​​某​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​,可​​​​​​​以​​​​​​​选​​​​​​​中​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​旁​​​​​​​的​​​​​​​单​​​​​​​选​​​​​​​按​​​​​​​钮​​​​​​​并​​​​​​​按​​​​​​​「​​​​​​​删​​​​​​​除​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​。​​​​​​​
要​​​​​​​启​​​​​​​用​​​​​​​或​​​​​​​禁​​​​​​​用​​​​​​​列​​​​​​​表​​​​​​​中​​​​​​​的​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,选​​​​​​​中​​​​​​​单​​​​​​​选​​​​​​​框​​​​​​​并​​​​​​​点​​​​​​​击​​​​​​​「​​​​​​​激​​​​​​​活​​​​​​​/取​​​​​​​消​​​​​​​激​​​​​​​活​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​。​​​​​​​
添​​​​​​​加​​​​​​​了​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​后​​​​​​​,您​​​​​​​可​​​​​​​以​​​​​​​选​​​​​​​中​​​​​​​其​​​​​​​左​​​​​​​边​​​​​​​的​​​​​​​单​​​​​​​选​​​​​​​按​​​​​​​钮​​​​​​​并​​​​​​​点​​​​​​​击​​​​​​​「​​​​​​​编​​​​​​​辑​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​进​​​​​​​入​​​​​​​「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​来​​​​​​​进​​​​​​​行​​​​​​​配​​​​​​​置​​​​​​​。​​​​​​​

4.6.1. 「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​

The VIRTUAL SERVER subsection panel shown in 图 4.6 “The VIRTUAL SERVERS Subsection” allows you to configure an individual virtual server. Links to subsections related specifically to this virtual server are located along the top of the page. But before configuring any of the subsections related to this virtual server, complete this page and click on the ACCEPT button.
The VIRTUAL SERVERS Subsection

图 4.6. The VIRTUAL SERVERS Subsection

Name
输​​​​​​​入​​​​​​​描​​​​​​​述​​​​​​​名​​​​​​​称​​​​​​​来​​​​​​​确​​​​​​​定​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​这​​​​​​​个​​​​​​​名​​​​​​​称​​​​​​​不​​​​​​​是​​​​​​​机​​​​​​​器​​​​​​​的​​​​​​​主​​​​​​​机​​​​​​​名​​​​​​​,因​​​​​​​此​​​​​​​可​​​​​​​使​​​​​​​用​​​​​​​具​​​​​​​有​​​​​​​描​​​​​​​述​​​​​​​性​​​​​​​并​​​​​​​容​​​​​​​易​​​​​​​设​​​​​​​别​​​​​​​的​​​​​​​名​​​​​​​称​​​​​​​。​​​​​​​您​​​​​​​甚​​​​​​​至​​​​​​​可​​​​​​​以​​​​​​​参​​​​​​​考​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​使​​​​​​​用​​​​​​​的​​​​​​​协​​​​​​​议​​​​​​​,比​​​​​​​如​​​​​​​ HTTP。​​​​​​​
Application port
请​​​​​​​输​​​​​​​入​​​​​​​用​​​​​​​来​​​​​​​侦​​​​​​​听​​​​​​​服​​​​​​​务​​​​​​​应​​​​​​​用​​​​​​​程​​​​​​​序​​​​​​​的​​​​​​​端​​​​​​​口​​​​​​​号​​​​​​​。​​​​​​​因​​​​​​​为​​​​​​​本​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​要​​​​​​​侦​​​​​​​听​​​​​​​的​​​​​​​是​​​​​​​ HTTP 服​​​​​​​务​​​​​​​,因​​​​​​​此​​​​​​​使​​​​​​​用​​​​​​​端​​​​​​​口​​​​​​​ 80。​​​​​​​
Protocol
在​​​​​​​下​​​​​​​拉​​​​​​​菜​​​​​​​单​​​​​​​中​​​​​​​选​​​​​​​择​​​​​​​ UDP 或​​​​​​​者​​​​​​​ TCP。​​​​​​​网​​​​​​​页​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​一​​​​​​​般​​​​​​​使​​​​​​​用​​​​​​​ TCP 协​​​​​​​议​​​​​​​进​​​​​​​行​​​​​​​沟​​​​​​​通​​​​​​​,如​​​​​​​上​​​​​​​例​​​​​​​所​​​​​​​示​​​​​​​。​​​​​​​
Virtual IP Address
Enter the virtual server's floating IP address in this text field.
Virtual IP Network Mask
使​​​​​​​用​​​​​​​下​​​​​​​拉​​​​​​​菜​​​​​​​单​​​​​​​为​​​​​​​此​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​设​​​​​​​定​​​​​​​子​​​​​​​网​​​​​​​掩​​​​​​​码​​​​​​​。​​​​​​​
Firewall Mark
不​​​​​​​要​​​​​​​在​​​​​​​此​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​整​​​​​​​数​​​​​​​值​​​​​​​,除​​​​​​​非​​​​​​​您​​​​​​​正​​​​​​​在​​​​​​​捆​​​​​​​绑​​​​​​​多​​​​​​​个​​​​​​​端​​​​​​​口​​​​​​​协​​​​​​​议​​​​​​​或​​​​​​​者​​​​​​​为​​​​​​​独​​​​​​​立​​​​​​​但​​​​​​​关​​​​​​​联​​​​​​​的​​​​​​​协​​​​​​​议​​​​​​​创​​​​​​​建​​​​​​​多​​​​​​​端​​​​​​​口​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​在​​​​​​​本​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​,以​​​​​​​上​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​「​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​」​​​​​​​为​​​​​​​ 80,因​​​​​​​为​​​​​​​我​​​​​​​们​​​​​​​正​​​​​​​在​​​​​​​使​​​​​​​用​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​值​​​​​​​ 80 在​​​​​​​端​​​​​​​口​​​​​​​ 80 将​​​​​​​连​​​​​​​接​​​​​​​捆​​​​​​​绑​​​​​​​至​​​​​​​ HTTP,在​​​​​​​端​​​​​​​口​​​​​​​ 443 将​​​​​​​连​​​​​​​接​​​​​​​捆​​​​​​​绑​​​​​​​至​​​​​​​ HTTPS。​​​​​​​当​​​​​​​与​​​​​​​持​​​​​​​久​​​​​​​性​​​​​​​合​​​​​​​并​​​​​​​使​​​​​​​用​​​​​​​时​​​​​​​,该​​​​​​​技​​​​​​​术​​​​​​​可​​​​​​​确​​​​​​​保​​​​​​​将​​​​​​​访​​​​​​​问​​​​​​​不​​​​​​​安​​​​​​​全​​​​​​​或​​​​​​​者​​​​​​​安​​​​​​​全​​​​​​​网​​​​​​​页​​​​​​​的​​​​​​​用​​​​​​​户​​​​​​​路​​​​​​​由​​​​​​​到​​​​​​​同​​​​​​​一​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,并​​​​​​​保​​​​​​​持​​​​​​​此​​​​​​​状​​​​​​​态​​​​​​​。​​​​​​​

