Loading... <p> <span style="font-size: 18px"> 实验环境拓扑图:</span></p> <p><span style="font-size: 18px"> 备注:内网段使用192.168.91.0/24 网段模拟。外网使用192.168.23.0/24网段模拟</span></p> <p><span style="font-size: 18px"><br /></span></p> <p><img src="//cto.wang/usr/uploads/2016/07/20160703161319-52.png" title="1457688473128598.png" alt="blob.png" /></p> <p><span style="font-size: 18px">1、两节点上关闭防火墙和selinux。</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# systemctl stop firewalld #关闭防火墙</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# systemctl disable firewalld #关闭防火墙自动启动</span></p> <p><span style="font-size: 18px">#如果不想关闭防火墙就需要开放组播地址224.0.0.18.两个节点之间的是通过这个组播地址发送VRRP相关信息,主要是节点心跳、优先级等信息</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# systemctl list-unit-files | grep firewalld #验证是否关闭自动启动。disabled为关闭</span></p> <p><span style="font-size: 18px">firewalld.service disabled</span></p> <p><span style="font-size: 18px">#关闭selinux。这个不关闭有可能无法启动keepalived的服务,目前还没有找到解决方案</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# setenforce 0 # 临时关闭</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# vim /etc/selinux/config #永久关闭。disabled为关闭。需要重启系统才能生效</span></p> <p><span style="font-size: 18px">SELINUX=disabled</span></p> <p><span style="font-size: 18px">2、两节点上的时间必须同步。</span></p> <p><span style="font-size: 18px">centos 7 上使用chrony 这个软件实现时间同步,和ntp 类似,据说功能比ntp强大。安装上这个软件即可实现同步,不需要进行额外的配置。</span></p> <p><span style="font-size: 18px"><span style="font-size: 18px">[root@node1 keepalived]# yum -y install chrony #两个节点上都安装上如果不能上互联网需要配置/etc/chrony.conf,将NTP服务器域名或IP地址加入此文件中</span></span></p> <p><span style="font-size: 18px"><span style="font-size: 18px"><span style="font-size: 18px">[root@node1 keepalived]# vim </span>/etc/chrony.conf</span></span></p> <p><span style="font-size:18px">不能上互联网需要将这四行注释,其实不注释也是可以的,只要将内网NTP服务器加到第一条即可</span></p> <p><span style="font-size:18px">server ntp.centos7.cn #NTP 服务器的域名:ntp.centos7.cn 可以解析此域名</span></p> <p><span style="font-size:18px">#</span>server 0.centos.pool.ntp.org iburst</p> <p>#server 1.centos.pool.ntp.org iburst</p> <p>#server 2.centos.pool.ntp.org iburst</p> <p>#server 3.centos.pool.ntp.org iburst</p> <p><span style="font-size: 18px">[root@node1 keepalived]# date;ssh node2 'date'</span></p> <p><span style="font-size: 18px">Thu Mar 3 17:55:31 CST 2016</span></p> <p><span style="font-size: 18px">Thu Mar 3 17:55:32 CST 2016</span></p> <p><span style="font-size: 18px">3、两节点之间ssh通过使用密钥访问</span></p> <p><span style="font-size: 18px">#生成公/私钥对。</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# ssh-keygen #敲两下回车。公/似钥存储的目录/root/.ssh/</span></p> <p><span style="font-size: 18px">#将node1 生成的公钥信息传递到node2 /root/.ssh/目录</span></p> <p><span style="font-size: 18px">[root@node1 .ssh]# cp id_rsa.pub root@node2:/root/.ssh/id_rsa.pub </span></p> <p><span style="font-size: 18px">#在node2 上将node1 的公钥导入到authorized_keys文件里。原/root/.ssh/目录下没有这个文件就会新建这个文件,有的话就会继续向里面附加内容</span></p> <p><span style="font-size: 18px">[root@node2 .ssh]# cat id_rsa.pub >>authorized_keys</span></p> <p><span style="font-size: 18px">在node2 节点上删除node1 的公钥</span></p> <p><span style="font-size: 18px">[root@node1 .ssh]# rm -f id_rsa.pub</span></p> <p><span style="font-size: 18px">node2 也需要生成公/私钥对,将复制到node1 /root/.ssh/目录下,并将其导入authorized_keys,然后删除node2 的公钥文件</span></p> <p><span style="font-size: 18px">4、两个节点上配置host文件,让两个节点能通过主机名进行通讯.编辑/etc/hosts文件。加如下内容:</span></p> <p><span style="font-size: 18px">192.168.91.129 centos7.cn node1</span></p> <p><span style="font-size: 18px">192.168.91.130 centos7.cn node2</span></p> <p><span style="font-size: 18px">5、两个节点上开启路由转发功能</span></p> <p><span style="font-size: 18px">vim /etc/sysctl.conf</span></p> <p><span style="font-size: 18px">net.ipv4.ip_forward=1</span></p> <p><span style="font-size: 18px">[root@node1 ~]# sysctl -p</span></p> <p><span style="font-size: 18px">net.ipv4.ip_forward = 1</span></p> <p><span style="font-size: 18px">确认路由转发功能是否开启。