转自:https://oldwiki.archive.openwrt.org/doc/recipes/high-availability

先记号一下,有空再仔细研究。

--------------------------------------------------------

High availability

High availability is a term that can be used to refer to systems that are designed to remain functional despite some hardware and/or software failures and/or planned maintenance (e.g. upgrades). Actual measured availability (e.g. percentage of time or requests that succeed) can vary.

In this howto, we'll be describing a simple 2 router setup, in an active/backup configuration. The devices will share a virtual ip address that hosts on the lan can use as a gateway to reach the internet. In case the active router fails or is rebooted, a backup router will take over.

We will be using keepalived to implement healthchecking and ip failover, and conntrack-tools to implement firewall/nat syncing.

Most of openwrt configuration required (but not all) is doable from luci web ui as well.

Preparation, assumptions, description of environment

  • You have 2 openwrt routers and a static WAN IP. (could also be a private IP+DMZ).

  • If you're not doing NAT or connection tracking based firewalling, skip the conntrackd/conntrack-tools sections.

  • DHCP dynamic WAN IP is possible with keepalived, but requires extra scripting and is not going to be described here.

  • VPNs and tunnel setups and failing those over is not covered.

  • Failing over PPPoE WAN is not implement, best bet: let the modem do PPPoE and setup your virtual wan ip to DMZ.

Individual Router Configuration

1. Configure 1st openwrt router

  • Internal LAN ip: 192.168.1.2/24 (change so 192.168.1.1 is available for initial configuration of 2nd router)

  • WAN IP, gateway: static 192.168.0.2/24 gw 192.168.0.1 metric 10 (using double nat / dmz on the isp provided router)

  • DHCP on defaults is fine, we'll configure it later.

2. Configure 2nd openwrt router

  • Interface LAN ip: 192.168.1.3/24 (change so that when you connect the second router to the same network you can configure it)

  • WAN IP, gateway: static 192.168.0.3/24 gw 192.168.0.1 metric 10 (using double nat / dmz on the isp provided router)

  • DHCP on defaults is fine for now, if you have any static leases in dhcp, or fixed host entries, make sure they're the same as on 1st router.

verification and troubleshooting

  • change a client to use gw 192.168.1.3 and dns 192.168.1.3, make sure second router is working as well

  • hosts that have IPs issued with one dnsmasq might not be resolvable using the second dnsmasq, assigning static leases helps.

Both router configuration

3. Configure keepalived

keepalived is a linux daemon that uses VRRP (Virtual Router Redundancy Protocol) to healthcheck and elect a router on the network that will serve a particular IP. We'll be using a small subset of its features in our use case.

opkg update opkg install keepalived

The following configuration in /etc/keepalived/keepalived.conf assumes routers are symmetrical, ie. they're of the same priority, they start up in backup mode and they will not preemept the other router until they establish other router is gone. You will need to adjust the interfaces to match your device.

! Configuration File for keepalived

! failover E1 and I1 at the same time

vrrp_sync_group G1 {

  group {

    E1

    I1

  }

}

! internal

vrrp_instance I1 {

  state backup

  interface br-lan

  virtual_router_id 51

  priority 101

  advert_int 1

  virtual_ipaddress {

    10.9.8.4/24

  }

  authentication {

    auth_type PASS

    auth_pass s3cret

  }

  nopreempt

}

! external

vrrp_instance E1 {

  state backup

  interface eth0.2

  virtual_router_id 51

  priority 101

  advert_int 1

  virtual_ipaddress {

    192.168.0.4/24

  }

  virtual_routes {

    src 192.168.0.4 to 0.0.0.0/0 via 192.168.0.1 dev eth0.2 metric 5

  }

  authentication {

    auth_type PASS

    auth_pass s3cret

  }

  nopreempt

}

4. Configure conntrackd

This step is optional, keepalived will be failing over (successing over?) the ip address with or without conntrackd, however, as NAT relies on tracking connection state in a (network address) table that links external ip:port with internal ip:port (per given protocol, tcp or udp), connections might be broken on failover to backup openwrt instance. New connections (such as application level reconnects) will work just fine. This is because the backup instance will not know who to send outgoing packets to.

