←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0


現在網友友對LVS的只是都是很熱衷,現在打算建立一個lvs howto的翻譯項目,主要目的是翻譯austintek的LVS HOWTO文章,最後做成一個比較實用的能增加網友對LVS項目的深入理解,並將翻譯文章成果以GPL的形式進行發布,以幫助國內的網友儘快的掌握LVS的精華並能在實踐中進行具體的應用。


西安|百湖|3 翻譯第三章,計劃10月的第四個星期完成;
廣州|小葉|2 翻譯第二章,計劃十一月第一個星期完成;

[ 本帖最後由 kns1024wh 於 2008-10-14 12:14 編輯 ]


Table of Contents
1. LVS: Introduction
1.1. Thanks
1.2. About the HOWTO
1.3. Nomenclature/Abbreviations
1.4. Minimal knowledge required
1.5. Free Technical Help
1.6. After you've Got Technical Help
1.7. Paid technical help
1.8. Mailing list: subscribing, unsubscribing, searching
1.9. Mailing list: posting to
1.10. Bug Fixes
1.11. Other load balancing solutions, GPL, opensource and commercial
1.12. Books on LVS
1.13. LVS in the news
1.14. Software/Information/HOWTOs useful/related to LVS
2. LVS: What is an LVS? Can I use an LVS?
2.1. What is a VIP?
2.2. Where do you use an LVS?
2.3. Client/Server relationship is preserved in an LVS
2.4. LVS director is an L4 switch
2.5. LVS forwards packets to realservers
2.6. LVS runs on Linux and FreeBSD directors
2.7. Code for LVS is different for each kernel series
2.8. kernels from 2.4.x series are SMP for kernel code
2.9. OS for realservers
2.10. LVS works on ethernet
2.11. LVS works on IPv6
2.12. LVS is continually being developed
2.13. LVS is 64 bit
2.14. Other documentation
2.15. LVS is not simple to install, get going or keep running
2.16. LVS Control (Failure, Thundering Herd, Sorry Servers)
2.17. clients on realservers
3. LVS: Install, Configure, Setup
3.1. Installing from Source Code
3.2. Ultra Monkey
3.3. Keepalived
3.4. ipvsman(d)
3.5. Alternate hardware: Soekris (and embedded hardware)
3.6. LVS on a CD: Malcolm Turnbull's ISO files
4. LVS: Ipvsadm and Schedulers
4.1. Using ipvsadm
4.2. Memory Requirements
4.3. sysctl documentation
4.4. Compile a version of ipvsadm that matches your ipvs
4.5. put realservers in /etc/hosts
4.6. RR and LC schedulers
4.7. Netmask for VIP
4.8. LBLC, DH schedulers
4.9. LVS with mark tracking: fwmark patches for multiple firewalls/gateways
4.10. SH scheduler
4.11. What is an ActiveConn/InActConn (Active/Inactive) connnection?
4.12. FAQ: ipvsadm shows entries in InActConn, but none in ActiveConn, connection hangs. What's wrong?
4.13. FAQ: initial connection is delayed, but once connected everything is fine. What's wrong?
4.14. unbalanced realservers: does rr and lc weighting equally distribute the load? - clients reusing ports
4.15. Changing weights with ipvsadm
4.16. Dynamically changing realserver weights
4.17. feedbackd
4.18. lvs-kiss
4.19. connection threshold
4.20. Flushing connection table
4.21. Thundering herd problem, Slow start code for realserver(s) coming on line
4.22. Handling kernel version dependant files e.g. and ipvsadm
4.23. Limiting number of clients connecting to LVS
4.24. Who is connecting to my LVS?
4.25. experimental scheduling code
4.26. Ratz's primer on writing your own scheduler
4.27. changing ip_vs behaviour with sysctl flags in /proc
4.28. Counters in ipvsadm
4.29. Exact Counters
4.30. Scheduling TCP/UDP/SCTP/TCP splicing/
4.31. patch: machine readable error codes from ipvsadm
4.32. patch: stateless ipsvadm - add/edit patch
4.33. patch: fwmark name-number translation table
4.35. Luca's php monitoring script
4.36. ipvsadm set option
4.37. ipvsadm error messages
4.38. ipvsadm fast update bug with smp
5.1. Introduction
5.2. LVS-NAT bugs
5.3. Example 1-NIC, 2 Network LVS-NAT (VIP and RIPs on different network)
5.4. All packets sent from the LVS-NAT realserver to the client must go through the LVS-NAT director
5.5. Run the configure script
5.6. Setting up demasquerading on the director; 2.4.x and 2.2.x
5.7. rewriting, re-mapping, translating ports with LVS-NAT
5.8. masquerade timeouts
5.9. Julian's step-by-step check of a L4 LVS-NAT setup
5.10. How LVS-NAT works
5.11. In LVS-NAT, how do packets get back to the client, or how does the director choose the VIP as the source_address for the outgoing packets?
5.12. One Network LVS-NAT
5.13. re-mapping ports, rewriting is slow for 2.0, 2.2 kernels
5.14. Two instances of demon running on realserver
5.15. Performance of LVS-NAT
5.16. Various debugging techniques for routes
5.17. Connecting directly from the client to a service:port on an LVS-NAT realserver
5.18. A NAT router has no connections
5.19. Thoughts on extending NAT
5.20. Postings from the mailing list
