注册 登录
LinuxTone | 运维专家网论坛 - 最棒的Linux运维与开源架构技术交流社区! 返回首页

iytsse的个人空间 http://bbs.linuxtone.org/?11671 [收藏] [复制] [分享] [RSS]

日志

LVS报错 bogus VRRP packet received on eth0

热度 1已有 5627 次阅读2012-3-12 10:38 |个人分类:LVS| LVS, 报错

keepalived配置应用与VRRP协议  

2011-10-17 18:27:50|  分类: LVS+heartbeat |  标签: |字号 订阅

VRRP介绍

keepalivedVRRP的完美实现,因此在介绍keepalived之前,先介绍一下VRRP的原理。

VRRP协议简介

在现实的网络环境中,两台需要通信的主机大多数情况下并没有直接的物理连接。对于这样的情况,它们之间路由怎样选择?主机如何选定到达目的主机的下一跳路由,这个问题通常的解决方法有二种:

·         在主机上使用动态路由协议(RIPOSPF)

·         在主机上配置静态路由

很明显,在主机上配置路态路由是非常不切实际的,因为管理、维护成本以及是否支持等诸多问题。配置静态路由就变得十分流行,但路由器(或者说默认网关default gateway)却经常成为单点。

VRRP的目的就是为了解决静态路由单点故障问题。

VRRP通过一竞选(election)协议来动态的将路由任务交给LAN中虚拟路由器中的某台VRRP路由器。

工作机制

在一个VRRP虚拟路由器中,有多台物理的VRRP路由器,但是这多台的物理的机器并不能同时工作,而是由一台称为MASTER的负责路由工作,其 它的都是BACKUPMASTER并非一成不变,VRRP让每个VRRP路由器参与竞选,最终获胜的就是MASTERMASTER拥有一些特权,比如 拥有虚拟路由器的IP地址,我们的主机就是用这个IP地址作为静态路由的。拥有特权的MASTER要负责转发发送给网关地址的包和响应ARP请求。

VRRP通过竞选协议来实现虚拟路由器的功能,所有的协议报文都是通过IP多播(multicast)(多播地址224.0.0.18)形式发送的。虚拟路由器由VRID(范围0-255)和一组IP地址组成,对外表现为一个周知的MAC地址。所以,在一个虚拟路由 器中,不管谁是MASTER,对外都是相同的MACIP(称之为VIP)。客户端主机并不需要因为MASTER的改变而修改自己的路由配置,对他们来 说,这种主从的切换是透明的。

在一个虚拟路由器中,只有作为MASTERVRRP路由器会一直发送VRRP广告包(VRRP Advertisement message)BACKUP不会抢占MASTER,除非它的优先级(priority)更高。当MASTER不可用时(BACKUP收不到广告包), 多台BACKUP中优先级最高的这台会被抢占为MASTER。这种抢占是非常快速的(<1s),以保证服务的连续性。

由于安全性考虑,VRRP包使用了加密协议进行加密。

 

解压 安装

# tar -xzvf keepalived-1.1.20.tar.gz

# cd keepalived-1.1.20

# ./configure --prefix=/usr/local/keepalived 

#make  

#make install 

#cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ 

#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ 

#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ 

#mkdir /etc/keepalived 

#cd /etc/keepalived/

 

配置

#vim keepalived.conf

! Configuration File for keepalived

global_defs {

   notification_email {

        467826892@qq.com  

}

   notification_email_from liuzongqing@ta-ge.com

   smtp_server 59.151.100.220

   smtp_connect_timeout 30

   router_id LVS_DEVEL

}

 

vrrp_instance VI_1 {

  state MASTER

    interface eth0

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        192.168.2.150

    }

}

 

virtual_server 192.168.2.150 80 {

    delay_loop 2

    lb_algo wrr

    lb_kind DR

    nat_mask 255.255.255.0

    persistence_timeout 50

    protocol TCP

 

    real_server 192.168.2.90 80 {

        weight 1

        TCP_CHECK {

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

            connect_port 80

        }

    }

}

启动

#service keepalived start

查看 keepalived状态

#  ps -ef | grep keepalived

root      4783     1  0 09:49 ?        00:00:00 keepalived -D

root      4784  4783  0 09:49 ?        00:00:01 keepalived -D

root      5191  4896  0 13:43 pts/2    00:00:00 grep keepalived

 

# tail -f /var/log/messages

Feb 21 14:18:48 localhost Keepalived_vrrp: Registering gratutious ARP shared channel

Feb 21 14:18:48 localhost Keepalived_vrrp: Opening file '/etc/keepalived/keepalived.conf'.

