一、问题描述:
在修改了cce-lb2的nginx配置后,重启服务VIP切换到cce-lb1后,cce首页无法访问。最后通过重启lb2上的keepalived进程后恢复(service keepalived restart),lb2是好的,lb1有类似偶发问题。
二、当前进展:
lb1和lb2的keepalived配置文件及check_nginx脚本如下:
两张网卡192和224,分别查看网关配置
[root@cce-lb2 caasuser]# ip add |grep ens2243: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000inet 10.144.246.74/24 brd 10.144.246.255 scope global noprefixroute ens224inet 10.144.246.75/24 scope global secondary ens224[root@cce-lb2 caasuser]# ip add |grep ens1922: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000inet 10.144.245.74/24 brd 10.144.245.255 scope global noprefixroute ens192inet 10.144.245.204/24 scope global secondary ens192
[root@cce-lb1 caasuser]# ip add |grep ens2243: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000inet 10.144.246.73/24 brd 10.144.246.255 scope global noprefixroute ens224[root@cce-lb1 caasuser]# ip add |grep ens1922: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000inet 10.144.245.73/24 brd 10.144.245.255 scope global noprefixroute ens192[root@cce-lb1 caasuser]#
两张网卡192和224,分别查看网关配置中,在192网卡配置项里,将gateway没有注释,而在正常的lb2的192网卡上gateway网关注释了。
lb1上ens192网卡配置的网关10.144.245.1 ping不通,
NAME=ens192DEVICE=ens192ONBOOT=yesIPADDR=10.144.245.73NETMASK=255.255.255.0GATEWAY=10.144.245.1
lb2上ens192网卡到网关互通
NAME=ens192# UUID=d2e7a805-f6c1-4005-8563-90f05218aa53DEVICE=ens192ONBOOT=yesIPADDR=10.144.245.74NETMASK=255.255.255.0#GATEWAY=10.144.245.1
各自ping网关10.144.245.1和10.144.246.1,对比发现lb1上唯独ping 这个网关10.144.245.1不通;导致VIP( vip_intra)10.144.245.204飘到这个在lb1上转发不出去;traceroute跟踪没有路由条目。
0
路由表第一行表示默认路由,所有的流量通过默认路由出去,但是除了从第二行开始的剩余条目之外。也就意味着除了第二条到末尾的这些路由之外的其他所有流量都走默认的0.0.0.0网关。目前lb1上出不去10.144.245.1这个网关。正常的lb2上的192网卡将gateway=10.144.245.1配置注释,也就意味着该网卡流量通过0.0.0.0直接广播,而lb1上的192网卡强制配置了gateway=10.144.245.1所以vip—-10.144.245.204根本出不去网段(网关10.144.245.1)
(1)在lb2上,要走10.144.245.1按照第四行条目走直接广播;
(2)在lb1(异常)上,要走245.1则先要去自己的网关因为配置了gateway=10.144.245.1;发现在第二列的
245.1的条目里面并没有目的地址为10.144.245.0的网段!
三、解决方案
因为是生产环境,无法及时验证,推测注释掉lb1上192网卡配置文件里的gateway选项以便10.144.245.0网段走0.0.0.0网关。
根据公开的信息发现,双网卡双网关方案不可取,lb1的网关多余了。
keepalived多个虚IP的双机集群
http://blog.sina.com.cn/s/blog_5670025101015lnc.html
双网卡双网关设置问题
https://blog.csdn.net/weixin_34037515/article/details/91771826
[caasuser@cce-lb1 ~]$ ip routedefault via 10.144.246.1 dev ens224 proto static metric 10110.144.245.0/24 dev ens192 proto kernel scope link src 10.144.245.73 metric 10010.144.246.0/24 dev ens224 proto kernel scope link src 10.144.246.73 metric 10110.245.19.128/25 via 10.144.245.1 dev ens19210.245.97.0/25 via 10.144.245.1 dev ens19210.249.39.0/24 via 10.144.245.1 dev ens19210.249.112.128/25 via 10.144.245.1 dev ens19210.249.132.128/25 via 10.144.245.1 dev ens19210.249.152.128/25 via 10.144.245.1 dev ens19210.249.154.0/24 via 10.144.245.1 dev ens19210.249.154.128/25 via 10.144.245.1 dev ens19210.249.170.0/24 via 10.144.245.1 dev ens19210.249.171.128/25 via 10.144.245.1 dev ens19210.249.217.128/25 via 10.144.245.1 dev ens19210.249.220.128/25 via 10.144.245.1 dev ens19210.251.102.128/25 via 10.144.245.1 dev ens19210.251.103.128/25 via 10.144.245.1 dev ens19210.251.203.128/25 via 10.144.245.1 dev ens19210.251.212.0/24 via 10.144.245.1 dev ens19210.251.213.128/25 via 10.144.245.1 dev ens19210.251.215.128/25 via 10.144.245.1 dev ens19210.251.233.128/25 via 10.144.245.1 dev ens19210.251.235.128/25 via 10.144.245.1 dev ens19210.251.243.0/24 via 10.144.245.1 dev ens19210.252.134.0/23 via 10.144.245.1 dev ens19210.252.195.128/25 via 10.144.245.1 dev ens19210.252.230.0/24 via 10.144.245.1 dev ens19210.252.232.0/24 via 10.144.245.1 dev ens19210.253.197.0/25 via 10.144.245.1 dev ens19210.253.197.0/24 via 10.144.245.1 dev ens19210.253.197.128/25 via 10.144.245.1 dev ens19210.254.227.128/25 via 10.144.245.1 dev ens192192.168.116.32/27 via 10.144.245.1 dev ens192192.168.168.2 dev tun0 proto kernel scope link src 192.168.168.1[caasuser@cce-lb1 ~]$ route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 10.144.246.1 0.0.0.0 UG 101 0 0 ens22410.144.245.0 0.0.0.0 255.255.255.0 U 100 0 0 ens19210.144.246.0 0.0.0.0 255.255.255.0 U 101 0 0 ens22410.245.19.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.245.97.0 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.39.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.249.112.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.132.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.152.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.154.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.249.154.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.170.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.249.171.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.217.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.220.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.102.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.103.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.203.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.212.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.251.213.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.215.