5.21. LVS-NAT source routing patch (Brownfield, Sawari and Black)
5.22. LVS-NAT FTP Recipe
5.23. LVS-NAT vhosts with apache
5.24. LVS-NAT timeout problem
6. LVS: The ARP Problem
6.1. The problem
6.2. Put the VIP on the realservers lo device
6.3. The Cure(s)
6.4. The Cure: 2.0 kernels - nothing needed
6.5. The Cure: 2.2.x kernels - many options
6.6. The Cure: 2.4.x kernels - arp_ignore/arp_announce
6.7. The Cure: 2.6.x kernels - arp_ignore/arp_announce
6.8. arptables
6.9. The arp problem is on the realserver's VIP not the RIP
6.10. Testing an interface for replies to arp requests
6.11. Normal machines, Solaris
6.12. problems with switches
6.13. The ARP problem, the first inklings
6.14. A posting to the mailinglist by Peter Kese explaining the "arp problem"
6.15. arp bouncing
6.16. Lar's Method
6.17. Static Routing to Director
6.18. iproute2 arp on|off flag
6.19. Is the arp behaviour of 2.2.x kernel a bug?
6.20. The device doesn't reply to arp requests, the kernel does.
6.21. Properties of devices for the VIP
6.22. Topologies for LVS-DR and LVS-Tun LVS's
6.23. Why do all devices broadcast the arp replies
6.24. A discussion about the arp problem
6.25. ATM/ethernet and router problems
6.26. Same IP on multiple NICs
7.1. LVS-DR example
7.2. How LVS-DR works
7.3. Handling the arp problem for LVS-DR
7.4. LVS-DR scales well
7.5. LVS-DR director as default gw for realservers, transparent proxy and Julian's martian and forward_shared patches
7.6. Accepting packets on LVS-DR director by fwmarks
7.7. security concerns: default gw(s) and routing with LVS-DR/LVS-Tun
7.8. routing to realserver from director
7.9. LVS-DR, LVS-Tun need rp_filter=0
7.10. Director as client in LVS-DR
7.11. from the mailing list
7.12. rewriting, re-mapping, translating ports with LVS-DR
8. LVS: LVS-Tun
8.1. LVS-Tun Intro
8.2. LVS-Tun example setup
8.3. You need a tunl0 device
8.4. the ARP problem with LVS-Tun
8.5. Reply packets appear to be spoofed
8.6. How LVS-Tun works
8.7. The RIP (not the tunl device) receives the ipip packet
8.8. Configure LVS-Tun
8.9. set rp_filter correctly
8.10. FreeBSD and Solaris realservers with LVS-Tun
8.11. Windows realservers with LVS-Tun
8.12. Realservers without ipip encapsulation
8.13. LVS-Tun has smaller MTUu: PMTU is disabled - handling fragmentation
8.14. MTU: early signs of problems
8.15. tunl mtu solved: Setting the MTU by MSS with iptables on the realserver
8.16. Setting the MTU by route
8.17. rewriting, re-mapping, translating ports with LVS-Tun
9. LVS: LocalNode
9.1. Two LocalNode Servers
9.2. Two Box LVS
9.3. Testing LocalNode
9.4. Localnode on the backup director
9.5. rewriting, re-mapping, translating ports with Localnode
10. LVS: You can't map (or earewrite) ports with LVS-DR, LVS-Tun or localnode (but you can with iptables)
10.1. You can't rewrite ports with localnode (but you can with iptables)
10.2. rewriting, re-mapping, translating ports with iptables in LVS-DR
10.3. can't port map with LVS
11. LVS: Non-LVS clients on Realservers
11.1. always NAT out clients through VIP
11.2. Masquerading clients on realservers to the outside world (SNAT)
11.3. Masquerading clients on LVS-NAT realservers
11.4. Masquerading clients on LVS-DR realservers
11.5. Masquerading clients on LVS-Tun realservers
11.6. Masquerading clients through the VIP on the director
11.7. 3-Tier LVS
11.8. Routes needed for 3-Tier LVS
11.9. Setting up routes using iptables and iproute2
11.10. from the mailing list
12. LVS: LVS clients on Realservers
12.1. Do you really need LVS clients on the realserver in a 3-Tier setup?
12.2. Realserver as LVS client in LVS-NAT
12.3. Realserver as LVS client in LVS-DR
13. LVS: Non Linux Realservers
13.1. Loopback interface on Windows/Microsoft/NT/W2K
13.2. Mac OS X (and Solaris)
14. LVS: identd/authd
14.1. What is authd/identd?
14.2. authd/identd and other 3-Tier clients
14.3. symptoms of the identd problem
14.4. FAQ on identd
14.5. Russ Nelson on identd
14.6. Why identd is a problem for LVS
14.7. tcpdumps of connections delayed by identd
14.8. There are solutions to identd problem in some cases
14.9. Turn off tcpwrappers
14.10. Identd and smtp/pop/qmail
15. LVS: Variants on LVS: Local Nodes (One Box LVS)
16. LVS: Variants on LVS: Peter Warasin's ip_vs() in PREROUTING
17. LVS-J: Ludo's reinJect Forwarder: using the director as a gateway to load balance connections to the internet