1为开启</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# cat /proc/sys/net/ipv4/ip_forward</span></p> <p><span style="font-size: 18px">1</span></p> <p></p> <p></p> <p><span style="font-size: 18px">6、在两个节点上安装keepalived 和ipvsadm(这个不是必须的,安装了便于查看LVS的相关信息)</span></p> <p><span style="font-size: 18px">yum -y install keepalived ipvsadm;ssh node2 'yum -y install keepalived ipvsadm'</span></p> <p><span style="font-size: 18px">node1 节点上keepalived.conf 配置文件</span></p> <p><span style="font-size: 18px">global_defs </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> notification_email </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>root@localhost</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> notification_email_from Alexandre.Cassen@firewall.loc</span></p> <p><span style="font-size: 18px"> smtp_server 127.0.0.1</span></p> <p><span style="font-size: 18px"> smtp_connect_timeout 30</span></p> <p><span style="font-size: 18px"> router_id LVS_MASTER</span></p> <p><span style="font-size: 18px">} </span></p> <p><span style="font-size: 18px">vrrp_instance VI_1 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> state MASTER</span></p> <p><span style="font-size: 18px"> interface eno16777736</span></p> <p><span style="font-size: 18px"> virtual_router_id 51</span></p> <p><span style="font-size: 18px"> priority 100</span></p> <p><span style="font-size: 18px"> advert_int 1</span></p> <p><span style="font-size: 18px"> authentication </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> auth_type PASS</span></p> <p><span style="font-size: 18px"> auth_pass abbac1e595fe</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_ipaddress </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> 192.168.91.15/32 dev eno16777736 label eno16777736:0</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_routes </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>192.168.91.15/32 dev eno16777736:0</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">vrrp_instance VI_2 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> state BACKUP</span></p> <p><span style="font-size: 18px"> interface eno16777736</span></p> <p><span style="font-size: 18px"> virtual_router_id 52</span></p> <p><span style="font-size: 18px"> priority 99</span></p> <p><span style="font-size: 18px"> advert_int 1</span></p> <p><span style="font-size: 18px"> authentication </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> auth_type PASS</span></p> <p><span style="font-size: 18px"> auth_pass 1e67cca200cf</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_ipaddress </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> 192.168.91.16/32 dev eno16777736 label eno16777736:1</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_routes </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>192.168.91.16/32 dev eno16777736:1</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">vrrp_instance VI_3 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> state MASTER</span></p> <p><span style="font-size: 18px"> interface eno33554984</span></p> <p><span style="font-size: 18px"> virtual_router_id 53</span></p> <p><span style="font-size: 18px"> priority 100</span></p> <p><span style="font-size: 18px"> advert_int 1</span></p> <p><span style="font-size: 18px"> authentication </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> auth_type PASS</span></p> <p><span style="font-size: 18px"> auth_pass e027a03bcd81</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_ipaddress </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> 192.168.23.15/32 dev eno33554984 label eno33554984:0</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_routes </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>192.168.23.15/32 dev eno33554984:0</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">vrrp_instance VI_4 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> state BACKUP</span></p> <p><span style="font-size: 18px"> interface eno33554984</span></p> <p><span style="font-size: 18px"> virtual_router_id 54</span></p> <p><span style="font-size: 18px"> priority 99</span></p> <p><span style="font-size: 18px"> advert_int 1</span></p> <p><span style="font-size: 18px"> authentication </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> auth_type PASS</span></p> <p><span style="font-size: 18px"> auth_pass f03c1c91c7fc</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_ipaddress </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> 192.168.23.14/32 dev eno33554984 label eno33554984:1</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_routes </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>192.168.23.14/32 dev eno33554984:1</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">virtual_server 192.168.91.15 80 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> delay_loop 6</span></p> <p><span style="font-size: 18px"> lb_algo wrr</span></p> <p><span style="font-size: 18px"> lb_kind NAT</span></p> <p><span style="font-size: 18px"> protocol TCP</span></p> <p><span style="font-size: 18px"> real_server 192.168.23.16 80 </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> weight 6</span></p> <p><span style="font-size: 18px"> HTTP_GET </span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> url </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span> <span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>path /</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>status_code 200</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>}<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> connect_timeout 3</span></p> <p><span style="font-size: 18px"> nb_get_retry 3</span></p> <p><span style="font-size: 18px"> delay_before_retry 3</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> real_server 192.168.23.18 80 </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> weight 3</span></p> <p><span style="font-size: 18px"> HTTP_GET </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> url </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>path /</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>status_code 200</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span> }<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> connect_timeout 3</span></p> <p><span style="font-size: 18px"> nb_get_retry 3</span></p> <p><span style="font-size: 18px"> delay_before_retry 3</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>}<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">virtual_server 192.168.91.16 80 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> delay_loop 6</span></p> <p><span style="font-size: 18px"> lb_algo wrr</span></p> <p><span style="font-size: 18px"> lb_kind NAT</span></p> <p><span style="font-size: 18px"> protocol TCP</span></p> <p><span style="font-size: 18px"> real_server 192.168.23.19 80 </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> weight 6</span></p> <p><span style="font-size: 18px"> HTTP_GET </span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> url </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span> {</span></p> <p><span style="font-size: 18px"> path /</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span> status_code 200</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span> }<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> connect_timeout 3</span></p> <p><span style="font-size: 18px"> nb_get_retry 3</span></p> <p><span style="font-size: 18px"> delay_before_retry 3</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> real_server 192.168.23.17 80 </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> weight 3</span></p> <p><span style="font-size: 18px"> HTTP_GET </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> url </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>path /</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span> status_code 200</span></p> <p><span style="font-size: 18px"> }<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> connect_timeout 3</span></p> <p><span style="font-size: 18px"> nb_get_retry 3</span></p> <p><span style="font-size: 18px"> delay_before_retry 3</span></p> <p><span style="font-size: 18px"> }<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# systemctl start keepalived #启动keepalived服务</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# systemctl enable keepalived # 开机自动启动keepalived服务</span></p> <p><span style="font-size: 18px">Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# systemctl list-unit-files | grep keepalived #验证开机是否自动启动keepalived服务</span></p> <p><span style="font-size: 18px">keepalived.service