ipvsadm.8

实现了集群的实现 完成了资源负载平衡等问题

resolve problems with non-persistent cache clusters on the client side.
.TP
.B -r, --real-server \fIserver-address\fP
Real server that an associated request for service may be assigned to.
The \fIserver-address\fP is the \fIhost\fP address of a real server,
and may plus \fIport\fP. \fIHost\fP can be either a plain IP address
or a hostname.  \fIPort\fP can be either a plain port number or the
service name of port.  In the case of the masquerading method, the
host address is usually an RFC 1918 private IP address, and the port
can be different from that of the associated service. With the
tunneling and direct routing methods, \fIport\fP must be equal to that
of the service address. For normal services, the port specified  in
the service address will be used if \fIport\fP is not specified. For
fwmark services, \fIport\fP may be omitted, in which case  the
destination port on the real server will be the destination port of
the request sent to the virtual service.
.TP
.B [packet-forwarding-method]
.sp
\fB-g, --gatewaying\fR  Use gatewaying (direct routing). This is the default.
.sp
\fB-i, --ipip\fR  Use ipip encapsulation (tunneling).
.sp
\fB-m, --masquerading\fR  Use masquerading (network access translation, or NAT).
.sp
\fBNote:\fR  Regardless of the packet-forwarding mechanism specified,
real servers for addresses for which there are interfaces on the local
node will be use the local forwarding method, then packets for the
servers will be passed to upper layer on the local node. This cannot
be specified by \fIipvsadm\fP, rather it set by the kernel as real
servers are added or modified.
.TP
.B -w, --weight \fIweight\fP
\fIWeight\fP is an integer specifying the capacity  of a server
relative to the others in the pool. The valid values of \fIweight\fP
are 0 through to 65535. The default is 1. Quiescent servers are
specified with a weight of zero. A quiescent server will receive no
new jobs but still serve the existing jobs, for all scheduling
algorithms distributed with the Linux Virtual Server. Setting a
quiescent server may be useful if the server is overloaded or needs to
be taken out of service for maintenance.
.TP
.B -x, --u-threshold \fIuthreshold\fP
\fIuthreshold\fP is an integer specifying the upper connection
threshold of a server. The valid values of \fIuthreshold\fP are 0
through to 65535. The default is 0, which means the upper connection
threshold is not set. If \fIuthreshold\fP is set with other values, no
new connections will be sent to the server when the number of its
connections exceeds its upper connection threshold.
.TP
.B -y, --l-threshold \fIlthreshold\fP
\fIlthreshold\fP is an integer specifying the lower connection
threshold of a server. The valid values of \fIlthreshold\fP are 0
through to 65535. The default is 0, which means the lower connection
threshold is not set. If \fIlthreshold\fP is set with other values,
the server will receive new connections when the number of its
connections drops below its lower connection threshold. If
\fIlthreshold\fP is not set but \fIuthreshold\fP is set, the server
will receive new connections when the number of its connections drops
below three forth of its upper connection threshold.
.TP
.B --mcast-interface \fIinterface\fP
Specify the multicast interface that the sync master daemon sends
outgoing multicasts through, or the sync backup daemon listens to for
multicasts.
.TP
.B --syncid \fIsyncid\fP
Specify the \fIsyncid\fP that the sync master daemon fills in the
SyncID header while sending multicast messages, or the sync backup
daemon uses to filter out multicast messages not matched with the
SyncID value. The valid values of \fIsyncid\fP are 0 through to
255. The default is 0, which means no filtering at all.
.TP
.B -c, --connection
Connection output. The \fIlist\fP command with this option will list
current IPVS connections.
.TP
.B --timeout
Timeout output. The \fIlist\fP command with this option will display
the  timeout values (in seconds) for TCP sessions, TCP sessions after
receiving a FIN packet, and UDP packets.
.TP
.B --daemon
Daemon information output. The \fIlist\fP command with this option
will display the daemon status and its multicast interface.
.TP
.B --stats
Output of statistics information. The \fIlist\fP command with this
option will display the statistics information of services and their
servers.
.TP
.B --rate
Output of rate information. The \fIlist\fP command with this option
will display the rate information (such as connections/second,
bytes/second and packets/second) of services and their servers.
.TP
.B --thresholds
Output of thresholds information. The \fIlist\fP command with this
option will display the upper/lower connection threshold information
of each server in service listing.
.TP
.B --persistent-conn
Output of persistent connection information. The \fIlist\fP command
with this option will display the persistent connection counter
information of each server in service listing. The persistent
connection is used to forward the actual connections from the same
client/network to the same server.
.TP
.B --sort
Sort the list of virtual services and real servers. The virtual
service entries are sorted in ascending order by <protocol, address,
port>. The real server entries are sorted in ascending order by
<address, port>.
.TP
.B -n, --numeric
Numeric output.  IP addresses and port numbers will be printed in
numeric format rather than as as host names and services respectively,
which is the  default.
.TP
.B --exact
Expand numbers.  Display the exact value of the packet and  byte
counters,  instead  of only the rounded number in K's (multiples of
1000) M's (multiples of 1000K) or G's (multiples  of 1000M).  This
option is only relevant for the -L command.
.SH EXAMPLE 1 - Simple Virtual Service
The following commands configure a Linux Director to distribute
incoming requests addressed to port 80 on 207.175.44.110 equally to
port 80 on five real servers. The forwarding method used in this
example is NAT, with each of the real servers being masqueraded by the
Linux Director.
.PP
.nf
ipvsadm -A -t 207.175.44.110:80 -s rr
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.1:80 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.2:80 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.3:80 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.4:80 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.5:80 -m
.fi
.PP
Alternatively, this could be achieved in a single ipvsadm command.