警告

Entering a firewall mark in this field allows IPVS to recognize that packets bearing this firewall mark are treated the same, but you must perform further configuration outside of the Piranha Configuration Tool to actually assign the firewall marks. See 第 3.4 节 “多​​​​​​​端​​​​​​​口​​​​​​​服​​​​​​​务​​​​​​​和​​​​​​​ LVS ” for instructions on creating multi-port services and 第 3.5 节 “配​​​​​​​置​​​​​​​ FTP” for creating a highly available FTP virtual server.
Device
输​​​​​​​入​​​​​​​在​​​​​​​「​​​​​​​虚​​​​​​​拟​​​​​​​ IP 地​​​​​​​址​​​​​​​」​​​​​​​字​​​​​​​段​​​​​​​定​​​​​​​义​​​​​​​您​​​​​​​希​​​​​​​望​​​​​​​使​​​​​​​用​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​设​​​​​​​备​​​​​​​名​​​​​​​称​​​​​​​。​​​​​​​
您​​​​​​​应​​​​​​​该​​​​​​​将​​​​​​​公​​​​​​​共​​​​​​​浮​​​​​​​动​​​​​​​ IP 地​​​​​​​址​​​​​​​命​​​​​​​名​​​​​​​为​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​公​​​​​​​共​​​​​​​网​​​​​​​络​​​​​​​的​​​​​​​以​​​​​​​太​​​​​​​网​​​​​​​接​​​​​​​口​​​​​​​的​​​​​​​别​​​​​​​名​​​​​​​。​​​​​​​在​​​​​​​本​​​​​​​示​​​​​​​例​​​​​​​中​​​​​​​,公​​​​​​​共​​​​​​​网​​​​​​​络​​​​​​​位​​​​​​​于​​​​​​​ eth0 接​​​​​​​口​​​​​​​,因​​​​​​​此​​​​​​​设​​​​​​​备​​​​​​​名​​​​​​​称​​​​​​​应​​​​​​​为​​​​​​​ eth0:1。​​​​​​​
Re-entry Time
输​​​​​​​入​​​​​​​一​​​​​​​个​​​​​​​整​​​​​​​数​​​​​​​值​​​​​​​来​​​​​​​定​​​​​​​义​​​​​​​时​​​​​​​间​​​​​​​的​​​​​​​长​​​​​​​度​​​​​​​(以​​​​​​​秒​​​​​​​计​​​​​​​),即​​​​​​​在​​​​​​​激​​​​​​​活​​​​​​​的​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​试​​​​​​​图​​​​​​​在​​​​​​​失​​​​​​​败​​​​​​​后​​​​​​​将​​​​​​​一​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​带​​​​​​​回​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​的​​​​​​​时​​​​​​​间​​​​​​​。​​​​​​​
Service Timeout
输​​​​​​​入​​​​​​​一​​​​​​​个​​​​​​​整​​​​​​​数​​​​​​​值​​​​​​​,用​​​​​​​该​​​​​​​数​​​​​​​值​​​​​​​定​​​​​​​义​​​​​​​在​​​​​​​认​​​​​​​为​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​死​​​​​​​亡​​​​​​​并​​​​​​​将​​​​​​​其​​​​​​​从​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​中​​​​​​​删​​​​​​​除​​​​​​​的​​​​​​​时​​​​​​​间​​​​​​​长​​​​​​​度​​​​​​​(以​​​​​​​秒​​​​​​​计​​​​​​​)。​​​​​​​
Quiesce server
当​​​​​​​「​​​​​​​静​​​​​​​默​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​单​​​​​​​选​​​​​​​按​​​​​​​钮​​​​​​​被​​​​​​​选​​​​​​​中​​​​​​​后​​​​​​​,每​​​​​​​次​​​​​​​有​​​​​​​新​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​上​​​​​​​线​​​​​​​时​​​​​​​,最​​​​​​​少​​​​​​​连​​​​​​​接​​​​​​​表​​​​​​​被​​​​​​​重​​​​​​​置​​​​​​​为​​​​​​​ 0,这​​​​​​​样​​​​​​​活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​就​​​​​​​会​​​​​​​象​​​​​​​所​​​​​​​有​​​​​​​的​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​都​​​​​​​是​​​​​​​刚​​​​​​​加​​​​​​​入​​​​​​​群​​​​​​​集​​​​​​​一​​​​​​​样​​​​​​​路​​​​​​​由​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​这​​​​​​​个​​​​​​​选​​​​​​​项​​​​​​​可​​​​​​​以​​​​​​​避​​​​​​​免​​​​​​​当​​​​​​​大​​​​​​​量​​​​​​​的​​​​​​​连​​​​​​​接​​​​​​​进​​​​​​​入​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​池​​​​​​​时​​​​​​​,新​​​​​​​加​​​​​​​入​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​超​​​​​​​载​​​​​​​。​​​​​​​
Load monitoring tool
LVS 路​​​​​​​由​​​​​​​器​​​​​​​可​​​​​​​以​​​​​​​用​​​​​​​ rup 或​​​​​​​ ruptime 监​​​​​​​控​​​​​​​不​​​​​​​同​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​上​​​​​​​的​​​​​​​负​​​​​​​载​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​您​​​​​​​从​​​​​​​下​​​​​​​拉​​​​​​​菜​​​​​​​单​​​​​​​里​​​​​​​选​​​​​​​择​​​​​​​了​​​​​​​ rup,那​​​​​​​么​​​​​​​每​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​都​​​​​​​必​​​​​​​须​​​​​​​运​​​​​​​行​​​​​​​ rstatd 服​​​​​​​务​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​您​​​​​​​选​​​​​​​择​​​​​​​了​​​​​​​ ruptime,每​​​​​​​个​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​都​​​​​​​必​​​​​​​须​​​​​​​运​​​​​​​行​​​​​​​ rwhod 服​​​​​​​务​​​​​​​。​​​​​​​

