keepalived 基础

keepalived 基础

keepalived是什么

Keepalived是用C语言编写的路由软件。该项目的主要目标是为Linux系统和基于Linux的基础结构提供负载均衡和高可用性的简单而强大的功能。 负载平衡框架依赖于提供第4层负载平衡的著名且广泛使用的Linux虚拟服务器(IPVS)内核模块。Keepalived实现了一组检查器,以根据其运行状况动态,自适应地维护和管理负载平衡的服务器池。另一方面,VRRP实现了高可用性 协议。VRRP是路由器故障转移的基础砖。此外,Keepalived还实现了一组VRRP有限状态机的挂钩,从而提供了低级和高速协议交互。为了提供最快的网络故障检测,Keepalived实施BFD协议。VRRP状态转换可以考虑BFD提示来驱动快速状态转换。Keepalived框架可以独立使用,也可以一起使用以提供弹性基础架构。

什么是VRRP

vrrp是一种容错协议,它保证当主机的下一跳。路由器出现故障时,由另一台路由器来代替出现故障的路由器进行工作,从而保持网络通信的连续性和可靠性。

安装keepalived

1
2
[root@dklwj-node01 ~]# yum -y install keepalived
[root@dklwj-node01 ~]# rpm -ql keepalived # 查看安装后生成的文件

配置keepalived

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# 进入到安装目录中把初始配置文件备份一下
[root@dklwj-node01 ~]# cd /etc/keepalived/
[root@dklwj-node01 keepalived]# ls
keepalived.conf
[root@dklwj-node01 keepalived]# cp keepalived.conf{,.bak}
[root@dklwj-node01 keepalived]# vim keepalived.conf

! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id dklwj-node01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.1
}

vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 11112222
}
virtual_ipaddress {
172.20.7.88/24 brd 172.20.7.255 dev eth0 label eth0:0
}
}
# 配置从的keepalived信息
[root@dklwj-node02 keepalived]# vim keepalived.conf

! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id dklwj-node01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.1
}

vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 11112222
}
virtual_ipaddress {
172.20.7.88/24 brd 172.20.7.255 dev eth0 label eth0:0
}
}

启动keepalived

两个节点都需要启动

1
2
[root@dklwj-node01 keepalived]# systemctl start keepalived
[root@dklwj-node02 keepalived]# systemctl start keepalived

最好先启动backup的然后在backup上抓包

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
[root@dklwj-node02 ~]# tcpdump -i eth0 -nn host 224.0.0.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:16:20.662875 IP 172.20.7.52 > 224.0.0.1: VRRPv2, Advertisement, vrid 55, prio 99, authtype simple, intvl 1s, length 20
22:16:21.667836 IP 172.20.7.52 > 224.0.0.1: VRRPv2, Advertisement, vrid 55, prio 99, authtype simple, intvl 1s, length 20
22:16:22.669081 IP 172.20.7.52 > 224.0.0.1: VRRPv2, Advertisement, vrid 55, prio 99, authtype simple, intvl 1s, length 20
# 启动后通过ifconfig命令来查看VIP地址处于监听状态
[root@dklwj-node02 keepalived]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.20.7.52 netmask 255.255.255.0 broadcast 172.20.7.255
inet6 fe80::20c:29ff:fe6f:3ed8 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:6f:3e:d8 txqueuelen 1000 (Ethernet)
RX packets 19604 bytes 24955643 (23.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10657 bytes 726843 (709.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.20.7.88 netmask 255.255.255.0 broadcast 172.20.7.255
ether 00:0c:29:6f:3e:d8 txqueuelen 1000 (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

# 不过需要注意的是新版keepalived为了安全自动在iptables上生成一条drop规则不允许内部任何协议通信需要清除掉
[root@dklwj-node02 keepalived]# iptables -vnL
Chain INPUT (policy ACCEPT 153 packets, 7904 bytes)
pkts bytes target prot opt in out source destination
3 180 DROP all -- * * 0.0.0.0/0 172.20.7.88

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 413 packets, 39220 bytes)
pkts bytes target prot opt in out source destination
[root@dklwj-node02 keepalived]# iptables -F

注意如果想让iptables不自动生成规则需要在配置文件中添加一项

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@dklwj-node01 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id dklwj-node01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_iptables #防止iptables 自动生成规则,有几个keepalived主机就添加几条
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.1
}

配置双主模式

1、在两个节点上原有基础上增加一个vip地址跟之前地址不能相同

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
[root@dklwj-node01 keepalived]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id dklwj-node01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_iptables
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.1
}

vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 11112222
}
virtual_ipaddress {
172.20.7.88/24 brd 172.20.7.255 dev eth0 label eth0:0
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 57
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 22221111
}
virtual_ipaddress {
172.20.7.89/24 brd 172.20.7.255 dev eth0 label eth0:1
}
}
# 添加第二台
[root@dklwj-node02 keepalived]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id dklwj-node01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_iptables
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.1
}

vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 11112222
}
virtual_ipaddress {
172.20.7.88/24 brd 172.20.7.255 dev eth0 label eth0:0
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 57
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 22221111
}
virtual_ipaddress {
172.20.7.89/24 brd 172.20.7.255 dev eth0 label eth0:1
}
}
# 启动两台keepalived服务
[root@dklwj-node01 ~]# systemctl restart keepalived
[root@dklwj-node02 ~]# systemctl restart keepalived
# 通过ifconfig命令查看

keepalived 基础
https://www.dklwj.com/2022/12/keepalived.html
作者
阿伟
发布于
2022年12月16日
许可协议