enabled </span></p> <p><span style="font-size: 18px">node1 ipvs相关信息</span></p> <p><span style="font-size: 18px">[root@node1 ~]# ipvsadm -Ln</span></p> <p><span style="font-size: 18px">IP Virtual Server version 1.2.1 (size=4096)</span></p> <p><span style="font-size: 18px">Prot LocalAddress:Port Scheduler Flags</span></p> <p><span style="font-size: 18px"> -> RemoteAddress:Port Forward Weight ActiveConn InActConn</span></p> <p><span style="font-size: 18px">TCP 192.168.91.15:80 wrr</span></p> <p><span style="font-size: 18px"> -> 192.168.23.16:80 Masq 6 0 0 </span></p> <p><span style="font-size: 18px"> -> 192.168.23.18:80 Masq 3 0 0 </span></p> <p><span style="font-size: 18px">TCP 192.168.91.16:80 wrr</span></p> <p><span style="font-size: 18px"> -> 192.168.23.19:80 Masq 6 0 0 </span></p> <p><span style="font-size: 18px"> -> 192.168.23.17:80 Masq 3 0 0 </span></p> <p><span style="font-size: 18px">node1 IP地址信息</span></p> <p><span style="font-size: 18px">[root@node1 keepalived]# ifconfig</span></p> <p><span style="font-size: 18px">eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span></p> <p><span style="font-size: 18px"> inet 192.168.91.129 netmask 255.255.255.0 broadcast 192.168.91.255</span></p> <p><span style="font-size: 18px"> inet6 fe80::20c:29ff:fec1:fe33 prefixlen 64 scopeid 0x20<link></span></p> <p><span style="font-size: 18px"> ether 00:0c:29:c1:fe:33 txqueuelen 1000 (Ethernet)</span></p> <p><span style="font-size: 18px"> RX packets 31637 bytes 5942061 (5.6 MiB)</span></p> <p><span style="font-size: 18px"> RX errors 0 dropped 0 overruns 0 frame 0</span></p> <p><span style="font-size: 18px"> TX packets 30175 bytes 2627032 (2.5 MiB)</span></p> <p><span style="font-size: 18px"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span></p> <p></p> <p><span style="font-size: 18px">eno16777736:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span></p> <p><span style="font-size: 18px"> inet 192.168.91.15 netmask 255.255.255.255 broadcast 0.0.0.0</span></p> <p><span style="font-size: 18px"> ether 00:0c:29:c1:fe:33 txqueuelen 1000 (Ethernet)</span></p> <p></p> <p><span style="font-size: 18px">eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span></p> <p><span style="font-size: 18px"> inet 192.168.23.11 netmask 255.255.255.0 broadcast 192.168.23.255</span></p> <p><span style="font-size: 18px"> inet6 fe80::20c:29ff:fec1:fe3d prefixlen 64 scopeid 0x20<link></span></p> <p><span style="font-size: 18px"> ether 00:0c:29:c1:fe:3d txqueuelen 1000 (Ethernet)</span></p> <p><span style="font-size: 18px"> RX packets 63347 bytes 8511811 (8.1 MiB)</span></p> <p><span style="font-size: 18px"> RX errors 0 dropped 0 overruns 0 frame 0</span></p> <p><span style="font-size: 18px"> TX packets 81785 bytes 6504879 (6.2 MiB)</span></p> <p><span style="font-size: 18px"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span></p> <p></p> <p><span style="font-size: 18px">eno33554984:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span></p> <p><span style="font-size: 18px"> inet 192.168.23.15 netmask 255.255.255.255 broadcast 0.0.0.0</span></p> <p><span style="font-size: 18px"> ether 00:0c:29:c1:fe:3d txqueuelen 1000 (Ethernet)</span></p> <p></p> <p><span style="font-size: 18px">lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536</span></p> <p><span style="font-size: 18px"> inet 127.0.0.1 netmask 255.0.0.0</span></p> <p><span style="font-size: 18px"> inet6 ::1 prefixlen 128 scopeid 0x10<host></span></p> <p><span style="font-size: 18px"> loop txqueuelen 0 (Local Loopback)</span></p> <p><span style="font-size: 18px"> RX packets 146 bytes 10759 (10.5 KiB)</span></p> <p><span style="font-size: 18px"> RX errors 0 dropped 0 overruns 0 frame 0</span></p> <p><span style="font-size: 18px"> TX packets 146 bytes 10759 (10.5 KiB)</span></p> <p><span style="font-size: 18px"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span></p> <p><span style="font-size: 18px">node2 节点上keepalived.conf 配置文件</span></p> <p></p> <p><span style="font-size: 18px">global_defs </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> notification_email </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>root@localhost</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> notification_email_from