Kedu ihe ị ga-eme ma ọ bụrụ na ike nke otu ihe nkesa ezughị iji hazie arịrịọ niile, na onye na-emepụta ngwanrọ anaghị enye nguzozi ibu? Enwere ọtụtụ nhọrọ, site na ịzụrụ ihe na-edozi ibu na ịmachi ọnụ ọgụgụ nke arịrịọ. Kedu nke ziri ezi ga-ekpebi site na ọnọdụ ahụ, na-eburu n'uche ọnọdụ ndị dị ugbu a. N'isiokwu a, anyị ga-agwa gị ihe ị nwere ike ime ma ọ bụrụ na mmefu ego gị dị oke ma nwee ihe nkesa efu.

Dịka usoro nke ọ dị mkpa iji belata ibu na otu n'ime sava ahụ, anyị họọrọ DLP (sistemụ mgbochi mgbochi ozi) site na InfoWatch. Akụkụ nke mmejuputa atumatu bụ ntinye ọrụ nhazi na otu n'ime ihe nkesa "agha".

Otu n'ime nsogbu anyị zutere bụ enweghị ike iji Source NAT (SNAT). Ihe mere nke a ji dị mkpa na otu esi edozi nsogbu ahụ, anyị ga-akọwakwuo ya.

Yabụ, na mbụ eserese ezi uche dị na sistemụ dị adị dị ka nke a:

A na-ahazi okporo ụzọ ICAP, SMTP, ihe omume sitere na kọmpụta onye ọrụ na sava Traffic Monitor (TM). N'otu oge ahụ, ihe nkesa nchekwa data na-anagide ibu ahụ ngwa ngwa mgbe nhazi ihe omume na TM, mana ibu dị na TM n'onwe ya dị arọ. Nke a pụtara ìhè site na mpụta kwụ n'ahịrị ozi na sava Device Monitor (DM), yana site na CPU na ibu ebe nchekwa dị na TM.

N'ileghachi anya na mbụ, ọ bụrụ na anyị gbakwunye ihe nkesa TM ọzọ na atụmatụ a, mgbe ahụ, ICAP ma ọ bụ DM nwere ike gbanwee na ya, ma anyị kpebiri na anyị agaghị eji usoro a, ebe ọ bụ na e belatara ntachi obi.

Nkọwa nke ngwọta

Na usoro nke ịchọ ngwọta kwesịrị ekwesị, anyị kwadoro na ngwanrọ efu adigidere ya na LVS. N'ihi na keepalived na-edozi nsogbu nke ịmepụta ụyọkọ na-ada ada ma nwee ike ijikwa ihe nhazi LVS.

Ihe anyị chọrọ iji nweta (belata ibu na TM ma nọgide na-enwe ọkwa nke ntachi obi ugbu a) kwesịrị ịrụ ọrụ dịka atụmatụ ndị a si dị:

Mgbe ị na-elele ọrụ ahụ, ọ tụgharịrị na mgbakọ omenala RedHat arụnyere na sava anaghị akwado SNAT. N'ọnọdụ anyị, anyị mere atụmatụ iji SNAT hụ na a na-ezigara ngwugwu na nzaghachi ha site na otu adreesị IP ahụ, ma ọ bụghị ya, anyị ga-enweta foto a:

Nke a adịghị anabata. Dịka ọmụmaatụ, ihe nkesa proxy, na-ezigara ngwugwu na adreesị IP Virtual (VIP), ga-atụ anya nzaghachi site na VIP, ma na nke a, ọ ga-abịa site na IP2 maka nnọkọ ezigara na ndabere. Achọpụtara ihe ngwọta: ọ dị mkpa ịmepụta tebụl ntụgharị ọzọ na nkwado ndabere na mpaghara ma jikọọ sava TM abụọ na netwọk dị iche, dị ka egosiri n'okpuru:

Ntọala

Anyị ga-emejuputa atumatu nke sava abụọ nwere ICAP, SMTP, TCP 9100 ọrụ na ibu balancer arụnyere na otu n'ime ha.

Anyị nwere sava RHEL6 abụọ, nke ewepụrụ ebe nchekwa ọkọlọtọ na ụfọdụ ngwugwu.

Ọrụ ndị anyị kwesịrị ịhazi:

• ICAP - tcp 1344;

• SMTP – tcp 25.

Ọrụ nnyefe okporo ụzọ sitere na DM – tcp 9100.

Nke mbụ, anyị kwesịrị ịhazi netwọkụ.

Adreesị IP mebere (VIP):

• IP: 10.20.20.105.

Ihe nkesa TM6_1:

• Mpụga IP: 10.20.20.101;

• Ime IP: 192.168.1.101.

Ihe nkesa TM6_2:

• Mpụga IP: 10.20.20.102;

• Ime IP: 192.168.1.102.

Mgbe ahụ, anyị na-eme ka mbugharị IP na sava TM abụọ. A kọwara otu esi eme nke a na RedHat ebe a.

Anyị na-ekpebi nke nke sava anyị ga-enwe bụ isi na nke ga-abụ ndabere. Ka onye isi bụrụ TM6_1, ndabere bụrụ TM6_2.