警告

负​​​​​​​载​​​​​​​监​​​​​​​控​​​​​​​和​​​​​​​负​​​​​​​载​​​​​​​平​​​​​​​衡​​​​​​​不​​​​​​​同​​​​​​​,它​​​​​​​可​​​​​​​导​​​​​​​致​​​​​​​在​​​​​​​与​​​​​​​加​​​​​​​权​​​​​​​调​​​​​​​度​​​​​​​算​​​​​​​法​​​​​​​合​​​​​​​并​​​​​​​使​​​​​​​用​​​​​​​时​​​​​​​难​​​​​​​于​​​​​​​预​​​​​​​测​​​​​​​预​​​​​​​定​​​​​​​的​​​​​​​行​​​​​​​为​​​​​​​。​​​​​​​同​​​​​​​时​​​​​​​,如​​​​​​​果​​​​​​​您​​​​​​​使​​​​​​​用​​​​​​​负​​​​​​​载​​​​​​​监​​​​​​​控​​​​​​​,真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​必​​​​​​​须​​​​​​​是​​​​​​​ Linux 机​​​​​​​器​​​​​​​。​​​​​​​
Scheduling
Select your preferred scheduling algorithm from the drop-down menu. The default is Weighted least-connection. For more information on scheduling algorithms, see 第 1.3.1 节 “调​​​​​​​度​​​​​​​算​​​​​​​法​​​​​​​”.
Persistence
如​​​​​​​果​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​在​​​​​​​客​​​​​​​户​​​​​​​端​​​​​​​传​​​​​​​送​​​​​​​的​​​​​​​过​​​​​​​程​​​​​​​中​​​​​​​需​​​​​​​要​​​​​​​持​​​​​​​续​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​,请​​​​​​​在​​​​​​​此​​​​​​​文​​​​​​​本​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​在​​​​​​​连​​​​​​​接​​​​​​​超​​​​​​​时​​​​​​​前​​​​​​​允​​​​​​​许​​​​​​​的​​​​​​​非​​​​​​​激​​​​​​​活​​​​​​​状​​​​​​​态​​​​​​​的​​​​​​​秒​​​​​​​数​​​​​​​。​​​​​​​

重要

If you entered a value in the Firewall Mark field above, you should enter a value for persistence as well. Also, be sure that if you use firewall marks and persistence together, that the amount of persistence is the same for each virtual server with the firewall mark. For more on persistence and firewall marks, refer to 第 1.5 节 “持​​​​​​​久​​​​​​​性​​​​​​​和​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​”.
Persistence Network Mask
要​​​​​​​把​​​​​​​持​​​​​​​久​​​​​​​性​​​​​​​限​​​​​​​制​​​​​​​到​​​​​​​特​​​​​​​定​​​​​​​的​​​​​​​子​​​​​​​网​​​​​​​,您​​​​​​​可​​​​​​​以​​​​​​​从​​​​​​​下​​​​​​​拉​​​​​​​菜​​​​​​​单​​​​​​​里​​​​​​​选​​​​​​​择​​​​​​​合​​​​​​​适​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​掩​​​​​​​码​​​​​​​。​​​​​​​

注意

在​​​​​​​出​​​​​​​现​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​之​​​​​​​前​​​​​​​,由​​​​​​​子​​​​​​​网​​​​​​​限​​​​​​​制​​​​​​​的​​​​​​​持​​​​​​​久​​​​​​​性​​​​​​​是​​​​​​​捆​​​​​​​绑​​​​​​​连​​​​​​​接​​​​​​​的​​​​​​​原​​​​​​​始​​​​​​​方​​​​​​​法​​​​​​​。​​​​​​​现​​​​​​​在​​​​​​​,最​​​​​​​好​​​​​​​在​​​​​​​和​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​的​​​​​​​关​​​​​​​联​​​​​​​中​​​​​​​使​​​​​​​用​​​​​​​持​​​​​​​久​​​​​​​性​​​​​​​来​​​​​​​达​​​​​​​到​​​​​​​同​​​​​​​样​​​​​​​的​​​​​​​结​​​​​​​果​​​​​​​。​​​​​​​

警告

请​​​​​​​记​​​​​​​住​​​​​​​在​​​​​​​此​​​​​​​面​​​​​​​板​​​​​​​中​​​​​​​进​​​​​​​行​​​​​​​任​​​​​​​何​​​​​​​修​​​​​​​改​​​​​​​后​​​​​​​点​​​​​​​击​​​​​​​「​​​​​​​接​​​​​​​受​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​以​​​​​​​确​​​​​​​定​​​​​​​在​​​​​​​选​​​​​​​择​​​​​​​一​​​​​​​个​​​​​​​新​​​​​​​面​​​​​​​板​​​​​​​时​​​​​​​没​​​​​​​有​​​​​​​丢​​​​​​​失​​​​​​​所​​​​​​​做​​​​​​​的​​​​​​​修​​​​​​​改​​​​​​​。​​​​​​​

4.6.2. 「​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​

点​​​​​​​击​​​​​​​面​​​​​​​板​​​​​​​顶​​​​​​​部​​​​​​​的​​​​​​​「​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​链​​​​​​​接​​​​​​​将​​​​​​​显​​​​​​​示​​​​​​​「​​​​​​​编​​​​​​​辑​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​。​​​​​​​
The REAL SERVER Subsection

图 4.7. The REAL SERVER Subsection

Click the ADD button to add a new server. To delete an existing server, select the radio button beside it and click the DELETE button. Click the EDIT button to load the EDIT REAL SERVER panel, as seen in 图 4.8 “The REAL SERVER Configuration Panel”.
The REAL SERVER Configuration Panel

图 4.8. The REAL SERVER Configuration Panel

这​​​​​​​个​​​​​​​面​​​​​​​板​​​​​​​由​​​​​​​ 3 个​​​​​​​字​​​​​​​段​​​​​​​组​​​​​​​成​​​​​​​:
Name
真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​的​​​​​​​描​​​​​​​述​​​​​​​性​​​​​​​名​​​​​​​称​​​​​​​。​​​​​​​

注意

这​​​​​​​个​​​​​​​名​​​​​​​称​​​​​​​不​​​​​​​是​​​​​​​机​​​​​​​器​​​​​​​的​​​​​​​主​​​​​​​机​​​​​​​名​​​​​​​,它​​​​​​​应​​​​​​​该​​​​​​​具​​​​​​​有​​​​​​​描​​​​​​​述​​​​​​​性​​​​​​​且​​​​​​​易​​​​​​​于​​​​​​​识​​​​​​​别​​​​​​​。​​​​​​​
Address
The real server's IP address. Since the listening port is already specified for the associated virtual server, do not add a port number.
Weight
An integer value indicating this host's capacity relative to that of other hosts in the pool. The value can be arbitrary, but treat it as a ratio in relation to other real servers in the pool. For more on server weight, see 第 1.3.2 节 “服​​​​​​​务​​​​​​​器​​​​​​​加​​​​​​​权​​​​​​​和​​​​​​​调​​​​​​​度​​​​​​​”.

