He aha ka mea e hana ai inā ʻaʻole lawa ka mana o hoʻokahi kikowaena no ka hoʻoponopono ʻana i nā noi āpau, a ʻaʻole hāʻawi ka mea hana lako polokalamu i ka load balancing? Nui nā koho, mai ke kūʻai ʻana i kahi mea hoʻohālikelike i ka palena o ka nui o nā noi. ʻO ka mea kūpono e hoʻoholo ʻia e ke kūlana, e noʻonoʻo ana i nā kūlana e kū nei. Ma kēia ʻatikala e haʻi mākou iā ʻoe i ka mea hiki iā ʻoe ke hana inā palena kāu kālā a loaʻa iā ʻoe kahi kikowaena manuahi.
Ma ke ʻano he ʻōnaehana e pono ai e hōʻemi i ka ukana ma kekahi o nā kikowaena, ua koho mākou i ka DLP (ʻike leakage prevention system) mai InfoWatch. ʻO kahi hiʻohiʻona o ka hoʻokō ʻana ʻo ke kau ʻana o ka hana kaulike ma kekahi o nā kikowaena "kaua".
ʻO kekahi o nā pilikia i loaʻa iā mākou ʻo ka hiki ʻole ke hoʻohana i ka Source NAT (SNAT). No ke aha i pono ai kēia a pehea i hoʻoponopono ʻia ai ka pilikia, e wehewehe hou mākou.
No laila, i ka hoʻomaka mua ʻana o ke kiʻi loiloi o ka ʻōnaehana e kū nei e like me kēia:
ICAP traffic, SMTP, nā hanana mai nā kamepiula mea hoʻohana i hana ʻia ma ke kikowaena Traffic Monitor (TM). I ka manawa like, ua maʻalahi ke kikowaena waihona me ka ukana ma hope o ka hoʻoponopono ʻana i nā hanana ma ka TM, akā ua kaumaha ka ukana ma ka TM ponoʻī. Ua ʻike ʻia kēia mai ka ʻike ʻia ʻana o kahi queue memo ma ke kikowaena Device Monitor (DM), a me ka CPU a me ka hoʻouka hoʻomanaʻo ma ka TM.
I ka nānā mua ʻana, inā mākou e hoʻohui i kahi kikowaena TM ʻē aʻe i kēia hoʻolālā, a laila hiki ke hoʻololi ʻia iā ICAP a i ʻole DM paha, akā ua hoʻoholo mākou ʻaʻole e hoʻohana i kēia ʻano, no ka mea, ua hoʻemi ʻia ka hoʻomanawanui hewa.
ʻO ka wehewehe ʻana i ka hoʻonā
I ka ʻimi ʻana i kahi hoʻonā kūpono, ua hoʻoholo mākou i nā polokalamu hoʻolaha manuahi pū me . No ka mea e hoʻoponopono ʻo keepalived i ka pilikia o ka hana ʻana i kahi hui failover a hiki ke hoʻokele i ka mea kaulike LVS.
ʻO ka mea a mākou i makemake ai e hoʻokō (e hoʻemi i ka ukana ma TM a mālama i ka pae o ka hoʻomanawanui hewa i kēia manawa) pono e hana e like me ka papahana aʻe:
I ka nānā ʻana i ka hana, ua ʻike ʻia ʻo ka hui RedHat maʻamau i kau ʻia ma nā kikowaena ʻaʻole kākoʻo iā SNAT. I kā mākou hihia, ua hoʻolālā mākou e hoʻohana i ka SNAT e hōʻoia i ka hoʻouna ʻia ʻana o nā ʻeke komo a me nā pane iā lākou mai ka leka uila IP like, i ʻole e loaʻa iā mākou ke kiʻi aʻe:
ʻAʻole ʻae ʻia kēia. No ka laʻana, kahi kikowaena proxy, i hoʻouna i nā ʻeke i kahi IP Virtual IP (VIP), e manaʻo i kahi pane mai VIP, akā i kēia hihia e hele mai ia mai IP2 no nā kau i hoʻouna ʻia i ke kākoʻo. Ua loaʻa kahi hopena: pono ia e hana i kahi papa kuhikuhi ʻē aʻe ma ka waihona a hoʻohui i ʻelua mau kikowaena TM me kahi pūnaewele ʻokoʻa, e like me ka mea i hōʻike ʻia ma lalo nei:
Nā Papa
E hoʻokō mākou i kahi hoʻolālā o nā kikowaena ʻelua me nā lawelawe ICAP, SMTP, TCP 9100 a me kahi mea kaulike i kau ʻia ma kekahi o lākou.
Loaʻa iā mākou ʻelua mau kikowaena RHEL6, kahi i wehe ʻia ai nā waihona maʻamau a me kekahi mau pūʻulu.
Nā lawelawe e pono ai mākou e kaulike:
• ICAP – tcp 1344;
• SMTP – tcp 25.
ʻO ka lawelawe kaʻa kaʻa mai DM - tcp 9100.
ʻO ka mea mua, pono mākou e hoʻolālā i ka pūnaewele.
Helu IP maʻamau (VIP):
• IP: 10.20.20.105.
Ke kikowaena TM6_1:
• IP waho: 10.20.20.101;
• IP kūloko: 192.168.1.101.
Ke kikowaena TM6_2:
• IP waho: 10.20.20.102;
• IP kūloko: 192.168.1.102.
A laila hiki iā mākou ke hoʻouna i ka IP ma nā kikowaena TM ʻelua. Pehea e hana ai i kēia i wehewehe ʻia ma RedHat .
