最新消息:

Keepalived环境开启iptables

未分类 admin 9365浏览 0评论
系统:CentOS 5.8 X86_64
软件:nginx-1.2.4.tar.gz keepalived-1.2.7.tar.gz
拓扑:
wpid-4819f1630dfc2d3d39ff65206e96449a_260481015

 

目的:开启iptables,keepalived工作正常(主备能正常切换)
一、配置keepalived
指定发送vrrp包的源地址为发送端口的IP地址
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    router_id Nginx_LB1
}
vrrp_script ngx_check {
                script “/root/ngx_check.sh”
                interval 1
                weight 1
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    mcast_src_ip 10.0.37.3  #指定发送组播源地址为发送端口的IP地址,BACKUP指定为10.0.37.4
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
track_script {
        ngx_check
   }
    virtual_ipaddress {
        10.0.37.7
    }
}
二、使用tcpdump抓包
# tcpdump -p vrrp -n
wpid-4819f1630dfc2d3d39ff65206e96449a_80003880
三、配置iptables
允许对方IP的所有vrrp包通过。
在MASTER(10.0.37.3)上配置:
# iptables -A INPUT -i eth0 -p vrrp -s 10.0.37.4 -j ACCEPT
-i 指定数据包进来的网络接口
-p指定vrrp协议
-s指定数据包源IP地址
-j允许通过
四、测试
现在vip在master上:
wpid-4819f1630dfc2d3d39ff65206e96449a_80800967
1.停止master上的keepalived,看是否能切换?:
# /etc/init.d/keepalived stop
查看BACKUP上的vip绑定,已经看到vip已经成功绑定,说明防火墙的开启不影响的keepalived的使用:
wpid-4819f1630dfc2d3d39ff65206e96449a_80881323
2.停止master上的nginx(前提是有做nginx的检查),vip也能正常切换到backup上;
3.当master的网络故障,vip也能正常切换到backup上;

转载请注明:爱开源 » Keepalived环境开启iptables

您必须 登录 才能发表评论!