.PP
.nf
echo "
-A -t 207.175.44.110:80 -s rr
-a -t 207.175.44.110:80 -r 192.168.10.1:80 -m
-a -t 207.175.44.110:80 -r 192.168.10.2:80 -m
-a -t 207.175.44.110:80 -r 192.168.10.3:80 -m
-a -t 207.175.44.110:80 -r 192.168.10.4:80 -m
-a -t 207.175.44.110:80 -r 192.168.10.5:80 -m
" | ipvsadm -R
.fi
.PP
As masquerading is used as the forwarding mechanism in this example,
the default route of the real servers must be set to the linux
director, which will need to be configured to forward and masquerade
packets. This can be achieved using the following commands:
.PP
.nf
echo "1" > /proc/sys/net/ipv4/ip_forward
.fi
.SH EXAMPLE 2 - Firewall-Mark Virtual Service
The following commands configure a Linux Director to distribute
incoming requests addressed to any port on 207.175.44.110 or
207.175.44.111 equally to the corresponding port on five real
servers. As per the previous example, the forwarding method used in
this example is NAT, with each of the real servers being masqueraded
by the Linux Director.
.PP
.nf
ipvsadm -A -f 1  -s rr
ipvsadm -a -f 1 -r 192.168.10.1:0 -m
ipvsadm -a -f 1 -r 192.168.10.2:0 -m
ipvsadm -a -f 1 -r 192.168.10.3:0 -m
ipvsadm -a -f 1 -r 192.168.10.4:0 -m
ipvsadm -a -f 1 -r 192.168.10.5:0 -m
.fi
.PP
As masquerading is used as the forwarding mechanism in this example,
the default route of the real servers must be set to the linux
director, which will need to be configured to forward and masquerade
packets. The real server should also be configured to mark incoming
packets addressed to any port on 207.175.44.110 and  207.175.44.111
with firewall-mark 1. If FTP traffic is to be handled by this virtual
service, then the ip_vs_ftp kernel module needs to be inserted into
the kernel.  These operations can be achieved using the following
commands:
.PP
.nf
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ip_tables
iptables  -A PREROUTING -t mangle -d 207.175.44.110/31 -j MARK --set-mark 1
modprobe ip_vs_ftp
.fi
.SH NOTES
The Linux Virtual Server implements three defense strategies against
some types of denial of service (DoS) attacks. The Linux Director
creates an entry for each connection in order to keep its state, and
each entry occupies 128 bytes effective memory. LVS's vulnerability to
a DoS attack lies in the potential to increase the number entries as
much as possible until the linux director runs out of memory. The
three defense strategies against the attack are: Randomly drop some
entries in the table. Drop 1/rate packets before forwarding them. And
use secure tcp state transition table and short timeouts. The
strategies are controlled by sysctl variables and corresponding
entries in the /proc filesystem:
.sp
/proc/sys/net/ipv4/vs/drop_entry
/proc/sys/net/ipv4/vs/drop_packet
/proc/sys/net/ipv4/vs/secure_tcp
.PP
Valid values for each variable are 0 through to 3. The default value
is 0, which disables the respective defense strategy. 1 and 2 are
automatic modes - when there is no enough available memory, the
respective strategy will be enabled and the variable is automatically
set to 2, otherwise the strategy is disabled and the variable is set
to 1. A value of 3 denotes that the respective strategy is always
enabled.  The available memory threshold and secure TCP timeouts can
be tuned using the sysctl variables and corresponding entries in the
/proc filesystem:
.sp
/proc/sys/net/ipv4/vs/amemthresh
/proc/sys/net/ipv4/vs/timeout_*
.SH FILES
.I /proc/net/ip_vs
.br
.I /proc/net/ip_vs_app
.br
.I /proc/net/ip_vs_conn
.br
.I /proc/net/ip_vs_stats
.br
.I /proc/sys/net/ipv4/vs/am_droprate
.br
.I /proc/sys/net/ipv4/vs/amemthresh
.br
.I /proc/sys/net/ipv4/vs/drop_entry
.br
.I /proc/sys/net/ipv4/vs/drop_packet
.br
.I /proc/sys/net/ipv4/vs/secure_tcp
.br
.I /proc/sys/net/ipv4/vs/timeout_close
.br
.I /proc/sys/net/ipv4/vs/timeout_closewait
.br
.I /proc/sys/net/ipv4/vs/timeout_established
.br
.I /proc/sys/net/ipv4/vs/timeout_finwait
.br
.I /proc/sys/net/ipv4/vs/timeout_icmp
.br
.I /proc/sys/net/ipv4/vs/timeout_lastack
.br
.I /proc/sys/net/ipv4/vs/timeout_listen
.br
.I /proc/sys/net/ipv4/vs/timeout_synack
.br
.I /proc/sys/net/ipv4/vs/timeout_synrecv
.br
.I /proc/sys/net/ipv4/vs/timeout_synsent
.br
.I /proc/sys/net/ipv4/vs/timeout_timewait
.br
.I /proc/sys/net/ipv4/vs/timeout_udp
.SH SEE ALSO
The LVS web site (http://www.linuxvirtualserver.org/) for more
documentation about LVS.
.PP
\fBipvsadm-save\fP(8), \fBipvsadm-restore\fP(8), \fBiptables\fP(8),
.br
\fBinsmod\fP(8), \fBmodprobe\fP(8)
.SH AUTHORS
.nf
ipvsadm - Wensong Zhang <wensong@linuxvirtualserver.org>
	  Peter Kese <peter.kese@ijs.si>
man page - Mike Wangsmo <wanger@redhat.com>
	   Wensong Zhang <wensong@linuxvirtualserver.org>
	   Horms <horms@verge.net.au>
.fi