极客观点
研发管理
HarmonyOS
主节点ip 192.168.0.107
配置成MASTER :
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id NodeA
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
unicast_src_ip 192.168.0.107
unicast_peer {
192.168.0.105
}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.55
}
}
备节点ip 192.168.0.105
配置成BACKUP :
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id NodeB
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
unicast_src_ip 192.168.0.105
unicast_peer {
192.168.0.107
}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.55
}
}
先启动主节点,在启动备机
主节点的网卡
inet 192.168.0.107/24 brd 192.168.0.255 scope global eth0
inet 192.168.0.55/32 scope global eth0
备机的网卡:
inet 192.168.0.105/24 brd 192.168.0.255 scope global eth0
inet 192.168.0.55/32 scope global eth0
主备都有VIP
在主节点上抓包:
[root@localhost ~]# tcpdump -i eth0 -n 'host 224.0.0.18'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:50:32.194720 IP 192.168.0.105 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
00:50:33.193174 IP 192.168.0.105 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
00:50:34.191970 IP 192.168.0.105 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
00:50:35.191044 IP 192.168.0.105 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
在备机上抓包
15:02:15.378400 IP 192.168.0.105 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
15:02:16.379621 IP 192.168.0.105 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
15:02:17.381288 IP 192.168.0.105 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
把备机的keepalive关了
才能看的主节点的VRRP报文
[root@localhost ~]# tcpdump -i eth0 -n 'host 224.0.0.18'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:53:46.173603 IP 192.168.0.107 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 150, authtype simple, intvl 1s, length 20
00:53:47.186704 IP 192.168.0.107 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 150, authtype simple, intvl 1s, length 20
不是按道理,我主节点配置权值150要比备机的高么?
Aug 10 01:42:36 localhost Keepalived_vrrp[1617]: VRRP_Instance(VI_1) Received advert with lower priority 100, ours 150, forcing new election
Aug 10 01:42:37 localhost Keepalived_vrrp[1617]: VRRP_Instance(VI_1) Received advert with lower priority 100, ours 150, forcing new election
这里的日志有问题啊,怎么被forcing new election了?
配置文件中去掉
vrrp_strict即可。vrrp_strict开启则表示严格遵守 vrrp 协议,会自动添加如下 iptables 规则:-A INPUT -m set --match-set keepalived dst -j DROP导致 VIP 无法访问