High availability method of Nginx load balancing based on Keepalived 01/16 Update SLTechnology News&Howtos

High availability method of Nginx load balancing based on Keepalived

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

This article mainly explains the high availability method of Keepalived to achieve Nginx load balancing, the content is clear, interested friends can learn, I believe it will be helpful after reading it.

Chapter one: introduction to keepalived

VRRP protocol

The purpose is to solve the problem of single point failure of static routes.

Chapter 2: how keepalived works

2.1 High availability function as a system network service (failover)

The basic principles for the implementation of keepalived high availability features are:

When both hosts install keepalived software and start the service at the same time, when they start to work normally

The role acquires all the resources and provides services to users for the host of Master

The host with the role of Backup serves as the hot backup of the Master host

When a host with the role of Master fails or fails

The host with the role of Backup will automatically take over all the work of the Master host, including taking over VIP resources and corresponding resource services

When the host whose role is Master is repaired, it will automatically take over the work he used to handle.

The host with the role of Backup also releases the work he takes over when the Master host fails.

At this point, the two hosts will return to their original roles and working status at startup

2.2 what is VRRP

VRRP, full name Virtual Router Redundancy Protocol, Chinese name is Virtual routing redundancy Protocol

The emergence of VRRP is to solve the single point of failure of static routes.

VRRP uses a campaign mechanism to delegate routing tasks to a VRRP router.

VRRP implements the function of virtual router through the election mechanism, and all protocol messages are sent in the form of IP Multicast (Multicast) packets (the default multicast address 224.0.0.18).

The virtual router consists of VRID (range 0255) and a set of IP addresses, which are represented as a well-known MAC address,: 00-00-5E-00-01-{VRID}.

Therefore, in a virtual router, no matter who is Master, the external is the same MAC and IP (called VIP).

The client host does not need to modify its routing configuration due to changes in Master. For them, the switch is transparent.

In a group of virtual routers, only the VRRP router as Master will always send VRRP broadcast packets, and Backup will not preempt Master.

When Master is not available, Backup will not receive broadcast packets from Master, and the router with the highest priority in multiple Backup will preempt Master.

This preemption is very fast (perhaps only 1 second or less) to ensure service continuity. For security reasons, VRRP packets are encrypted using encryption protocols.

2.3 what do you say during the interview?

Answer:

Keepalived highly available pairs communicate through VRRP, so I'll start with VRRP.

1) VRRP, whose full name is Virtual Router Reduancy Protocol, is called Virtual Router redundancy Protocol in Chinese. VRRP appears to solve the single point of failure of static routes.

2) VRRP delegates routing tasks to a VRRP router through a campaign protocol

3) VRRP uses IP multicast (default multicast address (224.0.0.18)) to achieve communication between highly available pairs.

4) when working, the master node sends the packet, and the standby node receives the packet. When the standby node cannot receive the packet from the master node, it starts the takeover program to take over the resources of the master node. There can be multiple backup nodes, through priority election, but the general keepalived system operation and maintenance work is a pair.

5) VRRP uses encryption protocols to encrypt data, but keepalived officials still recommend configuring authentication types and passwords in clear text.

After introducing VRRP, I'm going to introduce how keepalived services work.

Keepalived high availability pairs communicate through VRRP, and VRRP determines the primary and standby through the election mechanism, and the primary priority is higher than the standby. Therefore, when working, the standby node will get all the resources first, and the standby node will wait. When the master dies, the standby node will take over the resources of the primary node, and then replace the primary node to provide services.

Between keepalived service pairs, only the host server will always send the VRRP broadcast packet, telling the standby that he is still alive, and the standby will not preempt the master at this time. When the master is not available, that is, when the standby supervisor cannot hear the broadcast packet sent by the master, it will start the relevant service to take over the resources to ensure the continuity of the business. The takeover speed can be less than one second at most.

Chapter 3: VRRP protocol

VRRP realizes the function of virtual router through election mechanism.

All protocol messages are sent through IP Multicast (Multicast) packets.

Default Multicast address 224.0.0.18

VIP prerequisites:

1. Virtual public network IP must be truly available

two。 Virtual public network IP cannot be repeated

3. Multicast address must be communicable

Chapter 4: keepalived installation and configuration

1. Install keepalived

Yum install keepalived-y

two。 Profile interpretation

Global_defs {router_id lb01 # set routing ID, each host is different} vrrp_instance VI_1 {# set VRRP group name, same group name the same state MASTER # set role status, divided into MASTER BACKUP interface eth0 # VIP bound network card virtual_router_id 50 # virtual routing id, the same group priority 150 # weight, the higher the weight The higher the priority, advert_int 1 # sends the multicast interval authentication {# to verify, and the password is the virtual IP set by plaintext auth_type PASS auth_pass 1111} virtual_ipaddress {#. The virtual IP must exist, be legal and not be used. 10.0.0.3}}

3.lb01 configuration

4.lb02 configuration

5. Start

Systemctl start keepalived

6. test

Turn off any one and see if the VIP will drift.

Restore MASTER to see if the VIP of BACKUP will disappear

Chapter 5: brain fissure phenomenon

1. Install the package grab tool

Yum install tcpdump-y

2.lb02 grabs the package to check.