Na nkwado ndabere na mpaghara anyị na-ekepụta tebụl ntugharị ntuzigharị ọhụrụ yana iwu ụzọ ụzọ:

[root@tm6_2 ~]echo 101 balancer >> /etc/iproute2/rt_tables
[root@tm6_2 ~]ip rule add from 192.168.1.102 table balancer
[root@tm6_2 ~]ip route add default via 192.168.1.101 table balancer

Iwu ndị a dị n'elu na-arụ ọrụ ruo mgbe arụgharịrị sistemụ. Iji hụ na echekwara ụzọ ndị ahụ ka ịmalitegharịa, ị nwere ike ịbanye na ha /etc/rc.d/rc.local, mana ka mma site na faịlụ ntọala /etc/sysconfig/network-scripts/route-eth1 (mara: A na-eji syntax dị iche iche ebe a).

Wụnye na-adịgide adịgide na sava TM abụọ ahụ. Anyị ji rpmfind.net dị ka isi iyi nkesa:

[root@tm6_1 ~]#yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/keepalived-1.2.13-5.el6_6.x86_64.rpm

N'ime ntọala echekwara, anyị na-ekenye otu n'ime sava dị ka nna ukwu, nke ọzọ dị ka ndabere. Mgbe ahụ, anyị na-edozi VIP na ọrụ maka nhazi ibu. Faịlụ ntọala na-adịkarị ebe a: /etc/keepalived/keepalived.conf.

Ntọala maka sava TM1

vrrp_sync_group VG1 { 
   group { 
      VI_1 
   } 
} 
vrrp_instance VI_1 { 
        state MASTER 
        interface eth0 

        lvs_sync_daemon_inteface eth0 
        virtual_router_id 51 
        priority 151 
        advert_int 1 
        authentication { 
                auth_type PASS 
                auth_pass example 
        } 

        virtual_ipaddress { 
                10.20.20.105 
        } 
}

virtual_server 10.20.20.105 1344 {
    delay_loop 6
    lb_algo wrr 
    lb_kind NAT
    protocol TCP

    real_server 192.168.1.101 1344 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 1344
        nb_get_retry 3
        delay_before_retry 3
        }
    }

    real_server 192.168.1.102 1344 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 1344
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

virtual_server 10.20.20.105 25 {
    delay_loop 6
    lb_algo wrr 
    lb_kind NAT
    protocol TCP

    real_server 192.168.1.101 25 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 25
        nb_get_retry 3
        delay_before_retry 3
        }
    }

    real_server 192.168.1.102 25 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 25
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

virtual_server 10.20.20.105 9100 {
    delay_loop 6
    lb_algo wrr 
    lb_kind NAT
    protocol TCP

    real_server 192.168.1.101 9100 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 9100
        nb_get_retry 3
        delay_before_retry 3
        }
    }

    real_server 192.168.1.102 9100 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 9100
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

Ntọala maka sava TM2

vrrp_sync_group VG1 { 
   group { 
      VI_1 
   } 
} 
vrrp_instance VI_1 { 
        state BACKUP 
        interface eth0 

        lvs_sync_daemon_inteface eth0 
        virtual_router_id 51 
        priority 100 
        advert_int 1 
        authentication { 
                auth_type PASS 
                auth_pass example 
        } 

        virtual_ipaddress { 
                10.20.20.105 
        } 
}

Anyị na-etinye LVS na nna ukwu, nke ga-edozi okporo ụzọ. Ọ baghị uru ịwụnye nkwụnye ego maka nkesa nke abụọ, ebe ọ bụ na nhazi anyị nwere naanị sava abụọ.

[root@tm6_1 ~]##yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/ipvsadm-1.26-4.el6.x86_64.rpm

A ga-ejikwa ihe nkwụnye ego site na keepalive, nke anyị hazielarị.

Iji mechaa foto a, ka anyị gbakwunye keepalive na autostart na sava abụọ a:

[root@tm6_1 ~]#chkconfig keepalived on

nkwubi

Na-enyocha nsonaazụ ya

Ka anyị gbaa ọsọ keepalive na sava abụọ a:

service keepalived start

Na-elele na enwere adreesị mebere VRRP

Ka anyị hụ na VIP nọ na nna ukwu:

Na enweghị VIP na ndabere:

Iji iwu ping, anyị ga-elele na ọ dị nke VIP:

Ugbu a ị nwere ike mechie nna ukwu wee mee iwu ahụ ọzọ ping.

Nsonaazụ kwesịrị ịdị otu, na ndabere anyị ga-ahụ VIP:

Na-elele nzizi ọrụ

Ka anyị were SMTP dịka ọmụmaatụ. Ka anyị malite njikọ abụọ na 10.20.20.105 n'otu oge:

telnet 10.20.20.105 25

Na nna ukwu anyị kwesịrị ịhụ na njikọ abụọ a na-arụ ọrụ ma jikọọ na sava dị iche iche:

[root@tm6_1 ~]#watch ipvsadm –Ln

Ya mere, anyị emejuputala nhazi nke na-anabataghị mmejọ nke ọrụ TM site na ịwụnye ihe nkwụnye ego na otu n'ime sava TM. Maka usoro anyị, nke a na-ebelata ibu na TM na ọkara, nke mere ka o kwe omume iji dozie nsogbu nke enweghị nkwụsị nke kwụ ọtọ site na iji usoro ahụ.

N'ọtụtụ ọnọdụ, a na-emejuputa ngwọta a ngwa ngwa na enweghị ụgwọ ọzọ, ma mgbe ụfọdụ enwere ọtụtụ njedebe na ihe isi ike na nhazi, dịka ọmụmaatụ, mgbe ị na-edozi okporo ụzọ UDP.

isi: www.habr.com