目次

ipvsadm

rpmパッケージ作成~インストール

公式サイトから適応したバージョンのsrcRPMを取得する。

make時にkernelソースを見に行くため、作成していないとエラーとなる。

# ln -s /usr/src/kernels/2.6.18-194.26.1.el5-x86_64 /usr/src/linux
# wget http://www.linux-vs.org/software/kernel-2.6/ipvsadm-1.24-6.src.rpm
# rpm -ivh ipvsadm-1.24-6.src.rpm

rpm4.1以降では、ライセンスの定義を行うタグが「Copyright」から「License」に変更されたために、そのままではエラーになる。

# vi /usr/src/redhat/SPECS/ipvsadm.spec

7行目
-)Copyright: GNU General Public Licence
+)License: GNU General Public Licence
# rpmbuild -bb --clean /usr/src/redhat/SPECS/ipvsadm.spec
# rpm -ivh /usr/src/redhat/RPMS/x86_64/ipvsadm-1.24-6.x86_64.rpm

IPVSのサポートバージョンを確認しておく。

# ipvsadm -v
ipvsadm v1.24 2005/12/10 (compiled with getopt_long and IPVS v1.2.1)
# chkconfig --add ipvsadm
# chkconfig ipvsadm on

IPフォワードのための設定

# vi /etc/sysctl.conf
-)net.ipv4.ip_forward = 0
+)net.ipv4.ip_forward = 1

# sysctl -p

LVS設定作業

# ipvsadm -L

e.g. ipvsadm -A -t VIP:ポート番号 -s 分散方式(rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|)

# ipvsadm -A -t 192.168.80.96:80 -s wrr

e.g. ipvsadm -a -t VIP:ポート番号 -r クライアントのIP 通信方式(g:DSR|m:NAT)

# ipvsadm -a -t 192.168.80.96:80 -r 192.168.100.97:80 -m
# ipvsadm -a -t 192.168.80.96:80 -r 192.168.100.98:80 -m
# ipvsadm -a -t 192.168.80.96:80 -r 192.168.80.97:80 -m
# ipvsadm -a -t 192.168.80.96:80 -r 192.168.80.98:80 -m

e.g. ipvsadm -d -t VIP:ポート番号 -r クライアントのIP

# ipvsadm -d -t 192.168.80.96:80 -r 192.168.80.98:80
# /etc/init.d/ipvsadm save
# cat /etc/sysconfig/ipvsadm

ヘルプ

# ipvsadm --help
ipvsadm v1.25 2008/5/15 (compiled with popt and IPVS v1.2.1)
Usage:
  ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]] [-M netmask]
  ipvsadm -D -t|u|f service-address
  ipvsadm -C
  ipvsadm -R
  ipvsadm -S [-n]
  ipvsadm -a|e -t|u|f service-address -r server-address [options]
  ipvsadm -d -t|u|f service-address -r server-address
  ipvsadm -L|l [options]
  ipvsadm -Z [-t|u|f service-address]
  ipvsadm --set tcp tcpfin udp
  ipvsadm --start-daemon state [--mcast-interface interface] [--syncid sid]
  ipvsadm --stop-daemon state
  ipvsadm -h

Commands:
Either long or short options are allowed.
  --add-service     -A        add virtual service with options
  --edit-service    -E        edit virtual service with options
  --delete-service  -D        delete virtual service
  --clear           -C        clear the whole table
  --restore         -R        restore rules from stdin
  --save            -S        save rules to stdout
  --add-server      -a        add real server with options
  --edit-server     -e        edit real server with options
  --delete-server   -d        delete real server
  --list            -L|-l     list the table
  --zero            -Z        zero counters in a service or all services
  --set tcp tcpfin udp        set connection timeout values
  --start-daemon              start connection sync daemon
  --stop-daemon               stop connection sync daemon
  --help            -h        display this help message

Options:
  --tcp-service  -t service-address   service-address is host[:port]
  --udp-service  -u service-address   service-address is host[:port]
  --fwmark-service  -f fwmark         fwmark is an integer greater than zero
  --ipv6         -6                   fwmark entry uses IPv6
  --scheduler    -s scheduler         one of rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq,
                                      the default scheduler is wlc.
  --persistent   -p [timeout]         persistent service
  --netmask      -M netmask           persistent granularity mask
  --real-server  -r server-address    server-address is host (and port)
  --gatewaying   -g                   gatewaying (direct routing) (default)
  --ipip         -i                   ipip encapsulation (tunneling)
  --masquerading -m                   masquerading (NAT)
  --weight       -w weight            capacity of real server
  --u-threshold  -x uthreshold        upper threshold of connections
  --l-threshold  -y lthreshold        lower threshold of connections
  --mcast-interface interface         multicast interface for connection sync
  --syncid sid                        syncid for connection sync (default=255)
  --connection   -c                   output of current IPVS connections
  --timeout                           output of timeout (tcp tcpfin udp)
  --daemon                            output of daemon information
  --stats                             output of statistics information
  --rate                              output of rate information
  --exact                             expand numbers (display exact values)
  --thresholds                        output of thresholds information
  --persistent-conn                   output of persistent connection info
  --nosort                            disable sorting output of service/server entries
  --sort                              does nothing, for backwards compatibility
  --ops          -O                   one-packet scheduling
  --numeric      -n                   numeric output of addresses and ports