17.1. Introduction
17.2. reinJect setup with ipvsadm
17.3. The target LVS: sending packets with dst_addr=0/0 to ip_vs
17.4. setting up LVS-J forwarding
17.5. SNAT'ing the output
17.6. LVS-J discussion by Ludo
18. LVS: Services: general, setup, debugging new services
18.1. Single port services are simple
18.2. setting up a (new) service
18.3. services must be setup for forwarding type
18.4. Realservers present the same content: Synchronising (filesharing) content and config files, backing up realservers
18.5. cfengine for synchronising files
18.6. File Systems for (really big) Clusters: Lustre, Panasas
18.7. File Systems for Clusters: Samba waits for a commit and is slow, NFS fills buffers and is fast
18.8. Discussion on distributed filesystems
18.9. load balancing and scheduling based on the content of the packet: Cookies, URL, file requested, session headers
18.10. timeouts for TCP/UDP connections to services
18.11. name resolution on realservers: running name resolution friendly demons on realservers
18.12. Debugging new services
18.13. "broken" services:servlets and j2ee
18.14. http logs, error logs
19. LVS: Services: single-port
19.1. ftp, tcp 21
19.2. ssh, sftp, scp, tcp 22
19.3. telnet, tcp 23
19.4. smtp, tcp 25; pop3, tcp 110; imap tcp/udp 143 (imap2), 220(imap3). Also sendmail, qmail, postfix, and mailfarms.
19.5. Mail Farms
19.6. dns, tcp/udp 53 (and dhcpd server 67, dhcp client 68)
19.7. http name and IP-based (with LVS-DR or LVS-Tun), tcp 80
19.8. http with LVS-NAT
19.9. httpd is stateless and normally closes connections
19.10. netscape/database/tcpip persistence (keepalives)
19.11. dynamically generated images on web pages
19.12. http: sanity checks, shutting down, indexing programs, htpasswd, apache proxy and reverse proxy to look at URL, mod_backhand, logging
19.13. HTTP 1.0 and 1.1 requests
19.14. Large HTTP /POST with LVS-Tun
19.15. Microsoft http clients and servers violate the RFC for TCP/IP
19.16. http keepalive - effect on InActConn
19.17. Fallback/Sorry pages with Apache
19.18. Testing http with apachebench (ab)
19.19. Apache setup for DoS
19.20. squids, tcp 80, 3128
19.21. authd/identd, tcp 113 and tcpwrappers (tcpd)
19.22. ntp, udp 123
19.23. https, tcp 443
19.24. name based virtual hosts for https
19.25. Obtaining certificates for https
19.26. Self made certificates
19.27. SSL Accelerators and Load Balancers
19.28. r commands; rsh, rcpi (and their ssh replacements), tcp 514
19.29. lpd, tcp 515
19.30. Databases
19.31. Databases: mysql
19.32. Using Zope with databases
19.33. Databases: Microsoft SQL server, tcp 1433
19.34. Databases: Oracle
19.35. Databases: ldap, tcp/udp 389, tcp/udp 636
19.36. nfs, udp 2049
20. LVS: Services: multi-port
20.1. Introduction
20.2. ftp general, active tcp 20,21; passive 21,high_port
20.3. ftp helper modules: ip_vs_ftp/ip_masq_ftp
20.4. ftp (active) - the classic command line ftp
20.5. ftp (passive)
20.6. ftp helper bug(s)
20.7. ftp is difficult to secure
20.8. ftps (ssl based ftp), tcp 21, 22?
20.9. dns, tcp/udp 53 (and dhcpd server 67, dhcp client 68)
20.10. samba, udp 137, udp 138, tcp 139, tcp 445
20.11. xdmcp, X-window, udp 177 (xdmcp), tcp 6000 (and ssh X-forwarding)
20.12. r commands; rsh, rcp, and their ssh replacements, tcp 513 (,514) and another connection
20.13. Streaming Media: RealNetworks, Quicktime, Windows Media Server, tcp/udp 554 (and other ports)
20.14. Radius, udp 1645,1646
21. LVS: Services that we haven't got to work with LVS yet
21.1. Kerberos
21.2. RMI
22. LVS: UDP Services - unique problems
22.1. SIP (Session Initiation Protocol)
22.2. UDP timeouts (SIP)
22.3. UDP timeouts (DNS)
22.4. Julian's One Packet Scheduler (OPS) for UDP, timeouts for DNS
22.5. icmp responses aren't generated by UDP timeouts on VIP-less directors
23. LVS: Routing and packet delivery to a director without a VIP (for fwmark and transparent proxy)
23.1. Introduction
23.2. Routing to and accepting packets by a VIP-less director
23.3. Routing to the MAC address of the director
23.4. Julian's iproute2 solutions
23.5. Ludos LVS target in iptables
23.6. Transparent proxy Q and A
23.7. Other tricks
24. LVS: Fwmarks (firewall marks)
24.1. Introduction
24.2. ipvsadm syntax for fwmark
24.3. setting up routing and packet delivery to the director
24.4. single-port service: telnet with fwmarks
24.5. Grouping services: single group, active ftp(20,21)
