最近正在做IBM Cloud VPC的迁移方案,需要做数据库和服务器的高可用设计。在IBM Cloud经典网络和传统数据中心经常使用的Portable IP(VIP)漂移方案在VPC中无法完全套用。通过对自定义路由的研究,发现可通过这一功能,实现类似MySQL MHA的HA改造。
首先看一下我在VPC中定义的三个地址前缀:
创建两台准备作为数据库集群的服务器如下:
- 服务器-A (10.0.0.7)
- 服务器-B (10.1.0.7)
一般可先通过(192.168.10.10)访问,这样访问服务器的时候就可以在IP地址级别进行故障转移,即使Sever-A出现故障,这个VIP也会被发送到另一个Zone的Server-B。注意,此 192.168.10.10 是未在 VPC 中的前缀级别定义的 IP 地址。
Server-A正常时(访问192.168.10.10转发到10.0.0.7)
如果 Server-A 出现故障(对 192.168.10.10 的访问被转发到 10.1.0.7)
接下来我们看一下这个方案如何实现。
首先进入VPC 路由表菜单,也可以通过连接访问: https://cloud.ibm.com/vpc-ext/network/routingTables
会出现一个 Egress(出口)类型的默认路由表,然后编辑此表。
配置数据包的目标地址192.168.10.10/32和下一跳10.0.0.7
在上面的例子中,这条路线只适用于tokyo1,所以也可以再创建适用于tokyo2和tokyo3规则。结果如下:
对于egress自定义路由,添加目的路由时,必须选择zone,但下一跳不一定在同一个zone,ingress自定义路由,下一跳必须在同一个zone。
在此状态下,来自此 VPC 中任何服务器的发往 192.168.10.10 的数据包将
访问原服务器-> Implicit Router -> Server-A(10.0.0.7)Ping结果
从 VPC 中的任何服务器 Ping
[root@dtest1 ~]# ping -c 5 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
--- 192.168.10.10 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms服务器-A 上的 Tcpdump
[root@den-1 ~]# tcpdump -i any icmp -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
12:41:36.325823 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 14098, seq 1, length 64
12:41:37.325652 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 14098, seq 2, length 64
12:41:38.325496 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 14098, seq 3, length 64
12:41:39.325578 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 14098, seq 4, length 64
12:41:40.325665 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 14098, seq 5, length 64通过上面的截图中的测试,发现虽然服务器-A收到ping,但是调用的服务器看上去没有成功,丢包率100%。所以接下来我们需要解决这个问题,分两步完成。
第一步:我们先将路由规则中定义的VIP指定到两台需要做集群的服务器的网卡上,比如eth0,可以通过ip命令临时分配(服务器重启后会消失)。如果需要设置永久VIP,CentOS可以到/etc/sysconfig/network-scripts,修改文件:ifcfg-eth0,在最后添加配置信息如下:
IPADDR1=192.168.10.10
PREFIX1=32由于本文是测试目的,接下来添加临时IP。
服务器-A
[root@den-1 ~]# ip a list eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:00:04:25:69:b1 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/27 brd 10.0.0.31 scope global noprefixroute dynamic eth0
valid_lft 278sec preferred_lft 278sec
[root@den-1 ~]# ip a add 192.168.10.10 dev eth0
[root@den-1 ~]# ip a list eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:00:04:25:69:b1 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/27 brd 10.0.0.31 scope global noprefixroute dynamic eth0
valid_lft 266sec preferred_lft 266sec
inet 192.168.10.10/32 scope global eth0
valid_lft forever preferred_lft forever服务器-B
[root@den-2 ~]# ip a list eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:00:04:25:10:a8 brd ff:ff:ff:ff:ff:ff
inet 10.1.0.7/27 brd 10.1.0.31 scope global noprefixroute dynamic eth0
valid_lft 234sec preferred_lft 234sec
[root@den-2 ~]# ip a add 192.168.10.10 dev eth0
[root@den-2 ~]# ip a list eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:00:04:25:10:a8 brd ff:ff:ff:ff:ff:ff
inet 10.1.0.7/27 brd 10.1.0.31 scope global noprefixroute dynamic eth0
valid_lft 223sec preferred_lft 223sec
inet 192.168.10.10/32 scope global eth0
valid_lft forever preferred_lft forever第二步:开启伪IP(IP Spoofing),因为Server-A 和Server-B 返回的数据包是源为192.168.10.10 的数据包,该数据包原本不属于自己。
分别进入服务器-A和服务器-B,然后查看网络接口,并编辑上一步添加IP的eth0。
滑动允许IP电子欺骗为“开启”,然后保存设置。
然后可以进入服务器-A和服务器-B,看到已开启。
然后我们继续刚才的ping测试,测试前需要确保3个Zone的子网直接ACL已经打通,安全组也允许通信。
在默认状态下,来自该 VPC 中任何服务器的发往 192.168.10.10 的数据包将
访问原服务器-> Implicit Router -> Server-A(10.0.0.7)可以看到ping的结果:
[root@dtest1 ~]# ping -c 5 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=57 time=1.44 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=57 time=1.44 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=57 time=1.43 ms
64 bytes from 192.168.10.10: icmp_seq=4 ttl=57 time=1.49 ms
64 bytes from 192.168.10.10: icmp_seq=5 ttl=57 time=1.55 ms
--- 192.168.10.10 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms然后我们分别看下服务器-A和服务器-B的tcpdump结果:
服务器-A
[root@den-1 ~]# tcpdump -i any icmp -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:07:27.612180 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15187, seq 1, length 64
