keepalived
简介
1、
keepalived的两个功能:failover(故障转移和自动切换)、healthcheck(健康检查)2、故障转移切换原理:
通过
VRRP(虚拟冗杂协议)协议实现; 既主机点不断向备节点广播心跳消息,一旦备节点接收不到主机点的心跳消息时,
备节点主动调用自身的接管程序,接管主节点的ip资源和服务。当主节点恢复时,
备节点释放资源,恢复到备用状态
3、
VRRP协议: 通过竞选机制来将路由任务交给某台
VRRP路由器(竞选机制通过配置优先级实现)。
VRRP出现就是为了解决静态路由的单点故障
安装
Centos7 + keepalived-1.3.9.tar.gz
#不知道干啥 重要!
[root@Meo ~]# ln -s /usr/src/kernels/3.10.0-693.11.1.el7.x86_64/ /usr/src/linux
[root@Meo ~]# tar zxvf keepalived-1.3.9.tar.gz
[root@Meo ~]# cd keepalived-1.3.9
# 解决部分依赖
[root@Meo ~]# yum install -y openssl* libnfnetlink*
[root@Meo ~]# ./configure
Keepalived configuration
------------------------
Keepalived version : 1.3.9
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -g -O2
Linker flags :
Extra Lib : -lcrypto -lssl
Use IPVS Framework : Yes
IPVS use libnl : No
IPVS syncd attributes : No
IPVS 64 bit stats : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use Debug flags : No
Stacktrace support : No
Memory alloc check : No
libnl version : None
Use IPv4 devconf : No
Use libiptc : No
Use libipset : No
init type : upstart
Build genhash : Yes
Build documentation : No
*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.
[root@Meo ~]# make
[root@Meo ~]# make install
配置启动文件。
从源文件中copy keepalived的启动脚本到/etc/init.d/
[root@Meo keepalived-1.3.9]# cp keepalived/etc/init.d/keepalived /etc/init.d/
[root@Meo ~]# mkdir /etc/keepalived
[root@Meo ~]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@Meo keepalived-1.3.9]# cp keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@Meo ~]# cp /usr/local/sbin/keepalived /usr/sbin/
执行启动服务 并设为开启自启。
[root@Meo ~]# service keepalived start
Starting keepalived (via systemctl): [ 确定 ]
[root@Meo ~]# chkconfig keepalived on
Keepalived单实例配置文件
MASTER的配置文件:
! Configuration File for keepalived
global_defs {
router_id LVS_7 # 要与备用机不同 不知道为什么
}
# 表示第一个实例
vrrp_instance VI_1 { # 主机与备用机要一样
state MASTER
interface eth0
virtual_router_id 55 # 主机与备用机要一样
priority 150 # 优先级 官方建议主与备之间最好相隔50
advert_int 1 # 表示1秒钟无心跳切换到备用
authentication {
auth_type PASS # 主机与备用机要一样
auth_pass 1111 # 主机与备用机要一样
}
virtual_ipaddress {
192.168.1.112/24 # vip
}
}
BACKUP的配置文件:
! Configuration File for keepalived
global_defs {
router_id LVS_2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.112/24
}
}
Keepalived多实例配置文件
互为主备(windows下用Beyond Compare 4比较可以直观看出)
! Configuration File for keepalived
global_defs {
notification_email {
49000448@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 10.0.0.1
smtp_connect_timeout 30
router_id LVS_1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.136/24
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.140/24
}
}
! Configuration File for keepalived
global_defs {
notification_email {
49000448@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 10.0.0.1
smtp_connect_timeout 30
router_id LVS_2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.136/24
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.140/24
}
}
Keepalived与LVS
keepalived起初是为了LVS而开发的,所以对lvs有很好的支持。只需要做下面四步骤即可搭建
keepalived+lvs
-
在LB上做
IP绑定绑定
VIP,暴露给外部(网卡名可能不同)
ifconfig eth0:0 10.0.0.8/24- 在RS
设置
VIP地址,该IP地址绑定在环回网卡上,不会对外暴露ifconfig lo:0 10.0.0.8/32 up(注意子网掩码的特殊)- 对
RS回环网卡上的VIP做ARP抑制
[root@Meo ~]#echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@Meo ~]#echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@Meo ~]#echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@Meo ~]#echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
4. 在keepalived配置文件中增加LVS配置
# 配置一个LB实例
virtual_server 10.0.0.8 80 {
delay_loop 6
lb_algo wrr # 轮训模式
lb_kind DR # lvs模式
persistence_timeout 30 # 会话保持
protocol TCP # tcp健康检查
# 上续相当于 ipvsadm -A -t 10.0.0.29:80 -s wrr -p 20
# 配置一个RS
real_server 10.0.0.9 80 {
weight 1 # 权重
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
connect_port 80
}
}
}
# 上续相当于
# ipvsadm -a -t 10.0.0.8:80 -r 10.0.0.9:80 -g -w 1
ARP协议简介
ARP虽然工作在二层协议,但是数据三层协议
ARP 中文:地址解析协议
作用:实现通过IP地址获得对应主机的物理地址(MAC地址)
条件:ARP协议要求通信的主机双方必须在同一物理网段(既局域网环境)
ARP协议的运作过程:
1. 主机10.0.0.1想发数据到主机10.0.0.2,会先检查缓存(ARP表),发现没有0.2的MAC地址
2. 10.0.0.1发送ARP广播(我想要0.2的MAC地址)
3. 局域网内所有主机都接受到0.1的广播,但只有0.2给他一个单播回复,并缓存0.1的MAC地址
4. 主机0.1将0.2的MAC地址保存到缓存中,发送数据
网友评论