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.233.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.235.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.243.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.252.134.0 10.144.245.1 255.255.254.0 UG 0 0 0 ens19210.252.195.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.252.230.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.252.232.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.253.197.0 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.253.197.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.253.197.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.254.227.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens192192.168.116.32 10.144.245.1 255.255.255.224 UG 0 0 0 ens192192.168.168.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0[caasuser@cce-lb1 ~]$
[caasuser@cce-lb2 ~]$ ip routedefault via 10.144.246.1 dev ens224 proto static metric 10110.11.204.128/25 via 10.144.245.1 dev ens19210.144.245.0/24 dev ens192 proto kernel scope link src 10.144.245.74 metric 10010.144.246.0/24 dev ens224 proto kernel scope link src 10.144.246.74 metric 10110.245.19.128/25 via 10.144.245.1 dev ens19210.245.97.0/25 via 10.144.245.1 dev ens19210.245.97.0/24 via 10.144.245.1 dev ens19210.249.39.0/24 via 10.144.245.1 dev ens19210.249.112.128/25 via 10.144.245.1 dev ens19210.249.132.128/25 via 10.144.245.1 dev ens19210.249.152.128/25 via 10.144.245.1 dev ens19210.249.154.0/24 via 10.144.245.1 dev ens19210.249.154.128/25 via 10.144.245.1 dev ens19210.249.170.0/24 via 10.144.245.1 dev ens19210.249.171.128/25 via 10.144.245.1 dev ens19210.249.217.128/25 via 10.144.245.1 dev ens19210.249.220.128/25 via 10.144.245.1 dev ens19210.251.102.128/25 via 10.144.245.1 dev ens19210.251.103.128/25 via 10.144.245.1 dev ens19210.251.193.0/24 via 10.144.245.1 dev ens19210.251.203.128/25 via 10.144.245.1 dev ens19210.251.212.0/24 via 10.144.245.1 dev ens19210.251.213.128/25 via 10.144.245.1 dev ens19210.251.215.128/25 via 10.144.245.1 dev ens19210.251.233.128/25 via 10.144.245.1 dev ens19210.251.235.128/25 via 10.144.245.1 dev ens19210.251.243.0/24 via 10.144.245.1 dev ens19210.252.134.0/23 via 10.144.245.1 dev ens19210.252.195.128/25 via 10.144.245.1 dev ens19210.252.230.0/24 via 10.144.245.1 dev ens19210.252.232.0/24 via 10.144.245.1 dev ens19210.253.197.0/25 via 10.144.245.1 dev ens19210.253.197.128/25 via 10.144.245.1 dev ens19210.254.227.128/25 via 10.144.245.1 dev ens19210.255.32.12 via 10.144.245.1 dev ens19210.255.243.0/24 via 10.144.245.1 dev ens192172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1192.168.116.32/27 via 10.144.245.1 dev ens192[caasuser@cce-lb2 ~]$ route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 10.144.246.1 0.0.0.0 UG 101 0 0 ens22410.11.204.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.144.245.0 0.0.0.0 255.255.255.0 U 100 0 0 ens19210.144.246.0 0.0.0.0 255.255.255.0 U 101 0 0 ens22410.245.19.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.245.97.0 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.245.97.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.249.39.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.249.112.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.132.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.152.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.154.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.249.154.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.170.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.249.171.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.217.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.249.220.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.102.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.103.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.193.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.251.203.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.212.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.251.213.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.215.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.233.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.235.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.251.243.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.252.134.0 10.144.245.1 255.255.254.0 UG 0 0 0 ens19210.252.195.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.252.230.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.252.232.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens19210.253.197.0 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.253.197.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.254.227.128 10.144.245.1 255.255.255.128 UG 0 0 0 ens19210.255.32.12 10.144.245.1 255.255.255.255 UGH 0 0 0 ens19210.255.243.0 10.144.245.1 255.255.255.0 UG 0 0 0 ens192172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0192.168.116.32 10.144.245.1 255.255.255.224 UG 0 0 0 ens192[caasuser@cce-lb2 ~]$
若有收获,就点个赞吧
0 人点赞
