有没有办法让 keepalived 定期发送免费 ARP?
我们遇到了以下情况:
- 交换机故障(VLAN 设置)
- keepalived 故障转移到备份实例
- 备份实例发送了免费 ARP,但 Cisco ASA 设备没有收到它(由于交换机故障)
- 当交换机恢复时(几分钟后),VIP 无法访问,因为 ASA 未刷新 ARP 表(ARP 表到期时间设置为 4 小时)
- 由于 ASA 已经拥有来自之前活动节点的 MAC,因此它没有发送 ARP 请求
- 直到我们重新启动了 keepalived 实例并启动了新的 GARP 后,VIP 才可访问
因此,我们认为我们可以通过定期 GARP 来避免这种情况。这是一种好方法吗?有没有办法在 keepalived 中做到这一点?
还有其他建议可以避免此类问题吗?
Keepalived 配置:
global_defs {
notification_email {
[email protected]
}
notification_email_from SERVER_1
smtp_server smtp.server.local
smtp_connect_timeout 30
router_id SERVER_1
}
vrrp_instance V1 {
state BACKUP
nopreempt
interface eth0
lvs_sync_daemon_interface eth0
virtual_router_id 150
priority 120
advert_int 1
persistence_timeout 0
smtp_alert
authentication {
auth_type PASS
auth_pass xxx
}
virtual_ipaddress {
10.xxx.xxx.xxx
}
}
答案1
keepalived 1.2.20 及以上版本支持以下关于免费 ARP 的配置设置,vrrp_garp_master_refresh 正是我需要的。
# delay for second set of gratuitous ARPs after transition to MASTER
vrrp_garp_master_delay 10 # seconds, default 5, 0 for no second set
# number of gratuitous ARP messages to send at a time after transition to MASTER
vrrp_garp_master_repeat 1 # default 5
# delay for second set of gratuitous ARPs after lower priority advert received when MASTER
vrrp_garp_lower_prio_delay 10
# number of gratuitous ARP messages to send at a time after lower priority advert received when MASTER
vrrp_garp_lower_prio_repeat 1
# minimum time interval for refreshing gratuitous ARPs while MASTER
vrrp_garp_master_refresh 60 # secs, default 0 (no refreshing)
# number of gratuitous ARP messages to send at a time while MASTER
vrrp_garp_master_refresh_repeat 2 # default 1
# Delay in ms between gratuitous ARP messages sent on an interface
vrrp_garp_interval 0.001 # decimal, seconds (resolution usecs). Default 0.
# Delay in ms between unsolicited NA messages sent on an interface
vrrp_gna_interval 0.000001 # decimal, seconds (resolution usecs). Default 0.