LVS之TUN + keepalived 模式配置文档

拓扑介绍：

RS01 (real-server)

[DR01 + DR02-BACKUP] keepalived (Director-s) --> | | -> Client

RS02 (real-server)

DR02-BACKUP : 192.168.43.91

DR01 : 192.168.43.90

RS01 : 192.168.43.92

RS02 : 192.168.43.93

Client : 192.168.43.110

vip : 192.168.43.166

网关 :192.168.43.1

附：这里演示的是在同一网段的情况，TUN支持跨网段操作。

参阅：

http://www.atomicgain.com/keepalived-lvs-tun/

报文请求过程分析

Ip Tunnel模式下，客户端的请求包到达负载均衡器的虚拟服务IP端口后，负载均衡器不会改写请求包的IP和端口，但是会在数据包IP层外面再封装一个IP层，然后将数据包转发；

真实服务器收到请求后，会先将外面封装的Ip Tunnel头去掉，然后处理里面实际的请求报文；

与DR模式类似，响应包也不再经过LVS，而是直接返回给客户端。所以Ip Tunnel模式的转发效率虽然弱于DR，但是强于NAT。

为什么要用Ip Tunnel模式?

既然Ip Tunnel模式的性能比不上DR，那为什么还要用它呢？因为它可以跨网段转发！

Ip Tunnel模式最大的优点就在于它可以跨网段转发，没有DR和NAT模式的组网限制。

这在部署上带来的很大的灵活性，甚至还可以跨机房转发，不过不建议这样使用，一是会带来跨机房间的流量，提高了成本；

二是跨机房转发必然会要在RS机房上绑定LVS机房的VIP，这有可能会被运营商的防火墙认为是IP伪造请求而拦截。

参阅：

https://www.vxiaobai.com/article/544/

（一）ipvsadm与keepalived安装配置

1.开启ip_forward转发功能及ipip加载

执行机器：DR01与DR02-BACKUP

[root@DR01 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

[root@DR01 ~]# cat /proc/sys/net/ipv4/ip_forward

[root@DR01 ~]# modprobe ipip

[root@DR01 ~]# lsmod | grep ipip

ipip 13465 0

tunnel4 13252 1 ipip

ip_tunnel 25163 1 ipip

[root@DR01 ~]#

[root@DR02-BACKUP ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

[root@DR02-BACKUP ~]# cat /proc/sys/net/ipv4/ip_forward

[root@DR02-BACKUP keepalived]# lsmod | grep ipip

ipip 13465 0

tunnel4 13252 1 ipip

ip_tunnel 25163 1 ipip

[root@DR02-BACKUP keepalived]#

2.ipvsadmin与keepalived安装

执行机器：DR01与DR02-BACKUP

[root@DR01 ~]# yum install ipvsadm keepalived -y

[root@DR01 ~]# rpm -qa | grep ipvs

ipvsadm-1.27-8.el7.x86_64

[root@DR01 ~]# rpm -qa | grep keepalived

keepalived-1.3.5-16.el7.x86_64

[root@DR01 ~]#

[root@DR02-BACKUP ~]# yum install ipvsadm keepalived -y

[root@DR02-BACKUP ~]# rpm -qa | grep ipvs

ipvsadm-1.27-8.el7.x86_64

[root@DR02-BACKUP ~]# rpm -qa | grep keepalived

keepalived-1.3.5-16.el7.x86_64

[root@DR02-BACKUP ~]#

3.keepalived的配置

*DR01配置：

[root@DR01 ~]# cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

#acassen@firewall.loc

#failover@firewall.loc

#sysadmin@firewall.loc

}

#notification_email_from Alexandre.Cassen@firewall.loc

#smtp_server 192.168.200.1

#smtp_connect_timeout 30

router_id LVS_ds1

vrrp_skip_check_adv_addr

#vrrp_strict

vrrp_garp_interval 0

vrrp_gna_interval 0

}

vrrp_instance VI_1 {

state MASTER

interface ens37

virtual_router_id 50

priority 100

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.43.166

}

virtual_server 192.168.43.166 80 {

delay_loop 6

lb_algo wrr

lb_kind TUN

# persistence_timeout 0

protocol TCP

real_server 192.168.43.92 80 {

weight 1

TCP_CHECK {

connect_timeout 3

delay_before_retry 3

connect_port 80

}

real_server 192.168.43.93 80 {

weight 1

TCP_CHECK {

connect_timeout 3

delay_before_retry 3

connect_port 80

}

[root@DR01 ~]#

DR02-BACKUP配置：

[root@DR02-BACKUP keepalived]# cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

