- 浏览: 21501096 次
- 性别:
- 来自: 杭州
最新评论
-
ZY199266:
配置文件还需要额外的配置ma
Android 客户端通过内置API(HttpClient) 访问 服务器(用Spring MVC 架构) 返回的json数据全过程 -
ZY199266:
我的一访问为什么是 /mavenwebdemo/WEB-I ...
Android 客户端通过内置API(HttpClient) 访问 服务器(用Spring MVC 架构) 返回的json数据全过程 -
lvgaga:
我又一个问题就是 如果像你的这种形式写。配置文件还需要额外的 ...
Android 客户端通过内置API(HttpClient) 访问 服务器(用Spring MVC 架构) 返回的json数据全过程 -
lvgaga:
我的一访问为什么是 /mavenwebdemo/WEB-I ...
Android 客户端通过内置API(HttpClient) 访问 服务器(用Spring MVC 架构) 返回的json数据全过程 -
y1210251848:
你的那个错误应该是项目所使用的目标框架不支持吧
log4net配置(web中使用log4net,把web.config放在单独的文件中)
[转]基于LVS的互联网应用
基于LVS的互联网应用
作者:田逸(sery@163.com) from:http://server.it168.com/server/2007-12-11/200712110855723.shtml<?xml:namespace prefix = o />
网络环境
1、 硬件:服务器、网络附属存储(NAS)和交换机。3个服务器用来做web,2个服务器
来做流媒体,1个服务器做LVS-DR,2个mysql服务器,一个邮件服务器,2个交换机,一个NETAPP NAS。
2、 运行环境:流媒体windows,其他的都是linux。
逻辑结构:除数据库服务器和NETAPP存储外,其他的服务器都使用2个网络地址,一个公网地址和一个私有网络地址。设置为公网ip的网络接口连接在一个交换机,设置为私有网络ip的网络接另外一个交换机,处于安全和网络带宽考虑,网络存储设备和数据库只使用私有网络地址。网络拓扑图如下所示:
基本原理:
传统模式下,用户的访问请求通过DNS服务器解析后,把服务请求转发给web服务器,取得数据后返回给用户。这种模式有2个麻烦:同时访问的用户增加到某个程度后,服务器不能提供所需的正常访问;遇到故障,所有的访问请求都将失败。要解决这样一个难题,LVS是上上之选。当我们采用lvs方案之后,更改dns服务器的记录,这样用户的访问将首先到达LVS控制器所在的服务器,LVS把请求按照某种算法转发给后面真正的服务器。那么数据的返还是怎样的一个过程呢?在采用DR方式的集群形式下,真实服务器直接把数据返还给用户而不再经过LVS控制器。访问数据的流向在上图中用带箭头的虚线标识出来了,这样设计使得结构更简单一些,lvs控制器的压力也小很多。
根据应用的实际情况考虑,本项目采用LVS/DR方式。
技术实现:
先列出个相关服务器的ip地址:
名称
|
Ip地址
|
|
真实ip地址(RIP)
| ||
LVS/DR(控制器)
|
61.135.55.100/24
|
|
RealServer1(Web1)
|
61.135.55.150/24
|
192.168.55.150/24
|
RealServer2(Web2)
|
61.135.55.151/24
|
192.168.55.151/24
|
RealServer3(Web3)
|
61.135.55.152/24
|
192.168.55.152/24
|
RealServer4 (流媒体1)
|
61.135.55.153/24
|
192.168.55.153/24
|
RealServer5 (流媒体2 )
|
61.135.55.154/24
|
192.168.55.154/24
|
MysqlServer1
|
|
192.168.55.90/24
|
MysqlServer2
|
|
192.168.55.91/24
|
Netapp(网络共享存储)
|
|
192.168.55.92/24
|
虚拟ip地址(VIP)
| ||
Web虚拟地址(VIP1)
|
61.135.55.160
|
|
流媒体虚拟地址(VIP2)
|
61.135.55.161
|
|
一、修改DNS记录。
www IN A 61.135.55.160
media IN A 61.135.55.161
|
修改bind完成后测试一下,看是否被正确的解析。注意:主机记录应该解析到虚拟地址。
二、配置LVS/DR。
LVS/DR主要由控制器和真实服务器2部分构成,需要在控制器和真实服务器上做好配置才能提供正常的服务,下面分步来说明。
安装控制器部分:安装好系统(我用的是centos 5),指定ip地址61.135.55.100/24,关闭不必要的系统/网络服务(执行ntsysv用上下键和空白键来完成)。实现LVS/DR最重要的两个东西是ipvs内核模块和ipvsadm工具包,幸运的是,当前的发行版已经包含ipvs内核模块,不必再像旧的内核版本需要打这个补丁,ipvsadm需要从网上下载安装,下面总结一下这个过程:
1、 检查内核模块,看ipvs模块是否被加载
上图实现,ipvs模块没有被加载,可以手动加载,当然这不是必需的(当安装好ipvsadm包后,执行ipvsadm命令就会把ip_vs加载到系统内核)。执行命令 modprobe ip_vs 就可以把ip_vs模块加载到内核。现在再执行 lsmod –l | grep ip_vs 应该看见ip_vs模块被列出。
2、安装ipvsadm。Ipvsadm的官方下载地址为 http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz ,解压后先做一个链接文件,把目录/usr/src/kernels/<?xml:namespace prefix = st1 /><chsdate isrocdate="False" islunardate="False" day="30" month="12" year="1899" w:st="on">2.6.18</chsdate>-8.el5-i686/ 链接为/usr/src/linux,不这样做的话,执行./configure脚本将报错。运行命令 ln –s /usr/src/kernels/2.6.18-8.el5-i686 /usr/src/linux 做好链接,再运行不带参数的脚本 ./configure,然后执行”make;make install”完成安装
(二) 控制器配置:既可以使用脚本也可以更改系统的配置文件 /etc/sysconfig/ipvsadm。在实际应用中,我建议用脚本,这样的话,维护和移植lvs会很方便。下面给出本案使用的lvs/dr脚本:
[root@mysql2 ~]# more /usr/local/bin/lvsdr
#!/bin/bash
RIP1=61.135.55.150
RIP2=61.135.55.151
RIP3=61.135.55.152
VIP1=61.135.55.160
VIP2=61.135.55.161
/etc/rc.d/init.d/functions
case "$1" in
start)
echo " start LVS of DirectorServer"
# set the Virtual IP Address and sysctl parameter
/sbin/ifconfig eth0:0 $VIP1 broadcast $VIP1 netmask 255.255.255.255 up
/sbin/ifconfig eth0:1 $VIP2 broadcast $VIP2 netmask 255.255.255.255 up
/sbin/route add -host $VIP1 dev eth0:0
/sbin/route add -host $VIP2 dev eth0:1
echo "1" >/proc/sys/net/ipv4/ip_forward
#Clear IPVS table
/sbin/ipvsadm -C
#set LVS
#Web Apache
/sbin/ipvsadm -A -t $VIP1:80 -s wlc -p 120
/sbin/ipvsadm -a -t $VIP1:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP1:80 -r $RIP2:80 -g