24.6. Grouping services: two groups, active ftp(20,21) and e-commerce(80,443)
24.7. passive ftp
24.8. fwmark with LVS-NAT
24.9. collisions between fwmark and VIP rules
24.10. persistence granularity with fwmark
24.11. fwmark allows LVS-DR director to be default gw for realservers
24.12. fwmark simplifies configuration for large numbers of addresses
24.13. Example: firewall farm
24.14. Example: LVS'ing a CIDR block
24.15. Example: forwarding based on client source IP
24.16. Example: load balancing multiple class C networks
24.17. Example: proxy server
24.18. Example: transparent web cache
24.19. Example: Multiply-connected router
24.20. httpd clients (browsers)
24.21. Example: dynamically generated images in webpages
24.22. Example: Balancing many IPs/services as one block
24.23. Example: Source controlled LVS - services and realserver customised by Client IP
24.24. Appendix 1: Specificiations for grouping of services with fwmarks
24.25. Appendix 2: Demonstration of grouping services with fwmarks
24.26. Appendix 3: Announcement of grouping services with fwmarks
24.27. fwmark examples from the mailing list
25. LVS: Transparent proxy (TP or Horms' method)
25.1. setting up routing and packet delivery to the director
25.2. General
25.3. How you use TP
25.4. The original 2.2 TP setup method
25.5. Transparent proxy for 2.4.x (and presumably 2.6.x)
25.6. Experiments showing that 2.4TP is different to 2.2TP
25.7. What IP TP packets arriving on?
25.8. Take home lesson for setting up TP on realservers
25.9. Handling identd requests from 2.4.x LVS-DR realservers using TP
25.10. Performance of Transparent Proxy
25.11. The difference between REDIRECT and TPROXY
26. LVS: Transparent Bridging
27. LVS: Persistent Connection (Persistence, Affinity in cisco-speak)
27.1. LVS persistence
27.2. Scheduling looks different under persistence
27.3. Persistent and regular (non-persistent) services together on the same realserver.
27.4. Tracing connections: where will the client connect next?
27.5. Bringing down persistent services.
27.6. Forcing a break in a persistent connection: expire_quiescent_template - Horms sysctl for quiescing persistent connections
27.7. what if a realserver holding a persistent (sticky) connection crashes
27.8. Load Balancing time constant is longer with persistence
27.9. The tcp NONE flag
27.10. Resetting the persistence timeout counter (persistence behaviour for short timeout values)
27.11. Why you don't want persistence for your e-commerce site: why you should rewrite your application
27.12. more about e-commerce sites: we used to think memory was the problem - it isn't
27.13. persistence with windows realservers
27.14. messing with the ipvsadm table while your LVS is running
27.15. Persistence for multiport services
27.16. Proxy services, e.g. AOL
27.17. key exchanges (SSL)
27.18. About longer timeouts
27.19. passive ftp and persistence
27.20. The Persistence Template (about port 0)
27.21. persistent clients behind a proxy or nat box
27.22. Rogue clients hidden by persistence
27.23. Long (1 day) persistence to windows terminal servers
28. LVS: Running a firewall on the director: Interaction between LVS and netfilter (iptables).
28.1. Start with no filter rules
28.2. Introduction
28.3. Path of an ip_vs controlled packet
28.4. how to filter with netfilter
28.5. ipvs_nfct, netfilter connection tracking for ipvs
28.6. LVS-NAT netfilter conntrack example with ftp
28.7. tcpdump is LVS compatible
28.8. Writing Filter Rules
28.9. The Antefacto Netfilter Connection Tracking patches
28.10. The design of LVS as a netfilter module, pt1
28.11. The design of LVS for Netfilter and Linux 2.4, pt2
28.12. Example ip_tables filter scripts
28.13. performance hit on director with iptables/netfilter
28.14. Long sessions through LVS DR director terminated by icmp-host-prohibited (ICMP type 3 code 10)
29. LVS: Cluster friendly versions of applications that need to maintain state
29.1. rewriting your application/service
29.2. Session Data, maintaining state in a cluster, from Andreas Koening
29.3. Single Session
29.4. IIS session management: how it works
29.5. Maintaining state with persistence
29.6. How others maintain state
30. LVS: Squid Realservers (poor man's L7 switch)
30.1. Terminology
30.2. Preview
30.3. Let's start assembling
30.4. One squid
30.5. Another squid
30.6. Combining pieces with LVS
30.7. Problems