#acassen@firewall.loc

#failover@firewall.loc

#sysadmin@firewall.loc

}

#notification_email_from Alexandre.Cassen@firewall.loc

#smtp_server 192.168.200.1

#smtp_connect_timeout 30

router_id LVS_ds1

vrrp_skip_check_adv_addr

#vrrp_strict

vrrp_garp_interval 0

vrrp_gna_interval 0

}

vrrp_instance VI_1 {

state BACKUP

interface ens37

virtual_router_id 50

priority 90

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.43.166

}

virtual_server 192.168.43.166 80 {

delay_loop 6

lb_algo wrr

lb_kind TUN

# persistence_timeout 0

protocol TCP

real_server 192.168.43.92 80 {

weight 1

TCP_CHECK {

connect_timeout 3

delay_before_retry 3

connect_port 80

}

real_server 192.168.43.93 80 {

weight 1

TCP_CHECK {

connect_timeout 3

delay_before_retry 3

connect_port 80

}

[root@DR02-BACKUP keepalived]#

4.keepalived服务脚本调整与更改日志路径

执行机器：DR01与DR02-BACKUP

[1]服务脚本修正：

[root@DR01 ~]# cat /usr/lib/systemd/system/keepalived.service

[Unit]

Description=LVS and VRRP High Availability Monitor

After=syslog.target network-online.target

[Service]

Type=forking

PIDFile=/var/run/keepalived.pid

#KillMode=process 调整的这里，注释掉

EnvironmentFile=-/etc/sysconfig/keepalived

ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS

ExecReload=/bin/kill -HUP $MAINPID

[Install]

WantedBy=multi-user.target

[root@DR01 ~]#

[root@DR01 ~]# systemctl daemon-reload

[root@DR02-BACKUP ~]# cat /usr/lib/systemd/system/keepalived.service

[Unit]

Description=LVS and VRRP High Availability Monitor

After=syslog.target network-online.target

[Service]

Type=forking

PIDFile=/var/run/keepalived.pid

#KillMode=process 调整的这里，注释掉

EnvironmentFile=-/etc/sysconfig/keepalived

ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS

ExecReload=/bin/kill -HUP $MAINPID

[Install]

WantedBy=multi-user.target

[root@DR02-BACKUP ~]#

[root@DR02-BACKUP ~]# systemctl daemon-reload

[2]日志路径更改

[root@DR01 ~]# grep 'local0.*' /etc/rsyslog.conf

local0.* /var/log/keepalived.log

[root@DR01 ~]# grep 'KEEPALIVED_OPTIONS' /etc/sysconfig/keepalived

KEEPALIVED_OPTIONS="-D -d -S 0"

[root@DR01 ~]# systemctl start rsyslog

[root@DR01 ~]# systemctl status rsyslog

● rsyslog.service - System Logging Service

Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)

Active: active (running) since Mon 2020-08-03 13:49:07 CST; 1h 9min ago

Docs: man:rsyslogd(8)

http://www.rsyslog.com/doc/

Main PID: 999 (rsyslogd)

CGroup: /system.slice/rsyslog.service

└─999 /usr/sbin/rsyslogd -n

Aug 03 13:49:07 DR01 systemd[1]: Starting System Logging Service...

Aug 03 13:49:07 DR01 rsyslogd[999]: [origin software="rsyslogd" swVersion="8.24.0-38.el7" x-pid="999" x-info="http://www.rsyslog.com"] start

Aug 03 13:49:07 DR01 systemd[1]: Started System Logging Service.

[root@DR01 ~]# systemctl enable rsyslog

[root@DR01 ~]#

[root@DR02-BACKUP ~]# grep 'local0.*' /etc/rsyslog.conf

local0.* /var/log/keepalived.log

[root@DR02-BACKUP ~]# grep 'KEEPALIVED_OPTIONS' /etc/sysconfig/keepalived

KEEPALIVED_OPTIONS="-D -d -S 0"

[root@DR02-BACKUP ~]# systemctl start rsyslog

[root@DR02-BACKUP ~]# systemctl status rsyslog

● rsyslog.service - System Logging Service

Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)

Active: active (running) since Mon 2020-08-03 12:17:59 CST; 2h 37min ago

Docs: man:rsyslogd(8)

http://www.rsyslog.com/doc/

Main PID: 999 (rsyslogd)

CGroup: /system.slice/rsyslog.service

└─999 /usr/sbin/rsyslogd -n

Aug 03 12:17:59 DR02-BACKUP systemd[1]: Starting System Logging Service...