警告

请​​​​​​​记​​​​​​​住​​​​​​​在​​​​​​​修​​​​​​​改​​​​​​​此​​​​​​​面​​​​​​​板​​​​​​​中​​​​​​​的​​​​​​​内​​​​​​​容​​​​​​​后​​​​​​​点​​​​​​​击​​​​​​​「​​​​​​​接​​​​​​​受​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​,以​​​​​​​确​​​​​​​定​​​​​​​在​​​​​​​选​​​​​​​择​​​​​​​新​​​​​​​面​​​​​​​板​​​​​​​时​​​​​​​没​​​​​​​有​​​​​​​丢​​​​​​​失​​​​​​​您​​​​​​​所​​​​​​​做​​​​​​​的​​​​​​​修​​​​​​​改​​​​​​​。​​​​​​​

4.6.3. EDIT MONITORING SCRIPTS Subsection

点​​​​​​​击​​​​​​​页​​​​​​​面​​​​​​​顶​​​​​​​部​​​​​​​的​​​​​​​「​​​​​​​监​​​​​​​控​​​​​​​脚​​​​​​​本​​​​​​​」​​​​​​​链​​​​​​​接​​​​​​​。​​​​​​​「​​​​​​​编​​​​​​​辑​​​​​​​监​​​​​​​控​​​​​​​脚​​​​​​​本​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​允​​​​​​​许​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​指​​​​​​​定​​​​​​​一​​​​​​​个​​​​​​​ send/expect 字​​​​​​​符​​​​​​​串​​​​​​​序​​​​​​​列​​​​​​​来​​​​​​​验​​​​​​​证​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​服​​​​​​​务​​​​​​​在​​​​​​​每​​​​​​​个​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​上​​​​​​​是​​​​​​​否​​​​​​​正​​​​​​​常​​​​​​​运​​​​​​​行​​​​​​​。​​​​​​​管​​​​​​​理​​​​​​​员​​​​​​​也​​​​​​​可​​​​​​​以​​​​​​​在​​​​​​​这​​​​​​​里​​​​​​​定​​​​​​​义​​​​​​​检​​​​​​​查​​​​​​​需​​​​​​​要​​​​​​​动​​​​​​​态​​​​​​​更​​​​​​​新​​​​​​​数​​​​​​​据​​​​​​​服​​​​​​​务​​​​​​​的​​​​​​​自​​​​​​​定​​​​​​​义​​​​​​​脚​​​​​​​本​​​​​​​。​​​​​​​
The EDIT MONITORING SCRIPTS Subsection

图 4.9. The EDIT MONITORING SCRIPTS Subsection

Sending Program
有​​​​​​​关​​​​​​​更​​​​​​​多​​​​​​​高​​​​​​​级​​​​​​​服​​​​​​​务​​​​​​​确​​​​​​​认​​​​​​​,您​​​​​​​可​​​​​​​以​​​​​​​使​​​​​​​用​​​​​​​此​​​​​​​字​​​​​​​段​​​​​​​来​​​​​​​指​​​​​​​定​​​​​​​服​​​​​​​务​​​​​​​检​​​​​​​查​​​​​​​脚​​​​​​​本​​​​​​​的​​​​​​​路​​​​​​​径​​​​​​​。​​​​​​​此​​​​​​​功​​​​​​​能​​​​​​​对​​​​​​​那​​​​​​​些​​​​​​​需​​​​​​​要​​​​​​​动​​​​​​​态​​​​​​​修​​​​​​​改​​​​​​​数​​​​​​​据​​​​​​​的​​​​​​​服​​​​​​​务​​​​​​​特​​​​​​​别​​​​​​​有​​​​​​​帮​​​​​​​助​​​​​​​,比​​​​​​​如​​​​​​​ HTTPS 或​​​​​​​者​​​​​​​ SSL。​​​​​​​
要​​​​​​​使​​​​​​​用​​​​​​​此​​​​​​​功​​​​​​​能​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​写​​​​​​​出​​​​​​​可​​​​​​​返​​​​​​​回​​​​​​​文​​​​​​​本​​​​​​​响​​​​​​​应​​​​​​​的​​​​​​​脚​​​​​​​本​​​​​​​,然​​​​​​​后​​​​​​​将​​​​​​​其​​​​​​​发​​​​​​​送​​​​​​​到​​​​​​​可​​​​​​​执​​​​​​​行​​​​​​​程​​​​​​​序​​​​​​​,并​​​​​​​在​​​​​​​「​​​​​​​发​​​​​​​送​​​​​​​程​​​​​​​序​​​​​​​」​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​该​​​​​​​路​​​​​​​径​​​​​​​。​​​​​​​

注意

To ensure that each server in the real server pool is checked, use the special token %h after the path to the script in the Sending Program field. This token is replaced with each real server's IP address as the script is called by the nanny daemon.
以​​​​​​​下​​​​​​​是​​​​​​​在​​​​​​​制​​​​​​​作​​​​​​​外​​​​​​​置​​​​​​​服​​​​​​​务​​​​​​​检​​​​​​​查​​​​​​​脚​​​​​​​本​​​​​​​时​​​​​​​可​​​​​​​作​​​​​​​为​​​​​​​指​​​​​​​南​​​​​​​使​​​​​​​用​​​​​​​的​​​​​​​脚​​​​​​​本​​​​​​​样​​​​​​​本​​​​​​​:
#!/bin/sh