Below is a simple config file for conntrackd. It would be advisable to navigate to /etc/conntrackd/ in order to rename the original config. Creating a brand new "conntrackd.conf" file allows you to browse back to the old one for reference.

Sync {

    Mode FTFW {

        DisableExternalCache Off

        CommitTimeout 1800

        PurgeTimeout 5

    }

    UDP {

        IPv4_address "ip addr of host router"

        IPv4_Destination_Address "ip addr of partner router"

        Port 3780

        Interface eth*

        SndSocketBuffer 1249280

        RcvSocketBuffer 1249280

        Checksum on

    }

}

General {

    Nice -20

    HashSize 32768

    HashLimit 131072

    LogFile on

    Syslog on

    LockFile /var/lock/conntrack.lock

    UNIX {

        Path /var/run/conntrackd.ctl

        Backlog 20

    }

    NetlinkBufferSize 2097152

    NetlinkBufferSizeMaxGrowth 8388608

    Filter From Userspace {

        Protocol Accept {

            TCP

            UDP

            ICMP # This requires a Linux kernel >= 2.6.31

        }

        Address Ignore {

            IPv4_address 127.0.0.1 # loopback

        }

    }

}

Run simple commands to verify functionality

Summary of connected devices:

conntrackd -s

Resync nodes:

conntrackd -n

3. Configure dhcp

You'll want DHCP (dnsmasq) to serve 192.168.0.4 (vip address) to hosts on the lan, both as their gateway and DNS. Here's an excerpt from /etc/config/dhcp that instructs dnsmasq to do that.

...

config dhcp 'lan'

        ...

        option force '1'

        list dhcp_option '3,192.168.1.4'

        list dhcp_option '6,192.168.1.4'

...

option force '1' is needed for dnsmasq to not deactivate when it sees the other dhcp server. dhcp_option 3 is gateway, dhcp_option 6 is DNS.

5. Sysupgrade backup add dirs

Add the following directories to /etc/sysupgrade.conf. (can be done from luci as well).

...

/etc/keepalived/

/etc/conntrackd/

Testing and verification

TODO(risk): restarting keepalived with logread -f open, pulling cables with ssh / telnet / http sessions open, forcing dhcp renewal with tcpdump running, ensure

openwrt双机热备的更多相关文章

  1. CentOS系统MySQL双机热备配置

    1  概述 在集成项目中需要应对不同环境下的安装配置,主流操作系统大致可以分为三种:Linux.Windows以及UNIX.其中Linux备受青睐的主要原因有两个: 首先,Linux作为自由软件有两个 ...

  2. MySQL 5.6 双机热备windows7

    MySQL 5.6 双机热备 目录: 1.说明 2.数据手工同步 3.修改主数据库配置文件 4.修改从数据库配置文件 5.主数据库添加备份用户 6.从数据库设置为Slave 7.验证 1.说明 1)数 ...

  3. Keepalived双机热备

    一,Keepalived双机热备的应用场景 1,网站流量不高,压力不大,但是对服务器的可靠性要求极其高,例如实时在线OA系统,政府部门网站系统,医院实时报医系统,公安局在线报案系统,股市后台网站系统等 ...

  4. SqlServer双机热备技术实践笔记

    SqlServer双机热备,大体上可以通过发布订阅,日志传送,数据库镜像来实现. 1,发布--订阅 是最早最简单的方案,但需要注意发布的时候,发布进程必须对快照目录有访问权限,这个问题可以从“查看快照 ...

  5. windows下使用mysql双机热备功能

    一. 准备工作 1. 准备两台服务器(电脑),接入局域网中,使互相ping得通对方 2. 两台服务器都安装mysql-server-5.1,必须保证mysql的版本一致 3. 假设,服务器A:192. ...

