Linux高可用网络负载均衡配置指南

方案选择

在Linux上实现高可用网络负载均衡主要有以下几种方案：

1. LVS (Linux Virtual Server) + Keepalived
2. HAProxy + Keepalived
3. Nginx + Keepalived
4. 云原生方案 (如Kubernetes Ingress Controller)

下面我将重点介绍LVS+Keepalived和HAProxy+Keepalived这两种最常用的方案。

方案一：LVS + Keepalived

1. 准备工作

• 两台负载均衡服务器(LB1和LB2)
• 多台后端真实服务器(Real Server)
• 虚拟IP(VIP)用于客户端访问

2. 安装必要软件

# 在两台负载均衡服务器上执行
sudo apt-get install ipvsadm keepalived  # Debian/Ubuntu
sudo yum install ipvsadm keepalived     # CentOS/RHEL

3. 配置Keepalived (主服务器LB1)

sudo vi /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100/24  # VIP地址
    }
}

virtual_server 192.168.1.100 80 {
    delay_loop 6
    lb_algo rr           # 轮询算法
    lb_kind DR           # 直接路由模式
    protocol TCP

    real_server 192.168.1.101 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 10
        }
    }

    real_server 192.168.1.102 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 10
        }
    }
}

4. 配置Keepalived (备服务器LB2)

sudo vi /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 90          # 优先级低于主服务器
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100/24  # 相同的VIP地址
    }
}

# 其余配置与主服务器相同

5. 配置后端真实服务器

# 在每个后端服务器上执行
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

# 添加VIP到lo接口
ifconfig lo:0 192.168.1.100 netmask 255.255.255.255 up

6. 启动服务

sudo systemctl start keepalived
sudo systemctl enable keepalived

方案二：HAProxy + Keepalived

1. 安装软件

# 在两台负载均衡服务器上执行
sudo apt-get install haproxy keepalived  # Debian/Ubuntu
sudo yum install haproxy keepalived     # CentOS/RHEL

2. 配置HAProxy (两台服务器配置相同)

sudo vi /etc/haproxy/haproxy.cfg

global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

defaults
    log global
    mode http
    option httplog
    option dontlognull
    timeout connect 5000
    timeout client 50000
    timeout server 50000

frontend http_front
    bind *:80
    stats uri /haproxy?stats
    default_backend http_back

backend http_back
    balance roundrobin
    server server1 192.168.1.101:80 check
    server server2 192.168.1.102:80 check

3. 配置Keepalived (主服务器)

sudo vi /etc/keepalived/keepalived.conf

vrrp_script chk_haproxy {
    script "killall -0 haproxy"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 101
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100/24
    }
    track_script {
        chk_haproxy
    }
}

4. 配置Keepalived (备服务器)

sudo vi /etc/keepalived/keepalived.conf

vrrp_script chk_haproxy {
    script "killall -0 haproxy"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100/24
    }
    track_script {
        chk_haproxy
    }
}

5. 启动服务

sudo systemctl start haproxy
sudo systemctl enable haproxy
sudo systemctl start keepalived
sudo systemctl enable keepalived

监控与维护

1. 检查LVS状态

sudo ipvsadm -Ln

2. 检查HAProxy状态

sudo systemctl status haproxy
# 或通过stats页面访问

3. 测试故障转移

# 在主服务器上停止keepalived或haproxy
sudo systemctl stop keepalived
# 观察VIP是否转移到备服务器

高级配置建议

1. 健康检查优化

   • 增加更复杂的健康检查脚本
   • 设置合理的检查间隔和超时

2. 日志配置

   • 配置详细的日志记录
   • 设置日志轮转

3. 安全加固

   • 限制管理接口访问
   • 配置防火墙规则
   • 使用SSL/TLS加密

4. 性能调优

   • 根据负载调整内核参数
   • 优化TCP/IP栈参数
   • 考虑使用多线程/多进程模式

5. 监控告警

   • 集成Prometheus/Grafana监控
   • 设置关键指标告警

以上配置可以根据实际网络环境和业务需求进行调整。在生产环境部署前，建议在测试环境充分验证。