Keepalived 双主备忘

两台LB服务器上接华为5720-EI交换机，业务IP为xx.xx.xx.146/28与xx.xx.xx.147/28。为实现双主热备功能，摘要如下：

• LB-01与LB-02设备分别启用Keepalived--VRRP；
• VIP 为互主互备模式；
• 启用抢占模式(默认);
• VIP 的网关在交换机上

安装软件包

$ sudo yum -y install keepalived

配置

系统参数配置

允许在系统上配置非本地网卡IP，即允许配置虚拟IP

net.ipv4.ip_nonlocal_bind=1

内核全局配置参数

net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 1
net.ipv4.conf.all.arp_filter = 0

针对VRRP物理网卡配置参数

net.ipv4.conf.eth2.arp_filter = 1

配置启动参数

$ sudo sed -i 's@KEEPALIVED_OPTIONS=.*@KEEPALIVED_OPTIONS=\"-D -P\"@'  /etc/sysconfig/keepalived

启动服务，并配置为开机自启动

$ sudo systemctl start keepalived.service
$ sudo systemctl enable keepalived.service

配置文件

• LB-01

global_defs {
    notification_email {
        root@localhost
    }

    notification_email_from root@localhost
    #smtp_server 127.0.0.1
    #smtp_connect_timeout 30
}

vrrp_instance VIP_146 {
    state MASTER
    interface eth1
    priority 120
    virtual_router_id 16
    use_vmac
    vmac_xmit_base
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 146
    }
    unicast_src_ip 172.16.2.1
    unicast_peer {
        172.16.2.2
    }
    virtual_ipaddress {
        xx.xx.xx.146/28 dev eth1
    }
    virtual_routes {
        0.0.0.0/0 via xx.xx.xx.145 dev eth1
    }
}
vrrp_instance VIP_147 {
    state BACKUP
    interface eth1
    priority 80
    virtual_router_id 17
    use_vmac
    vmac_xmit_base
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 147
    }
    unicast_src_ip 172.16.2.1
    unicast_peer {
        172.16.2.2
    }
    virtual_ipaddress {
        xx.xx.xx.147/28 dev eth1
    }
}

• LB-02

global_defs {
    notification_email {
        root@localhost
    }

    notification_email_from root@localhost
    #smtp_server 127.0.0.1
    #smtp_connect_timeout 30
}

vrrp_instance VIP_147 {
    state MASTER
    interface eth1
    priority 120
    virtual_router_id 16
    use_vmac
    vmac_xmit_base
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 147
    }
    unicast_src_ip 172.16.2.2
    unicast_peer {
        172.16.2.1
    }
    virtual_ipaddress {
        xx.xx.xx.147/28 dev eth1
    }
    virtual_routes {
        0.0.0.0/0 via xx.xx.xx.145 dev eth1
    }    
}
vrrp_instance VIP_146 {
    state BACKUP
    interface eth1
    priority 80
    virtual_router_id 16
    use_vmac
    vmac_xmit_base
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 146
    }
    unicast_src_ip 172.16.2.2
    unicast_peer {
        172.16.2.1
    }
    virtual_ipaddress {
        xx.xx.xx.146/28 dev eth1
    }
}

针对VRRP虚拟接口，添加以下内核参数:

net.ipv4.conf.vrrp/16.arp_filter = 0
net.ipv4.conf.vrrp/16.accept_local = 1
net.ipv4.conf.vrrp/16.rp_filter = 0

net.ipv4.conf.vrrp/17.arp_filter = 0
net.ipv4.conf.vrrp/17.accept_local = 1
net.ipv4.conf.vrrp/17.rp_filter = 0

参考引用：

• [1] http://www.keepalived.org/doc/software_design.html