Alexandre.Cassen@firewall.loc</span></p> <p><span style="font-size: 18px"> smtp_server 127.0.0.1</span></p> <p><span style="font-size: 18px"> smtp_connect_timeout 30</span></p> <p><span style="font-size: 18px"> router_id LVS_BACKUP</span></p> <p><span style="font-size: 18px">} </span></p> <p><span style="font-size: 18px">vrrp_instance VI_1 {</span></p> <p><span style="font-size: 18px"> state BACKUP</span></p> <p><span style="font-size: 18px"> interface eno16777736</span></p> <p><span style="font-size: 18px"> virtual_router_id 51</span></p> <p><span style="font-size: 18px"> priority 99</span></p> <p><span style="font-size: 18px"> advert_int 1</span></p> <p><span style="font-size: 18px"> authentication </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> auth_type PASS</span></p> <p><span style="font-size: 18px"> auth_pass abbac1e595fe</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_ipaddress </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> 192.168.91.15/32 dev eno16777736 label eno16777736:0</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_routes </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>192.168.91.15/32 dev eno16777736:0</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">vrrp_instance VI_2 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> state MASTER</span></p> <p><span style="font-size: 18px"> interface eno16777736</span></p> <p><span style="font-size: 18px"> virtual_router_id 52</span></p> <p><span style="font-size: 18px"> priority 100</span></p> <p><span style="font-size: 18px"> advert_int 1</span></p> <p><span style="font-size: 18px"> authentication </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> auth_type PASS</span></p> <p><span style="font-size: 18px"> auth_pass 1e67cca200cf</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_ipaddress </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> 192.168.91.16/32 dev eno16777736 label eno16777736:1</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_routes </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>192.168.91.16/32 dev eno16777736:1</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">vrrp_instance VI_3 {</span></p> <p><span style="font-size: 18px"> state BACKUP</span></p> <p><span style="font-size: 18px"> interface eno33554984</span></p> <p><span style="font-size: 18px"> virtual_router_id 53</span></p> <p><span style="font-size: 18px"> priority 99</span></p> <p><span style="font-size: 18px"> advert_int 1</span></p> <p><span style="font-size: 18px"> authentication </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> auth_type PASS</span></p> <p><span style="font-size: 18px"> auth_pass e027a03bcd81</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_ipaddress</span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> 192.168.23.15/32 dev eno33554984 label eno33554984:0</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_routes </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>192.168.23.15/32 dev eno33554984:0</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">vrrp_instance VI_4 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> state MASTER</span></p> <p><span style="font-size: 18px"> interface eno33554984</span></p> <p><span style="font-size: 18px"> virtual_router_id 54</span></p> <p><span style="font-size: 18px"> priority 100</span></p> <p><span style="font-size: 18px"> advert_int 1</span></p> <p><span style="font-size: 18px"> authentication </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> auth_type PASS</span></p> <p><span style="font-size: 18px"> auth_pass f03c1c91c7fc</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_ipaddress </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> 192.168.23.14/32 dev eno33554984 label eno33554984:1</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> virtual_routes </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>192.168.23.14/32 dev eno33554984:1</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">virtual_server 192.168.91.15 80 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> delay_loop 6</span></p> <p><span