整整2周了就是不通......各种百度都无果.环境
win10 1803+hyper-v
虚拟机是
1台keepalived(testha)+1测试机(testa)
因为配置不通,所以组了个最小测试环境
ssh只是个简单测试,没有意义keepalived机和测试机 OS均是RHEL7.6,keepalived是光盘自带的我的主机、testha、testa之间能相互ping通,
三台主机 ping vip 能通我的主机 -> testha
testha -> testa
我的主机 -> testa
之间ssh通信正常测试想达到的目的是我的主机通过testha去ssh testa配置文件
global_defs
{
router_id testha
}vrrp_instance VI_1
{
state MASTER
interface eth0
virtual_router_id 207
priority 100
advert_int 1
authentication
{
auth_type PASS
auth_pass 5684
}
virtual_ipaddress
{
192.168.137.200/24 brd 192.168.137.255 dev eth0 label eth0:vip
}
}virtual_server 192.168.137.200 22
{
lb_algo rr
lb_kind NAT
protocol TCP
delay_loop 3
persistence_timeout 1000
real_server 192.168.137.154 22
{
weight 1
TCP_CHECK
{
connect_timeout 3
}
}
}现在的情况是
testha上ssh 192.168.137.200能够连接到testa
我的主机 ssh 192.168.137.200根本连不上,超时抓了下包发现:
我的主机ssh到192.168.137.200,仅仅是发出了个SYN就没回应了.
testha ssh到192.168.137.200 通信正常
keepalived的healthchecker感知testa的22端口动作正常,在testa关闭时log里出现了retry..
跪求大神来救援...
win10 1803+hyper-v
虚拟机是
1台keepalived(testha)+1测试机(testa)
因为配置不通,所以组了个最小测试环境
ssh只是个简单测试,没有意义keepalived机和测试机 OS均是RHEL7.6,keepalived是光盘自带的我的主机、testha、testa之间能相互ping通,
三台主机 ping vip 能通我的主机 -> testha
testha -> testa
我的主机 -> testa
之间ssh通信正常测试想达到的目的是我的主机通过testha去ssh testa配置文件
global_defs
{
router_id testha
}vrrp_instance VI_1
{
state MASTER
interface eth0
virtual_router_id 207
priority 100
advert_int 1
authentication
{
auth_type PASS
auth_pass 5684
}
virtual_ipaddress
{
192.168.137.200/24 brd 192.168.137.255 dev eth0 label eth0:vip
}
}virtual_server 192.168.137.200 22
{
lb_algo rr
lb_kind NAT
protocol TCP
delay_loop 3
persistence_timeout 1000
real_server 192.168.137.154 22
{
weight 1
TCP_CHECK
{
connect_timeout 3
}
}
}现在的情况是
testha上ssh 192.168.137.200能够连接到testa
我的主机 ssh 192.168.137.200根本连不上,超时抓了下包发现:
我的主机ssh到192.168.137.200,仅仅是发出了个SYN就没回应了.
testha ssh到192.168.137.200 通信正常
keepalived的healthchecker感知testa的22端口动作正常,在testa关闭时log里出现了retry..
跪求大神来救援...
NAT
DR
都不行..
这是ip a打印出的ip信息
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:d9:01:0d brd ff:ff:ff:ff:ff:ff
inet 192.168.137.100/24 brd 192.168.137.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.137.200/24 brd 192.168.137.255 scope global secondary eth0:vip
valid_lft forever preferred_lft forever
inet6 fe80::16f4:a55d:a8ac:7b6f/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::1138:cee9:af01:68d6/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::a147:dd36:edbf:de64/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
然后你说的这个,也应该是keepalived+lvs,virtual_server这些配置都是lvs的配置,你需要安装ipvsadm(lvs工具)
因为整体不通,做了个最小化的系统,ssh转发只是为了试验随手用的程序.
ipvsadm已经安装了,在keepalived启动后,已经看到新建出的lvs规则[root@ldapha ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP ldap.local:ssh rr persistent 1000
-> testa.local:ssh Masq 1 0 0ip转发也开了...就是不通..想单独用lvs配置,遭遇了
Memory allocation problem
百度修改vmalloc,试验了不行...莫非就是这货造成的?
