two full weeks is blocked... All sorts of baidu are fruitless.

Environment
Win10 1803 + the hyper - v
Virtual machine is
1 keepalived (testha) + 1 test machine (testa)
Because the configuration, so set a minimum test environment
SSH is a simple test, meaningless

Keepalived machine and testing machine OS are RHEL7.6, keepalived is the
CD
My host, testha, testa can ping each other, between
Ping VIP can pass three host

My host - & gt; Testha
Testha - & gt; Testa
My host - & gt; Testa
SSH communications between normal

Is the purpose of the test you want to be my host to SSH through testha testa

The configuration file
Global_defs
{
Router_id testha
}

Vrrp_instance VI_1
{
State MASTER
Interface eth0
Virtual_router_id 207
The priority of 100
Advert_int 1
The authentication
{
The auth_type PASS
Auth_pass 5684
}
Virtual_ipaddress
{
192.168.137.200/24 BRD 192.168.137.255 dev eth0 label eth0: VIP
}
}

Virtual_server 192.168.137.200 22
{
Lb_algo rr
Lb_kind NAT
Protocol TCP
Delay_loop 3
Persistence_timeout 1000
Real_server 192.168.137.154 22
{
The weight of 1
TCP_CHECK
{
Connect_timeout 3
}
}
}

The situation now is
On SSH testha 192.168.137.200 can connect to testa
My host SSH 192.168.137.200 not even on the timeout

Caught under the package found:
My host SSH to 192.168.137.200, just send a SYN haven't responded to.
Testha SSH to 192.168.137.200 communication normal
Keepalived healthchecker perception testa port 22 movement is normal, retry has arisen in the log. The testa closed.


A great god genuflect is begged to rescue...

CodePudding user response:

Lb_kind tried
NAT
DR
Can't..
This is the IP information IP a print out
1: lo: & lt; The LOOPBACK, UP, LOWER_UP & gt; Mtu 65536 qdisc noqueue state UNKNOWN group, the default qlen 1000
The link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
Inet 127.0.0.1/8 scope host lo
Valid_lft forever preferred_lft forever
Inet6: : 1/128 scope host
Valid_lft forever preferred_lft forever
2: eth0: & lt; BROADCAST and MULTICAST, the UP, LOWER_UP & gt; Mtu 1500 qdisc mq state UP group default qlen 1000
The link/Mr 00:15:5 d: d9:01:0 d BRD ff: ff: ff: ff: ff: ff
Inet 192.168.137.100/24 BRD 192.168.137.255 scope global noprefixroute eth0
Valid_lft forever preferred_lft forever
Inet 192.168.137.200/24 BRD 192.168.137.255 scope global secondary eth0: VIP
Valid_lft forever preferred_lft forever
Inet6 fe80: : 16 f4: a55d: a8ac: 7 b6f/64 scope link tentative noprefixroute dadfailed
Valid_lft forever preferred_lft forever
Inet6 fe80: : 1138: cee9: af01:68 d6/64 scope link tentative noprefixroute dadfailed
Valid_lft forever preferred_lft forever
Inet6 fe80: : a147: dd36: edbf: de64/64 scope link tentative noprefixroute dadfailed
Valid_lft forever preferred_lft forever

CodePudding user response:

First half keepalived is used for the high availability cluster, you used to make forwarding, can directly use iptabled forward directly, or the LVS nginx,
And then you say this, should also be keepalived + the LVS, virtual_server these configurations are the LVS configuration, you need to install ipvsadm (LVS)

CodePudding user response:

refer to the second floor zhouchao6 response:

first half keepalived is used for the high availability cluster, you used to make forwarding, can directly use iptabled forward directly, or the LVS nginx,
And then you say this, should also be keepalived + the LVS, virtual_server these configurations are the LVS configuration, you need to install ipvsadm tools (LVS)

Because the whole impassability, made a minimal system, forward SSH just to experiment with using the program.


Ipvsadm, has been installed in keepalived starts, have already seen the new rules of the LVS

/root @ ldapha ~ # ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress: Port Scheduler Flags
- & gt; RemoteAddress: Port Forward Weight ActiveConn InActConn
TCP ldap. Local: SSH rr persistent 1000
- & gt; Testa. Local: SSH Masq 1 0 0

IP forwarding also opened... Is not..

Want to separate with the LVS configuration, suffered a
The Memory allocation problem
Baidu vmalloc changes and test the no... It is the goods?

CodePudding user response:

Today continue to forward... Found this
[root @ ldapha keepalived] # tcpdump '(DST host testa. Local and DST port 22) or (DST port 32)'
Tcpdump: verbose output suppressed, or use - v - vv for full protocol decode
Listening on eth0, link -type EN10MB (Ethernet), capture the size of 262144 bytes
11:34:17. 649048 IP gateway. 12566 & gt; Ldap. Local. 32: Flags [S], seq 3827672185, 64240, win the options (1460 MSS, nop, 8, wscale sackOK, TS val 66189061 ecr 0], length 0
11:34:17. 649065 IP gateway. 12566 & gt; Testa. Local. SSH: Flags [S], seq 3827672185, 64240, win the options (1460 MSS, nop, 8, wscale sackOK, TS val 66189061 ecr 0], length 0
11:34:19. 662467 IP gateway. 12566 & gt; Ldap. Local. 32: Flags [S], seq 3827672185, 64240, win the options (1460 MSS, nop, 8, wscale sackOK, TS val 66191074 ecr 0], length 0
11:34:19. 662499 IP gateway. 12566 & gt; Testa. Local. SSH: Flags [S], seq 3827672185, 64240, win the options (1460 MSS, nop, 8, wscale sackOK, TS val 66191074 ecr 0], length 0
11:34:23. 662506 IP gateway. 12566 & gt; Ldap. Local. 32: Flags [S], seq 3827672185, 64240, win the options (1460 MSS, nop, 8, wscale sackOK, TS val 66195074 ecr 0], length 0
11:34:23. 662526 IP gateway. 12566 & gt; nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull