keepalived-双主机模式
keepalived-双主机模式:
说明:仅演示VIP地址流动
工作模式:主主模式-主/备(虚拟路由器1) 备/主(虚拟路由器2)
拓扑:
环境说明:
1、ka1和ka2分别是2台keepalived服务器
2、配置一个2主虚拟路由器,实现两个vrrp实例,互为主备
示例:双主机模式实现VIP地址流动
1、ka1 keepalived配置:
[root@lvs-ka1 keepalived]# yum install -y keepalived [root@lvs-ka1 keepalived]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@lvs.localdomain } notification_email_from keepaliced@lvs.localdomain smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.100.100.100 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 66 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 172.16.0.100/24 dev ens33 label ens33:1 } } vrrp_instance VI_2 { state BACKUP interface ens33 virtual_router_id 88 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 654321 } virtual_ipaddress { 172.16.0.200/24 dev ens33 label ens33:2 } } [root@lvs-ka1 ~]# cat /etc/hosts 10.0.0.125 ka1 10.0.0.126 ka2 [root@lvs-ka1 ~]# ssh-keygen [root@lvs-ka1 ~]# ssh-copy-id 10.0.0.126
2、ka2 keepalived配置:
[root@lvs-ka2 keepalived]# yum install -y keepalived [root@lvs-ka2 keepalived]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@lvs.localdomain } notification_email_from keepaliced@lvs.localdomain smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.100.100.100 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 66 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 172.16.0.100/24 dev ens33 label ens33:1 } } vrrp_instance VI_2 { state MASTER interface ens33 virtual_router_id 88 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 654321 } virtual_ipaddress { 172.16.0.200/24 dev ens33 label ens33:2 } } [root@lvs-ka2 ~]# cat /etc/hosts 10.0.0.125 ka1 10.0.0.126 ka2 [root@lvs-ka2 ~]# ssh-keygen [root@lvs-ka2 ~]# ssh-copy-id 10.0.0.125
3、验证:观察VIP的漂移
先启动ka1 keepalived服务:
此时ka1是VI_1实例的MASTER角色,VI_2实例的BACKUP角色,2个VIP都在ens33端口
[root@lvs-ka1 ~]# systemctl start keepalived [root@lvs-ka1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:31:8a:01 brd ff:ff:ff:ff:ff:ff inet 10.0.0.125/24 brd 10.0.0.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 172.16.0.100/24 scope global ens33:1 valid_lft forever preferred_lft forever inet 172.16.0.200/24 scope global secondary ens33:2 valid_lft forever preferred_lft forever
再启动ka2 keepalived服务:
此时ka2是VI_1实例的BACKUP角色,VI_2实例的MASTER角色,默认抢占模式,ka2从ka1把VI_2实例的VIP抢占过来,绑定到自己ens33端口
[root@lvs-ka2 ~]# systemctl start keepalived 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:34:07:10 brd ff:ff:ff:ff:ff:ff inet 10.0.0.126/24 brd 10.0.0.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 172.16.0.200/24 scope global ens33:2 valid_lft forever preferred_lft forever [root@lvs-ka1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:31:8a:01 brd ff:ff:ff:ff:ff:ff inet 10.0.0.125/24 brd 10.0.0.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 172.16.0.100/24 scope global ens33:1 valid_lft forever preferred_lft forever
keepalived vrrp组播宣告情况:
[root@rs2 ~]# tcpdump -i ens33 -nn host 224.100.100.100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 17:01:51.678446 IP 10.0.0.126 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20 17:01:51.949584 IP 10.0.0.125 > 224.100.100.100: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20 17:01:52.680117 IP 10.0.0.126 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20 17:01:52.950496 IP 10.0.0.125 > 224.100.100.100: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
浙公网安备 33010602011771号