关于keepalived添加的IP地址超过20个时无法连通的讨论
服务器
Published: 2016-05-16

这是从Qiita迁移过来的内容。

在某处使用keepalived,作为VRRP配置+LVS的负载均衡器。
这个负载均衡器的配置如下,设置了许多IP地址(由于SSL证书等原因)进行运作。

在此过程中发生了添加的IP地址无法连通的悲惨事件。

keepalived负载均衡器的构成(DSR构成)

为VIP使用的IP地址通过静态路由从路由器进行路由,并且
正在逐步添加IP地址。(根据需要进行添加)

→ 因此,逐渐增加了负载均衡器的keepalived中添加的IP地址数量。
※为了方便起见,这里使用了私有IP地址。

无法在VRRP中设置超过20个IP地址

  • 在配置文件中设置了21个IP地址(※配置示例)
vrrp_instance BOND0 {
    state MASTER
    interface bond0 
    virtual_router_id 100 
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.4 dev bond0
        192.168.2.1 dev bond0
        192.168.2.2 dev bond0
        192.168.2.3 dev bond0
        192.168.2.4 dev bond0
        192.168.2.5 dev bond0
        192.168.2.6 dev bond0
        192.168.2.7 dev bond0
        192.168.2.8 dev bond0
        192.168.2.9 dev bond0
        192.168.2.10 dev bond0
        192.168.2.11 dev bond0
        192.168.2.12 dev bond0
        192.168.2.13 dev bond0
        192.168.2.14 dev bond0
        192.168.2.15 dev bond0
        192.168.2.16 dev bond0
        192.168.2.17 dev bond0
        192.168.2.18 dev bond0
        192.168.2.19 dev bond0
        192.168.2.20 dev bond0
    }
}
  • 明明设置了21个IP地址,但却没有全部添加!!
# ip addr show bond0 | grep "inet 192"
    inet 192.168.1.4/32 scope global bond0
    inet 192.168.2.1/32 scope global bond0
    inet 192.168.2.2/32 scope global bond0
    inet 192.168.2.3/32 scope global bond0
    inet 192.168.2.4/32 scope global bond0
    inet 192.168.2.5/32 scope global bond0
    inet 192.168.2.6/32 scope global bond0
    inet 192.168.2.7/32 scope global bond0
    inet 192.168.2.8/32 scope global bond0
    inet 192.168.2.9/32 scope global bond0
    inet 192.168.2.10/32 scope global bond0
    inet 192.168.2.11/32 scope global bond0
    inet 192.168.2.12/32 scope global bond0
    inet 192.168.2.13/32 scope global bond0
    inet 192.168.2.14/32 scope global bond0
    inet 192.168.2.15/32 scope global bond0
    inet 192.168.2.16/32 scope global bond0
    inet 192.168.2.17/32 scope global bond0
    inet 192.168.2.18/32 scope global bond0
    inet 192.168.2.19/32 scope global bond0

其实这在keepalived的文档中就有说明。。。
http://www.keepalived.org/pdf/UserGuide.pdf

virtual_ipaddress { # Block limited to 20 IP addresses
    @IP
    @IP
    @IP
}

最多支持20个IP地址!这是明确规定的,令人尴尬!

设置超过20个IP地址的方法

  • 在配置文件中使用virtual_ipaddress_excluded来设置额外的IP地址(※配置示例)
vrrp_instance BOND0 {
    state MASTER
    interface bond0 
    virtual_router_id 100 
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.4 dev bond0
    }
    virtual_ipaddress_excluded {
        192.168.2.1 dev bond0
        192.168.2.2 dev bond0
        192.168.2.3 dev bond0
        192.168.2.4 dev bond0
        192.168.2.5 dev bond0
        192.168.2.6 dev bond0
        192.168.2.7 dev bond0
        192.168.2.8 dev bond0
        192.168.2.9 dev bond0
        192.168.2.10 dev bond0
        192.168.2.11 dev bond0
        192.168.2.12 dev bond0
        192.168.2.13 dev bond0
        192.168.2.14 dev bond0
        192.168.2.15 dev bond0
        192.168.2.16 dev bond0
        192.168.2.17 dev bond0
        192.168.2.18 dev bond0
        192.168.2.19 dev bond0
        192.168.2.20 dev bond0
    }
}
  • 成功设置了超过20个IP地址。
# ip addr show bond0 | grep "inet 192"
    inet 192.168.1.4/32 scope global bond0
    inet 192.168.2.1/32 scope global bond0
    inet 192.168.2.2/32 scope global bond0
    inet 192.168.2.3/32 scope global bond0
    inet 192.168.2.4/32 scope global bond0
    inet 192.168.2.5/32 scope global bond0
    inet 192.168.2.6/32 scope global bond0
    inet 192.168.2.7/32 scope global bond0
    inet 192.168.2.8/32 scope global bond0
    inet 192.168.2.9/32 scope global bond0
    inet 192.168.2.10/32 scope global bond0
    inet 192.168.2.11/32 scope global bond0
    inet 192.168.2.12/32 scope global bond0
    inet 192.168.2.13/32 scope global bond0
    inet 192.168.2.14/32 scope global bond0
    inet 192.168.2.15/32 scope global bond0
    inet 192.168.2.16/32 scope global bond0
    inet 192.168.2.17/32 scope global bond0
    inet 192.168.2.18/32 scope global bond0
    inet 192.168.2.19/32 scope global bond0
    inet 192.168.2.20/32 scope global bond0