转自:https://oldwiki.archive.openwrt.org/doc/recipes/high-availability

先记号一下,有空再仔细研究。

--------------------------------------------------------

High availability

High availability is a term that can be used to refer to systems that are designed to remain functional despite some hardware and/or software failures and/or planned maintenance (e.g. upgrades). Actual measured availability (e.g. percentage of time or requests that succeed) can vary.

In this howto, we'll be describing a simple 2 router setup, in an active/backup configuration. The devices will share a virtual ip address that hosts on the lan can use as a gateway to reach the internet. In case the active router fails or is rebooted, a backup router will take over.

We will be using keepalived to implement healthchecking and ip failover, and conntrack-tools to implement firewall/nat syncing.

Most of openwrt configuration required (but not all) is doable from luci web ui as well.

Preparation, assumptions, description of environment

  • You have 2 openwrt routers and a static WAN IP. (could also be a private IP+DMZ).

  • If you're not doing NAT or connection tracking based firewalling, skip the conntrackd/conntrack-tools sections.

  • DHCP dynamic WAN IP is possible with keepalived, but requires extra scripting and is not going to be described here.

  • VPNs and tunnel setups and failing those over is not covered.

  • Failing over PPPoE WAN is not implement, best bet: let the modem do PPPoE and setup your virtual wan ip to DMZ.

Individual Router Configuration

1. Configure 1st openwrt router

  • Internal LAN ip: 192.168.1.2/24 (change so 192.168.1.1 is available for initial configuration of 2nd router)

  • WAN IP, gateway: static 192.168.0.2/24 gw 192.168.0.1 metric 10 (using double nat / dmz on the isp provided router)

  • DHCP on defaults is fine, we'll configure it later.

2. Configure 2nd openwrt router

  • Interface LAN ip: 192.168.1.3/24 (change so that when you connect the second router to the same network you can configure it)

  • WAN IP, gateway: static 192.168.0.3/24 gw 192.168.0.1 metric 10 (using double nat / dmz on the isp provided router)

  • DHCP on defaults is fine for now, if you have any static leases in dhcp, or fixed host entries, make sure they're the same as on 1st router.

verification and troubleshooting

  • change a client to use gw 192.168.1.3 and dns 192.168.1.3, make sure second router is working as well

  • hosts that have IPs issued with one dnsmasq might not be resolvable using the second dnsmasq, assigning static leases helps.

Both router configuration

3. Configure keepalived

keepalived is a linux daemon that uses VRRP (Virtual Router Redundancy Protocol) to healthcheck and elect a router on the network that will serve a particular IP. We'll be using a small subset of its features in our use case.

opkg update opkg install keepalived

The following configuration in /etc/keepalived/keepalived.conf assumes routers are symmetrical, ie. they're of the same priority, they start up in backup mode and they will not preemept the other router until they establish other router is gone. You will need to adjust the interfaces to match your device.

! Configuration File for keepalived

! failover E1 and I1 at the same time

vrrp_sync_group G1 {

  group {

    E1

    I1

  }

}

! internal

vrrp_instance I1 {

  state backup

  interface br-lan

  virtual_router_id 51

  priority 101

  advert_int 1

  virtual_ipaddress {

    10.9.8.4/24

  }

  authentication {

    auth_type PASS

    auth_pass s3cret

  }

  nopreempt

}

! external

vrrp_instance E1 {

  state backup

  interface eth0.2

  virtual_router_id 51

  priority 101

  advert_int 1

  virtual_ipaddress {

    192.168.0.4/24

  }

  virtual_routes {

    src 192.168.0.4 to 0.0.0.0/0 via 192.168.0.1 dev eth0.2 metric 5

  }

  authentication {

    auth_type PASS

    auth_pass s3cret

  }

  nopreempt

}

4. Configure conntrackd

This step is optional, keepalived will be failing over (successing over?) the ip address with or without conntrackd, however, as NAT relies on tracking connection state in a (network address) table that links external ip:port with internal ip:port (per given protocol, tcp or udp), connections might be broken on failover to backup openwrt instance. New connections (such as application level reconnects) will work just fine. This is because the backup instance will not know who to send outgoing packets to.