/sbin/ipvsadm -a -t $VIP1:80 -r $RIP3:80 -g
#Media (mms)
/sbin/ipvsadm -A -t $VIP2:1755 -s rr -p 3600
/sbin/ipvsadm -a -t $VIP2:1755 -r $RIP3:1755 -g
/sbin/ipvsadm -a -t $VIP2:1755 -r $RIP4:1755 -g
/sbin/ipvsadm -A -t $VIP2:554 -s rr -p 3600
/sbin/ipvsadm -a -t $VIP2:554 -r $RIP3:554 –g
/sbin/ipvsadm -a -t $VIP2:554 -r $RIP4:554 –g
#Run LVS
/sbin/ipvsadm
;;
stop)
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/ip_forward
/sbin/ipvsadm -C
/sbin/ifconfig eth0:0 down
/sbin/ifconfig eth0:1 down
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
.RIP1=61.135.55.150到RIP3=61.135.55.152定义3个真实服务器的ip地址。
.VIP1=61.135.55.160,VIP2=61.135.55.161定义2个虚拟ip地址,一个作web服务的虚拟地址,一个做流媒体服务的虚拟地址。
. /etc/rc.d/init.d/functions,执行这个系统脚本,以取得运行其他脚本所需的环境和参数。
.case语句是一个多路选择,本脚本给出3个:start,stop及*,3选1。$1表示脚本带一个参数。
. /sbin/ifconfig eth0:0 $VIP1 broadcast $VIP1 netmask 255.255.255.255 up把web服务所需的ip地址(虚拟地址)绑定在辅助接口eth0:0。在LVS方案中,虚拟ip地址与普通网络接口大大不同,这点需要特别注意。虚拟ip地址的广播地址是它本身,子网掩码是255.255.255.255。为什么要这样呢?因为有若干机器要使用同一个ip地址,用本身做广播地址和把子网掩码设成4个255就不会造成ip地址冲突了,否则lvs将不能正常转发访问请求。
. /sbin/route add -host $VIP1 dev eth0:0添加主机路由,这2条可有可无,较新的linux发行版能正确路由这个主机地址。
. echo "1" >/proc/sys/net/ipv4/ip_forward启用ip转发功能。
. /sbin/ipvsadm –C清空ipvs转发表。
. /sbin/ipvsadm -A -t $VIP1:80 -s wlc -p 120 添加一个虚拟服务,服务协议是tcp(-t);服务类型是web($VIP1:80);-s 表示采用wlc这种调度算法转发数据包(调度算法包括:rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq);-p表示连接的持续时间为120秒,这个会话时间是根据实际情况调整的,如果这个值设置得不合理,用户将得到非常糟糕的访问效果。下面举例简单说明一下
从上图我们可以看出,随着时间的变化,用户的请求将可能被lvs转发到不同的服务器,而那些需要保持会话的请求将被丢失,导致访问不能进行。
. /sbin/ipvsadm -a -t $VIP1:80 -r $RIP1:80 –g 以直接路由的方式把请求转发到LVS后面的真实服务器。我曾企图把web(80端口)请求转发到真实服务器的其他端口(如8000),但不能如愿。
余下的行参照上面的解释,理解起来应该不是问题,因此不再一一说明。脚本写好后,把它放在目录/usr/local/bin,然后授与执行权限(chmod 700 /usr/local/bin/lvsdr),运行这个脚本,LVS/DR控制器部分就算配置好了。如果脚本不能正常运行,多半情况是脚本书写错误所致,如在windows用写字板写脚本再拷贝到linux,或者写丢了某个“;”等等。不管真实服务器端是否正确设置lvs,LVS/DR控制器都能独个运行。有2个方法检验LVS/DR是否正常运行了:(1)查看内核是否列出ip_vs模块;(2)直接运行ipvsadm –l看输出是否有转发规则。
(三) 真实服务器配置虚拟ip地址。LVS可以把服务请求转发到各种各样的操作系统,在本案中有2种操作系统:centos和windows 2003 server。其他unix的处理跟centos(一种linux发行版)相似。
(1) centos服务器设置虚拟服务器:与LVS/DR控制类似,既可以修改配置文件也可以用脚本,相对来讲,还是脚本方便,下面是某个服务器设置虚拟ip地址的脚本:
[root@WEB2 ~]# more /usr/local/bin/lvs
#!/bin/bash
#description:start realserver
#chkconfig 235 26 26
VIP1=220.194.55.160
/etc/rc.d/init.d/functions
case "$1" in
start)
echo " start LVS of REALServer"
/sbin/ifconfig lo:0 $VIP1 broadcast $VIP1 netmask 255.255.255.255 up
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
. /sbin/ifconfig lo:0 $VIP1 broadcast $VIP1 netmask 255.255.255.255 up 跟LVS/DR控制器一样,广播地址设置为虚拟地址本身,子网掩码4个255,不同的是,虚拟ip地址被绑定在环回(loopback)子接口,而不是物理接口的子接口。
. echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore 一共四行,其目的是关闭arp响应。
(2)windows服务器设置虚拟地址。windows下设置子网掩码为255.255.255.255比linux设置要麻烦些。要想在网上邻居本地连接的tcp/ip属性设置4个255掩码是不能得逞的,唯一的办法是修改注册表。默认状况下,windows并没有环回接口存在,配置之前得先安装这个“设备”。接下来介绍一下环回接口设置步骤:
①控制面板点击添加新硬件
选“网络适配器”,按“下一步”,选“Microsoft”及“Microsoft Loopback Adapter”
点击下一步安装好loopback adapter.。
②设置loopback的tcp/ip参数值。
先设置ip,把子网掩码设置成255.255.255.0。
设置ip地址的目的是方便在注册表中搜索loopback设置子网掩码的位置,我们用设置的虚拟ip地址做搜索关键字,很快就找到位置了。
搜索“61.135.<chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="55.16" unitname="”"><font face="Times New Roman">55.160</font><span lang="EN-US" style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""><span lang="EN-US">”</span></span></chmetcnv>
<chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="55.16" unitname="”"><span lang="EN-US" style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""><span lang="EN-US"></span></span></chmetcnv>
<chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="55.16" unitname="”"><span lang="EN-US" style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""><span lang="EN-US"><img onclick='window.open("http://blog.51cto.com/viewpic.php?refimg=" + this.src)' alt="" src="http://blog.51cto.com/attachment/200712/200712121197429078604.jpg" border="0"></span></span></chmetcnv>
<chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="55.16" unitname="”"><span lang="EN-US" style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""><span lang="EN-US">
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">找到</span><span lang="EN-US"><font face="Times New Roman">ip</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">地址“</span><span lang="EN-US"><font face="Times New Roman">61.135.</font><chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="55.16" unitname="”"><font face="Times New Roman">55.160</font><span lang="EN-US" style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""><span lang="EN-US">”</span></span></chmetcnv><span lang="EN-US" style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">所在的位置,在这个项的下方,<span lang="EN-US">有个</span></span></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span lang="EN-US"><span lang="EN-US" style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""><span lang="EN-US"><span lang="EN-US">项“</span></span></span><font face="Times New Roman">SubnetMask</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">”,它的值为</span><span lang="EN-US"><font face="Times New Roman">255.255.255.0.</font></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span lang="EN-US"><font face="Times New Roman"></font></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US"><font face="Times New Roman"><img onclick='window.open("http://blog.51cto.com/viewpic.php?refimg=" + this.src)' alt="" src="http://blog.51cto.com/attachment/200712/200712121197429092542.jpg" border="0"></font></span></div>
<span lang="EN-US">
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">把其修改为</span><span lang="EN-US"><font face="Times New Roman">255.255.255.255,</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">但不幸的是,</span><span lang="EN-US"><font face="Times New Roman">windows 2003 server </font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">的注册表修改编辑方式是</span><span lang="EN-US"><font face="Times New Roman">2</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">进制,修改时需要技巧。在</span><span lang="EN-US"><font face="Times New Roman">windows xp</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">的注册表编辑器上修改好,然后转换到</span><span lang="EN-US"><font face="Times New Roman">2</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">进制方式,</span><span lang="EN-US"><font face="Times New Roman">windows 2003 server </font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">对照这个值更改即可。</span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""><img onclick='window.open("http://blog.51cto.com/viewpic.php?refimg=" + this.src)' alt="" src="http://blog.51cto.com/attachment/200712/200712121197429111042.jpg" border="0"></span></div>
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">换成</span><span lang="EN-US"><font face="Times New Roman">2</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">进制方式</span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""><img onclick='window.open("http://blog.51cto.com/viewpic.php?refimg=" + this.src)' alt="" src="http://blog.51cto.com/attachment/200712/200712121197429130120.jpg" border="0"></span></div>
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times=""></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">修改好一个项(</span><span lang="EN-US"><font face="Times New Roman">SubnetMask</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">)后,按</span><span lang="EN-US"><font face="Times New Roman">F3</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">修改余下的几个项的</span><span lang="EN-US"><font face="Times New Roman">SubnetMask </font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">值为</span><span lang="EN-US"><font face="Times New Roman">255.255.255.255</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">,然后重启</span><span lang="EN-US"><font face="Times New Roman">windows</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">就可以生效了。</span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: -21pt; mso-list: l0 level1 lfo1; tab-stops: list 21.0pt">
<span lang="EN-US" style="mso-bidi-font-family: 宋体"><span style="mso-list: ignore"><font face="Times New Roman">一、</font></span></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">运行</span><span lang="EN-US"><font face="Times New Roman">LVS/DR</font></span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">在</span><span lang="EN-US"><font face="Times New Roman">LVS/DR</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">运行</span><span lang="EN-US"><font face="Times New Roman">lvs</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">脚本,在真实服务器上启用虚拟地址,就可以把整个</span><span lang="EN-US"><font face="Times New Roman">LVS/DR</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">运行起来了。</span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<strong style="mso-bidi-font-weight: normal"><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" roman="" new="" times="">几个需要关注的问题</span></strong><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" style="FONT-SIZE: 9pt; mso-bidi-font-size: 12.0pt"><p></p></span></strong>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" style="FONT-SIZE: 9pt; mso-bidi-font-size: 12.0pt"><p><font face="Times New Roman"></font></p></span></strong></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">一、控制器高可靠性。一个普遍的做法是使用</span><span lang="EN-US"><font face="Times New Roman">HA,</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">用</span><span lang="EN-US"><font face="Times New Roman">2</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">个服务器做双机。在条件有限的情况下,又考虑不增加网络结构的复杂性,可以把</span><span lang="EN-US"><font face="Times New Roman">LVS/DR</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">控制器脚本放在不同的服务器上,一旦当前使用的</span><span lang="EN-US"><font face="Times New Roman">LVS/DR</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">控制器出故障,立即启用其它服务器的控制器脚本,可以把停机时间控制在可以接受的范围。</span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">二、安全。出来在真实服务器上启用安全机制外,</span><span lang="EN-US"><font face="Times New Roman">LVS/DR</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">控制器也需要做防火墙策略的。下面是某个</span><span lang="EN-US"><font face="Times New Roman">LVS/DR</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">控制器的防火墙脚本,请大家参考:</span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US"><font face="Times New Roman">[root@mysql2 ~]# <strong style="mso-bidi-font-weight: normal">more /usr/local/bin/firewall</strong><span style="COLOR: blue"> <p></p></span></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">#!/bin/bash<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">#this is a common firewall created by <chsdate isrocdate="False" islunardate="False" day="29" month="7" year="2007" w:st="on">2007-7-29</chsdate><p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">#define some variable<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">IPT=/sbin/iptables<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">CONNECTION_TRACKING="1"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">INTERNET="eth0"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">CLASS_A="<chsdate