TEST=`dig -t soa example.com @$1 | grep -c dns.example.com

if [ $TEST != "1" ]; then
	echo "OK
else
	echo "FAIL"
fi

注意

如​​​​​​​果​​​​​​​在​​​​​​​「​​​​​​​发​​​​​​​送​​​​​​​程​​​​​​​序​​​​​​​」​​​​​​​字​​​​​​​段​​​​​​​里​​​​​​​输​​​​​​​入​​​​​​​了​​​​​​​外​​​​​​​部​​​​​​​程​​​​​​​序​​​​​​​,「​​​​​​​发​​​​​​​送​​​​​​​」​​​​​​​字​​​​​​​段​​​​​​​将​​​​​​​被​​​​​​​忽​​​​​​​略​​​​​​​。​​​​​​​
Send
在​​​​​​​此​​​​​​​字​​​​​​​段​​​​​​​为​​​​​​​ nanny 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​输​​​​​​​入​​​​​​​字​​​​​​​符​​​​​​​串​​​​​​​来​​​​​​​将​​​​​​​其​​​​​​​发​​​​​​​送​​​​​​​到​​​​​​​所​​​​​​​有​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​默​​​​​​​认​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​此​​​​​​​字​​​​​​​段​​​​​​​用​​​​​​​于​​​​​​​ HTTP。​​​​​​​您​​​​​​​可​​​​​​​根​​​​​​​据​​​​​​​您​​​​​​​的​​​​​​​需​​​​​​​要​​​​​​​修​​​​​​​改​​​​​​​此​​​​​​​字​​​​​​​段​​​​​​​值​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​您​​​​​​​保​​​​​​​留​​​​​​​此​​​​​​​字​​​​​​​段​​​​​​​空​​​​​​​白​​​​​​​,nanny 守​​​​​​​护​​​​​​​进​​​​​​​程​​​​​​​会​​​​​​​试​​​​​​​图​​​​​​​打​​​​​​​开​​​​​​​端​​​​​​​口​​​​​​​并​​​​​​​在​​​​​​​端​​​​​​​口​​​​​​​成​​​​​​​功​​​​​​​开​​​​​​​启​​​​​​​时​​​​​​​假​​​​​​​设​​​​​​​服​​​​​​​务​​​​​​​正​​​​​​​在​​​​​​​运​​​​​​​行​​​​​​​。​​​​​​​
这​​​​​​​个​​​​​​​字​​​​​​​段​​​​​​​里​​​​​​​只​​​​​​​允​​​​​​​许​​​​​​​输​​​​​​​入​​​​​​​一​​​​​​​个​​​​​​​发​​​​​​​送​​​​​​​序​​​​​​​列​​​​​​​,且​​​​​​​它​​​​​​​只​​​​​​​能​​​​​​​包​​​​​​​含​​​​​​​可​​​​​​​打​​​​​​​印​​​​​​​的​​​​​​​、​​​​​​​ASCII 字​​​​​​​符​​​​​​​串​​​​​​​以​​​​​​​及​​​​​​​下​​​​​​​面​​​​​​​的​​​​​​​转​​​​​​​义​​​​​​​符​​​​​​​:
  • \n 代​​​​​​​表​​​​​​​新​​​​​​​一​​​​​​​行​​​​​​​。​​​​​​​
  • \r 代​​​​​​​表​​​​​​​回​​​​​​​车​​​​​​​。​​​​​​​
  • \t 代​​​​​​​表​​​​​​​制​​​​​​​表​​​​​​​符​​​​​​​。​​​​​​​
  • \ 代​​​​​​​表​​​​​​​将​​​​​​​下​​​​​​​一​​​​​​​个​​​​​​​字​​​​​​​符​​​​​​​转​​​​​​​义​​​​​​​。​​​​​​​
Expect
输​​​​​​​入​​​​​​​如​​​​​​​果​​​​​​​正​​​​​​​常​​​​​​​工​​​​​​​作​​​​​​​时​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​应​​​​​​​该​​​​​​​返​​​​​​​回​​​​​​​的​​​​​​​文​​​​​​​本​​​​​​​响​​​​​​​应​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​您​​​​​​​自​​​​​​​己​​​​​​​写​​​​​​​发​​​​​​​送​​​​​​​程​​​​​​​序​​​​​​​,请​​​​​​​输​​​​​​​入​​​​​​​该​​​​​​​程​​​​​​​序​​​​​​​成​​​​​​​功​​​​​​​时​​​​​​​应​​​​​​​该​​​​​​​给​​​​​​​出​​​​​​​的​​​​​​​响​​​​​​​应​​​​​​​。​​​​​​​

注意

要​​​​​​​确​​​​​​​定​​​​​​​为​​​​​​​给​​​​​​​定​​​​​​​服​​​​​​​务​​​​​​​发​​​​​​​送​​​​​​​什​​​​​​​么​​​​​​​,您​​​​​​​可​​​​​​​以​​​​​​​打​​​​​​​开​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​连​​​​​​​接​​​​​​​ telnet 的​​​​​​​端​​​​​​​口​​​​​​​,并​​​​​​​看​​​​​​​返​​​​​​​回​​​​​​​了​​​​​​​什​​​​​​​么​​​​​​​。​​​​​​​例​​​​​​​如​​​​​​​,FTP 在​​​​​​​端​​​​​​​口​​​​​​​ 220 报​​​​​​​告​​​​​​​连​​​​​​​接​​​​​​​,那​​​​​​​么​​​​​​​应​​​​​​​该​​​​​​​在​​​​​​​「​​​​​​​Send」​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​ quit,并​​​​​​​在​​​​​​​「​​​​​​​Expect」​​​​​​​字​​​​​​​段​​​​​​​输​​​​​​​入​​​​​​​ 220。​​​​​​​

警告

请​​​​​​​记​​​​​​​住​​​​​​​在​​​​​​​修​​​​​​​改​​​​​​​此​​​​​​​面​​​​​​​板​​​​​​​中​​​​​​​的​​​​​​​内​​​​​​​容​​​​​​​后​​​​​​​点​​​​​​​击​​​​​​​「​​​​​​​接​​​​​​​受​​​​​​​」​​​​​​​按​​​​​​​钮​​​​​​​,以​​​​​​​确​​​​​​​定​​​​​​​在​​​​​​​选​​​​​​​择​​​​​​​新​​​​​​​面​​​​​​​板​​​​​​​时​​​​​​​没​​​​​​​有​​​​​​​丢​​​​​​​失​​​​​​​您​​​​​​​所​​​​​​​做​​​​​​​的​​​​​​​修​​​​​​​改​​​​​​​。​​​​​​​
Once you have configured virtual servers using the Piranha Configuration Tool, you must copy specific configuration files to the backup LVS router. See 第 4.7 节 “同​​​​​​​步​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​” for details.

4.7. 同​​​​​​​步​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​

配​​​​​​​置​​​​​​​完​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​之​​​​​​​后​​​​​​​,在​​​​​​​启​​​​​​​动​​​​​​​ LVS 前​​​​​​​必​​​​​​​须​​​​​​​将​​​​​​​一​​​​​​​些​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​复​​​​​​​制​​​​​​​到​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​。​​​​​​​
这​​​​​​​些​​​​​​​文​​​​​​​件​​​​​​​包​​​​​​​括​​​​​​​:
  • /etc/sysconfig/ha/lvs.cf — LVS 路​​​​​​​由​​​​​​​器​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​。​​​​​​​
  • /etc/sysctl — 在​​​​​​​内​​​​​​​核​​​​​​​中​​​​​​​打​​​​​​​开​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​转​​​​​​​发​​​​​​​功​​​​​​​能​​​​​​​的​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​。​​​​​​​
  • /etc/sysconfig/iptables — 如​​​​​​​果​​​​​​​您​​​​​​​使​​​​​​​用​​​​​​​防​​​​​​​火​​​​​​​墙​​​​​​​标​​​​​​​记​​​​​​​,您​​​​​​​应​​​​​​​该​​​​​​​根​​​​​​​据​​​​​​​您​​​​​​​使​​​​​​​用​​​​​​​的​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​器​​​​​​​同​​​​​​​步​​​​​​​以​​​​​​​上​​​​​​​这​​​​​​​些​​​​​​​文​​​​​​​件​​​​​​​之​​​​​​​一​​​​​​​。​​​​​​​

重要

在​​​​​​​您​​​​​​​使​​​​​​​用​​​​​​​ Piranha Configuration Tool 配​​​​​​​置​​​​​​​ LVS 时​​​​​​​, /etc/sysctl.conf 和​​​​​​​ /etc/sysconfig/iptables 文​​​​​​​件​​​​​​​不​​​​​​​会​​​​​​​改​​​​​​​变​​​​​​​。​​​​​​​

4.7.1. 同​​​​​​​步​​​​​​​ lvs.cf

无​​​​​​​论​​​​​​​何​​​​​​​时​​​​​​​在​​​​​​​创​​​​​​​建​​​​​​​或​​​​​​​者​​​​​​​更​​​​​​​新​​​​​​​ LVS 配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​ /etc/sysconfig/ha/lvs.cf 时​​​​​​​,您​​​​​​​必​​​​​​​须​​​​​​​将​​​​​​​其​​​​​​​复​​​​​​​制​​​​​​​到​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​。​​​​​​​