Below is a simple config file for conntrackd. It would be advisable to navigate to /etc/conntrackd/ in order to rename the original config. Creating a brand new "conntrackd.conf" file allows you to browse back to the old one for reference.

Sync {

    Mode FTFW {

        DisableExternalCache Off

        CommitTimeout 1800

        PurgeTimeout 5

    }

    UDP {

        IPv4_address "ip addr of host router"

        IPv4_Destination_Address "ip addr of partner router"

        Port 3780

        Interface eth*

        SndSocketBuffer 1249280

        RcvSocketBuffer 1249280

        Checksum on

    }

}

General {

    Nice -20

    HashSize 32768

    HashLimit 131072

    LogFile on

    Syslog on

    LockFile /var/lock/conntrack.lock

    UNIX {

        Path /var/run/conntrackd.ctl

        Backlog 20

    }

    NetlinkBufferSize 2097152

    NetlinkBufferSizeMaxGrowth 8388608

    Filter From Userspace {

        Protocol Accept {

            TCP

            UDP

            ICMP # This requires a Linux kernel >= 2.6.31

        }

        Address Ignore {

            IPv4_address 127.0.0.1 # loopback

        }

    }

}

Run simple commands to verify functionality

Summary of connected devices:

conntrackd -s

Resync nodes:

conntrackd -n

3. Configure dhcp

You'll want DHCP (dnsmasq) to serve 192.168.0.4 (vip address) to hosts on the lan, both as their gateway and DNS. Here's an excerpt from /etc/config/dhcp that instructs dnsmasq to do that.

...

config dhcp 'lan'

        ...

        option force '1'

        list dhcp_option '3,192.168.1.4'

        list dhcp_option '6,192.168.1.4'

...

option force '1' is needed for dnsmasq to not deactivate when it sees the other dhcp server. dhcp_option 3 is gateway, dhcp_option 6 is DNS.

5. Sysupgrade backup add dirs

Add the following directories to /etc/sysupgrade.conf. (can be done from luci as well).

...

/etc/keepalived/

/etc/conntrackd/

Testing and verification

TODO(risk): restarting keepalived with logread -f open, pulling cables with ssh / telnet / http sessions open, forcing dhcp renewal with tcpdump running, ensure

openwrt双机热备的更多相关文章

  1. CentOS系统MySQL双机热备配置

    1  概述 在集成项目中需要应对不同环境下的安装配置,主流操作系统大致可以分为三种:Linux.Windows以及UNIX.其中Linux备受青睐的主要原因有两个: 首先,Linux作为自由软件有两个 ...

  2. MySQL 5.6 双机热备windows7

    MySQL 5.6 双机热备 目录: 1.说明 2.数据手工同步 3.修改主数据库配置文件 4.修改从数据库配置文件 5.主数据库添加备份用户 6.从数据库设置为Slave 7.验证 1.说明 1)数 ...

  3. Keepalived双机热备

    一,Keepalived双机热备的应用场景 1,网站流量不高,压力不大,但是对服务器的可靠性要求极其高,例如实时在线OA系统,政府部门网站系统,医院实时报医系统,公安局在线报案系统,股市后台网站系统等 ...

  4. SqlServer双机热备技术实践笔记

    SqlServer双机热备,大体上可以通过发布订阅,日志传送,数据库镜像来实现. 1,发布--订阅 是最早最简单的方案,但需要注意发布的时候,发布进程必须对快照目录有访问权限,这个问题可以从“查看快照 ...

  5. windows下使用mysql双机热备功能

    一. 准备工作 1. 准备两台服务器(电脑),接入局域网中,使互相ping得通对方 2. 两台服务器都安装mysql-server-5.1,必须保证mysql的版本一致 3. 假设,服务器A:192. ...

