目录
五、脑裂的解决方法:将单播代替组播(224.0.0.18)作为Keepalived之间的心跳通告
一、单主架构
架构拓扑
实验环境:
keepalived服务器1:10.0.0.11
keepalived服务器2:10.0.0.12
keepalived服务器1配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state MASTER
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
keepalived服务器2配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
两个配置只有state和priority不一样。
二、双主架构
架构拓扑
实验环境:
keepalived服务器1:10.0.0.11
keepalived服务器2:10.0.0.12
keepalived服务器1配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state MASTER
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
vrrp_instance router2 {
state BACKUP
interface eth0
virtual_router_id 60
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.102/24 dev eth0 label eth0:2
10.0.0.103/24 dev eth0 label eth0:3
}
}
keepalived服务器2配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
vrrp_instance router2 {
state MASTER
interface eth0
virtual_router_id 60
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.102/24 dev eth0 label eth0:2
10.0.0.103/24 dev eth0 label eth0:3
}
}
三、VIP 抢占与非抢占
抢占:即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,默认情况下是抢占模式
影响:抢占容易造成网络抖动
建议:设置为非抢占模式 nopreempt ,即高优级主机恢复后,并不会抢占低优先级主机的master角色。nopreempt只加在优先级高的keepalived就可以了。
实验环境:
keepalived服务器1:10.0.0.11
keepalived服务器2:10.0.0.12
keepalived服务器1配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
keepalived服务器2配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 80
advert_int 1
nopreempt #可以加也可以不加
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
总结:配置非抢占模式时,所有所有keepalived的state必须是BACKUP,非抢占功能只需要在优先级高的keepalived服务器上加即可。
四、抢占模式下配置抢占延时
抢占延迟:即优先级高的主机恢复后,不会立即抢回VIP,而是延迟一段时间(默认300s)再抢回 VIP
实验环境:
keepalived服务器1:10.0.0.11
keepalived服务器2:10.0.0.12
keepalived服务器1配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict #配置抢占延时,需要注释vrrp严格要求
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 100
advert_int 1
preempt_delay 60s
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
keepalived服务器2配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
总结:配置抢占延时时,所有所有keepalived的state必须是BACKUP,抢占延时功能配置在优先级高的keepalived服务器上,注释vrrp_strict,取消vrrp的严格要求。
五、脑裂的解决方法:将单播代替组播(224.0.0.18)作为Keepalived之间的心跳通告
默认情况下,master会一秒一个vrrp报文,通知backup。
脑裂:如果网络阻塞了一下组播报文,BACKUP没有收到MASTER组播报文
脑裂的有效解决方法:将单播代替组播(224.0.0.18)作为Keepalived之间的心跳通告
实验环境:
keepalived服务器1:10.0.0.11
keepalived服务器2:10.0.0.12
keepalived服务器1配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict #配置抢占延时,需要注释vrrp严格要求
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state MASTER
interface eth0
virtual_router_id 55
priority 100
advert_int 1
unicast_src_ip 10.0.0.11
unicast_peer {
10.0.0.12
}
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
keepalived服务器2配置
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict #配置抢占延时,需要注释vrrp严格要求
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance router1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 80
advert_int 1
unicast_src_ip 10.0.0.12
unicast_peer {
10.0.0.11
}
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:0
10.0.0.101/24 dev eth0 label eth0:1
}
}
总结:在配置单播地址的时候,注释vrrp_strick以及增加单播源地址和邻居地址。