首页 > 代码库 > keepalived的原理和基本实现
keepalived的原理和基本实现
一、keepalived的基本原理介绍
keepalived最初设计的目的是为了实现lvs前端director的高可用,非常轻量级。主要的实现的vrrp协议。
VRRP是一种容错协议,它保证当主机的下一跳路由器出现故障时,由另一台路由器来代替出现故障的路由器进行工作,从而保持网络通信的连续性和可靠性。
VRRP具有如下优点:
简化网络管理:在具有多播或广播能力的局域网(如以太网)中,借助VRRP 能在某台设备出现故障时仍然提供高可靠的缺省链路,有效避免单一链路发生故障后网络中断的问题,而无需修改动态路由协议、路由发现协议等配置信息,也无需修改主机的默认网关配置。
适应性强:VRRP 报文封装在 IP 报文中,支持各种上层协议。
网络开销小:VRRP 只定义了一种报文——VRRP 通告报文,并且只有处于Master 状态的路由器可以发送 VRRP 报文。
keepalived的软件架构如下:(图片来源于keepalived官网)
组件简单介绍:
IPVS: 为lvs生成ipvs规则的组件,是内核级别的。
NETLINK:Netlink是套接字家族中的一员,主要用内核与用户空间的进程间、用户进程间的通讯。然而它并不像网络套接字可以用于主机间通讯,Netlink只能用于同一主机上进程通讯,并通过PID来标识它们。Netlink被设计为在Linux内核与用户空间进程传送各种网络信息。网络工具iproute2利用 Netlink从用户空间与内核进行通讯。Netlink由一个在用户空间的标准的Socket接口和内核模块提供的内核API组成。Netlink的设计比ioctl更加灵活,Netlink使用了AF_NETLINK Socket 家族。(摘自维基百科)
IPVS wrapper:借助于Checkers实现后端lvs主机的健康状态检测。
VRRP Stack: 实现VRRP协议,实现虚拟IP地址的转移。
更多详细的介绍,参考官网地址:http://www.keepalived.org/documentation.html
二、keepalived的安装配置
在CentOS6.4以后,keepalived直接收录到内置的rpm仓库中,可以直接安装使用。
yum install keepalived -y
keepalived配置文件:
/etc/keepalived/keepalived.conf
1、简单的实现vrrp协议的配置
配置模式(主从模式): 主节点(Master):172.16.10.9 从节点(Backup):172.16.10.77 虚拟地址:172.16.10.68
配置过程:
### 172.16.10.9:/etc/keepalived/keepalived.conf,实例内容: vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 10 priority 100 advert_int 1 authentication { auth_type PASS auth_pass MasBac } virtual_ipaddress { 172.16.10.68 } } ### 172.16.10.77:/etc/keepalived/keepalived.conf,实例内容: vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 10 priority 98 advert_int 1 authentication { auth_type PASS auth_pass MasBac } virtual_ipaddress { 172.16.10.68 } }
配置完成后,先启动172.16.10.77的keepalived服务,查看日志信息:
此时,启动Master端172.16.10.9的keepalived服务:
配置模式(双主模式): 节点地址:172.16.10.9,172.16.10.77 虚拟地址:172.16.10.68 172.16.10.69 说明:这里的双主模型的实现实际上是配置了2组vrrp的示例。 如下关系: 示例1: 主节点:172.16.10.9 从节点:172.16.10.77 示例2: 主节点:172.16.10.77 从节点:172.16.10.9
配置信息:
## 172.16.10.9的vrrp实例信息: vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 10 priority 100 advert_int 1 authentication { auth_type PASS auth_pass MasBac } virtual_ipaddress { 172.16.10.68 } } vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 15 priority 98 advert_int 1 authentication { auth_type PASS auth_pass DouMas } virtual_ipaddress { 172.16.10.69 } } ## 172.16.10.77的vrrp实例信息: vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 10 priority 98 advert_int 1 authentication { auth_type PASS auth_pass MasBac } virtual_ipaddress { 172.16.10.68 } } vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 15 priority 100 advert_int 1 authentication { auth_type PASS auth_pass DouMas } virtual_ipaddress { 172.16.10.69 } }
重新启动keepalived服务:
此时,如果 172.16.10.77 出现故障,172.16.10.9会拥有2个虚拟ip地址,实现真正的冗余
2、配置keepalived为实现lvs高可用
环境说明: keepalived采用双主模型:节点是172.16.10.9 172.16.10.77 后端的realserver:172.16.10.122 172.16.10.133
配置说明:
## 配置后端节点:172.16.10.122 172.16.10.133 ## ifconfig eth0 172.16.10.122/16 up ## ifconfig eth0 172.16.10.122/16 up # 这个也可以写到配置文件 echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce ifconfig lo:0 172.16.10.68 netmask 255.255.255.255 broadcast 172.16.10.68 route add -host 172.16.10.68 dev lo:0 ifconfig lo:1 172.16.10.69 netmask 255.255.255.255 broadcast 172.16.10.69 route add -host 172.16.10.69 dev lo:1
配置keepalived:
### 172.16.10.9:/etc/keepalived/keepalived.conf的配置: global_defs { notification_email { root@example.com } notification_email_from keepalived@example.com smtp_server 172.16.10.9 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 10 priority 100 advert_int 1 authentication { auth_type PASS auth_pass MasBac } virtual_ipaddress { 172.16.10.68 } } vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 15 priority 98 advert_int 1 authentication { auth_type PASS auth_pass DouMas } virtual_ipaddress { 172.16.10.69 } } virtual_server 172.16.10.68 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP sorry_server 172.16.10.77 80 real_server 172.16.10.122 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.10.133 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 172.16.10.69 80 { delay_loop 6 lb_algo rr lb_kind DR #persistence_timeout 50 protocol TCP sorry_server 172.16.10.77 80 real_server 172.16.10.122 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.10.133 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } ### 172.16.10.77:/etc/keepalived/keepalived.conf的配置: ! Configuration File for keepalived global_defs { notification_email { root@example.com } notification_email_from keepalived@example.com smtp_server 172.16.10.9 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 10 priority 98 advert_int 1 authentication { auth_type PASS auth_pass MasBac } virtual_ipaddress { 172.16.10.68 } } vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 15 priority 100 advert_int 1 authentication { auth_type PASS auth_pass DouMas } virtual_ipaddress { 172.16.10.69 } } virtual_server 172.16.10.68 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP sorry_server 172.16.10.77 80 real_server 172.16.10.122 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.10.133 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 172.16.10.69 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP sorry_server 172.16.10.77 80 real_server 172.16.10.122 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.10.133 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
补充 对于后端健康状态的检测,还有:
TCP_CHECK { connect_port 80 connect_timeout 3 }
测试:
测试前,重启keepalived服务。
当后端realserver都出现故障时:
配置完成。
本文出自 “逆水寒” 博客,请务必保留此出处http://guoting.blog.51cto.com/8886857/1568581
keepalived的原理和基本实现