用過(guò)keepalived 的朋友都知道在設(shè)置keepalived 的virtual ipaddress 地址時(shí)(以下簡(jiǎn)稱vip)我們通常使用vip 相同網(wǎng)段的三個(gè)地址,問(wèn)題來(lái)了如果有多個(gè)項(xiàng)目(vip)將會(huì)占用多個(gè)公網(wǎng)ip 地址,不過(guò)在使用keepalived 的過(guò)程中我們發(fā)現(xiàn),即使用不同網(wǎng)段的ip 地址也能夠"跑"vip ,舉個(gè)例子比如我用內(nèi)網(wǎng)地址 10.0.100.81 與 10.0.100.82 來(lái)跑公網(wǎng) vip 192.168.57.75 ,這樣我們就可以節(jié)省兩個(gè)公網(wǎng)ip 地址了,不過(guò)要想實(shí)現(xiàn)這一"妙招" 是需要幾個(gè)前提條件的,
節(jié)省公網(wǎng)ip keepalived另類用法
。前提條件
1 公網(wǎng)ip與內(nèi)網(wǎng)ip在同一個(gè)廣播域內(nèi)(內(nèi)外網(wǎng)絡(luò)連接在同一個(gè)交換機(jī)內(nèi))
2 配置 keepalived vip 添加子網(wǎng)掩碼(如 192.168.57.75/24 )
3 需要手動(dòng)為vip 添加默認(rèn)路由
解釋
1 公網(wǎng)ip與內(nèi)網(wǎng)ip在同一個(gè)廣播域內(nèi)
ip add
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:
link/ether 00:50:56:ad:20:0d brd ff:ff:ff:ff:ff:ff
3: eth1:
link/ether 00:50:56:ad:20:0e brd ff:ff:ff:ff:ff:ff
inet 10.0.100.81/24 brd 10.0.100.255 scope global eth1
inet6 fe80::250:56ff:fead:200e/64 scope link
valid_lft forever preferred_lft forever
4: sit0:
link/sit 0.0.0.0 brd 0.0.0.0
eth0 為公網(wǎng) ip地址為none
eth1 為內(nèi)網(wǎng) ip地址為 10.0.100.81
//我在eth1 網(wǎng)卡可以抓到 eth0 網(wǎng)絡(luò)的arp 包
tcpdump -i eth1 -vvn arp
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
09:38:59.900475 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.57.1 tell 192.168.57.71, length 28
09:38:59.901161 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.57.1 is-at c0:62:6b:8d:c1:cc, length 46
2 配置 keepalived vip 請(qǐng)?zhí)砑幼泳W(wǎng)掩碼(如 192.168.57.75/24 )
//keepalived 配置文件
tail -n 5 /usr/local/keepalived/keepalived.conf
virtual_ipaddress {
192.168.57.75/24 dev eth1 scope global
}
//啟動(dòng)keepalvied 后的路由表
ip route
10.0.100.0/24 dev eth1 proto kernel scope link src 10.0.100.81
192.168.57.0/24 dev eth1 proto kernel scope link src 192.168.57.75
169.254.0.0/16 dev eth1 scope link metric 1003
3 需要手動(dòng)為vip 添加默認(rèn)路由
//因?yàn)槭翘摂Mip 所以沒(méi)有默認(rèn)網(wǎng)關(guān),下面是沒(méi)有啟動(dòng)keepalived 的路由表
ip route
10.0.100.0/24 dev eth1 proto kernel scope link src 10.0.100.81
169.254.0.0/16 dev eth1 scope link metric 1003
//添加默認(rèn)網(wǎng)關(guān)
route add default gateway 192.168.57.1
//啟動(dòng)keepalvied并添加默認(rèn)網(wǎng)關(guān)后的路由表
ip route
10.0.100.0/24 dev eth1 proto kernel scope link src 10.0.100.81
192.168.57.0/24 dev eth1 proto kernel scope link src 192.168.57.75
169.254.0.0/16 dev eth1 scope link metric 1003
default via 192.168.57.1 dev eth1
測(cè)試
//ping 通 vip
//haproxy url
結(jié)束
需要注意的是這個(gè)keepalived技巧并不適合大網(wǎng)絡(luò)的環(huán)境,因?yàn)檩^大的網(wǎng)絡(luò)從網(wǎng)絡(luò)安全與網(wǎng)絡(luò)開銷(大量廣播包)角度講,最基本的也會(huì)隔離出兩個(gè)廣播域一個(gè)外網(wǎng)一個(gè)內(nèi)網(wǎng),否則問(wèn)題大大的,這樣就違背了第一個(gè)前提條件了,
電腦資料
《節(jié)省公網(wǎng)ip keepalived另類用法》(http://m.oriental01.com)。作者 dngood