31. LVS: Performance and Kernel Tuning
31.1. Performance Articles
31.2. Estimating throughput: Rule of Thumb
31.3. Estimating throughput: 100Mbps FE is really 8000packets/sec ethernet
31.4. Jumbo frames
31.5. Network Latency
31.6. Mixture of 100Mbps and GigE ethernet
31.7. NICs and Switches, 100Mbps (FE) and 1Gbps (GigE)
31.8. NIC bonding
31.9. NIC problems - eepro100
31.10. NIC problems - tulip
31.11. dual/quad ethernet cards, IRQ sharing problems
31.12. Flakey Switch
31.13. performance testing tools
31.14. Max number of realservers
31.15. FAQ: What is the minimum hardware requirements for a director
31.16. FAQ: How fast/big should my director be?
31.17. SMP doesn't help
31.18. Performance Hints from the Squid people
31.19. realservers filling conntrack tables (LVS-DR)
31.20. Conntrack, effect on throughput
31.21. Don't use the preemptible/preemptable/preemptive kernels
31.22. 9.6Gbps served using LVS-DR with gridftp
32. LVS: Monitoring
32.1. CPU usage/load level on the director?
32.2. LVS throughput at the director with ipvsadm
32.3. Monitoring: LVS director throughput statistics from the /proc system (originally /proc/net/ip_vs_stats)
32.4. MRTG family: Intro
32.5. MRTG family: LVSGSP
32.6. MRTG
32.7. MRTG family: RRDtool
32.8. MRTG family: cacti
32.9. MRTG family: Ganglia (incl. INSTALL)
32.10. MRTG family: rrd images
32.11. Nagios
32.12. MIB/SNMP
32.13. home brew MIB/SNMP
32.14. Disks
32.15. Other output GUIs
33. LVS: Details of LVS operation, Security, DoS
33.1. Top 20 security vunerabilities
33.2. Top 75 security tools from the people at nmap
33.3. Network Testing with Abberant Packets
33.4. Do I need security, really?
33.5. What to do after a break-in, prevention strategies
33.6. More about syncookies
33.7. Can filter rules stop the intruder hopping to other machines?
33.8. Where filter rules act
33.9. /proc filesystem flags for ipv4, e.g.rp_filter
33.10. tcp timeout values, don't change them (at least yet)
33.11. /proc file system settings for LVS: security and private copies of tcp timeouts for LVS connections (you can change these)
33.12. timeouts the same for all services
33.13. Director Connection Hash Table
33.14. Hash table connection timeouts
33.15. Hash Table DoS
33.16. Hash table size, director will crash when it runs out of memory.
33.17. The LVS code does not swap
33.18. Other factors determining the number of connections
33.19. Port range: limitations, expanding port range on directors
33.20. Director does not have any ports (connections) open for an LVS connection
33.21. apps starved for ports
33.22. realserver running out of ports
33.23. Maximum number of NICs
33.24. DoS
33.25. DoS, from the mailing list
33.26. Testing DoS Strategies with testlvs: Creating large numbers of InActConn
33.27. Debugging LVS
33.28. realserver content: filesystem or database? (the many reader, single writer problem)
33.29. Developement: Supporting IPSec on LVS
34.1. MTU discovery and ICMP handling
34.2. LVS code only needs to handle icmp redirects for LVS-NAT and not for LVS-DR and LVS-Tun
34.3. ICMP checksum errors
34.4. ICMP Timeouts
34.5. PMTUD (path MTU discovery)
34.6. Long sessions through LVS DR director terminated by icmp-host-prohibited (ICMP type 3 code 10)
35. LVS: High Availability, Failover protection
35.1. Introduction
35.2. Single Point of Failure (SPOF) - you can't protect against everything
35.3. Stateful Failover
35.4. Director failure
35.5. UltraMonkey and Linux-HA
35.6. Keepalived and Vrrpd
35.7. Using keepalived to failover routers
35.8. monitoring/failover messages should stay internal to LVS
35.9. Parsing problems with vrrpd config file
35.10. Two instances of vrrpd
35.11. HA MySQL
35.12. Failover of large numbers (say 1024) of VIPs
35.13. Some vrrpd setup instructions
35.14. Filter rules for vrrpd broadcasts
35.15. Vinnie's comparison between ldirectord/heartbeat and keepalived/vrrpd
35.16. Saru: All directors active at the same time
35.17. Server Load Balancing Registration Protocol
35.18. using iproute2 to keep demons running during failover, while link is down
36. LVS: Dynamic Routing, multiple gateways, realservers in multiple LVSs, dead gateway detection
36.1. Setting up multiple gateways: Realservers shared between two LVSs: ip route append
36.2. Connecting from clients through multiple parallel links: the dead gateway problem
36.3. Dynamic Routing to handle loss of routing in directors
36.4. Dynamic routing with gated: An LVS that connects to the outside world through two networks
36.5. flapping stemming from convergence time for spanning tree
37. LVS: Server State Sync Demon, syncd (saving the director's connection state on failover)
37.1. Intro
37.2. Release Notice
37.3. Expiration of Connection in Backup Director
37.4. LVS and syncd do not use conntrack
37.5. Connection Synchronisation (TCP Fail-Over)
37.6. The synchd produces broadcast traffic
37.7. from the mailing list
37.8. Bug (fixed) in syncd: mixed endianness on directors
38. LVS: Realserver failure handled by Mon
38.1. Introduction
38.2. ethernet NIC failure, and channel bonding
38.3. Service/realserver failout: mon, ldirectord
38.4. Mon for server/service failout
38.5. Monitoring the service running on the VIP on the realserver from the director
38.6. About Mon
38.7. Mon Install
38.8. Mon Configure
38.9. Testing mon without LVS
38.10. Can virtualserver.alert send commands to LVS?
38.11. Running mon with LVS
38.12. Why is the LVS monitored for failures/load by an external agent rather than by the kernel?
38.13. Running multiple directors (each with their own IP)
38.14. Mon scripts from Christopher DeMarco
39. LVS: Setting up Linux-HA for directors (mostly by using rpms)
39.1. linux-ha howto
39.2. Fix the (possible) ethernet alias issue.
39.3. Configure /etc/ha.d/. files.
39.4. Stop ldirectord from starting, ensure heartbeat starts on reboot
39.5. starting heartbeat and verifying functionality
39.6. Test your fail-over features, understand HA.
39.7. Configuration of mon - recommended
40. LVS: Director failover using heartbeat
40.1. Introduction
40.2. On using serial and ethernet connections for heartbeat
40.3. Ard van Breeman's replacement for IPaddr using ip and arping
41. LVS: Running LVS under UML (User Mode Linux), by Brett Elliot
41.1. Introduction
41.2. Ethernet bridging
41.3. Putting it all together: UML + LVS examples (not finished)
42. LVS: Newer networking tools: Policy Routing
42.1. Introduction
42.2. Policy Routing and ifconfig
42.3. Various debugging techniques for routes
42.4. checking source routed packets
42.5. handling arp problem with iproute2
42.6. ip commands you mightn't know about
42.7. Ratz's corrections on common iproute2/aliases misconceptions
42.8. Ratz's wrappers (for iproute2)
43. LVS: Weird hardware (and software)
43.1. Arp caching defeats Heartbeat switchover
43.2. Weird Hardware I: cisco catalyst routers gratuitously cache arp data (failover is slow)
43.3. Weird Hardware II: autonegotiation failure on cisco CSS 11050
43.4. Weird Hardware III: Watchguard firewall at client site
43.5. Weird Hardware IV: wrong device gets MAC address
43.6. Weird Hardware V: SonicWAll firewall rewriting sequence numbers
43.7. Weird Hardware VI: cisco 2924XL switch
43.8. Weird Hardware VII: unknown switches don't defragment
43.9. Weird Hardware VIII: bad routers/routing tables at ISP
43.10. Possible Wierd Hardware (or driver) IX: Broadcom GigE card
44. LVS: Misc/FAQ/Wisdom from the mailing list
44.1. Having one director handling multiple LVS sites, Multiple VIPs
44.2. Setting up a fake service on the realserver with inetd
44.3. How to bring down a realserver for maintenance (eg swap disks)
44.4. temporarily removing a realserver from view of keepalived
44.5. Howto turn your single node ftp/http server into an LVS without taking it off-line
44.6. shutdown of LVS
44.7. Other projects like LVS - Beowulf
44.8. Projects like LVS - Eddie
44.9. Recommendations for a redundant file system, RAID
44.10. on the need for extended testing
44.11. Bringing down aliased devices
44.12. Multiple IPs on the Director
44.13. Testimonials
44.14. Transport Layer Security(TLS)
44.15. Setting up a hot spare server
44.16. An LVS of LVSs
44.17. LVS on a Linux/IBM mainframe
44.18. mqseries
44.19. LVS log files
44.20. LVS and linux vlan
44.21. multi-home, multi-router LVS
44.22. Horror story, mostly from slow file system with disk intensive application
44.23. RTNETLINK answers:
44.24. LVS chokes on 600+ connections
45. LVS: L7 Switching
45.1. Introduction
45.2. KTCPVS
45.3. DRWS
45.4. Alexandre's (unamed) L7 code
45.5. UltraMonkey-L7
45.6. from the mailing list about L7 switching
45.7. What is TCPSP?
46. LVS: Geographically distributed load balancing
46.1. Determining Location from the IP
46.2. Supersparrow
46.3. sharing/separate routers
46.4. Other uses of BGP4 with LVS
46.5. Geographically remote nodes connected by Bridging
46.6. Load Balancing by DNS (round robin DNS)
46.7. BIND, BGP with load balancing (more ideas from Horms)
46.8. Commercial Geographically Distributed Servers
46.9. from the mailing list
47. LVS: Loadbalancing with unmodified realservers
47.1. F5 style SNAT
47.2. NetScaler
47.3. Using MASQ with REDIRECT to accept packet on realserver to replace a NetScaler
47.4. Using HAProxy with LVS to substitute for the remote server failover of a NetScaler
48. LVS: Virtualised Hosts in a Linux Virtual Server
48.1. Introduction
48.2. Virtualised Realsevers: VMWare/Xen
48.3. Running a test LVS (director, backup director and realservers) on one box (UML, VMWare)
48.4. VMWare problems with ntp
48.5. Xen tcpip checksum bug
49. LVS: Linux Distributions prepatched with LVS, Unsupported LVS addons
49.1. Distributions prepatched with LVS
49.2. PB's Nutshell HOWTO for Piranha/LVS-NAT
49.3. Horms advice for installing on RedHat systems
49.4. Recipe and LVS binaries for RedHat from Alex Kramarov
49.5. recipes for installing with RedHat from the mailing list
49.6. Hidden RPMs
50. LVS: Useful things that have no other place
50.1. Ramdisk
50.2. cscope
50.3. Neutral currents in multiphase power lines with non-linear loads (like computers with switching power supplies)
50.4. netcat/phatcat
51. LVS: FAQ
51.1. When will LVS be ported to Solaris, xxxBSD...?
51.2. Is there a HOWTO in Japanese, French, Italian, Mandarin...?

