High availability
Generally, it means that two machines start the same business system. When one machine goes down, the other server can quickly take over, which is insensitive to the accessed users.
For example, the company's network accesses the Internet through the gateway. What if the router fails and the gateway can't forward messages, and everyone can't access the Internet at this time?
The usual approach is to add a standby node to the router, but the problem is that if our primary gateway master fails, users need to manually point to backup. If users modify too many, it will be very troublesome.
Question 1: suppose that the user changes the pointing to the backup router, what if the master router is repaired?
Question 2: suppose the master gateway fails, can we configure the backup gateway as the ip of the master gateway?
In fact, it is not possible, because after finding the MAC address and IP address of the master gateway through the ARP broadcast for the first time, the PC will write the information to the ARP cache table. Then, the PC will connect through the information in the cache table, and then forward the data packet. Even if we modify the IP, the MAC address is unique, and the PC data packet will still be sent to the master. (unless the ARP cache table of the PC expires, the MAC address and IP address corresponding to the new backup can be obtained when the ARP broadcast is initiated again)
How can we achieve automatic failover? At this time, VRRP appears. Our VRRP actually adds a virtual MAC address (VMAC) and virtual IP address (VIP) outside the Master and Backup in the form of software or hardware. In this case, when the PC requests VIP, whether it is processed by the Master or Backup, PC will only record VMAC and VIP information in ARP cache table.
VRRP protocol
VRRP is virtual router redundancy protocol, which is a fault-tolerant protocol to avoid single point of failure of routers. (equivalent to broadcasting in a LAN)
Common tools
1.Hardware is usually used F5 2.Software is usually used keepalived
Deploy keeplived
# download
[root@lb01 ~]# yum install keepalived -y
# keepalived configuration
[root@lb01 ~]#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
# Global configuration
global_defs {
# Unique identifier of the current keepalived
router_id lb01
}
# Detection script
vrrp_script check_nginx {
# Specify script path
script "/etc/keepalived/checkNG.sh"
# Execution interval
interval 5
}
# Configure VRRP protocol
vrrp_instance VI_1 {
# Status, MASTER and BACKUP
state MASTER
# Binding network card
interface eth0
# Virtual route marking can be understood as grouping
virtual_router_id 50
# priority
priority 100
# Monitor heartbeat interval
advert_int 1
# Configuration authentication
authentication {
# Certification Type
auth_type PASS
# Password for authentication
auth_pass 1111
}
# Set up VIP
virtual_ipaddress {
# Virtual VIP address
192.168.15.3
}
# Call check
track_script {
check_nginx
}
}
# start-up
[root@lb01 ~]# systemctl enable --now keepalived
Keep alive brain crack problem
Two highly available servers cannot check each other's heartbeat within a specified time, but start the failover function respectively.
1. What if Nginx goes down?
Find a way to tell keepalived about Nginx.
2. In the LAN, keepalived cannot broadcast to each other. What should I do?
Judge whether VIP can ping
[root@lb01 ~]# vim checkNG.sh #!/bin/bash # Solve the problem that Nginx cannot start normally ps -ef | grep -q [n]ginx if [ $? -ne 0 ];then # It means that Nginx is not started normally systemctl start nginx &>/dev/null sleep 2 ps -ef | grep -q [n]ginx if [ $? -ne 0 ];then systemctl stop keepalived fi fi # In the LAN, keepalived cannot broadcast to each other. What should I do? # VIP=192.168.15.3 # ping -c 1 $VIP &>/dev/null # if [ $? -eq 0 ];then # VIP delegates can also access # fi & : Correct standard output and wrong standard output
keepalived non preemptive
Non preemptive.
1,All States are set to backup
2,increase nopreempt
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
# Detection script
vrrp_script check_nginx {
# Specify script path
script "/etc/keepalived/checkNG.sh"
# Execution interval
interval 5
}
# Configure VRRP protocol
vrrp_instance VI_1 {
#Status, MASTER and BACKUP
state BACKUP
# Open non preemptive
nopreempt
#Binding network card
interface eth0
#Virtual route marking can be understood as grouping
virtual_router_id 50
#priority
priority 90
#Monitor heartbeat interval
advert_int 1
#Configuration authentication
authentication {
#Certification Type
auth_type PASS
#Password for authentication
auth_pass 1111
}
#Set up VIP
virtual_ipaddress {
#Virtual VIP address
192.168.15.3
}
# Call check
track_script {
check_nginx
}
}