isrocdate="False" islunardate="False" day="30" month="12" year="1899" w:st="on">10.0.0</chsdate>.0/8"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">CLASS_B="172.16.0.0/12"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">CLASS_C="192.168.0.0/16"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">CLASS_D_MULTICAST="224.0.0.0/4"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">CLASS_E_RESERVED_NET="240.0.0.0/5"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">BROADCAST_SRC="<chsdate isrocdate="False" islunardate="False" day="30" month="12" year="1899" w:st="on">0.0.0</chsdate>.0" <p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">BROADCAST_DEST="255.255.255.255"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">IPADDR=61.135.55.100<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">LOOPBACK_INTERFACE="lo"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">#Remove any existing rules<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -F<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -X<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">#setting default firewall policy<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT --policy OUTPUT ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT --policy FORWARD DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -P INPUT DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">#stop firewall<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">if [ "$1" = "stop" ]<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">then <p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">echo "Filewall completely stopped!no firewall running!"<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">exit 0<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">fi<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">#setting for loopback interface<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -i lo -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A OUTPUT -o lo -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># Stealth Scans and <place w:st="on"><placename w:st="on">TCP</placename><placetype w:st="on">State</placetype></place> Flags<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># All of the bits are cleared<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># SYN and FIN are both set<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># SYN and RST are both set<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># FIN and RST are both set<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># FIN is the only bit set, without the expected accompanying ACK<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># PSH is the only bit set, without the expected accompanying ACK<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># URG is the only bit set, without the expected accompanying ACK<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># Using <place w:st="on"><placename w:st="on">Connection</placename><placetype w:st="on">State</placetype></place> to By-pass Rule Checking<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">if [ "$CONNECTION_TRACKING" = "1" ]; then<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-m state --state ESTABLISHED,RELATED -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>$IPT -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>$IPT -A INPUT -m state --state INVALID -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span>$IPT -A OUTPUT -m state --state INVALID -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">fi<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">##################################################################<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># Source