Code Monkey home page Code Monkey logo

Comments (4)

pqarmitage avatar pqarmitage commented on June 6, 2024

I suggest you remove the block:

track_interface {
ens33
}

since it is unnecessary - keepalived tracks the interface that any VRRP instance is configured on.

I also suggest that you change virtual_ip_address_excluded to virtual_ipaddress since the RFC requires that at least one IP address is included in VRRP adverts. Since you are using IPv6, which means that it must be VRRP version 3, you will need to remove the authentication since that is not supported in VRRPv3.

Without knowing what other addresses you have configured on ens33 I can't be certain about this, but probably the resolution to your problem is to specify:

virtual_ipaddress {
    fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234/64
}

i.e. add the subnet mask /64 so that a subnet is configured, rather than a single /128 address which won't be able to communicate with any other address on the fd15:4ba5:5a2b:1008::/64 subnet. You should also add a link-local address (i.e. an address in the fe80::/10 subnet) as the first virtual IP address.

from keepalived.

monroekid avatar monroekid commented on June 6, 2024

Thank you very much.
I modified the .conf file based on the configuration you provided.But [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234]:80 to [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222]:80 still doesnโ€™t work.But [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234] to [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222] can ping each other.

keepalived.conf:


global_defs {
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER  
    interface ens33 
    virtual_router_id 100 
    priority 100  
    advert_int 1  
    authentication {
        auth_type PASS     
        auth_pass 123456   
    }
    virtual_ipaddress {
        fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234/64
    }
}


virtual_server fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234 80 {
    delay_loop 1
    lb_algo rr
    lb_kind DR
    protocol TCP

    real_server fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
        }
    }
}

fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234 ip-6 route

[root@lvs-master ~]# ip -6 route
unreachable ::/96 dev lo metric 1024 error -113 pref medium
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -113 pref medium
unreachable 2002:a00::/24 dev lo metric 1024 error -113 pref medium
unreachable 2002:7f00::/24 dev lo metric 1024 error -113 pref medium
unreachable 2002:a9fe::/32 dev lo metric 1024 error -113 pref medium
unreachable 2002:ac10::/28 dev lo metric 1024 error -113 pref medium
unreachable 2002:c0a8::/32 dev lo metric 1024 error -113 pref medium
unreachable 2002:e000::/19 dev lo metric 1024 error -113 pref medium
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -113 pref medium
fd15:4ba5:5a2b:1008::/64 dev ens33 proto kernel metric 100 pref medium
fd15:4ba5:5a2b:1008::/64 dev ens33 proto kernel metric 256 pref medium
fe80::250:56ff:fec0:2222 dev ens33 proto static metric 100 pref medium
fe80::/64 dev ens33 proto kernel metric 100 pref medium
default via fe80::250:56ff:fec0:2222 dev ens33 proto static metric 100 pref medium

fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222 ip-6 route

[root@nginx-master ~]# ip -6 route
unreachable ::/96 dev lo metric 1024 error -113 
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -113 
unreachable 2002:a00::/24 dev lo metric 1024 error -113 
unreachable 2002:7f00::/24 dev lo metric 1024 error -113 
unreachable 2002:a9fe::/32 dev lo metric 1024 error -113 
unreachable 2002:ac10::/28 dev lo metric 1024 error -113 
unreachable 2002:c0a8::/32 dev lo metric 1024 error -113 
unreachable 2002:e000::/19 dev lo metric 1024 error -113 
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -113 
fd15:4ba5:5a2b:1008::/64 dev ens33 proto kernel metric 256 
fe80::250:56ff:fec0:2222 dev ens33 proto static metric 100 
fe80::/64 dev ens33 proto kernel metric 256 
default via fe80::250:56ff:fec0:2222 dev ens33 proto static metric 100 

[root@lvs-master ~]# ping6 fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222
PING fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222(fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222) 56 data bytes
64 bytes from fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222: icmp_seq=1 ttl=64 time=0.921 ms
64 bytes from fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222: icmp_seq=2 ttl=64 time=0.605 ms
64 bytes from fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222: icmp_seq=3 ttl=64 time=0.872 ms
64 bytes from fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222: icmp_seq=4 ttl=64 time=0.651 ms



[root@nginx-master ~]# ping6 fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234
PING fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234(fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234) 56 data bytes
64 bytes from fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234: icmp_seq=1 ttl=64 time=2.41 ms
64 bytes from fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234: icmp_seq=2 ttl=64 time=0.593 ms
64 bytes from fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234: icmp_seq=3 ttl=64 time=1.03 ms
64 bytes from fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234: icmp_seq=4 ttl=64 time=0.802 ms

It can be seen from the log that [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234] has been establishing a handshake with [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222].

[root@lvs-master ~]# ipvsadm -lnc
IPVS connection entries
pro expire state       source             virtual            destination
TCP 00:58  SYN_RECV    [fd15:4ba5:5a2b:1008:d39:e422:2cba:69dc]:58425 [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234]:80 [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222]:80
TCP 00:58  SYN_RECV    [fd15:4ba5:5a2b:1008:d39:e422:2cba:69dc]:58426 [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234]:80 [fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222]:80

from keepalived.

pqarmitage avatar pqarmitage commented on June 6, 2024

What the ipvsadm -lnc output shows is that fd15:4ba5:5a2b:1008:d39:e422:2cba:69dc has attempted to establish a connection to fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234, and the SYN has been forwarded to fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222. Does lvs-master have addresses fd15:4ba5:5a2b:1008:d39:e422:2cba:69dc and fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234?

Does the real server (fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:2222) also have fd15:4ba5:5a2b:1008:bf28:eb3c:d1e4:1234 configured on it? it is necessary for direct routeing (see http://linuxvirtualserver.org/VS-DRouting.html).

from keepalived.

pqarmitage avatar pqarmitage commented on June 6, 2024

Closing due to no response for over 4 months.

from keepalived.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.