Aug 03 12:17:59 DR02-BACKUP rsyslogd[999]: [origin software="rsyslogd" swVersion="8.24.0-38.el7" x-pid="999" x-info="http://www.rsyslog.com"] start

Aug 03 12:17:59 DR02-BACKUP systemd[1]: Started System Logging Service.

[root@DR02-BACKUP ~]# systemctl enable rsyslog

[root@DR02-BACKUP ~]#

5.nginx的安装以便于测试

执行机器：RS01与RS02

[root@RS01 wordpress]# yum install -y nginx

[root@RS01 opt]# curl http://192.168.43.92/wordpress/index.html

This is RS01!!

[root@RS02 wordpress]# yum install -y nginx

[root@RS02 opt]# curl http://192.168.43.93/wordpress/index.html

This is RS02!!

（二）服务的启动与自启

1.keepalived添加开机自启

[root@DR01 ~]# systemctl start keepalived

[root@DR01 ~]# systemctl enable keepalived

[root@DR02 ~]# systemctl start keepalived

[root@DR02 ~]# systemctl enable keepalived

2.nginx添加开机自启

[root@RS01 opt]# systemctl start nginx

[root@RS01 opt]# systemctl enable nginx

[root@RS02 opt]# systemctl start nginx

[root@RS02 opt]# systemctl enable nginx

（三）配置完成后的分析与观察

DR01与DR02-BACKUP的情况：

观察vip的产生及负载均衡情况：

[root@DR01 ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens33: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000

link/ether 00:0c:29:09:5e:dd brd ff:ff:ff:ff:ff:ff

inet 192.168.131.90/24 brd 192.168.131.255 scope global ens33

valid_lft forever preferred_lft forever

3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:09:5e:e7 brd ff:ff:ff:ff:ff:ff

inet 192.168.43.90/24 brd 192.168.43.255 scope global ens37

valid_lft forever preferred_lft forever

inet 192.168.43.166/32 scope global ens37

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe09:5ee7/64 scope link

valid_lft forever preferred_lft forever

4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000

link/ipip 0.0.0.0 brd 0.0.0.0

[root@DR01 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.43.166:80 wrr

-> 192.168.43.92:80 Tunnel 1 0 30

-> 192.168.43.93:80 Tunnel 1 0 29

[root@DR01 ~]#

[root@DR02-BACKUP keepalived]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens33: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000

link/ether 00:0c:29:e4:23:8e brd ff:ff:ff:ff:ff:ff

inet 192.168.131.91/24 brd 192.168.131.255 scope global ens33

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fee4:238e/64 scope link

valid_lft forever preferred_lft forever

3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:e4:23:98 brd ff:ff:ff:ff:ff:ff

inet 192.168.43.91/24 brd 192.168.43.255 scope global ens37

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fee4:2398/64 scope link

valid_lft forever preferred_lft forever

4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000

link/ipip 0.0.0.0 brd 0.0.0.0

[root@DR02-BACKUP keepalived]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.43.166:80 wrr

-> 192.168.43.92:80 Tunnel 1 0 0

-> 192.168.43.93:80 Tunnel 1 0 0

[root@DR02-BACKUP keepalived]#

（四）测试

我们在IP为192.168.43.110的客户端进行测试调度情况：

[root@harbor ~]# while true ; do curl http://192.168.43.166/wordpress/index.html ; sleep 2; done

This is RS02!!

This is RS01!!

This is RS02!!

This is RS01!!

This is RS02!!