警告

活​​​​​​​跃​​​​​​​和​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​必​​​​​​​须​​​​​​​有​​​​​​​相​​​​​​​同​​​​​​​的​​​​​​​ lvs.cf 文​​​​​​​件​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​两​​​​​​​节​​​​​​​点​​​​​​​间​​​​​​​ LVS 配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​不​​​​​​​匹​​​​​​​配​​​​​​​会​​​​​​​导​​​​​​​致​​​​​​​无​​​​​​​法​​​​​​​进​​​​​​​行​​​​​​​失​​​​​​​效​​​​​​​切​​​​​​​换​​​​​​​。​​​​​​​
进​​​​​​​行​​​​​​​此​​​​​​​操​​​​​​​作​​​​​​​的​​​​​​​最​​​​​​​好​​​​​​​方​​​​​​​法​​​​​​​是​​​​​​​使​​​​​​​用​​​​​​​ scp 命​​​​​​​令​​​​​​​。​​​​​​​
在​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​身​​​​​​​份​​​​​​​使​​​​​​​用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​来​​​​​​​同​​​​​​​步​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​间​​​​​​​的​​​​​​​ lvs.cf 文​​​​​​​件​​​​​​​。​​​​​​​
scp /etc/sysconfig/ha/lvs.cf n.n.n.n:/etc/sysconfig/ha/lvs.cf
在​​​​​​​命​​​​​​​令​​​​​​​中​​​​​​​,使​​​​​​​用​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​真​​​​​​​正​​​​​​​ IP 地​​​​​​​址​​​​​​​替​​​​​​​换​​​​​​​ n.n.n.n。​​​​​​​

4.7.2. 同​​​​​​​步​​​​​​​ sysctl

sysctl 文​​​​​​​件​​​​​​​在​​​​​​​大​​​​​​​多​​​​​​​数​​​​​​​情​​​​​​​况​​​​​​​下​​​​​​​只​​​​​​​修​​​​​​​改​​​​​​​一​​​​​​​次​​​​​​​。​​​​​​​该​​​​​​​文​​​​​​​件​​​​​​​在​​​​​​​引​​​​​​​导​​​​​​​时​​​​​​​读​​​​​​​取​​​​​​​并​​​​​​​告​​​​​​​知​​​​​​​内​​​​​​​核​​​​​​​打​​​​​​​开​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​转​​​​​​​发​​​​​​​功​​​​​​​能​​​​​​​。​​​​​​​

重要

If you are not sure whether or not packet forwarding is enabled in the kernel, see 第 2.5 节 “启​​​​​​​动​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​转​​​​​​​发​​​​​​​” for instructions on how to check and, if necessary, enable this key functionality.

4.7.3. 同​​​​​​​步​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​规​​​​​​​则​​​​​​​

如​​​​​​​果​​​​​​​您​​​​​​​使​​​​​​​用​​​​​​​ iptables,您​​​​​​​将​​​​​​​会​​​​​​​需​​​​​​​要​​​​​​​同​​​​​​​步​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​适​​​​​​​当​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​。​​​​​​​
如​​​​​​​果​​​​​​​您​​​​​​​更​​​​​​​换​​​​​​​了​​​​​​​任​​​​​​​何​​​​​​​网​​​​​​​络​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​过​​​​​​​滤​​​​​​​规​​​​​​​则​​​​​​​,请​​​​​​​在​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​身​​​​​​​份​​​​​​​输​​​​​​​入​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
scp /etc/sysconfig/iptables n.n.n.n:/etc/sysconfig/
在​​​​​​​命​​​​​​​令​​​​​​​中​​​​​​​,使​​​​​​​用​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​真​​​​​​​正​​​​​​​ IP 地​​​​​​​址​​​​​​​替​​​​​​​换​​​​​​​ n.n.n.n。​​​​​​​
接​​​​​​​下​​​​​​​来​​​​​​​,您​​​​​​​可​​​​​​​以​​​​​​​打​​​​​​​开​​​​​​​一​​​​​​​个​​​​​​​到​​​​​​​备​​​​​​​用​​​​​​​路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​ ssh 会​​​​​​​话​​​​​​​,也​​​​​​​可​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​身​​​​​​​份​​​​​​​登​​​​​​​录​​​​​​​到​​​​​​​机​​​​​​​器​​​​​​​并​​​​​​​输​​​​​​​入​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​:
/sbin/service iptables restart

4.8. 启​​​​​​​动​​​​​​​ LVS

要​​​​​​​启​​​​​​​动​​​​​​​ LVS,最​​​​​​​好​​​​​​​同​​​​​​​时​​​​​​​打​​​​​​​开​​​​​​​两​​​​​​​个​​​​​​​根​​​​​​​终​​​​​​​端​​​​​​​,或​​​​​​​者​​​​​​​以​​​​​​​根​​​​​​​用​​​​​​​户​​​​​​​同​​​​​​​时​​​​​​​打​​​​​​​开​​​​​​​两​​​​​​​个​​​​​​​连​​​​​​​接​​​​​​​到​​​​​​​主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​ ssh 会​​​​​​​话​​​​​​​。​​​​​​​
在​​​​​​​一​​​​​​​个​​​​​​​终​​​​​​​端​​​​​​​中​​​​​​​,用​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​观​​​​​​​察​​​​​​​内​​​​​​​核​​​​​​​日​​​​​​​志​​​​​​​信​​​​​​​息​​​​​​​:
tail -f /var/log/messages
然​​​​​​​后​​​​​​​在​​​​​​​另​​​​​​​一​​​​​​​个​​​​​​​终​​​​​​​端​​​​​​​中​​​​​​​输​​​​​​​入​​​​​​​以​​​​​​​下​​​​​​​命​​​​​​​令​​​​​​​启​​​​​​​动​​​​​​​ LVS:
/sbin/service pulse start
Follow the progress of the pulse service's startup in the terminal with the kernel log messages. When you see the following output, the pulse daemon has started properly:
gratuitous lvs arps finished
要​​​​​​​停​​​​​​​止​​​​​​​观​​​​​​​察​​​​​​​ /var/log/messages,请​​​​​​​按​​​​​​​ Ctrl+c 键​​​​​​​。​​​​​​​
从​​​​​​​这​​​​​​​里​​​​​​​开​​​​​​​始​​​​​​​,主​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​也​​​​​​​就​​​​​​​成​​​​​​​为​​​​​​​活​​​​​​​跃​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​了​​​​​​​。​​​​​​​尽​​​​​​​管​​​​​​​您​​​​​​​可​​​​​​​以​​​​​​​在​​​​​​​此​​​​​​​向​​​​​​​ LVS 发​​​​​​​出​​​​​​​请​​​​​​​求​​​​​​​,但​​​​​​​您​​​​​​​还​​​​​​​是​​​​​​​应​​​​​​​该​​​​​​​在​​​​​​​使​​​​​​​用​​​​​​​ LVS 进​​​​​​​行​​​​​​​服​​​​​​​务​​​​​​​前​​​​​​​启​​​​​​​动​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​。​​​​​​​要​​​​​​​做​​​​​​​到​​​​​​​这​​​​​​​一​​​​​​​点​​​​​​​,只​​​​​​​要​​​​​​​在​​​​​​​备​​​​​​​用​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​节​​​​​​​点​​​​​​​重​​​​​​​复​​​​​​​以​​​​​​​上​​​​​​​所​​​​​​​述​​​​​​​过​​​​​​​程​​​​​​​即​​​​​​​可​​​​​​​。​​​​​​​
完​​​​​​​成​​​​​​​最​​​​​​​后​​​​​​​的​​​​​​​步​​​​​​​骤​​​​​​​后​​​​​​​,将​​​​​​​开​​​​​​​启​​​​​​​并​​​​​​​运​​​​​​​行​​​​​​​ LVS。​​​​​​​