Address Spoofing and Other Bad Addresses<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># Refuse spoofed packets pretending to be from <p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># the external interface.s IP address<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -s $IPADDR -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># Refuse packets claiming to be from a Class A private network<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -s $CLASS_A -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># Refuse packets claiming to be from a Class B private network<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -s $CLASS_B -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman"># Refuse packets claiming to be from a Class C private network<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -s $CLASS_C -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -i $INTERNET -s <chsdate isrocdate="False" islunardate="False" day="30" month="12" year="1899" w:st="on">0.0.0</chsdate>.0/8 -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -i $INTERNET -s 169.254.0.0/16 -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT -i $INTERNET -s 192.0.2.0/24 -j DROP<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">###################################################################<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">#setting access rules<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">#enable ssh connect<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -p tcp<span style="mso-spacerun: yes"> </span>--dport 22 -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -p tcp<span style="mso-spacerun: yes"> </span>--dport 80 -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -p tcp<span style="mso-spacerun: yes"> </span>--dport 1755 -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -p tcp<span style="mso-spacerun: yes"> </span>--dport 554 -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -p udp<span style="mso-spacerun: yes"> </span>--dport 554 -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -p tcp<span style="mso-spacerun: yes"> </span>--dport 8080 -j ACCEPT<p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><font face="Times New Roman">$IPT -A INPUT<span style="mso-spacerun: yes"> </span>-i $INTERNET -p udp<span style="mso-spacerun: yes"> </span>--dport 1024:5000 -j ACCEPT <p></p></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">在这个防火墙脚本中,</span><span lang="EN-US"><font face="Times New Roman">--dport 1024:5000 udp</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">端口是用于</span><span lang="EN-US"><font face="Times New Roman">mms</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">协议的,在项目实施过程中,没有注意这个端口,结果导致流媒体服务请求不能被转发到真实服务器。</span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: blue"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">三、数据同步。所有相同服务的服务器挂接共享服务器的同一个目录,写入数据实际上是写同一个文件或目录,因此不再需要</span><span lang="EN-US"><font face="Times New Roman">rsycn</font></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " roman="" new="" times="">这样占资源的同步工具。</span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US"><p><font face="Times New Roman"></font></p></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span style="FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" new="" times="" ar-sa="">四、</span><span lang="EN-US" style="FONT-SIZE: 10.5pt; FONT-FAMILY: " new="" times="" ar-sa="">LVS/DR</span><span style="FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" new="" times="" ar-sa="">维护和监控。