只有1个NIC的机器上的LVS DNS负载平衡

首先让我澄清，我只是一个软件开发人员而不是pipe理员，因此我有一些关于networkingconfiguration以及这些types的设置的知识（假设对这些概念有一个基本的了解），但是我并不是高手，所以如果这听起来很愚蠢或不合理的话，请耐心等待。

我正在尝试在RH7上configurationkeepalived，以便在已经设置绑定的两台服务器之间平衡NDS请求。 到目前为止我读过的指南中， 他们似乎使用2个NIC ，但我只有一个可用。

参考文献：

• LVS-NAT-KEEPALIVED-HOWTO
• Keepalived手册页
• LVS迷你如何PDF
• 这篇文章似乎build议将DNS主站的真实IPconfiguration为虚拟服务器，将平衡器IPconfiguration为真正的服务器，但是我认为这不是正确的…或者我误解或误读了它？

HW：

• BIND – 使用视图时SERVFAIL错误
• Centos使用ipv6绑定DNS服务器configuration
• Ubuntu 16.04上的绑定模式6不会提高总传输速度
• debian上的BIND 9.8.4，转发一个区域失败解决
• 绑定通知DNS视图

我有3台机器在同一个networking上configuration如下：

• 1台带1个网卡的机器充当负载均衡器，真实IP为192.168.0.1
• 1台带1个网卡作为主绑定服务器的机器，真实IP为192.168.0.2
• 1台带1个网卡作为主绑定服务器的机器，真实IP为192.168.0.3

此外转发已启用net.ipv4.ip_forward = 1

Keepalivedconfiguration：

 ! This is a comment ! Configuration File for keepalived global_defs { ! this is who emails will go to on alerts notification_email { [email protected] [email protected] ! add a few more email addresses here if you would like } notification_email_from [email protected] ! I use the local machine to relay mail smtp_server 127.0.0.1 smtp_connect_timeout 30 ! each load balancer should have a different ID ! this will be used in SMTP alerts, so you should make ! each router easily identifiable lvs_id LVS_EXAMPLE_01 } ! vrrp_sync_groups make sure that several router instances ! stay together on a failure - a good example of this is ! that the external interface on one router fails and the backup server ! takes over, you want the internal interface on the failed server ! to failover as well, otherwise nothing will work. ! you can have as many vrrp_sync_group blocks as you want. vrrp_sync_group VG1 { group { VI_1 VI_GATEWAY } } ! each interface needs at least one vrrp_instance ! each vrrp_instance is a group of VIPs that are logically grouped ! together ! you can have as many vrrp_instaces as you want vrrp_instance VI_1 { state MASTER interface eth0 lvs_sync_daemon_inteface eth0 ! each virtual router id must be unique per instance name! virtual_router_id 51 ! MASTER and BACKUP state are determined by the priority ! even if you specify MASTER as the state, the state will ! be voted on by priority (so if your state is MASTER but your ! priority is lower than the router with BACKUP, you will lose ! the MASTER state) ! I make it a habit to set priorities at least 50 points apart ! note that a lower number is lesser priority - lower gets less vote priority 150 ! how often should we vote, in seconds? advert_int 1 ! send an alert when this instance changes state from MASTER to BACKUP smtp_alert ! this authentication is for syncing between failover servers ! keepalived supports PASS, which is simple password ! authentication ! or AH, which is the IPSec authentication header. ! I don't use AH ! yet as many people have reported problems with it authentication { auth_type PASS auth_pass example } ! these are the IP addresses that keepalived will setup on this ! machine. Later in the config we will specify which real ! servers are behind these IPs ! without this block, keepalived will not setup and takedown the ! any IP addresses virtual_ipaddress { 192.168.0.10 ! and more if you want them } } ! now I setup the instance that the real servers will use as a default ! gateway ! most of the config is the same as above, but on a different interface vrrp_instance VI_GATEWAY { state MASTER interface eth0 lvs_sync_daemon_inteface eth0 virtual_router_id 52 priority 150 advert_int 1 smtp_alert authentication { auth_type PASS auth_pass example } virtual_ipaddress { 192.168.0.11 } } ! now we setup more information about are virtual server ! we are just setting up one for now, listening on port 53 for dns ! requests. ! notice we do not setup a virtual_server block for the 192.168.0.10 ! address in the VI_GATEWAY instance. That's because we are doing NAT ! on that IP, and nothing else. virtual_server 192.168.0.10 53 { delay_loop 6 ! use round-robin as a load balancing algorithm lb_algo rr ! we are doing NAT lb_kind NAT nat_mask 255.255.255.0 protocol TCP ! there can be as many real_server blocks as you need real_server 192.168.0.2 53 { ! if we used weighted round-robin or a similar lb algo, ! we include the weight of this server weight 1 ! here is a health checker for this server. ! we could use a custom script here (see the keepalived docs) ! but we will just make sure we can do a vanilla tcp connect() ! on port 53 ! if it fails, we will pull this realserver out of the pool ! and send email about the removal TCP_CHECK { connect_timeout 3 connect_port 53 } } real_server 192.168.0.3 53 { ! if we used weighted round-robin or a similar lb algo, ! we include the weight of this server weight 1 ! here is a health checker for this server. ! we could use a custom script here (see the keepalived docs) ! but we will just make sure we can do a vanilla tcp connect() ! on port 53 ! if it fails, we will pull this realserver out of the pool ! and send email about the removal TCP_CHECK { connect_timeout 3 connect_port 53 } } } 

结论：

防火墙被禁用，机器之间的连接正常工作，keepalived能够validation一个简单的TCP连接到DNS主人。 我也能够从负载均衡器执行dig myhost @192.168.0.2/3 ，我得到正确的结果。

但是，当运行dig myhost @192.168.0.10我得到一个;; connection timed out; no servers could be reached ;; connection timed out; no servers could be reached ;; connection timed out; no servers could be reached 。 我会很感激任何暗示或build议，这将有助于我克服这个问题，如果它甚至可能与1个网卡，请让我知道是否需要额外的细节。

 virtual_server 192.168.0.10 53 { delay_loop 6 ! use round-robin as a load balancing algorithm lb_algo rr ! we are doing NAT lb_kind NAT nat_mask 255.255.255.0 protocol UDP ! there can be as many real_server blocks as you need real_server 192.168.0.2 53 { ! if we used weighted round-robin or a similar lb algo, ! we include the weight of this server weight 1 } real_server 192.168.0.3 53 { ! if we used weighted round-robin or a similar lb algo, ! we include the weight of this server weight 1 } }