附录 A. 使​​​​​​​用​​​​​​​带​​​​​​​ Red Hat 的​​​​​​​ LVS 群​​​​​​​集​​​​​​​

您​​​​​​​可​​​​​​​以​​​​​​​使​​​​​​​用​​​​​​​带​​​​​​​ Red Hat LVS 路​​​​​​​由​​​​​​​器​​​​​​​的​​​​​​​群​​​​​​​集​​​​​​​来​​​​​​​部​​​​​​​署​​​​​​​高​​​​​​​度​​​​​​​可​​​​​​​用​​​​​​​的​​​​​​​商​​​​​​​业​​​​​​​网​​​​​​​站​​​​​​​,以​​​​​​​提​​​​​​​供​​​​​​​负​​​​​​​载​​​​​​​平​​​​​​​衡​​​​​​​、​​​​​​​数​​​​​​​据​​​​​​​完​​​​​​​整​​​​​​​性​​​​​​​和​​​​​​​源​​​​​​​程​​​​​​​序​​​​​​​的​​​​​​​可​​​​​​​用​​​​​​​性​​​​​​​。​​​​​​​
The configuration in 图 A.1 “LVS with a Red Hat Cluster” represents an e-commerce site used for online merchandise ordering through a URL. Client requests to the URL pass through the firewall to the active LVS load-balancing router, which then forwards the requests to one of the Web servers. The Red Hat Cluster nodes serve dynamic data to the Web servers, which forward the data to the requesting client.
LVS with a Red Hat Cluster

图 A.1. LVS with a Red Hat Cluster

Serving dynamic Web content with LVS requires a three-tier configuration (as shown in 图 A.1 “LVS with a Red Hat Cluster”). This combination of LVS and Red Hat Cluster allows for the configuration of a high-integrity, no-single-point-of-failure e-commerce site. The Red Hat Cluster can run a high-availability instance of a database or a set of databases that are network-accessible to the Web servers.
进​​​​​​​行​​​​​​​三​​​​​​​层​​​​​​​配​​​​​​​置​​​​​​​可​​​​​​​提​​​​​​​供​​​​​​​动​​​​​​​态​​​​​​​内​​​​​​​容​​​​​​​。​​​​​​​如​​​​​​​果​​​​​​​网​​​​​​​页​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​只​​​​​​​提​​​​​​​供​​​​​​​静​​​​​​​态​​​​​​​网​​​​​​​页​​​​​​​内​​​​​​​容​​​​​​​(包​​​​​​​括​​​​​​​少​​​​​​​数​​​​​​​不​​​​​​​经​​​​​​​常​​​​​​​修​​​​​​​改​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​),那​​​​​​​么​​​​​​​两​​​​​​​层​​​​​​​ LVS 配​​​​​​​置​​​​​​​就​​​​​​​可​​​​​​​以​​​​​​​了​​​​​​​,但​​​​​​​如​​​​​​​果​​​​​​​需​​​​​​​要​​​​​​​提​​​​​​​供​​​​​​​动​​​​​​​态​​​​​​​网​​​​​​​页​​​​​​​内​​​​​​​容​​​​​​​,两​​​​​​​层​​​​​​​配​​​​​​​置​​​​​​​就​​​​​​​不​​​​​​​行​​​​​​​了​​​​​​​。​​​​​​​动​​​​​​​态​​​​​​​内​​​​​​​容​​​​​​​可​​​​​​​包​​​​​​​括​​​​​​​产​​​​​​​品​​​​​​​目​​​​​​​录​​​​​​​、​​​​​​​购​​​​​​​买​​​​​​​订​​​​​​​单​​​​​​​或​​​​​​​者​​​​​​​客​​​​​​​户​​​​​​​数​​​​​​​据​​​​​​​库​​​​​​​,这​​​​​​​些​​​​​​​内​​​​​​​容​​​​​​​必​​​​​​​须​​​​​​​在​​​​​​​所​​​​​​​有​​​​​​​网​​​​​​​页​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​中​​​​​​​都​​​​​​​是​​​​​​​一​​​​​​​致​​​​​​​的​​​​​​​,以​​​​​​​确​​​​​​​保​​​​​​​客​​​​​​​户​​​​​​​可​​​​​​​以​​​​​​​访​​​​​​​问​​​​​​​最​​​​​​​新​​​​​​​的​​​​​​​准​​​​​​​确​​​​​​​信​​​​​​​息​​​​​​​。​​​​​​​
每​​​​​​​层​​​​​​​可​​​​​​​提​​​​​​​供​​​​​​​以​​​​​​​下​​​​​​​功​​​​​​​能​​​​​​​:
  • 第​​​​​​​一​​​​​​​层​​​​​​​ — LVS 路​​​​​​​由​​​​​​​器​​​​​​​执​​​​​​​行​​​​​​​负​​​​​​​载​​​​​​​平​​​​​​​衡​​​​​​​来​​​​​​​分​​​​​​​配​​​​​​​网​​​​​​​页​​​​​​​请​​​​​​​求​​​​​​​。​​​​​​​
  • 第​​​​​​​二​​​​​​​层​​​​​​​ — 为​​​​​​​请​​​​​​​求​​​​​​​提​​​​​​​供​​​​​​​服​​​​​​​务​​​​​​​的​​​​​​​一​​​​​​​组​​​​​​​网​​​​​​​页​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​。​​​​​​​
  • 第​​​​​​​三​​​​​​​层​​​​​​​ — 为​​​​​​​网​​​​​​​页​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​提​​​​​​​供​​​​​​​数​​​​​​​据​​​​​​​的​​​​​​​ Red Hat 群​​​​​​​集​​​​​​​。​​​​​​​
In an LVS configuration like the one in 图 A.1 “LVS with a Red Hat Cluster”, client systems issue requests on the World Wide Web. For security reasons, these requests enter a Web site through a firewall, which can be a Linux system serving in that capacity or a dedicated firewall device. For redundancy, you can configure firewall devices in a failover configuration. Behind the firewall are LVS load-balancing routers, which can be configured in an active-standby mode. The active load-balancing router forwards the requests to the set of Web servers.
Each Web server can independently process an HTTP request from a client and send the response back to the client. LVS enables you to expand a Web site's capacity by adding Web servers behind the LVS routers; the LVS routers perform load balancing across a wider set of Web servers. In addition, if a Web server fails, it can be removed; LVS continues to perform load balancing across a smaller set of Web servers.