:mrgreen: :mrgreen:



回復 #1 kns1024wh 的帖子


第三章節部分翻譯內容3. LVS: Install, Configure, Setup

通過配置腳本建立一個具有單一調度器的LVS。這個腳本定義初始化的基本設置:它的錯誤證明(會給你足夠的信息未能找出可能是錯誤的) ,我用它為我所有的測試LVS項目中。因為它不容易擴展處理調度器故障和現在其它配置工具能夠解決這個問題, configure腳本沒有被開發了。對於生產系統,這裡需要對調度器設置failover(容錯),應該使用其他安裝工具或儲存設置作為一個腳本(例如ipvsadm-sav) 。
3.2. Ultra Monkey(超猴)
Ultra Monkey是一個二進位的LVS安裝包,包括Linux-HA實現調度器節點容錯和ldirectord實現realserver故障檢測。Ultra Monkey的作者是Horms ,一個LVS開發者。Ultra Monkey被VA Linux預裝到伺服器上出售,這種方式為該公司賺取了很多利潤。Ultra Monkey從2000年開始發布以來,是成熟和穩定。關於Ultra Monkey的疑問在LVS郵件列表中有找到答案。Ultra Monkey在LVS-HOWTO文檔中多次被提及到。

這裡有安裝指導,關於如何在Centos/RHEL4環境安裝兩個節點Ultra Monkey LVS實現HA/LB的過程。(

我最近使用Ultramonkey的RPM包安裝LVS。以下是(根據我的理解)完成如何實現CentOS 5 上設置LVS:在兩台PC上標準安裝64位CentOS 5 系統,使用Ultramonkey 和 Streamlined/HA 的拓撲結構實現對Apache服務的以下假定訪問:
Real Server names are ws01.testlab.local and ws02.testlab.local (replace these with the result from uname -n from each RS)
真實伺服器主機名分別為ws01.testlab.local 和 ws02.testlab.local(可以通過uname -n在每個真實伺服器上獲取主機名稱)
Real Server IPs are and,
真實伺服器IP地址分別是10.0.0.10/24 和
Virtual IP:
Username: tester
1、開機並在BIOS自檢過程插入Centos 5 安裝CD;
4、將提示您測試安裝介質。您可以選擇測試介質或跳過測試(通常你可以跳過這一步) ;
8、選擇'Remove all partitions on selected drivers and create default layout' 並點擊「Next」繼續下一步;
10、選擇「Asia/ Shanghai」並點擊「Next」繼續下一步;
a、點選 'Desktop-Gnome', 'Server', 'Server-GUI', 'Clustering', 'Storage Clustering' ;
b、選擇「Customize Now」現在定製;
a、展開並點擊'Details'詳細選擇,在Desktop Environments->GNOME Desktop Environment菜單;
i、取消 'desktop-printing', 'dvd+rw tools', 'esc', 'gimp-print-utils', 'gnome-audio', 'gnome-backgrounds', 'gnome-mag', 'gnome-pilot', 'gnome-themes', 'gok', and 'nautilus-cd' 軟體包選擇;
i、取消'DNS', 'Legacy Network Server', 'Mail Server', 'Network Servers', 'News', and 'Printing Support' 軟體包選擇;
c、展開Base System基本系統菜單;
i、取消 'Dialup Networking Support' 軟體包選擇;
d、展開Base System->Base菜單並點擊「Details」詳細按鈕;
i、取消'bluez-utils' and 'ccid' 軟體包選擇;
15、移除 DVD 安裝介質並點擊「Reboot」 安裝后重新啟動機器;
18、選擇'Network Time Protocol'標籤, 選中 'Enable Network Time Protocol'啟用網路時間協議, 並點擊 'Forward'繼續;
19、在username欄位中輸入tester用戶名, 在Full name欄位中輸入'Test User', 在password欄位中輸入兩次密碼, 點擊'Forward'繼續;
21、點擊'Finish'以完成Centos 5系統的安裝過程;
vi /etc/group
  a、找到'tester'用戶並在其後附加'wheel'用戶 (按i鍵進入插入狀態, 按鍵退出編輯狀態);
su -
27、通過 yum命令安裝後續軟體使用dries軟體倉庫,在/etc/yum.repo.d/ 目錄中建立建立 dries.repo配置文件通過下面的參數內容

name=Extra Fedora rpms dries - $releasever - $basearch baseurl=
28、安裝dries的GPG key
rpm --import
yum update -y && yum -y install lynx libawt xorg-x11-deprecated-libs nx freenx arptables_jf httpd-devel
mv /etc/redhat-release /etc/redhat-release.orig && \
echo "Red Hat Enterprise Linux Server release 5 (Tikanga)" > /etc/redhat-release
31、從http://www.ultramonkey.org站點下載Ultramonkey RPMs軟體包(also grab perl-MAIL-POP3Client, available from as of the time of this writing)
32、安裝arptables-noarp-addr 和 perl-Mail-POP3Client 軟體包 (改變路徑到Ultramonkey下載目錄中)
cd /usr/local/src/Ultramonkey && rpm -Uvh && \
rpm -Uvh perl-Mail-POP3Client-2.17-1.el5.centos.noarch.rpm
yum install -y heartbeat*

auth 2
2 sha1 Ultramonkey!