style="font-size: 18px"> lb_algo wrr</span></p> <p><span style="font-size: 18px"> lb_kind NAT</span></p> <p><span style="font-size: 18px"> protocol TCP</span></p> <p><span style="font-size: 18px"> real_server 192.168.23.16 80 </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> weight 6</span></p> <p><span style="font-size: 18px"> HTTP_GET </span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> url </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span> {</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>path /</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>status_code 200</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>}<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> connect_timeout 3</span></p> <p><span style="font-size: 18px"> nb_get_retry 3</span></p> <p><span style="font-size: 18px"> delay_before_retry 3</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> real_server 192.168.23.18 80 </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> weight 3</span></p> <p><span style="font-size: 18px"> HTTP_GET </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>url </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>path /</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>status_code 200</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>}<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>connect_timeout 3</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>nb_get_retry 3</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>delay_before_retry 3</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>}<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">virtual_server 192.168.91.16 80 </span></p> <p><span style="font-size: 18px">{</span></p> <p><span style="font-size: 18px"> delay_loop 6</span></p> <p><span style="font-size: 18px"> lb_algo wrr</span></p> <p><span style="font-size: 18px"> lb_kind NAT</span></p> <p><span style="font-size: 18px"> protocol TCP</span></p> <p><span style="font-size: 18px"> real_server 192.168.23.19 80 </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> weight 6</span></p> <p><span style="font-size: 18px"> HTTP_GET </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> url </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span> {</span></p> <p><span style="font-size: 18px"> path /</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>status_code 200</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>}<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> connect_timeout 3</span></p> <p><span style="font-size: 18px"> nb_get_retry 3</span></p> <p><span style="font-size: 18px"> delay_before_retry 3</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px"> real_server 192.168.23.17 80 </span></p> <p><span style="font-size: 18px"> {</span></p> <p><span style="font-size: 18px"> weight 3</span></p> <p><span style="font-size: 18px"> HTTP_GET </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> url </span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>{</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>path /</span></p> <p><span style="font-size: 18px"><span class="Apple-tab-span" style="font-size: 18px"> </span>status_code 200</span></p> <p><span style="font-size: 18px"> }<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> connect_timeout 3</span></p> <p><span style="font-size: 18px"> nb_get_retry 3</span></p> <p><span style="font-size: 18px"> delay_before_retry 3</span></p> <p><span style="font-size: 18px"> <span class="Apple-tab-span" style="font-size: 18px"> </span>}<span class="Apple-tab-span" style="font-size: 18px"> </span></span></p> <p><span style="font-size: 18px"> }</span></p> <p><span style="font-size: 18px">}</span></p> <p><span style="font-size: 18px">[root@node2 keepalived]# ifconfig</span></p> <p><span style="font-size: 18px">eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span></p> <p><span style="font-size: 18px"> inet 192.168.91.130 netmask 255.255.255.0 broadcast 192.168.91.255</span></p> <p><span style="font-size: 18px"> inet6 fe80::20c:29ff:fe2b:9929 prefixlen 64 scopeid 0x20<link></span></p> <p><span style="font-size: 18px"> ether 