我使用 keepalived 来平衡多个 TCP 服务器之间的连接负载。我认为这没什么关系,但本例中的服务是 rabbitmq。我使用加权循环的 NAT 类型平衡。
客户端通过以下方式连接到服务器:
[client]-----------[lvs]------------[real server]
a b
如果客户端连接到 LVS 并保持空闲状态,在套接字上不发送任何内容,则根据使用 设置的超时,最终会超时ipvsadm --set。此时,上面标记为“a”的连接正确地从netstat -anp客户端上的 输出和 lvs 框上的 输出中消失ipvsadm -L -n -c。但是,根据netstat -anp真实服务器框上的 ,连接“b”仍保持 ESTABLISHED 状态。
这是为什么?我可以强制 lvs 正确重置与真实服务器的连接吗?
答案1
您是否启用了持久连接?可以使用 -p [timeout] 设置持久连接超时
这使得连接 b 保持活动状态,以便将来自客户端 IP 的进一步请求路由到同一个真实服务器。
答案2
答案3
我也遇到了同样的问题。我停止了防火墙,然后就解决了。
在LVS MASTER上,我用tcpdump发现LVS没有转发F包给RS,客户端一遍又一遍的向LVS发送F包
在 tcpdump 中添加 -e 来查看机器的 MAC 地址:
tcpdump -i eth0 -nn -e host CLIENT_IP and port 80
10.220.16.105是客户端ip,10.220.15.10是VIP
[root@lvs-1 ~]# tcpdump -i eth0 -nn -e host 10.220.16.105 and port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:54:31.100494 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 74: 10.220.16.105.50290 > 10.220.15.10.80: Flags [S], seq 2199151220, win 29200, options [mss 1460,nop,nop,TS val 3042809285 ecr 0,nop,wscale 7], length 0
20:54:31.100583 fe:fc:fe:ec:9f:61 > fe:fc:fe:e2:15:d6, ethertype IPv4 (0x0800), length 74: 10.220.16.105.50290 > 10.220.15.10.80: Flags [S], seq 2199151220, win 29200, options [mss 1460,nop,nop,TS val 3042809285 ecr 0,nop,wscale 7], length 0
20:54:31.101908 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [.], ack 3272581466, win 229, options [nop,nop,TS val 3042809285 ecr 101900523], length 0
20:54:31.101940 fe:fc:fe:ec:9f:61 > fe:fc:fe:e2:15:d6, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 3042809285 ecr 101900523], length 0
20:54:31.104153 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 142: 10.220.16.105.50290 > 10.220.15.10.80: Flags [P.], seq 0:76, ack 1, win 229, options [nop,nop,TS val 3042809288 ecr 101900523], length 76: HTTP: GET / HTTP/1.1
20:54:31.104183 fe:fc:fe:ec:9f:61 > fe:fc:fe:e2:15:d6, ethertype IPv4 (0x0800), length 142: 10.220.16.105.50290 > 10.220.15.10.80: Flags [P.], seq 0:76, ack 1, win 229, options [nop,nop,TS val 3042809288 ecr 101900523], length 76: HTTP: GET / HTTP/1.1
20:54:31.104935 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [.], ack 263, win 237, options [nop,nop,TS val 3042809289 ecr 101900527], length 0
20:54:31.104960 fe:fc:fe:ec:9f:61 > fe:fc:fe:e2:15:d6, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [.], ack 263, win 237, options [nop,nop,TS val 3042809289 ecr 101900527], length 0
20:54:31.105523 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [.], ack 280, win 237, options [nop,nop,TS val 3042809290 ecr 101900527], length 0
20:54:31.105547 fe:fc:fe:ec:9f:61 > fe:fc:fe:e2:15:d6, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [.], ack 280, win 237, options [nop,nop,TS val 3042809290 ecr 101900527], length 0
20:54:31.106257 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [F.], seq 76, ack 280, win 237, options [nop,nop,TS val 3042809290 ecr 101900527], length 0
20:54:31.306408 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [F.], seq 76, ack 280, win 237, options [nop,nop,TS val 3042809491 ecr 101900527], length 0
20:54:31.711239 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [F.], seq 76, ack 280, win 237, options [nop,nop,TS val 3042809895 ecr 101900527], length 0
20:54:32.515396 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [F.], seq 76, ack 280, win 237, options [nop,nop,TS val 3042810700 ecr 101900527], length 0
20:54:34.130929 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [F.], seq 76, ack 280, win 237, options [nop,nop,TS val 3042812312 ecr 101900527], length 0
20:54:37.352335 fe:fc:fe:bf:47:9b > fe:fc:fe:ec:9f:61, ethertype IPv4 (0x0800), length 66: 10.220.16.105.50290 > 10.220.15.10.80: Flags [F.], seq 76, ack 280, win 237, options [nop,nop,TS val 3042815536 ecr 101900527], length 0
最后,我尝试 systemctl stopfirewalld。