Hoʻoholo mākou i kahi o nā kikowaena e loaʻa iā mākou ka mea nui a ʻo wai ka mea e hoʻihoʻi. ʻO ka haku ʻo TM6_1, ʻo ke kākoʻo ʻo TM6_2.
Ma ke kākoʻo, hana mākou i kahi papa kuhikuhi hoʻokele balancer hou a me nā lula hoʻokele:
[root@tm6_2 ~]echo 101 balancer >> /etc/iproute2/rt_tables
[root@tm6_2 ~]ip rule add from 192.168.1.102 table balancer
[root@tm6_2 ~]ip route add default via 192.168.1.101 table balancerKe hana nei nā kauoha i luna a hiki i ka hoʻomaka hou ʻana o ka ʻōnaehana. No ka mālama pono ʻana i nā ala ma hope o ka reboot, hiki iā ʻoe ke hoʻokomo iā lākou /etc/rc.d/rc.local, akā ʻoi aku ka maikaʻi ma o ka faila hoʻonohonoho /etc/sysconfig/network-scripts/route-eth1 (nānā: hoʻohana ʻia nā syntax ʻokoʻa ma aneʻi).
E hoʻouka iā keepalived ma nā kikowaena TM ʻelua. Ua hoʻohana mākou i rpmfind.net ma ke kumu hoʻoili:
[root@tm6_1 ~]#yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/keepalived-1.2.13-5.el6_6.x86_64.rpmMa nā hoʻonohonoho keepalived, hoʻonoho mākou i kekahi o nā kikowaena ma ke ʻano he haku, ʻo kekahi i hoʻihoʻi. A laila hoʻonoho mākou i ka VIP a me nā lawelawe no ka hoʻokau kau ʻana. Aia ka faila hoʻonohonoho ma ʻaneʻi: /etc/keepalived/keepalived.conf.
Nā hoʻonohonoho no TM1 Server
vrrp_sync_group VG1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state MASTER
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 151
advert_int 1
authentication {
auth_type PASS
auth_pass example
}
virtual_ipaddress {
10.20.20.105
}
}
virtual_server 10.20.20.105 1344 {
delay_loop 6
lb_algo wrr
lb_kind NAT
protocol TCP
real_server 192.168.1.101 1344 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 1344
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.102 1344 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 1344
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.20.20.105 25 {
delay_loop 6
lb_algo wrr
lb_kind NAT
protocol TCP
real_server 192.168.1.101 25 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 25
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.102 25 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 25
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.20.20.105 9100 {
delay_loop 6
lb_algo wrr
lb_kind NAT
protocol TCP
real_server 192.168.1.101 9100 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 9100
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.102 9100 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 9100
nb_get_retry 3
delay_before_retry 3
}
}
}Nā hoʻonohonoho no TM2 Server
vrrp_sync_group VG1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass example
}
virtual_ipaddress {
10.20.20.105
}
}Hoʻokomo mākou i ka LVS ma ka haku, kahi e kaulike ai i ke kaʻa. ʻAʻole kūpono ke kau ʻana i kahi mea kaulike no ka lua o ke kikowaena, ʻoiai ʻelua wale nō kā mākou mau kikowaena i ka hoʻonohonoho.
[root@tm6_1 ~]##yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/ipvsadm-1.26-4.el6.x86_64.rpmE mālama ʻia ka balancer e keepalived, a mākou i hoʻonohonoho mua ai.
No ka hoʻopau ʻana i ke kiʻi, e hoʻohui i keepalived i ka hoʻomaka ʻana ma nā kikowaena ʻelua:
[root@tm6_1 ~]#chkconfig keepalived onhopena
Ke nānā nei i nā hopena
E holo kāua keepalived ma nā kikowaena ʻelua:
service keepalived startKe nānā nei i ka loaʻa ʻana o kahi leka uila VRRP
E hōʻoia mākou aia ka VIP ma luna:
A ʻaʻohe VIP ma ka waihona:
Ke hoʻohana nei i ke kauoha ping, e nānā mākou i ka loaʻa o ka VIP:
I kēia manawa hiki iā ʻoe ke pani i ka haku a holo hou i ke kauoha ping.
Pono e like ka hopena, a ma ke kākoʻo e ʻike mākou iā VIP:
Ke nānā nei i ke kaulike lawelawe
E lawe kākou iā SMTP no ka laʻana. E hoʻomaka kākou i ʻelua pili i ka 10.20.20.105 i ka manawa like:
telnet 10.20.20.105 25Ma luna o ka haku, pono mākou e ʻike ua ikaika nā pilina ʻelua a pili i nā kikowaena like ʻole:
[root@tm6_1 ~]#watch ipvsadm –Ln
No laila, ua hoʻokō mākou i kahi hoʻonohonoho hoʻomanawanui hewa o nā lawelawe TM ma ke kau ʻana i kahi mea kaulike ma kekahi o nā kikowaena TM. No kā mākou ʻōnaehana, ua hoʻemi kēia i ka ukana ma TM i ka hapalua, i hiki ai ke hoʻoponopono i ka pilikia o ka nele o ka hoʻohana ʻana i ka ʻōnaehana.
I ka hapanui o nā hihia, hoʻokō koke ʻia kēia hoʻonā a me ka ʻole o nā kumukūʻai hou, akā i kekahi manawa aia kekahi mau palena a me nā pilikia i ka hoʻonohonoho ʻana, no ka laʻana, i ke kaulike ʻana i nā kaʻa UDP.
Source: www.habr.com