Tcpdump-nn-i any host 224.0.0.18

3.lb02 opens a new terminal and then turns on the firewall

Systemctl start firewalld.service

Observation of bag grabbing phenomenon by 4.lb02

Observe whether there is VIP on both sides

5. Add release rule

Firewall-cmd-direct-- permanent-- add-rule ipv4 filter INPUT 0-- in-interface eth0-- destination 224.0.0.18-- protocol vrrp-j ACCEPTfirewall-cmd-- direct-- permanent-- add-rule ipv4 filter INPUT 0-- in-interface eth2-- destination 224.0.0.18-- protocol vrrp-j ACCEPTsystemctl reload firewalld

Observation of bag grabbing phenomenon by 6.lb02

Observe whether there is VIP on both sides

Chapter 6: keepalived double main experiment

1.lb01 profile

[root@lb01 ~] # cat / etc/keepalived/keepalived.conf global_defs {router_id lb01} vrrp_instance VI_1 {state MASTER interface eth0 virtual_router_id 50 priority 150 advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {10.0.0.3} vrrp_instance VI_2 {state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_ Int 1 authentication {auth_type PASS auth_pass 2222} virtual_ipaddress {10.0.0.4}}

2.lb02 profile

[root@lb02 ~] # cat / etc/keepalived/keepalived.conf global_defs {router_id lb02} vrrp_instance VI_1 {state BACKUP interface eth0 virtual_router_id 50 priority 100 advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {10.0.0.3}} vrrp_instance VI_2 {state MASTER interface eth0 virtual_router_id 51 priority 150 advert _ int 1 authentication {auth_type PASS auth_pass 2222} virtual_ipaddress {10.0.0.4}}

3. Restart keepalived and observe the phenomenon

Systemctl restart keepalived

Chapter 7: keepalived combined with nginx reverse proxy load balancing

Nginx configuration of the lb server:

Be careful! The Nginx configurations of the two lb servers are exactly the same

1. Back up the original configuration

Mkdir / backupcd / etc/nginx/conf.dmv * / backup

two。 Write Nginx configuration file

[root@lb01 / etc/nginx/conf.d] # cat proxy.conf upstream web_pools {server 172.16.1.7; server 172.16.1.8;} server {listen 80; server_name (www | bbs). Mysun.com; location / {proxy_pass http://web_pools; include proxy_params;}}

3. Test and restart nginx

Nginx-tsystemctl restart nginx

Keepalived configuration of the lb server:

Keepalived configuration of 1.lb01

Keepalived configuration of 2.lb02

Web server configuration:

Be careful! The two web servers are exactly the same in configuration

1.nginx configuration

[root@web01 ~] # cat / etc/nginx/conf.d/www.conf server {listen 80; server_name www.mysun.com; location / {root / code; index www.html;}}

two。 Write to test file

Echo "$(hostname)" > / code/index.html

Chapter 8: anti-crack brain script

1. Problem phenomenon:

1.nginx is dead, but keep is still alive.

two。 There are VIP on both sides.

two。 Train of thought:

Resolve the problem that nginx failed:

1. Write a script

Start nginx if you fail to start both times, stop your keepalived

2.keepalived calls this script regularly.

3. Achieve:

1. How to implement the command

Systemctl start nginx

two。 Check the nginx process

Content of the script:

[root@lb01 ~] # cat check_web.sh! / bin/bashnginx_status=$ (ps-C nginx-- no-header | wc-l) if [[${nginx_status} = = 0]] then systemctl start nginx & > / dev/null sleep 1 nginx_status=$ (ps-C nginx-- no-header | wc-l) if [[${nginx_status} = = 0]] then systemctl stop keepalived fifi

Keepalived invocation script:

[root@lb01 ~] # cat / etc/keepalived/keepalived.conf global_defs {router_id lb01} vrrp_script check_web {script "/ server/scripts/check_web.sh" interval 5 weight 50} vrrp_instance VI_1 {state MASTER interface eth0 virtual_router_id 50 priority 150 advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {10.0.0.3} track_script {check_web}}

4. The second problem: brain fissure.

There are VIP on both sides.

Phenomenon:

Both sides have VIP.

Both sides of Nginx are alive.

The Nginx of MASTER opposite is still alive.

Curl-I-s-w "% {http_code}\ n"-o / dev/null 10.0.0.5

But I have VIP again.

Ip a | grep "10.0.0.3" | wc-l

I'll kill myself.

Systemctl stop nginx systemctl stop keepalived

Content of the script:

[root@lb02 / server/scripts] # cat check_vip.sh #! / bin/bashmaster_status=$ (curl-I-s-w "% {http_code}\ n"-o / dev/null 10.0.0.5) my_vip=$ (ip a | grep "10.0.0.3" | wc-l) if [${master_status} = = 200-a ${my_vip} = = 1] then systemctl stop nginx systemctl stop keepalived fi

Keepalived configuration:

[root@lb02 ~] # cat / etc/keepalived/keepalived.conf global_defs {router_id lb02} vrrp_script check_web {script "/ server/scripts/check_web.sh" interval 5 weight 50} vrrp_script check_vip {script "/ server/scripts/check_vip.sh" interval 5 weight 50} vrrp_instance VI_1 {state BACKUP interface eth0 virtual_router_id 50 priority 100 advert_int 1 authentication {auth_type PASS Auth_pass 1111} virtual_ipaddress {10.0.0.3} track_script {check_web check_vip}} read the above content Do you have a further understanding of Keepalived's method of achieving high availability of Nginx load balancing? if you want to learn more, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.