  6. Nginx+keepalived双机热备(主主模式)

    之前已经介绍了Nginx+Keepalived双机热备的主从模式,今天在此基础上说下主主模式的配置. 由之前的配置信息可知:master机器(master-node):103.110.98.14/19 ...

  7. keepalived+LVS 实现双机热备、负载均衡、失效转移 高性能 高可用 高伸缩性 服务器集群

    本章笔者亲自动手,使用LVS技术实现实现一个可以支持庞大访问量.高可用性.高伸缩性的服务器集群 在读本章之前,可能有不少读者尚未使用该技术,或者部分读者使用Nginx实现应用层的负载均衡.这里大家都可 ...

  8. RAID与双机热备简单介绍与区别

    一.    RAID技术详解 RAID是英文Redundant Array of Independent Disks的缩写,翻译成中文意思是“独立磁盘冗余阵列”,有时也简称磁盘阵列(Disk Arra ...

  9. Keepalived 双机热备

    使用 Keepalived 做双机热备非常简单,经常和 LVS 搭配来实现高可用负载平衡方案. 1. Master / Slave 首先准备两台测试服务器和一个虚拟IP. Server A: 192. ...

随机推荐

  1. jQuery 控制網頁捲軸移動 & Ignore link '#' method jump action

    $('a.gotoheader').click(function(){ // 讓捲軸移動到 0 的位置 $(); // ignore link "#" method return ...

  2. 学习记录:《C++设计模式——李建忠主讲》7.“领域规则”模式

    领域规则模式:在特定领域中,某些变化虽然频繁,但可以抽象为某种规则.这时候,结合特定的领域,将问题抽象为语法规则,从而给出该领域下的一般性解决方案. 典型模式:解释器模式(Interpreter). ...

  3. ABP中的AutoMapper

    在我们的业务中经常需要使用到类型之间的映射,特别是在和前端页面进行交互的时候,我们需要定义各种类型的Dto,并且需要需要这些Dto和数据库中的实体进行映射,对于有些大对象而言,需要赋值太多的属性,这样 ...

  4. git使用mvn clean install 报错原因排查

    使用命令行git-bath.exe 来拉代码并进行编译之类的服务,结果在拉依赖时一直报错连的是144.131.254.26,看了maven的setting配置 文件 没并没有错, 最终定位问题是 gi ...

  5. AVR单片机教程——EasyElectronics Library v1.0手册

    更新:EasyElectronics Library v1.1手册 索引: bit.h delay.h pin.h tone.h pwm.h uart.h adc.h led.h rgbw.h seg ...

  6. 【Qt】Qt5.12连接MySQl5.7(亲自测试成功)

    目录 00. 目录 01. Qt5.12连接MySQL5.7测试代码 02. Qt5.12连接MySQL5.7问题描述 03. 解决办法 04. 结果测试 05. 打赏 00. 目录 01. Qt5. ...

  7. vue防止闪屏小技巧:[v-cloak]

    css 内添加此属性[v-cloak] { display: none; } html中引入即可 <div v-cloak> {{ message }} </div> 如果觉得 ...

  8. ASP.net Web API综合示例

    目录 概述 功能介绍 程序结构 服务器端介绍 客户端介绍 “契约” Web API设计规则 并行写入冲突与时间戳 身份验证详解 Web API验证规则 客户端MVVM简介 Web.Config 本DE ...

  9. RabbitMQ的应用场景

    进入正题. 一.异步处理 场景:发送手机验证码,邮件 传统古老处理方式如下图 这个流程,全部在主线程完成,注册->入库->发送邮件->发送短信,由于都在主线程,所以要等待每一步完成才 ...

  10. C# 微信消息模板 发送

    项目要用到微信提醒 ,加上调转到小程序页面,或者 指定url 用到  RestSharp.Senparc.Weixin 类库 一开始直接照着微信示例直接post进去 发现一直提示 47001  ,估计 ...