keepavlived
主机1
主机2
82节点
root@ubuntu:/etc/keepalived# systemctl start keepalived root@ubuntu:/etc/keepalived# cat keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc #smtp_server 192.168.200.1 #smtp_connect_timeout 30 router_id proxy1 } vrrp_script chk_nginx { script "/etc/keepalived/test.sh" interval 2 #健康检查周期 weight 20 #优先级变化幅度 fall 3 #判定服务异常的检查次数 rise 2 #判定服务正常的检查次数 } vrrp_instance VI_1 { state BACKUP interface enahisic2i0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.10.16.250 } track_script { chk_nginx } }
47节点
root@cloud:/etc/keepalived# cat keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc #smtp_server 192.168.200.1 #smtp_connect_timeout 30 router_id proxy1 } vrrp_script chk_nginx { script "/etc/keepalived/test.sh" interval 2 #健康检查周期 weight 20 #优先级变化幅度 fall 3 #判定服务异常的检查次数 rise 2 #判定服务正常的检查次数 } vrrp_instance VI_1 { state MASTER interface enahisic2i0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.10.16.250 } track_script { chk_nginx } }
测试
root@ubuntu:/etc/keepalived# cat test.sh #!/bin/bash count=`ps -ef|grep nginx|grep -v grep|wc -l` if [ $count -gt 0 ];then exit 0 else exit 1
vip 访问
vip的mac
81节点上
[root@bogon ~]# telnet 10.10.16.250 80 Trying 10.10.16.250... Connected to 10.10.16.250. Escape character is '^]'. ^CConnection closed by foreign host. [root@bogon ~]# arp -a | grep 10.10.16.250 c^C [root@bogon ~]# ip n | grep 10.10.16.250 10.10.16.250 dev enahisic2i0 lladdr 9c:52:f8:67:c4:d3 REACHABLE [root@bogon ~]#
enahisic2i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 9c:52:f8:67:c4:d3 brd ff:ff:ff:ff:ff:ff inet 10.10.16.47/24 brd 10.10.16.255 scope global enahisic2i0 valid_lft forever preferred_lft forever inet 10.10.16.250/32 scope global enahisic2i0 valid_lft forever preferred_lft forever inet6 fe80::9e52:f8ff:fe67:c4d3/64 scope link valid_lft forever preferred_lft forever
arp 请求
root@cloud:/etc/keepalived# tcpdump -i enahisic2i0 arp and host 10.10.16.250 -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes 19:08:38.946703 ARP, Request who-has 10.10.16.250 tell 10.10.16.81, length 46 19:08:38.946730 ARP, Reply 10.10.16.250 is-at 9c:52:f8:67:c4:d3, length 28
82节点
root@ubuntu:/etc/keepalived# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enahisic2i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 48:57:02:64:e7:ab brd ff:ff:ff:ff:ff:ff inet 10.10.16.82/24 scope global enahisic2i0 valid_lft forever preferred_lft forever inet6 fe80::4a57:2ff:fe64:e7ab/64 scope link valid_lft forever preferred_lft forever
47节点
root@cloud:/etc/keepalived# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enahisic2i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 9c:52:f8:67:c4:d3 brd ff:ff:ff:ff:ff:ff inet 10.10.16.47/24 brd 10.10.16.255 scope global enahisic2i0 valid_lft forever preferred_lft forever inet 10.10.16.250/32 scope global enahisic2i0 valid_lft forever preferred_lft forever inet6 fe80::9e52:f8ff:fe67:c4d3/64 scope link valid_lft forever preferred_lft forever
tcpdump http
tcdp dump vrrp 心跳报文
82节点
root@ubuntu:/etc/keepalived# tcpdump -i enahisic2i0 vrrp and host 10.10.16.47 -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes 18:08:29.012130 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:30.013590 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:31.013700 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:32.014860 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:33.014946 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:34.015034 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:35.017450 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:36.017537 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:37.017960 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:38.017715 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:39.018648 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:40.021260 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 18:08:41.021340 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 ^C 13 packets captured 15 packets received by filter 0 packets dropped by kernel
报文中有路由器id virtual_router_id 51
47节点
root@cloud:/etc/keepalived# tcpdump -i enahisic2i0 vrrp and host 10.10.16.47 -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes 19:03:34.241376 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 19:03:35.241471 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 19:03:36.241557 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 19:03:37.241642 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 19:03:38.241909 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 19:03:39.245319 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 19:03:40.245399 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 19:03:41.245481 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 19:03:42.245567 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 19:03:43.247954 IP 10.10.16.47 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 120, authtype simple, intvl 1s, length 20 ^C 10 packets captured 10 packets received by filter 0 packets dropped by kernel root@cloud:/etc/keepalived#
主备切换
1、当初始priority和weight如下,kill 47节点(初始化为master)的nginx不会发生主备切换
| node | weight | priority |
| 47 | 20 | 100 |
| 82 | 20 | 100 |
1、当初始priority和weight如下,kill 47节点(初始化为master)的nginx会发生主备切换
| node | weight | priority |
| 47 | 5 | 100 |
| 82 | 20 | 100 |
浙公网安备 33010602011771号