参考リンク
構成
- CentOS7 (
uname -r3.10.0-1062.1.1.el7.x86_64); Giga Ethernet x1; Wi-Fi x1 Cisco 841m (
show verCisco IOS Software, C800M Software (C800M-UNIVERSALK9-M), Version 15.5(3)M4a,); Giga Ethernet(LAN) x4サーバをメイン通信経路とする
サーバが落ちたとしてもNWがつながったままになっている想定
Cisco Router はバックアップとして使用
[----- Softbank AIR -----]
| Wifi0 Port0 |
| |
| eth0 Gi0/5 |
[Centos7] [Cisco841m]
| wlan0 Gi0/0 |
| Vlan10 |
| |
----+- 192.168.10.0/24 --+----
- VRRP IPv4 アドレス: 192.168.10.254
- VRRP Preempt = yes
- VRRP Adv timer = 3s
- VRRP Master = Centos7
- VRRP Backup = Cisco841m
もくじ
- [Cisco側]設定
- [Centos側]keepalived インストール
- [Centos側]F/W 設定
- [Centos側]設定
- [Cisco側]確認
- [Centos側]確認
[Cisco側]設定
C841M#conf t
Enter configuration commands, one per line. End with CNTL/Z.
C841M(config)#
C841M(config)#track 10 interface GigabitEthernet0/5 line-protocol
C841M(config)# delay up 30
C841M(config)#
C841M(config)#vlan 10
C841M(config)#int vlan 10
C841M(config)# description TO) LAN
C841M(config)# ip addr 192.168.10.252 255.255.255.0
C841M(config)# vrrp 10 ip 192.168.10.254
C841M(config)# vrrp 10 timers advertise 3
C841M(config)# vrrp 10 preempt delay minimum 30
C841M(config)# vrrp 10 track 10 decrement 15
C841M(config)# end
C841M#
[Centos側]keepalived インストール
[user00@centos7 ~]$ sudo yum -y install keepalived
[sudo] password for user00:
Loaded plugins: fastestmirror, priorities, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* epel: ftp.iij.ad.jp
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
168 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package keepalived.x86_64 0:1.3.5-16.el7 will be installed
keepalived --version
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================
Package Arch Version Repository Size
====================================================================================================
Installing:
keepalived x86_64 1.3.5-16.el7 base 331 k
Transaction Summary
====================================================================================================
Install 1 Package
Total download size: 331 k
Installed size: 1.0 M
Downloading packages:
keepalived-1.3.5-16.el7.x86_64.rpm | 331 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : keepalived-1.3.5-16.el7.x86_64 1/1
Verifying : keepalived-1.3.5-16.el7.x86_64 1/1
Installed:
keepalived.x86_64 0:1.3.5-16.el7
Complete!
[user00@centos7 ~]$ keepalived --version
Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Copyright(C) 2001-2017 Alexandre Cassen, <acassen@gmail.com>
Build options: PIPE2 LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_PREF FRA_OIFNAME FRA_SUPPRESS_PREFIXLEN FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK LIBIPTC LIBIPSET_DYNAMIC LVS LIBIPVS_NETLINK VRRP VRRP_AUTH VRRP_VMAC SOCK_NONBLOCK SOCK_CLOEXEC FIB_ROUTING INET6_ADDR_GEN_MODE SNMP_V3_FOR_V2 SNMP SNMP_KEEPALIVED SNMP_CHECKER SNMP_RFC SNMP_RFCV2 SNMP_RFCV3 SO_MARK
[user00@centos7 ~]$
[Centos側]F/W 設定
[user00@centos7 ~]$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 wlan0
sources:
services: cockpit dhcp dhcpv6-client dns ftp http https ipsec l2tp ldap minecraft ntp postgresql samba smtp squid ssh syslog tftp
ports: 25565/tcp
protocols: ospf
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[user00@centos7 ~]$ sudo firewall-cmd --add-protocol=vrrp
success
[user00@centos7 ~]$ sudo firewall-cmd --add-protocol=vrrp --permanent
success
[user00@centos7 ~]$ getenforce
Disabled
[user00@centos7 ~]$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 wlan0
sources:
services: cockpit dhcp dhcpv6-client dns ftp http https ipsec l2tp ldap minecraft ntp postgresql samba smtp squid ssh syslog tftp
ports: 25565/tcp
protocols: ospf vrrp
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[user00@centos7 ~]$
[Centos側]設定
[user00@centos7 ~]$ sudo cp -ap /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.org
[user00@centos7 ~]$ sudo vim /etc/keepalived/keepalived.conf
[sudo] password for user00:
[user00@centos7 ~]$ sudo systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[user00@centos7 ~]$ sudo systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[user00@centos7 ~]$ sudo systemctl start keepalived
[user00@centos7 ~]$
/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 10
priority 100
preempt
preempt_delay 3
delay 30
fork_delay 30
advert_int 3
virtual_ipaddress {
192.168.10.254/24
}
track_interface {
eth0 weight 20
wlan0 weight 15
}
}
advert_int 3 を変えた場合 c841m 側のvrrp 10 timers advertise 3 を変えないと neighbor 認定されないので注意
[Cisco側]確認
C841M#show vrrp brief ?
all Include groups in disabled state
| Output modifiers
<cr>
C841M#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 100 9609 Y Backup 192.168.10.251 192.168.10.254
C841M#
- Master のアドレスが centos7 側になっていること
- State が Backupになっていること
[Centos側]確認
[user00@centos7 ~]$ ip a show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:00:00:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.251/24 brd 192.168.30.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.10.254/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:10:168:192/128 scope link noprefixroute
valid_lft forever preferred_lft forever
[user00@centos7 ~]$
- vrrp の grp ip アドレスが表示されること
- secondary eth0 が表示されていること