Shulou(Shulou.com)06/02 Report--

Let's start with the concepts and functions of keepalived's high-availability software.

Concept: this software is currently the most widely used high-availability software in IT enterprises. it is mainly used to achieve high availability of services between at least two servers and can be adapted to:

Apache,Nginx,Mysql,Redis,Tomcat,PHP,Zabbix,NFS,DHCP,NTP,Vsftp,Samba,LVS et al.

Keepalived software that works at 3 (network layer), 4 (transport layer) and 7 (application layer) has two main functions:

Health monitoring function: keepalievd can replace the shell script to detect the operation of nginx,mysql,tomcat, port, process and return values, and remove the health list of abnormal services or servers.

Can ping IP address, can detect ip+port, can access application services, status, keywords, etc.

Keepalived is a modular design. Different modules are responsible for different functions. Common keepalived modules include:

 Core, which is the core of keepalived, is responsible for the startup and maintenance of the main process, loading and parsing of global configuration files, etc.

 Check, responsible for healthchecker (health check), including various health check methods and corresponding configuration parsing, including LVS configuration parsing

 Vrrp, VRRPD child process, VRRPD child process is to implement the VRRP protocol.

 Libipfwc,iptables (ipchains) library, which is used to configure LVS

 Libipvs, virtual service cluster, configuration LVS will be used.

The function of Keepalived is to detect the status of web server. If a web server or Mysql server is down, or if there is a failure, Keepalived will remove the malfunctioning web server or Mysql server from the system. When the server is working normally, Keepalived will automatically add web and Mysql servers to the server farm.

All this work is done automatically without human intervention. All that needs to be done is to repair the malfunctioning WEB and Mysql servers. Layer3,4&7 works in the IP layer, transport layer and application layer of the IP/TCP protocol stack, and the implementation principles are as follows:

When  Layer3:Keepalived works like Layer3, Keepalived periodically sends an ICMP packet to a server in the server farm. (if the IP address of a service cannot be ping, Keepalived reports that the server fails and removes it from the server cluster. The way of Layer3 is to take the validity of the IP address of the server as the standard of whether the server is working properly or not. )

 Layer4: Layer4 mainly determines whether the server is working properly or not based on the status of the TCP port. For example, the service port of WEB server is generally 80. If Keepalived detects that port 80 is not started, Keepalived will remove the server from the server farm.

 Layer7:Layer7 works in the application layer, and Keepalived will check whether the server program is running properly according to the user's settings. If it does not match the user's settings, Keepalived will remove the server from the server farm.

The production environment uses Keepalived to run normally, starting a total of three processes, one is the parent process, which is responsible for monitoring its child process, one is the VRRP child process, and the other is the Checkers child process.

The two sub-processes are taken care of by the system Watchlog, and the two sub-processes are each responsible for their own business. The Healthcheck sub-process checks the health of their respective servers. If the Healthcheck process checks that the service on the Master is not available, it will notify the VRRP child process on the local machine, ask him to delete the notification, and remove the virtual IP and change to the BACKUP state.

4. Analysis of the principle of Keepalived VRRP

Virtual Router Redundancy Protocol (VRRP) technology, virtual router redundancy protocol. VRRP was proposed by IETF in order to solve the single point failure problem of configuring default gateway in LAN. In 1998, a formal RFC2338 protocol standard was introduced.

VRRP is widely used in edge networks, and its design goal is to support the failure of IP data traffic under certain circumstances without confusion, to allow hosts to use a single router, and to maintain connectivity between routers even if the actual first hop router fails.

In the real network environment, the two hosts that need to communicate do not have a direct physical connection in most cases. In such a case, how do you choose the route between them? There are usually two solutions to the problem of how a host chooses a next-hop route to the destination host:

 uses dynamic routing protocols RIP and OSPF on the host

 configures static routes (default gateways) on the host.

It is very impractical to configure route routing on the host because of many problems, such as management, maintenance cost, support and so on. Configuring static routes has become very popular, but routers (or default gateway default gateway) often become a single point. The purpose of VRRP is to solve the problem of static route single point failure. VRRP dynamically transfers routing tasks to a VRRP router in a virtual router in LAN through a campaign (election) protocol.

5. Analysis of Keepalived VRRP principle II.

Through VRRP technology, two physical (router) hosts can be regarded as routers, two physical hosts form a virtual routing cluster, and the host with high Master generates VIP, which is responsible for forwarding IP packets initiated by users or dealing with user requests, Nginx+Keepalived combination, user requests directly access the keepalived VIP address, and then access the corresponding Master services and ports.

In the VRRP virtual router cluster, it is composed of multiple physical routers, but these physical routers can not work at the same time, but a router called MASTER is responsible for routing work, the other BACKUP,MASTER is not immutable, VRRP will let each VRRP router participate in the election, and the final winner is MASTER.

MASTER has some privileges, such as having the IP address of a virtual router or becoming a VIP, and the privileged MASTER is responsible for forwarding packets sent to the gateway address and responding to ARP requests.

VRRP implements the function of virtual router through running for protocol, and all protocol messages are sent in the form of IP Multicast (multicast) packets (Multicast address 224.0.0.18). The virtual router consists of a VRID (range 0255) and a set of IP addresses, which are represented as a well-known MAC address. So in a group of virtual router clusters, no matter who is MASTER, the external is the same MAC and VIP. The client host does not need to modify its routing configuration because of the change in MASTER.

The VRRP router as MASTER will always send VRRP Multicast packets (VRRP Advertisement message), and BACKUP will not preempt MASTER unless it has a higher Priority. When the MASTER is unavailable (when the BACKUP cannot receive the multicast packet), the one with the highest priority among the multiple BACKUP will be preempted as MASTER. This preemption is very fast to ensure the continuity of the service. Because of the security consideration, VRRP packet uses encryption protocol. Based on VRRP technology, IP address drift can be realized. It is a fault-tolerant protocol and is widely used in enterprise production environment.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.