Keepalived 双主备忘

图1 网络结构拓朴图 

两台LB服务器上接华为5720-EI交换机,业务IP为xx.xx.xx.146/28xx.xx.xx.147/28。为实现双主热备功能,摘要如下:

  • LB-01与LB-02设备分别启用Keepalived--VRRP;
  • VIP 为互主互备模式;
  • 启用抢占模式(默认);
  • VIP 的网关在交换机上

安装软件包

$ sudo yum -y install keepalived

配置

系统参数配置

允许在系统上配置非本地网卡IP,即允许配置虚拟IP

net.ipv4.ip_nonlocal_bind=1

内核全局配置参数

net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 1
net.ipv4.conf.all.arp_filter = 0

针对VRRP物理网卡配置参数

net.ipv4.conf.eth2.arp_filter = 1

配置启动参数

$ sudo sed -i 's@KEEPALIVED_OPTIONS=.*@KEEPALIVED_OPTIONS=\"-D -P\"@'  /etc/sysconfig/keepalived

启动服务,并配置为开机自启动

$ sudo systemctl start keepalived.service
$ sudo systemctl enable keepalived.service

配置文件

  • LB-01
global_defs {
    notification_email {
        root@localhost
    }

    notification_email_from root@localhost
    #smtp_server 127.0.0.1
    #smtp_connect_timeout 30
}

vrrp_instance VIP_146 {
    state MASTER
    interface eth1
    priority 120
    virtual_router_id 16
    use_vmac
    vmac_xmit_base
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 146
    }
    unicast_src_ip 172.16.2.1
    unicast_peer {
        172.16.2.2
    }
    virtual_ipaddress {
        xx.xx.xx.146/28 dev eth1
    }
    virtual_routes {
        0.0.0.0/0 via xx.xx.xx.145 dev eth1
    }
}
vrrp_instance VIP_147 {
    state BACKUP
    interface eth1
    priority 80
    virtual_router_id 17
    use_vmac
    vmac_xmit_base
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 147
    }
    unicast_src_ip 172.16.2.1
    unicast_peer {
        172.16.2.2
    }
    virtual_ipaddress {
        xx.xx.xx.147/28 dev eth1
    }
}
  • LB-02
global_defs {
    notification_email {
        root@localhost
    }

    notification_email_from root@localhost
    #smtp_server 127.0.0.1
    #smtp_connect_timeout 30
}

vrrp_instance VIP_147 {
    state MASTER
    interface eth1
    priority 120
    virtual_router_id 16
    use_vmac
    vmac_xmit_base
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 147
    }
    unicast_src_ip 172.16.2.2
    unicast_peer {
        172.16.2.1
    }
    virtual_ipaddress {
        xx.xx.xx.147/28 dev eth1
    }
    virtual_routes {
        0.0.0.0/0 via xx.xx.xx.145 dev eth1
    }    
}
vrrp_instance VIP_146 {
    state BACKUP
    interface eth1
    priority 80
    virtual_router_id 16
    use_vmac
    vmac_xmit_base
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 146
    }
    unicast_src_ip 172.16.2.2
    unicast_peer {
        172.16.2.1
    }
    virtual_ipaddress {
        xx.xx.xx.146/28 dev eth1
    }
}

针对VRRP虚拟接口,添加以下内核参数:

net.ipv4.conf.vrrp/16.arp_filter = 0
net.ipv4.conf.vrrp/16.accept_local = 1
net.ipv4.conf.vrrp/16.rp_filter = 0

net.ipv4.conf.vrrp/17.arp_filter = 0
net.ipv4.conf.vrrp/17.accept_local = 1
net.ipv4.conf.vrrp/17.rp_filter = 0

参考引用: