整整2周了就是不通......各種百度都無果.環境
win10 1803+hyper-v
虛擬機是
1臺keepalived(testha)+1測驗機(testa)
因為配置不通,所以組了個最小測驗環境
ssh只是個簡單測驗,沒有意義
keepalived機和測驗機 OS均是RHEL7.6,keepalived是光碟自帶的
我的主機、testha、testa之間能相互ping通,
三臺主機 ping vip 能通
我的主機 -> testha
testha -> testa
我的主機 -> testa
之間ssh通信正常
測驗想達到的目的是我的主機通過testha去ssh testa
組態檔
global_defs
{
router_id testha
}
vrrp_instance VI_1
{
state MASTER
interface eth0
virtual_router_id 207
priority 100
advert_int 1
authentication
{
auth_type PASS
auth_pass 5684
}
virtual_ipaddress
{
192.168.137.200/24 brd 192.168.137.255 dev eth0 label eth0:vip
}
}
virtual_server 192.168.137.200 22
{
lb_algo rr
lb_kind NAT
protocol TCP
delay_loop 3
persistence_timeout 1000
real_server 192.168.137.154 22
{
weight 1
TCP_CHECK
{
connect_timeout 3
}
}
}
現在的情況是
testha上ssh 192.168.137.200能夠連接到testa
我的主機 ssh 192.168.137.200根本連不上,超時
抓了下包發現:
我的主機ssh到192.168.137.200,僅僅是發出了個SYN就沒回應了.
testha ssh到192.168.137.200 通信正常
keepalived的healthchecker感知testa的22埠動作正常,在testa關閉時log里出現了retry..
跪求大神來救援...
uj5u.com熱心網友回復:
lb_kind試過NAT
DR
都不行..
這是ip a列印出的ip資訊
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:d9:01:0d brd ff:ff:ff:ff:ff:ff
inet 192.168.137.100/24 brd 192.168.137.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.137.200/24 brd 192.168.137.255 scope global secondary eth0:vip
valid_lft forever preferred_lft forever
inet6 fe80::16f4:a55d:a8ac:7b6f/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::1138:cee9:af01:68d6/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::a147:dd36:edbf:de64/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
uj5u.com熱心網友回復:
首先keepalived一半是用來做高可用集群的,你用來做轉發,完全可以直接用iptabled直接轉發就好了,或者LVS nginx之類的然后你說的這個,也應該是keepalived+lvs,virtual_server這些配置都是lvs的配置,你需要安裝ipvsadm(lvs工具)
uj5u.com熱心網友回復:
因為整體不通,做了個最小化的系統,ssh轉發只是為了試驗隨手用的程式.
ipvsadm已經安裝了,在keepalived啟動后,已經看到新建出的lvs規則
[root@ldapha ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP ldap.local:ssh rr persistent 1000
-> testa.local:ssh Masq 1 0 0
ip轉發也開了...就是不通..
想單獨用lvs配置,遭遇了
Memory allocation problem
百度修改vmalloc,試驗了不行...莫非就是這貨造成的?
uj5u.com熱心網友回復:
今天繼續轉發....發現這種情況[root@ldapha keepalived]# tcpdump '(dst host testa.local and dst port 22) or (dst port 32)'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:34:17.649048 IP gateway.12566 > ldap.local.32: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66189061 ecr 0], length 0
11:34:17.649065 IP gateway.12566 > testa.local.ssh: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66189061 ecr 0], length 0
11:34:19.662467 IP gateway.12566 > ldap.local.32: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66191074 ecr 0], length 0
11:34:19.662499 IP gateway.12566 > testa.local.ssh: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66191074 ecr 0], length 0
11:34:23.662506 IP gateway.12566 > ldap.local.32: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66195074 ecr 0], length 0
11:34:23.662526 IP gateway.12566 > testa.local.ssh: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66195074 ecr 0], length 0
11:34:29.220840 IP ldapha.local.47440 > testa.local.ssh: Flags [S], seq 2793193788, win 29200, options [mss 1460,sackOK,TS val 4434340 ecr 0,nop,wscale 6], length 0
11:34:29.220990 IP ldapha.local.47440 > testa.local.ssh: Flags [.], ack 2730388816, win 457, options [nop,nop,TS val 4434340 ecr 4440894], length 0
11:34:29.221161 IP ldapha.local.47440 > testa.local.ssh: Flags [R.], seq 0, ack 1, win 457, options [nop,nop,TS val 0 ecr 4440894], length 0
11:35:29.222410 IP ldapha.local.47442 > testa.local.ssh: Flags [S], seq 234973580, win 29200, options [mss 1460,sackOK,TS val 4494341 ecr 0,nop,wscale 6], length 0
11:35:29.227354 IP ldapha.local.47442 > testa.local.ssh: Flags [.], ack 2203320573, win 457, options [nop,nop,TS val 4494346 ecr 4500900], length 0
11:35:29.227688 IP ldapha.local.47442 > testa.local.ssh: Flags [R.], seq 0, ack 1, win 457, options [nop,nop,TS val 0 ecr 4500900], length 0
11:36:29.228944 IP ldapha.local.47444 > testa.local.ssh: Flags [S], seq 2531732010, win 29200, options [mss 1460,sackOK,TS val 4554348 ecr 0,nop,wscale 6], length 0
11:36:29.229532 IP ldapha.local.47444 > testa.local.ssh: Flags [.], ack 3240068724, win 457, options [nop,nop,TS val 4554348 ecr 4560903], length 0
11:36:29.229928 IP ldapha.local.47444 > testa.local.ssh: Flags [R.], seq 0, ack 1, win 457, options [nop,nop,TS val 0 ecr 4560903], length 0
網路配置如下
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.137.100
GATEWAY=192.168.137.1
DNS1=192.168.137.1
NETMASK=255.255.255.0
FORWARD_IPV4=YES
物體機網路配置如下
連接特定的 DNS 后綴 . . . . . . . :
本地鏈接 IPv6 地址. . . . . . . . : fe80::8858:eb8:6a62:7d24%31
IPv4 地址 . . . . . . . . . . . . : 192.168.137.1
子網掩碼 . . . . . . . . . . . . : 255.255.255.0
默認網關. . . . . . . . . . . . . : 0.0.0.0
ldap.local 是VIP
testa.local 是目標主機
gateway 是物體機
keepalived配置間頂樓,使用NAT模式
個人感覺的正常流程
gateway:12566 -> ldap.local:32
修改報文原地址和目的埠號
ldap.local:xxxx -> testa.local:22
keepalived接收結果并修改原報文\埠號
testa.local:22 -> ldap.local:xxxx
ldap.local:32 -> gateway:12566
結果...
gateway:12566 -> ldap.local:32
腫么沒修改???
gateway:12566 -> testa.local:22
tesa.local認真的把syn ack回給gateway:12566,而gateway:12566一臉懵逼
的還在等ldap.local:32,直接RST了...
ip_forward開了
icmp重定向也開了
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/114810.html
標籤:系統維護與使用區