[root@harbor ~]#

（五）故障模拟及日志分析

1.模拟DR01关闭keepalived服务

DR01分析：

[root@DR01 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.43.166:80 wrr

-> 192.168.43.92:80 Tunnel 1 0 18

-> 192.168.43.93:80 Tunnel 1 0 19

[root@DR01 ~]# systemctl stop keepalived

[root@DR01 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

[root@DR01 ~]#

[root@DR01 ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens33: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000

link/ether 00:0c:29:09:5e:dd brd ff:ff:ff:ff:ff:ff

inet 192.168.131.90/24 brd 192.168.131.255 scope global ens33

valid_lft forever preferred_lft forever

3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:09:5e:e7 brd ff:ff:ff:ff:ff:ff

inet 192.168.43.90/24 brd 192.168.43.255 scope global ens37

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe09:5ee7/64 scope link

valid_lft forever preferred_lft forever

4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000

link/ipip 0.0.0.0 brd 0.0.0.0

[root@DR01 ~]#

[root@DR01 ~]# tail -f /var/log/keepalived.log

Aug 3 23:05:22 DR01 Keepalived[1005]: Stopping

Aug 3 23:05:22 DR01 Keepalived_healthcheckers[1006]: Removing service [192.168.43.92]:80 from VS [192.168.43.166]:80

Aug 3 23:05:22 DR01 Keepalived_healthcheckers[1006]: Removing service [192.168.43.93]:80 from VS [192.168.43.166]:80

Aug 3 23:05:22 DR01 Keepalived_healthcheckers[1006]: Stopped

Aug 3 23:05:22 DR01 Keepalived_vrrp[1007]: VRRP_Instance(VI_1) sent 0 priority

Aug 3 23:05:22 DR01 Keepalived_vrrp[1007]: VRRP_Instance(VI_1) removing protocol VIPs.

Aug 3 23:05:23 DR01 Keepalived_vrrp[1007]: Stopped

Aug 3 23:05:23 DR01 Keepalived[1005]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2

DR02-BACKUP分析：

[root@DR02-BACKUP keepalived]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.43.166:80 wrr

-> 192.168.43.92:80 Tunnel 1 0 0

-> 192.168.43.93:80 Tunnel 1 0 0

[root@DR02-BACKUP keepalived]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens33: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000

link/ether 00:0c:29:e4:23:8e brd ff:ff:ff:ff:ff:ff

inet 192.168.131.91/24 brd 192.168.131.255 scope global ens33

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fee4:238e/64 scope link

valid_lft forever preferred_lft forever

3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:e4:23:98 brd ff:ff:ff:ff:ff:ff

inet 192.168.43.91/24 brd 192.168.43.255 scope global ens37

valid_lft forever preferred_lft forever

inet 192.168.43.166/32 scope global ens37

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fee4:2398/64 scope link

valid_lft forever preferred_lft forever

4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000

link/ipip 0.0.0.0 brd 0.0.0.0

[root@DR02-BACKUP keepalived]#

[root@DR02-BACKUP ~]# tail -f /var/log/keepalived.log

Aug 3 23:05:23 DR02-BACKUP Keepalived_vrrp[2875]: VRRP_Instance(VI_1) Transition to MASTER STATE

Aug 3 23:05:24 DR02-BACKUP Keepalived_vrrp[2875]: VRRP_Instance(VI_1) Entering MASTER STATE

Aug 3 23:05:24 DR02-BACKUP Keepalived_vrrp[2875]: VRRP_Instance(VI_1) setting protocol VIPs.

Aug 3 23:05:24 DR02-BACKUP Keepalived_vrrp[2875]: Sending gratuitous ARP on ens37 for 192.168.43.166

Aug 3 23:05:24 DR02-BACKUP Keepalived_vrrp[2875]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens37 for 192.168.43.166

Aug 3 23:05:24 DR02-BACKUP Keepalived_vrrp[2875]: Sending gratuitous ARP on ens37 for 192.168.43.166

Aug 3 23:05:29 DR02-BACKUP Keepalived_vrrp[2875]: Sending gratuitous ARP on ens37 for 192.168.43.166

Aug 3 23:05:29 DR02-BACKUP Keepalived_vrrp[2875]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens37 for 192.168.43.166

Aug 3 23:05:29 DR02-BACKUP Keepalived_vrrp[2875]: Sending gratuitous ARP on ens37 for 192.168.43.166

