我安装在两个防火墙keepalived提供故障转移。 我不确定以下configuration是否正确(请参阅下面的configuration)。
有时我遇到问题,以达到防火墙后面的网站。 我怀疑keepalived运行在两个防火墙,大约一分钟的时间内,网站仍然无法访问..然后连接到网站被恢复。
可能是什么问题呢? keepalived可以不断切换状态(MASTER或SLAVE)吗?
Firewall-2以MASTER状态运行。 当keepalived在防火墙-1上启动时,它跳转到BACKUP状态。
有没有像ipvsadm命令或工具来检查keepalived的真实状态?
在firwall-1上configurationkeepalived.conf
root@firewall-1:/etc/keepalived# head -n100 keepalived.conf global_defs { router_id fw_1 } vrrp_sync_group loadbalancers { group { extern intern } } vrrp_instance extern { state BACKUP priority 100 interface eth0.100 garp_master_delay 5 virtual_router_id 40 advert_int 1 authentication { auth_type AH auth_pass xxxx } virtual_ipaddress { 194.xx.xx.x1 194.xx.xx.x2 194.xx.xx.x3 194.xx.xx.xx 194.xx.xx.xx 194.xx.xx.x7 } } vrrp_instance intern { state BACKUP priority 100 notify "/usr/local/sbin/restart_pound" interface eth0.200 garp_master_delay 5 virtual_router_id 41 advert_int 1 authentication { auth_type AH auth_pass xxxx } virtual_ipaddress { 192.168.100.1 192.168.100.10 } } .......... .......... ..........
在firewall-2上configurationkeepalived.conf
root@firewall-2:/opt# head -n100 /etc/keepalived/keepalived.conf global_defs { router_id fw_2 } vrrp_sync_group loadbalancers { group { extern intern } } vrrp_instance extern { state MASTER priority 200 interface eth1 garp_master_delay 5 virtual_router_id 40 advert_int 1 authentication { auth_type AH auth_pass xxxx } virtual_ipaddress { 194.xx.xx.x1 194.xx.xx.x2 194.xx.xx.x3 194.xx.xx.xx 194.xx.xx.xx 194.xx.xx.x7 } } vrrp_instance intern { state MASTER priority 200 notify "/usr/local/sbin/restart_pound" interface eth0.200 garp_master_delay 5 virtual_router_id 41 advert_int 1 authentication { auth_type AH auth_pass xxxx } virtual_ipaddress { 192.168.100.1 192.168.100.10 } } ........ ........