00:0c:29:2b:99:29 txqueuelen 1000 (Ethernet)</span></p> <p><span style="font-size: 18px"> RX packets 34791 bytes 10658056 (10.1 MiB)</span></p> <p><span style="font-size: 18px"> RX errors 0 dropped 0 overruns 0 frame 0</span></p> <p><span style="font-size: 18px"> TX packets 28618 bytes 2324860 (2.2 MiB)</span></p> <p><span style="font-size: 18px"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span></p> <p></p> <p><span style="font-size: 18px">eno16777736:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span></p> <p><span style="font-size: 18px"> inet 192.168.91.16 netmask 255.255.255.255 broadcast 0.0.0.0</span></p> <p><span style="font-size: 18px"> ether 00:0c:29:2b:99:29 txqueuelen 1000 (Ethernet)</span></p> <p></p> <p><span style="font-size: 18px">eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span></p> <p><span style="font-size: 18px"> inet 192.168.23.12 netmask 255.255.255.0 broadcast 192.168.23.255</span></p> <p><span style="font-size: 18px"> inet6 fe80::20c:29ff:fe2b:9933 prefixlen 64 scopeid 0x20<link></span></p> <p><span style="font-size: 18px"> ether 00:0c:29:2b:99:33 txqueuelen 1000 (Ethernet)</span></p> <p><span style="font-size: 18px"> RX packets 66429 bytes 8629069 (8.2 MiB)</span></p> <p><span style="font-size: 18px"> RX errors 0 dropped 0 overruns 0 frame 0</span></p> <p><span style="font-size: 18px"> TX packets 86941 bytes 6784854 (6.4 MiB)</span></p> <p><span style="font-size: 18px"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span></p> <p></p> <p><span style="font-size: 18px">eno33554984:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span></p> <p><span style="font-size: 18px"> inet 192.168.23.14 netmask 255.255.255.255 broadcast 0.0.0.0</span></p> <p><span style="font-size: 18px"> ether 00:0c:29:2b:99:33 txqueuelen 1000 (Ethernet)</span></p> <p></p> <p><span style="font-size: 18px">lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536</span></p> <p><span style="font-size: 18px"> inet 127.0.0.1 netmask 255.0.0.0</span></p> <p><span style="font-size: 18px"> inet6 ::1 prefixlen 128 scopeid 0x10<host></span></p> <p><span style="font-size: 18px"> loop txqueuelen 0 (Local Loopback)</span></p> <p><span style="font-size: 18px"> RX packets 150 bytes 10963 (10.7 KiB)</span></p> <p><span style="font-size: 18px"> RX errors 0 dropped 0 overruns 0 frame 0</span></p> <p><span style="font-size: 18px"> TX packets 150 bytes 10963 (10.7 KiB)</span></p> <p><span style="font-size: 18px"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span></p> <p><span style="font-size: 18px">[root@node2 keepalived]# cat /proc/sys/net/ipv4/ip_forward</span></p> <p><span style="font-size: 18px">1</span></p> <p><span style="font-size: 18px"><br /></span></p> <p><span style="font-size: 18px">[root@node2 keepalived]# ipvsadm -Ln</span></p> <p><span style="font-size: 18px">IP Virtual Server version 1.2.1 (size=4096)</span></p> <p><span style="font-size: 18px">Prot LocalAddress:Port Scheduler Flags</span></p> <p><span style="font-size: 18px"> -> RemoteAddress:Port Forward Weight ActiveConn InActConn</span></p> <p><span style="font-size: 18px">TCP 192.168.91.15:80 wrr</span></p> <p><span style="font-size: 18px"> -> 192.168.23.16:80 Masq 6 0 0 </span></p> <p><span style="font-size: 18px"> -> 192.168.23.18:80 Masq 3 0 0 </span></p> <p><span style="font-size: 18px">TCP 192.168.91.16:80 wrr</span></p> <p><span style="font-size: 18px"> -> 192.168.23.16:80 Masq 6 0 0 </span></p> <p><span style="font-size: 18px"> -> 192.168.23.19:80 Masq 3 0 0 </span></p> <p></p> <p></p> <p><span style="font-size: 18px">Real Server 配置好IP地址。网段:192.168.23.0/24 尾数从16开始偶数的默认网关:192.168.23.15 ,尾数为奇数的默认网关:192.168.23.14</span></p> <p><span style="font-size: 18px">测试:客户端分别访问http://192.168.91.15 和 http://192.168.91.16 得到的结果是15为区域1的服务器 16为区域2的服务器</span></p> <p><span style="font-size: 18px">有没有更好的办法让内部Real Server 不分区,默认网关一样。</span></p> <p><span style="font-size: 18px"></span></p> <p>问题:客户端只能通过一个外网VIP1访问后端服务器的资源,另一个外网VIP2无法访问,原因在于后端服务器的默认网关只能配一个,默认网关IP地址只能</p> <p>配置在一台DR上的子接口,即内网VIP。所以采用了折衷的办法:将后端服务器划分成两个区域,网段一样,子网掩码一样,不一样的只是IP地址和</p> <p>默认网关不一样。使用两个外网VIP和两个内网VIP。不知道是否有更好的办法,</p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信