  6. Nginx+keepalived双机热备(主主模式)

    之前已经介绍了Nginx+Keepalived双机热备的主从模式,今天在此基础上说下主主模式的配置. 由之前的配置信息可知:master机器(master-node):103.110.98.14/19 ...

  7. keepalived+LVS 实现双机热备、负载均衡、失效转移 高性能 高可用 高伸缩性 服务器集群

    本章笔者亲自动手,使用LVS技术实现实现一个可以支持庞大访问量.高可用性.高伸缩性的服务器集群 在读本章之前,可能有不少读者尚未使用该技术,或者部分读者使用Nginx实现应用层的负载均衡.这里大家都可 ...

  8. RAID与双机热备简单介绍与区别

    一.    RAID技术详解 RAID是英文Redundant Array of Independent Disks的缩写,翻译成中文意思是“独立磁盘冗余阵列”,有时也简称磁盘阵列(Disk Arra ...

  9. Keepalived 双机热备

    使用 Keepalived 做双机热备非常简单,经常和 LVS 搭配来实现高可用负载平衡方案. 1. Master / Slave 首先准备两台测试服务器和一个虚拟IP. Server A: 192. ...

随机推荐

  1. [Google] 人和自行车匹配

    2D平面上,有m个人(P),n辆自行车(B),还有空白(O)满足以下条件1.m < n. 2.不存在两个人,到同一辆自行车距离相等, 距离用abs(x1-x2) + abs(y1-y2)定义3. ...

  2. AI - AutoKeras - 简介

    前言 在数据集上训练神经网络时,主要有两个目标: 定义符合数据集特性的神经网络架构. 在许多试验中对一组超参数进行调优,从而使得模型具有较高的准确率并且能够泛化至训练集和测试集之外的数据. 针对不同的 ...

  3. Word中如何加载EndNote

    在百度中搜索了很多解决方案,都不尽相同忙了一上午也没解决,然后搁浅,吃过午饭回来在安装目录下找到如下exe文件三四步点击搞定 所以,有时候问题出现了长时间没解决,可以换下环境出去溜达一圈说不定就茅塞顿 ...

  4. ucore 源码剖析

    lab1 源码剖析 从实模式到保护模式 初始化ds,es和ss等段寄存器为0 使能A20门,其中seta20.1写数据到0x64端口,表示要写数据给8042芯片的Output Port;seta20. ...

  5. Ubuntu12.10添加matlab启动器

    首先我们要了解,Ubuntu 的 Dash 里所有程序都是在 /usr/share/applications 中的,所以我们的思路很简单——建一个类似于“快捷方式”一样的东西扔进去就好了. 1. 终端 ...

  6. [转帖]crontab每小时运行一次

    crontab每小时运行一次     先给出crontab的语法格式 对于网上很多给出的每小时定时任务写法,可以说绝大多数都是错误的!比如对于下面的这种写法: 00 * * * * #每隔一小时执行一 ...

  7. [VS] - Visual Studio 智能感知无法启用 之解决

    背景 VS 2017 智能感知无法使用,重置 "导入和导出设置..." 后仍无法使用. 解决 我在 VS 上安装了 Resharper 的,猜测可能跟其配置有关,重置 Intell ...

  8. todo...git ssh http的区别

    todo...git ssh http的区别 https://www.jianshu.com/p/2cced982009f https://www.cnblogs.com/skating/p/6296 ...

  9. 【工具】导入导出 Excel

    文章目录 前言 当前支持的功能 方法api 配置 如何使用(Demo) 实现思路(该工具类可正确的一个大前提) 后记 前言 之前写的项目中,有个需求,需要导出导入Excel表格: 本来很简单的一件事, ...

  10. Ubuntu 软件卸载脚本(卸载软件 + 移除配置文件 + 移除依赖项)

    #!/bin/bash function z-apt-uninstall() { if [ ! $1 ] then echo "z-apt-uninstall error: software ...