13:07:27.612214 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15187, seq 1, length 64
13:07:28.613792 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15187, seq 2, length 64
13:07:28.613818 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15187, seq 2, length 64
13:07:29.615366 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15187, seq 3, length 64
13:07:29.615391 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15187, seq 3, length 64
13:07:30.616949 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15187, seq 4, length 64
13:07:30.616978 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15187, seq 4, length 64
13:07:31.618678 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15187, seq 5, length 64
13:07:31.618704 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15187, seq 5, length 64服务器-B
[root@den-2 ~]# tcpdump -i any icmp -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes接下来我们模拟 Server-A 发生故障时的访问,我们手工修改路由,进行如下更改。
修改后,我们在VPC 中任何服务器的发往 192.168.10.10 的数据包将
访问原服务器-> Implicit Router -> Server-A(10.1.0.7)我们看一下结果,从Ping可以看到流量转到服务器-B上。
Ping测试
[root@dtest1 ~]# ping -c 5 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=57 time=12.9 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=57 time=1.83 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=57 time=1.80 ms
64 bytes from 192.168.10.10: icmp_seq=4 ttl=57 time=1.85 ms
64 bytes from 192.168.10.10: icmp_seq=5 ttl=57 time=1.80 ms
--- 192.168.10.10 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 1.803/4.045/12.933/4.444 ms
#Server-A
[root@den-1 ~]# tcpdump -i any icmp -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
#Server-B
[root@den-2 ~]# tcpdump -i any icmp -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:23:41.966514 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15949, seq 1, length 64
13:23:41.966570 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15949, seq 1, length 64
13:23:42.968567 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15949, seq 2, length 64
13:23:42.968596 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15949, seq 2, length 64
13:23:43.970453 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15949, seq 3, length 64
13:23:43.970492 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15949, seq 3, length 64
13:23:44.972386 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15949, seq 4, length 64
13:23:44.972422 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15949, seq 4, length 64
13:23:45.974494 IP 10.2.0.4 > 192.168.10.10: ICMP echo request, id 15949, seq 5, length 64
13:23:45.974522 IP 192.168.10.10 > 10.2.0.4: ICMP echo reply, id 15949, seq 5, length 64
最后附上调用切换路由表的API代码:vpcrouteswitch.sh,可以用作类似MHA方案中的执行脚本。
#!/bin/sh
#Usage example: ./vpcrouteswitch.sh 10.1.0.7
#Environment
export LANG=C
VPC_ID=r022-85621b2c-a349-4ae6-87e3-767ddeac7298
ROUTING_TABLE_ID=r022-904f9ad6-86b7-42fc-959a-c17a80c60577
ZONE1=jp-tok-1
ZONE2=jp-tok-2
ZONE3=jp-tok-3
DELETE_NEXT_HOP1=10.0.0.7
DELETE_NEXT_HOP2=10.1.0.7
NEXT_HOP=$1
DESTINATION_CIDR=192.168.10.10/32
#Variables Check
if [ $# -ne 1 ]; then
echo "Sorry, we had a problem there!"
exit 1
fi
#Login
ibmcloud login -a cloud.ibm.com --apikey @ibmcloud_apikey -r jp-tok
#LIST EXISTING ROUTE
ROUTE_IDS=$(ibmcloud is vpc-routing-table-routes ${VPC_ID} ${ROUTING_TABLE_ID} | grep -e ${DELETE_NEXT_HOP1} -e ${DELETE_NEXT_HOP2} | awk '{print $1}')
echo ${ROUTE_IDS}
#DELETE ROUTES
ibmcloud is vpc-routing-table-route-delete ${VPC_ID} ${ROUTING_TABLE_ID} $(echo ${ROUTE_IDS}) -f
#CREATE NEW ROUTES
ibmcloud is vpc-routing-table-route-create ${VPC_ID} ${ROUTING_TABLE_ID} --zone ${ZONE1} --destination ${DESTINATION_CIDR} --next-hop ${NEXT_HOP} --action deliver
ibmcloud is vpc-routing-table-route-create ${VPC_ID} ${ROUTING_TABLE_ID} --zone ${ZONE2} --destination ${DESTINATION_CIDR} --next-hop ${NEXT_HOP} --action deliver
ibmcloud is vpc-routing-table-route-create ${VPC_ID} ${ROUTING_TABLE_ID} --zone ${ZONE3} --destination ${DESTINATION_CIDR} --next-hop ${NEXT_HOP} --action deliver
当您想切换到 10.1.0.7 时。
# ./vpcrouteswitch.sh 10.1.0.7
659
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
