在自己環境做keepalived+redis實驗時,當重啟了備用redies機器后,發現兩臺redies主機都拿到了VIP
?
- [root@redis2?~]#?ip?addr?list??
- 1:?lo:?<LOOPBACK,UP,LOWER_UP>?mtu?65536?qdisc?noqueue?state?UNKNOWN???
- ????link/loopback?00:00:00:00:00:00?brd?00:00:00:00:00:00??
- ????inet?127.0.0.1/8?scope?host?lo??
- ????inet6?::1/128?scope?host???
- ???????valid_lft?forever?preferred_lft?forever??
- 2:?eth0:?<BROADCAST,MULTICAST,UP,LOWER_UP>?mtu?1500?qdisc?pfifo_fast?state?UP?qlen?1000??
- ????link/ether?52:54:00:72:6a:7c?brd?ff:ff:ff:ff:ff:ff??
- ????inet?192.168.122.54/24?brd?192.168.122.255?scope?global?eth0??
- ????inet?192.168.122.50/32?scope?global?eth0??
- ????inet6?fe80::5054:ff:fe72:6a7c/64?scope?link???
- ???????valid_lft?forever?preferred_lft?forever??
?
- [root@localhost?~]#?ip?addr?list??
- 1:?lo:?<LOOPBACK,UP,LOWER_UP>?mtu?65536?qdisc?noqueue?state?UNKNOWN???
- ????link/loopback?00:00:00:00:00:00?brd?00:00:00:00:00:00??
- ????inet?127.0.0.1/8?scope?host?lo??
- ????inet6?::1/128?scope?host???
- ???????valid_lft?forever?preferred_lft?forever??
- 2:?eth0:?<BROADCAST,MULTICAST,UP,LOWER_UP>?mtu?1500?qdisc?pfifo_fast?state?UP?qlen?1000??
- ????link/ether?52:54:00:85:7b:a9?brd?ff:ff:ff:ff:ff:ff??
- ????inet?192.168.122.96/24?brd?192.168.122.255?scope?global?eth0??
- ????inet?192.168.122.50/32?scope?global?eth0??
- ????inet6?fe80::5054:ff:fe85:7ba9/64?scope?link???
- ???????valid_lft?forever?preferred_lft?forever??
也就是出現了keepalived的腦裂現象,檢查了兩臺主機的網絡連通狀態,發現網絡是好的。然后在備機上抓包
?
- [root@localhost?~]#??tcpdump?-i?eth0|grep?VRRP??
- tcpdump:?verbose?output?suppressed,?use?-v?or?-vv?for?full?protocol?decode??
- listening?on?eth0,?link-type?EN10MB?(Ethernet),?capture?size?65535?bytes??
- 15:51:17.146322?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:17.146577?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:17.146972?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:18.147136?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:18.147576?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:25.151399?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:25.151942?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:26.151703?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:26.152623?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:27.152456?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:27.153261?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:28.152955?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:28.153461?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:29.153766?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:29.155652?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:30.154275?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:30.154587?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:31.155042?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:31.155428?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:32.155539?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:32.155986?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:33.156357?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:33.156979?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
- 15:51:34.156801?IP?192.168.122.96?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?50,?authtype?simple,?intvl?1s,?length?20??
- 15:51:34.156989?IP?192.168.122.54?>?vrrp.mcast.net:?VRRPv2,?Advertisement,?vrid?51,?prio?160,?authtype?simple,?intvl?1s,?length?20??
?
備機能接收到master發過來的VRRP廣播,那為什么還會有腦裂現象?發現重啟后iptables還開著,檢查了防火墻配置
?
- root@localhost?~]#?iptables?-S??
- -P?INPUT?ACCEPT??
- -P?FORWARD?ACCEPT??
- -P?OUTPUT?ACCEPT??
- -A?INPUT?-m?state?--state?RELATED,ESTABLISHED?-j?ACCEPT???
- -A?INPUT?-p?icmp?-j?ACCEPT???
- -A?INPUT?-i?lo?-j?ACCEPT???
- -A?INPUT?-p?tcp?-m?state?--state?NEW?-m?tcp?--dport?22?-j?ACCEPT???
- -A?INPUT?-j?REJECT?--reject-with?icmp-host-prohibited???
- -A?FORWARD?-j?REJECT?--reject-with?icmp-host-prohibited???
發現系統不接收VRRP協議,于是修改iptables
?
- [root@localhost?~]#?iptables?-I?INPUT?4?-p?vrrp?-j?ACCEPT??
- [root@localhost?~]#?iptables?-S??
- -P?INPUT?ACCEPT??
- -P?FORWARD?ACCEPT??
- -P?OUTPUT?ACCEPT??
- -A?INPUT?-m?state?--state?RELATED,ESTABLISHED?-j?ACCEPT???
- -A?INPUT?-p?icmp?-j?ACCEPT???
- -A?INPUT?-i?lo?-j?ACCEPT???
- -A?INPUT?-p?vrrp?-j?ACCEPT???
- -A?INPUT?-p?tcp?-m?state?--state?NEW?-m?tcp?--dport?22?-j?ACCEPT???
- -A?INPUT?-j?REJECT?--reject-with?icmp-host-prohibited???
- -A?FORWARD?-j?REJECT?--reject-with?icmp-host-prohibited???
- [root@localhost?~]#?ip?addr?list??
- 1:?lo:?<LOOPBACK,UP,LOWER_UP>?mtu?65536?qdisc?noqueue?state?UNKNOWN???
- ????link/loopback?00:00:00:00:00:00?brd?00:00:00:00:00:00??
- ????inet?127.0.0.1/8?scope?host?lo??
- ????inet6?::1/128?scope?host???
- ???????valid_lft?forever?preferred_lft?forever??
- 2:?eth0:?<BROADCAST,MULTICAST,UP,LOWER_UP>?mtu?1500?qdisc?pfifo_fast?state?UP?qlen?1000??
- ????link/ether?52:54:00:85:7b:a9?brd?ff:ff:ff:ff:ff:ff??
- ????inet?192.168.122.96/24?brd?192.168.122.255?scope?global?eth0??
- ????inet6?fe80::5054:ff:fe85:7ba9/64?scope?link???
- ???????valid_lft?forever?preferred_lft?forever??
發現VIP沒了。雖然問題解決了,但為什么備機明明能抓到master發來的VRRP廣播包,但卻無法改變自身狀態呢?只能說明網卡接收到數據包是在iptables處理數據包之前發生的事情。
方法)
)