2.模拟DR01关闭恢复开启keepalived服务

DR01分析：

[root@DR01 ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens33: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000

link/ether 00:0c:29:09:5e:dd brd ff:ff:ff:ff:ff:ff

inet 192.168.131.90/24 brd 192.168.131.255 scope global ens33

valid_lft forever preferred_lft forever

3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:09:5e:e7 brd ff:ff:ff:ff:ff:ff

inet 192.168.43.90/24 brd 192.168.43.255 scope global ens37

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe09:5ee7/64 scope link

valid_lft forever preferred_lft forever

4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000

link/ipip 0.0.0.0 brd 0.0.0.0

[root@DR01 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

[root@DR01 ~]# systemctl start keepalived

[root@DR01 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.43.166:80 wrr

-> 192.168.43.92:80 Tunnel 1 0 0

-> 192.168.43.93:80 Tunnel 1 0 0

[root@DR01 ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens33: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000

link/ether 00:0c:29:09:5e:dd brd ff:ff:ff:ff:ff:ff

inet 192.168.131.90/24 brd 192.168.131.255 scope global ens33

valid_lft forever preferred_lft forever

3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:09:5e:e7 brd ff:ff:ff:ff:ff:ff

inet 192.168.43.90/24 brd 192.168.43.255 scope global ens37

valid_lft forever preferred_lft forever

inet 192.168.43.166/32 scope global ens37

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe09:5ee7/64 scope link

valid_lft forever preferred_lft forever

4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000

link/ipip 0.0.0.0 brd 0.0.0.0

[root@DR01 ~]#

DR02-BACKUP分析：

[root@DR02-BACKUP keepalived]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.43.166:80 wrr

-> 192.168.43.92:80 Tunnel 1 0 0

-> 192.168.43.93:80 Tunnel 1 0 0

[root@DR02-BACKUP keepalived]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens33: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000

link/ether 00:0c:29:e4:23:8e brd ff:ff:ff:ff:ff:ff

inet 192.168.131.91/24 brd 192.168.131.255 scope global ens33

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fee4:238e/64 scope link

valid_lft forever preferred_lft forever

3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:e4:23:98 brd ff:ff:ff:ff:ff:ff

inet 192.168.43.91/24 brd 192.168.43.255 scope global ens37

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fee4:2398/64 scope link

valid_lft forever preferred_lft forever

4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000

link/ipip 0.0.0.0 brd 0.0.0.0

[root@DR02-BACKUP keepalived]# tail -f /var/log/keepalived.log

Aug 3 23:08:36 DR02-BACKUP Keepalived_vrrp[2875]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 90

Aug 3 23:08:36 DR02-BACKUP Keepalived_vrrp[2875]: VRRP_Instance(VI_1) Entering BACKUP STATE

Aug 3 23:08:36 DR02-BACKUP Keepalived_vrrp[2875]: VRRP_Instance(VI_1) removing protocol VIPs.

3.模拟RS01上nginx关闭时的情况

[root@DR01 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.43.166:80 wrr

-> 192.168.43.92:80 Tunnel 1 0 4

[root@DR01 ~]#

[root@DR01 keepalived]# tail -f /var/log/keepalived.log

Aug 3 23:10:38 DR01 Keepalived_healthcheckers[2874]: TCP connection to [192.168.43.93]:80 failed.

Aug 3 23:10:41 DR01 Keepalived_healthcheckers[2874]: TCP connection to [192.168.43.93]:80 failed.

Aug 3 23:10:41 DR01 Keepalived_healthcheckers[2874]: Check on service [192.168.43.93]:80 failed after 1 retry.

Aug 3 23:10:41 DR01 Keepalived_healthcheckers[2874]: Removing service [192.168.43.93]:80 from VS [192.168.43.166]:80

[root@DR02-BACKUP keepalived]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.43.166:80 wrr

-> 192.168.43.92:80 Tunnel 1 0 0

[root@DR02-BACKUP keepalived]#

[root@DR02-BACKUP keepalived]# tail -f /var/log/keepalived.log

Aug 3 23:10:38 DR02-BACKUP Keepalived_healthcheckers[2874]: TCP connection to [192.168.43.93]:80 failed.

Aug 3 23:10:41 DR02-BACKUP Keepalived_healthcheckers[2874]: TCP connection to [192.168.43.93]:80 failed.

Aug 3 23:10:41 DR02-BACKUP Keepalived_healthcheckers[2874]: Check on service [192.168.43.93]:80 failed after 1 retry.

Aug 3 23:10:41 DR02-BACKUP Keepalived_healthcheckers[2874]: Removing service [192.168.43.93]:80 from VS [192.168.43.166]:80

[root@harbor ~]# while true ; do curl http://192.168.43.166/wordpress/index.html ; sleep 2; done

curl: (7) Failed connect to 192.168.43.166:80; Connection refused

This is RS01!!