附录 B. Revision History

修订历史
修订 5-8.4002013-10-31Rüdiger Landmann
Rebuild with publican 4.0.0
修订 5-82012-07-18Anthony Towns
Rebuild for Publican 3.0
修订 2.0-0Mon Feb 08 2010Paul Kennedy
Resolves: 492000
Changes -d to -s in arptables "OUT" directive in "Direct Routing and arptables_jf" section.
修订 1.0-0Tue Jan 20 2009Paul Kennedy
Consolidation of point releases

索引

符号

/etc/sysconfig/ha/lvs.cf file,/etc/sysconfig/ha/lvs.cf

L

least connections (见 job scheduling, LVS)
LVS
/etc/sysconfig/ha/lvs.cf file,/etc/sysconfig/ha/lvs.cf
components of,LVS Components
daemon,lvs
date replication, real servers,在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​之​​​​​​​间​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​重​​​​​​​复​​​​​​​和​​​​​​​数​​​​​​​据​​​​​​​共​​​​​​​享​​​​​​​
direct routing
and arptables_jf,直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​及​​​​​​​ arptables_jf
requirements, hardware,直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​使​​​​​​​用​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​的​​​​​​​ LVS
requirements, network,直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​使​​​​​​​用​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​的​​​​​​​ LVS
requirements, software,直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​使​​​​​​​用​​​​​​​直​​​​​​​接​​​​​​​路​​​​​​​由​​​​​​​的​​​​​​​ LVS
initial configuration,初​​​​​​​始​​​​​​​ LVS 配​​​​​​​置​​​​​​​
ipvsadm program,ipvsadm
job scheduling,LVS 调​​​​​​​度​​​​​​​总​​​​​​​览​​​​​​​
lvs daemon,lvs
LVS routers
configuring services,初​​​​​​​始​​​​​​​ LVS 配​​​​​​​置​​​​​​​
necessary services,在​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​配​​​​​​​置​​​​​​​服​​​​​​​务​​​​​​​
primary node,初​​​​​​​始​​​​​​​ LVS 配​​​​​​​置​​​​​​​
multi-port services,多​​​​​​​端​​​​​​​口​​​​​​​服​​​​​​​务​​​​​​​和​​​​​​​ LVS
FTP,配​​​​​​​置​​​​​​​ FTP
nanny daemon,nanny
NAT routing
enabling,启​​​​​​​动​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​的​​​​​​​ NAT 路​​​​​​​由​​​​​​​
requirements, hardware,NAT LVS 网​​​​​​​络​​​​​​​
requirements, network,NAT LVS 网​​​​​​​络​​​​​​​
requirements, software,NAT LVS 网​​​​​​​络​​​​​​​
overview of,Linux 虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​总​​​​​​​览​​​​​​​
packet forwarding,启​​​​​​​动​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​转​​​​​​​发​​​​​​​
Piranha Configuration Tool ,Piranha Configuration Tool
pulse daemon,pulse
real servers,Linux 虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​总​​​​​​​览​​​​​​​
routing methods
NAT,路​​​​​​​由​​​​​​​方​​​​​​​法​​​​​​​
routing prerequisites,为​​​​​​​带​​​​​​​ NAT 的​​​​​​​ LVS 配​​​​​​​置​​​​​​​网​​​​​​​络​​​​​​​接​​​​​​​口​​​​​​​
scheduling, job,LVS 调​​​​​​​度​​​​​​​总​​​​​​​览​​​​​​​
send_arp program,send_arp
shared data,在​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​之​​​​​​​间​​​​​​​的​​​​​​​数​​​​​​​据​​​​​​​重​​​​​​​复​​​​​​​和​​​​​​​数​​​​​​​据​​​​​​​共​​​​​​​享​​​​​​​
starting LVS,启​​​​​​​动​​​​​​​ LVS
synchronizing configuration files,同​​​​​​​步​​​​​​​配​​​​​​​置​​​​​​​文​​​​​​​件​​​​​​​
three-tier
Red Hat Cluster Manager,A Three-Tier LVS Configuration
using LVS with Red Hat Cluster,使​​​​​​​用​​​​​​​带​​​​​​​ Red Hat 的​​​​​​​ LVS 群​​​​​​​集​​​​​​​
lvs daemon,lvs

P

packet forwarding,启​​​​​​​动​​​​​​​数​​​​​​​据​​​​​​​包​​​​​​​转​​​​​​​发​​​​​​​
(参见 LVS)
Piranha Configuration Tool ,Piranha Configuration Tool
CONTROL/MONITORING ,CONTROL/MONITORING
EDIT MONITORING SCRIPTS Subsection,EDIT MONITORING SCRIPTS Subsection
GLOBAL SETTINGS ,GLOBAL SETTINGS
limiting access to,限​​​​​​​制​​​​​​​对​​​​​​​ Piranha Configuration Tool的​​​​​​​访​​​​​​​问​​​​​​​
login panel,登​​​​​​​录​​​​​​​到​​​​​​​ Piranha Configuration Tool
necessary software,必​​​​​​​需​​​​​​​的​​​​​​​软​​​​​​​件​​​​​​​
overview of,用​​​​​​​ Piranha Configuration Tool配​​​​​​​置​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​
REAL SERVER subsection,「​​​​​​​真​​​​​​​实​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​
REDUNDANCY ,REDUNDANCY
setting a password,为​​​​​​​ Piranha Configuration Tool设​​​​​​​置​​​​​​​密​​​​​​​码​​​​​​​
VIRTUAL SERVER subsection,「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​
Firewall Mark ,「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​
Persistence ,「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​
Scheduling ,「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​
Virtual IP Address ,「​​​​​​​虚​​​​​​​拟​​​​​​​服​​​​​​​务​​​​​​​器​​​​​​​」​​​​​​​子​​​​​​​界​​​​​​​面​​​​​​​
VIRTUAL SERVERS ,VIRTUAL SERVERS
piranha-gui service,在​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​配​​​​​​​置​​​​​​​服​​​​​​​务​​​​​​​
piranha-passwd ,为​​​​​​​ Piranha Configuration Tool设​​​​​​​置​​​​​​​密​​​​​​​码​​​​​​​
pulse daemon,pulse
pulse service,在​​​​​​​ LVS 路​​​​​​​由​​​​​​​器​​​​​​​中​​​​​​​配​​​​​​​置​​​​​​​服​​​​​​​务​​​​​​​

W

weighted least connections (见 job scheduling, LVS)
weighted round robin (见 job scheduling, LVS)

法律通告

Copyright © 2009 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.