仅具有 1 个 NIC 的机器上的 LVS DNS 负载平衡

首先让我澄清一下，我只是一名软件开发人员，而不是管理员，因此我对网络配置以及这些类型的设置有一些了解（可以说是对概念的基本了解），但我并不是高手，所以如果这听起来愚蠢或不合理，请耐心等待。

我正在尝试在 RH7 上配置 keepalived，以平衡已设置绑定的 2 台服务器之间的 NDS 请求。在我迄今为止阅读的指南中，他们似乎使用了 2 个 NIC， 但我只有一个可用的。

参考：

• LVS-NAT-Keepalived-HOWTO
• Keepalived 手册页
• LVS mini 使用方法 PDF
• 本文似乎建议将 DNS 主服务器的真实 IP 配置为虚拟服务器，将平衡器 IP 配置为真实服务器，但我不认为这是正确的……或者也许我误解了或读错了？！

硬件：

我在同一个网络上有 3 台机器，配置如下：

• 1 台带有 1 个网卡的机器作为负载均衡器，真实 IP 192.168.0.1
• 1 台带有 1 个网卡的机器作为主绑定服务器，真实 IP 192.168.0.2
• 1 台具有 1 个 NIC 的机器作为主绑定服务器，真实 IP 192.168.0.3

还启用了转发net.ipv4.ip_forward = 1

Keepalived配置：

! This is a comment
! Configuration File for keepalived

global_defs {
   ! this is who emails will go to on alerts
   notification_email {
        [email protected]
        [email protected]
    ! add a few more email addresses here if you would like
   }
   notification_email_from [email protected]

   ! I use the local machine to relay mail
   smtp_server 127.0.0.1
   smtp_connect_timeout 30

   ! each load balancer should have a different ID
   ! this will be used in SMTP alerts, so you should make
   ! each router easily identifiable
   lvs_id LVS_EXAMPLE_01
}

! vrrp_sync_groups make sure that several router instances
! stay together on a failure - a good example of this is
! that the external interface on one router fails and the backup server
! takes over, you want the internal interface on the failed server
! to failover as well, otherwise nothing will work.
! you can have as many vrrp_sync_group blocks as you want.
vrrp_sync_group VG1 {
   group {
      VI_1
      VI_GATEWAY
   }
}

! each interface needs at least one vrrp_instance
! each vrrp_instance is a group of VIPs that are logically grouped
! together
! you can have as many vrrp_instaces as you want

vrrp_instance VI_1 {
        state MASTER
        interface eth0

        lvs_sync_daemon_inteface eth0

    ! each virtual router id must be unique per instance name!
        virtual_router_id 51

    ! MASTER and BACKUP state are determined by the priority
    ! even if you specify MASTER as the state, the state will
    ! be voted on by priority (so if your state is MASTER but your
    ! priority is lower than the router with BACKUP, you will lose
    ! the MASTER state)
    ! I make it a habit to set priorities at least 50 points apart
    ! note that a lower number is lesser priority - lower gets less vote
        priority 150

    ! how often should we vote, in seconds?
        advert_int 1

    ! send an alert when this instance changes state from MASTER to BACKUP
        smtp_alert

    ! this authentication is for syncing between failover servers
    ! keepalived supports PASS, which is simple password
    ! authentication
    ! or AH, which is the IPSec authentication header.
    ! I don't use AH
    ! yet as many people have reported problems with it
        authentication {
                auth_type PASS
                auth_pass example
        }

    ! these are the IP addresses that keepalived will setup on this
    ! machine. Later in the config we will specify which real
        ! servers  are behind these IPs
    ! without this block, keepalived will not setup and takedown the
    ! any IP addresses

        virtual_ipaddress {
                192.168.0.10
        ! and more if you want them
        }
}

! now I setup the instance that the real servers will use as a default
! gateway
! most of the config is the same as above, but on a different interface

vrrp_instance VI_GATEWAY {
        state MASTER
        interface eth0
        lvs_sync_daemon_inteface eth0 
        virtual_router_id 52
        priority 150
        advert_int 1
        smtp_alert
        authentication {
                auth_type PASS
                auth_pass example
        }
        virtual_ipaddress {
                192.168.0.11
        }
}

! now we setup more information about are virtual server
! we are just setting up one for now, listening on port 53 for dns
! requests.

! notice we do not setup a virtual_server block for the 192.168.0.10
! address in the VI_GATEWAY instance. That's because we are doing NAT
! on that IP, and nothing else.

virtual_server 192.168.0.10 53 {
    delay_loop 6

    ! use round-robin as a load balancing algorithm
    lb_algo rr

    ! we are doing NAT
    lb_kind NAT
    nat_mask 255.255.255.0

    protocol TCP

    ! there can be as many real_server blocks as you need

    real_server 192.168.0.2 53 {

    ! if we used weighted round-robin or a similar lb algo,
    ! we include the weight of this server

        weight 1

    ! here is a health checker for this server.
    ! we could use a custom script here (see the keepalived docs)
    ! but we will just make sure we can do a vanilla tcp connect()
    ! on port 53
    ! if it fails, we will pull this realserver out of the pool
    ! and send email about the removal
        TCP_CHECK {
            connect_timeout 3
            connect_port 53
        }
    }

    real_server 192.168.0.3 53 {

    ! if we used weighted round-robin or a similar lb algo,
    ! we include the weight of this server

        weight 1

    ! here is a health checker for this server.
    ! we could use a custom script here (see the keepalived docs)
    ! but we will just make sure we can do a vanilla tcp connect()
    ! on port 53
    ! if it fails, we will pull this realserver out of the pool
    ! and send email about the removal
        TCP_CHECK {
            connect_timeout 3
            connect_port 53
        }
    }
}

结论：

防火墙已禁用，机器之间的连接正常，keepalived 能够验证与 DNS 主服务器的简单 TCP 连接。我还能够dig myhost @192.168.0.2/3从负载平衡器执行，并得到正确的结果。

但是运行时dig myhost @192.168.0.10我得到了一个;; connection timed out; no servers could be reached。如果使用 1 个 NIC 就可以解决这个问题，我将非常感激任何可以帮助我克服这个问题的提示或建议，如果需要更多详细信息，请告诉我。