系统在运行过程中,某个真实服务器多运行的服务很可能出故障,但</span><span lang="EN-US" style="FONT-SIZE: 10.5pt; FONT-FAMILY: " new="" times="" ar-sa="">ipvsadm</span><span style="FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" new="" times="" ar-sa="">本身不探测这个事件,它仍然按照某种算法将一些用户的请求转发给出故障的服务器,导致一些用户不能正常访问。</span><span lang="EN-US" style="FONT-SIZE: 10.5pt; FONT-FAMILY: " new="" times="" ar-sa="">Ldirectord</span><span style="FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" new="" times="" ar-sa="">可以动态的处理这个麻烦,也可以自己写个小工具,定期到真实服务器获取访问返还状态码,根据返还状态码执行相关的</span><span lang="EN-US" style="FONT-SIZE: 10.5pt; FONT-FAMILY: " new="" times="" ar-sa="">ipvsadm</span><span style="FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" new="" times="" ar-sa="">维护操作。监控报警方面,</span><span lang="EN-US" style="FONT-SIZE: 10.5pt; FONT-FAMILY: " new="" times="" ar-sa="">Nagios(<a href="http://www.nagios.org/"></a><a href="http://www.nagios.org/" target="_blank"><font face="Verdana" color="#111100" size="2">www.nagios.org</font></a>)</span><span style="FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" new="" times="" ar-sa="">是非常好的选择,当然,监控系统最好放在</span><span lang="EN-US" style="FONT-SIZE: 10.5pt; FONT-FAMILY: " new="" times="" ar-sa="">LVS/DR</span><span style="FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" new="" times="" ar-sa="">环境之外,关于</span><span lang="EN-US" style="FONT-SIZE: 10.5pt; FONT-FAMILY: " new="" times="" ar-sa="">Nagios</span><span style="FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" new="" times="" ar-sa="">的细节,请参照我的文章</span><span lang="EN-US" style="FONT-SIZE: 10.5pt; FONT-FAMILY: " new="" times="" ar-sa="">”<span style="COLOR: black"> Nagios</span></span><span style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 宋体; mso-ascii-font-family: ; mso-bidi-font-size: 12.0pt" new="" times="" ar-sa="">远程监控软件的安装与配置详解</span><span lang="EN-US" style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: " new="" times="" ar-sa="">(<a href="http://netsecurity.51cto.com/art/200706/48728.htm"></a><a href="http://netsecurity.51cto.com/art/200706/48728.htm" target="_blank"><font face="Verdana" color="#111100" size="2">http://netsecurity.51cto.com/art/200706/48728.htm</font></a>).</span>
</div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: " new="" times="" ar-sa="">
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US"><font face="Times New Roman"><span style="mso-spacerun: yes"> </span><chsdate isrocdate="False" islunardate="False" day="5" month="12" year="2007" w:st="on">2007-12-5</chsdate></font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt">
<span lang="EN-US"><span style="mso-spacerun: yes"><font face="Times New Roman"> </font></span></span><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: " new="" times="">海淀福源门悟真阁</span>
</div></span></div></span></span></span></span></span></chmetcnv>
本文出自 “sery” 博客,请务必保留此出处http://sery.blog.51cto.com/10037/54645
本文出自 51CTO.COM技术博客
相关推荐
田逸老师关于lvs的应用,很详细。realserver有linux和windows,使用DR方式
LVS的应用实例,完整实例配置过程LVS的应用实例LVS的应用实例
基于LVS集群动态均衡负载的研究与实现 论文
对LVS应用全面讲解,达到高可用,负载均衡双DR做冗余,避免单点故障 使用直接路由调度请求 实现后端节点健康检查 后点节点使用共享存储实现附件目录的同步 使用集群文件系统配置集群 使用memcached存放session...
LVS在淘宝环境中的应用.pdf
Linux下基于LVS实现高可靠流媒体集群.pdf
基于LVS技术的Linux服务器负载均衡研究.pdf
基于LVS的数据库集群负载均衡性能测试与分析.pdf
基于LVS的服务器负载均衡技术_王颐帅.pdf
1、部署环境架构设计2、安装与配置说明2.1 Apache与PHP-FPM2.2 Varnish与Apache2.3 Nginx反向代理2.4 LVS负载均衡3、环境测试3.1 Apache与PHP-FPM3.2 Varnish与Apache3.3 Nginx3.4 LVS负载均衡
基于LVS + Keepalived的企业级LB集群实战
基于LVS的WebGIS集群系统的体系结构设计,商宏杰,马义忠,本文以WebGIS集群为研究对象,对采用LVS(Linux Virtual Server)和动态负载均衡算法的WebGIS集群进行了深入细致的分析与讨论。提出了在Linux��
基于LVS的网站服务器群的负载均衡.pdf
基于linux-lvs实现业务负载均衡介绍.pdf
基于linux下LVS集群技术在图书馆的应用.pdf
基于LVS系统的负载动态平衡设计与实现.pdf
072801LB集群LVS原理应用1
IPTV中基于集群技术的LVS研究与应用.pdf
lvs在淘宝的应用,淘宝自主研发新的转发模式FULLNAT,ospf集群部署
基于DR模式的LVS负载均衡群集