logfacility     local0
mcast eth0 694 1 0
auto_failback off
node    ws01.testlab.local
node    ws02.testlab.local
respawn hacluster /usr/lib64/heartbeat/ipfail
apiauth ipfail gid=haclient uid=hacluster

ws01.testlab.local      \ \
        LVSSyncDaemonSwap::master \

# Virtual Service for HTTP
        real= gate
        real= gate
        receive="I'm alive!"
# Virtual Service for HTTPS
        real= gate
        real= gate
        receive="I'm alive!"
chmod 600 /etc/ha.d/authkeys
httpd -k start
I'm alive!
# Do not remove the following line, or various programs # that require network functionality will fail.               localhost.localdomain localhost               ws01.testlab.local      ws01               ws02.testlab.local      ws02
::1             localhost6.localdomain6 localhost6
38、在/etc/sysconfig/network-scripts/ifcfg-lo 文件中設置虛擬IP(Virtual IP)
39、編輯/etc/sysconfig/network-scripts/ifcfg-eth0 文件(每個調度器/真實伺服器的IP地址,設置具體的etho介面信息
service network restart
41、在/etc/sysctl.conf 文件中設置ARP數據包的忽略和數據包轉發
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
42、是 sysctl.conf 配置文件生效
/sbin/sysctl -p
chkconfig httpd on && chkconfig --level 2345 heartbeat on && chkconfig --del ldirectord
/etc/init.d/ldirectord stop && /etc/init.d/heartbeat start


2. LVS: 什麼是LVS?我能夠使用LVS嗎?

Linux Virtual Server ( Linux 虛擬服務 簡稱LVS) 是指使一個群集的伺服器在對外服務時表現為單個伺服器的技術。這個表現出來的「單個伺服器」被我們稱為「虛擬伺服器」。那些單獨的組成集群的伺服器(也就是真實提供服務的伺服器,我們稱為realservers)是由內核打了ipvs補丁包的Linux控制器(或是負載平衡器)控制著。運行的ipvs補丁包的控制器就具體了基本的LVS特徵。其它運用層的程序是用來管理LVS(如:為服務處理,容錯處理設置規則)。控制器是基於可修改規則的4層路由結構(換而言之,連接並不來自於或是終止於控制器,控制器並不發送信息,它僅僅是一個路由)。



假設你希望某個服務節點能夠在任意時間更新,同時其它沒有成為首要節點的節點(或是多個節點)被激活成主節點提供服務,那麼你需要的可能並不是LVS系統:而是高可用性設置,例:如LINUX-HA(LINUX心跳系統),vrrp 或是 carp。

如果你想要一些分佈在不同地區的伺服器,那麼需要的是類似 Supersparrow的異地分散式伺服器。



2.1. 什麼是VIP?

控制器顯示在用戶端的IP我們稱為VIP(虛擬IP)。(當我們使用防火牆網關時(fwmark),虛擬IP被分解為一群的真實IP,但是仍然以同一個IP的原則應用)。當客戶端連接到虛擬IP時,控制器轉發客戶端的數據包到一個連接到LVS系統的真實伺服器(realserver)。連接由管理器選擇和管理。realservers提供的服務(如FTP,HTTP,DNS,telnet遠程登錄,NNTP ,smtp)在/etc/services或是inetd.conf中定義。LVS系統通過控制層僅顯示一個IP(虛擬IP,VIP)給客戶端。





假如你使用了COOKIES或是HPPTS,或是希望伺服器能夠保持連接狀態信息,這可能會產生持處連接的問題。這個問題的處理方案在LVS persistence page。(

2.2. 你會在什麼地方用到LVS?

      A 需要更高的吞吐量。在LVS系統中,通過增加真實伺服器來增加吞吐量的費用是線性,而通過購買更大更好的機器來增加吞吐量比線性增長更耗費。

      B 以備不時之需。個別的機器可以移出LVS系統,升級及替換都不會影響到整個系統在線對外服務。機器可以逐步的移到一個新的地址,而不影響系統的對外服務。

      C 為具備高適應能力。如果吞吐量逐步改變(當新的業務建立),或是突然改變(一個突發事件),伺服器的數量可以增加 (或減少) ,這種變化對客戶而言,是不明顯的。

2.3. 客戶/伺服器關係只是存在於一個LVS系統

      A 客戶端只能看到一個IP地址,並且認為它只是連接到一台單獨的機器。所有真實伺服器的IP映射到同一個IP(VIP)。雖然客戶端感覺只是連接到一台機器,但其實隨後的連接將被分配到一個新的,可能不同的機器。

      B 擁有不同IP地址的伺服器則認為他們是直接連接客戶端。

[ 本帖最後由 ysllyfe 於 2008-10-15 09:22 編輯 ]

:lol: :lol: :lol:

[火星人 ] LVS-HOWTO中文翻譯計劃,感興趣加入群72050696已經有841次圍觀