实践单组KeeAlived各抢占模式和单播配置
实验内容: 1.单组KeeAlived 2.抢占模式、非抢占模式、抢占延迟模式 3.VIP单播配置 CIP:192.168.10.50 gateway:192.168.10.2 KA1:DIP:192.168.80.100 gateway:192.168.80.2 master KA2: RIP:192.168.80.110 gateway:192.168.80.2 backup
MASTER配置
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id localhost7A
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance zzhz {
state MASTER
interface eth0
virtual_router_id 51
priority 95
advert_int 2
authentication {
auth_type PASS
auth_pass centos
}
virtual_ipaddress {
192.168.80.222/24 dev eth0 label eth0:1
}
}
#从主机配置文件和master基本一致,只需修改四行
global_defs {
notification_email {
root@localhost
}
notification_email_from zzhz@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id localhost7B #
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance zzhz {
state BACKUP #
interface eth0
virtual_router_id 51 #
priority 80 #
advert_int 2
authentication {
auth_type PASS
auth_pass centos
}
virtual_ipaddress {
192.168.80.222/24 dev eth0 label eth0:1
}
}
3.抓包观察测试 tcpdump -i eth0 -nn host 224.0.0.18 20:49:17.610250 IP 192.168.80.100 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 0, authtype simple, intvl 2s, length 20 [root@localhost7A ~]# systemctl stop keepalived.service #停止服务器 20:49:30.330979 IP 192.168.80.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 80, authtype simple, intvl 2s, length 20 #backup变主 [root@localhost7A ~]# systemctl start keepalived.service # 重启服务:抢占模式 20:49:30.331286 IP 192.168.80.100 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 95, authtype simple, intvl 2s, length 20
抢占模式和非抢占模式
默认为抢占模式,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,造成网络抖动,
建议设置为非抢占模式 nopreempt ,即高优级主机恢复后,并不会抢占低优先级主机的master角色
注意:要关闭 VIP抢占,必须将各 keepalived 服务器state配置为BACKUP
vrrp_instance zzhz {
state BACKUP #都为BACKUP
interface eth0
virtual_router_id 51
priority 95
advert_int 2
nopreempt #添加此行,都为nopreempt
vrrp_instance zzhz {
state BACKUP #都为BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 2
nopreempt #添加此行,都为nopreempt
测试:
21:05:43.384531 IP 192.168.80.100 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 95, authtype simple, intvl 2s, length 20
[root@localhost7A ~]# systemctl stop keepalived.service
21:05:44.420620 IP 192.168.80.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 80, authtype simple, intvl 2s, length 20
[root@localhost7A ~]# systemctl restart keepalived.service
21:05:44.420620 IP 192.168.80.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 80, authtype simple, intvl 2s, length 20 后面没有抢回
抢占延迟模式
抢占延迟模式,即优先级高的主机恢复后,不会立即抢回VIP,而是延迟一段时间(默认300s)再抢回 VIP
preempt_delay #s 指定抢占延迟时间为#s,默认延迟300s
注意:需要各keepalived服务器state为BACKUP,一般设置在priority比较高vrrp_instance中,与nopreempt选项互斥。
vrrp_instance zzhz {
state BACKUP #都为BACKUP,(测试中发现可设置为master)
interface eth0
virtual_router_id 51
priority 95
advert_int 2
preempt_delay 15s #抢占延迟模式,默认延迟300s
vrrp_instance zzhz {
state BACKUP #都为BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 2
测试
21:17:29.095281 IP 192.168.80.100 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 95, authtype simple, intvl 2s, length 20
[root@localhost7A ~]# systemctl stop keepalived.service
21:18:28.841600 IP 192.168.80.110 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 80, authtype simple, intvl 2s, length 20
[root@localhost7A ~]# systemctl restart keepalived.service #15秒后抢占
21:18:28.841607 IP 192.168.80.100 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 95, authtype simple, intvl 2s, length 20
VIP单播配置
默认keepalived主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量
注意:启用单播,不能启用 vrrp_strict(vrrp_strict这个默认是启用)
参数说明 vrrp_strict #严格遵守VRRP协议,禁止以下状况:1.无VIP地址 2.配置了单播(unicast选择) 3.在VRRP版本2中有IPv6地址,开启动此项会自动开启iptables防火墙规则,建议关闭此项配置,
#分别在各个keepalived 节点设置对方主机的IP,建议设置为专用于对应心跳线网络的地址,而非使用业务网络
unicast_src_ip <IPADDR> #指定单播的源IP,指本机地址。
unicast_peer {
<IPADDR> #指定单播的对方目标主机IP
...... #多个keepalived时要写上所有的地址
}
cat /etc/keepalive/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id localhost7A
vrrp_iptables
#vrrp_strict #重点
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance zzhz {
state MASTER
interface eth0
virtual_router_id 51
priority 95
advert_int 2
authentication {
auth_type PASS
auth_pass centos
}
virtual_ipaddress {
192.168.80.222/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.80.100 #单播设置
unicast_peer {
192.168.80.110
}
}
测试:
[root@localhost7A ~]# tcpdump -i eth0 -nn host 192.168.80.100 and host 192.168.80.110
10:45:25.184343 IP 192.168.80.100 > 192.168.80.110: VRRPv2, Advertisement, vrid 51, prio 90, authtype simple, intvl 2s, length 20
10:45:25.184380 IP 192.168.80.110 > 192.168.80.100: ICMP 192.168.80.110 protocol 112 unreachable, length 48
浙公网安备 33010602011771号