Feb 21 14:18:48 localhost Keepalived_vrrp: Configuration is using : 35706 Bytes

Feb 21 14:18:48 localhost Keepalived_vrrp: Using LinkWatch kernel netlink reflector...

Feb 21 14:18:49 localhost Keepalived_vrrp: VRRP sockpool: [ifindex(2), proto(112), fd(9,10)]

Feb 21 14:18:50 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE

Feb 21 14:18:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE

Feb 21 14:18:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.

Feb 21 14:18:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.2.150

Feb 21 14:18:51 localhost avahi-daemon[2549]: Registering new address record for 192.168.2.150 on eth0.

 

可以看到VIP已经在主服务器上开启

 

.备份服务器配置(安装与主服务一样)

! Configuration File for keepalived

 

global_defs {

   notification_email {

        467826892@qq.com  

}

   notification_email_from liuzongqing@ta-ge.com

   smtp_server 59.151.100.220

   smtp_connect_timeout 30

   router_id LVS_DEVEL

}

 

vrrp_instance VI_1 {

    state BACKUP

    interface eth0

    virtual_router_id 51

    priority 90

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        192.168.2.150

    }

}

virtual_server 192.168.2.150 80 {

    delay_loop 2

    lb_algo wrr

    lb_kind DR

    nat_mask 255.255.255.0

    persistence_timeout 50

    protocol TCP

 

    real_server 192.168.2.92 80 {

        weight 1

        TCP_CHECK {

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

            connect_port 80

        }

    }

}

启动

#service keepalived start

 

测试

找一台机器对VIP进行ping,可以拼通,断掉主服务器的服务 service keepalived stop

会发现中间有大约两个timeout,然后再次ping通,如果我们在timeout前后访问VIP,发现是不同的主机,期间观察两个主机的keepalived日志。然后把主服务器的网络接通,再次访问VIP,发现又切回到了原来的主机上。

 

报错解决方案

1.主服务器停止后,备用服务没有启用

监控主服务器上的日志

 

Jun 28 09:18:32 rust Keepalived_vrrp: receive an invalid ip number count

associated with VRID!

Jun 28 09:18:32 rust Keepalived_vrrp: bogus VRRP packet received on eth0 !!!

Jun 28 09:18:32 rust Keepalived_vrrp: VRRP_Instance(VI_1) Dropping received

VRRP packet...

 

监控备用服务器上的keepalived日志

Jun 28 06:25:05 stye Keepalived_vrrp: bogus VRRP packet received on eth0 !!!

Jun 28 06:25:05 stye Keepalived_vrrp: VRRP_Instance(VI_1) ignoring received

advertisment...

 

解决方案:

改变配置文件/etc/keepalived/keepalived.conf virtual_route_id的值

比如

 virtual_router_id 60 主从方都要改,默认为51


路过

鸡蛋

鲜花
1

握手

雷人

刚表态过的朋友 (1 人)

发表评论 评论 (4 个评论)

回复 北京萍聚 2012-3-13 10:30
virtual_router_id 60 主从方都要改,默认为51
你好,为什么要改成60呢?有什么规则吗?
回复 iytsse 2012-3-14 10:51
没有,我是在同一网关(192.168.1.1)内建了2组集群,virtual_router_id 就重复了,改个不一样的就可以,不一定要60
回复 iytsse 2012-3-14 10:52
北京萍聚: virtual_router_id 60 主从方都要改,默认为51
你好,为什么要改成60呢?有什么规则吗?
没有,我是在同一网关(192.168.1.1)内建了2组集群,virtual_router_id 就重复了,改个不一样的就可以,不一定要60
回复 北京萍聚 2012-3-14 18:11
   恩明白了 谢谢!

facelist

您需要登录后才可以评论 登录 | 注册

Archiver|手机版|感谢所有关心和支持过LinuxTone的朋友们 转载本站内容请注明原作者名及出处 ( 京ICP备08103151 )   |

GMT+8, 2019-3-27 07:06 , Processed in 0.011462 second(s), 10 queries , Apc On.

Powered by Discuz! X2 Licensed

© 2001-2011 Comsenz Inc.

回顶部