[root@ldapha keepalived]# tcpdump '(dst host testa.local and dst port 22) or (dst port 32)'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:34:17.649048 IP gateway.12566 > ldap.local.32: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66189061 ecr 0], length 0
11:34:17.649065 IP gateway.12566 > testa.local.ssh: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66189061 ecr 0], length 0
11:34:19.662467 IP gateway.12566 > ldap.local.32: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66191074 ecr 0], length 0
11:34:19.662499 IP gateway.12566 > testa.local.ssh: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66191074 ecr 0], length 0
11:34:23.662506 IP gateway.12566 > ldap.local.32: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66195074 ecr 0], length 0
11:34:23.662526 IP gateway.12566 > testa.local.ssh: Flags [S], seq 3827672185, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 66195074 ecr 0], length 0
11:34:29.220840 IP ldapha.local.47440 > testa.local.ssh: Flags [S], seq 2793193788, win 29200, options [mss 1460,sackOK,TS val 4434340 ecr 0,nop,wscale 6], length 0
11:34:29.220990 IP ldapha.local.47440 > testa.local.ssh: Flags [.], ack 2730388816, win 457, options [nop,nop,TS val 4434340 ecr 4440894], length 0
11:34:29.221161 IP ldapha.local.47440 > testa.local.ssh: Flags [R.], seq 0, ack 1, win 457, options [nop,nop,TS val 0 ecr 4440894], length 0
11:35:29.222410 IP ldapha.local.47442 > testa.local.ssh: Flags [S], seq 234973580, win 29200, options [mss 1460,sackOK,TS val 4494341 ecr 0,nop,wscale 6], length 0
11:35:29.227354 IP ldapha.local.47442 > testa.local.ssh: Flags [.], ack 2203320573, win 457, options [nop,nop,TS val 4494346 ecr 4500900], length 0
11:35:29.227688 IP ldapha.local.47442 > testa.local.ssh: Flags [R.], seq 0, ack 1, win 457, options [nop,nop,TS val 0 ecr 4500900], length 0
11:36:29.228944 IP ldapha.local.47444 > testa.local.ssh: Flags [S], seq 2531732010, win 29200, options [mss 1460,sackOK,TS val 4554348 ecr 0,nop,wscale 6], length 0
11:36:29.229532 IP ldapha.local.47444 > testa.local.ssh: Flags [.], ack 3240068724, win 457, options [nop,nop,TS val 4554348 ecr 4560903], length 0
11:36:29.229928 IP ldapha.local.47444 > testa.local.ssh: Flags [R.], seq 0, ack 1, win 457, options [nop,nop,TS val 0 ecr 4560903], length 0
网络配置如下
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.137.100
GATEWAY=192.168.137.1
DNS1=192.168.137.1
NETMASK=255.255.255.0
FORWARD_IPV4=YES实体机网络配置如下
连接特定的 DNS 后缀 . . . . . . . :
本地链接 IPv6 地址. . . . . . . . : fe80::8858:eb8:6a62:7d24%31
IPv4 地址 . . . . . . . . . . . . : 192.168.137.1
子网掩码 . . . . . . . . . . . . : 255.255.255.0
默认网关. . . . . . . . . . . . . : 0.0.0.0
ldap.local 是VIP
testa.local 是目标主机
gateway 是实体机keepalived配置间顶楼,使用NAT模式个人感觉的正常流程
gateway:12566 -> ldap.local:32
修改报文原地址和目的端口号
ldap.local:xxxx -> testa.local:22
keepalived接收结果并修改原报文\端口号
testa.local:22 -> ldap.local:xxxx
ldap.local:32 -> gateway:12566结果...
gateway:12566 -> ldap.local:32
肿么没修改???
gateway:12566 -> testa.local:22
tesa.local认真的把syn ack回给gateway:12566,而gateway:12566一脸懵逼
的还在等ldap.local:32,直接RST了...ip_forward开了
icmp重定向也开了