vrrp between openwrt

Others opemwrt
发布时间 :
  1. openwrt vrrp 双机热备份
    1. 背景
    2. 1.前提需要
    3. 2.配置VRRP
    4. 3.验证

openwrt vrrp 双机热备份

背景

  此前入手了NanoPi-R2S,刷上了openwrt系统,给家里的网络提供一些额外的服务,类似于部署adguardhome实现通过DNS层面的过滤广告、利用云服务器通过wireguard远程管理家里的NAS,网络设备、有需要的时候通过网络唤醒远程管理家里面已经关电的电脑之类,but anyway,因为会openwrt会经常改动配置,有可能导致家里面一些网络突然中断无法使用。遂想出利用R2S与家里的无线路由器起vrrp,将拨号与dhcp放置在无线路由器上(此时R2S充当一个旁路由),主机设置为R2S,备机设置为无线路由器,这样如果R2S挂掉也不会影响家里的其他设备上公网,当然主机宕机之后之前提到的adguardhome之类的功能都用不了了。

1.前提需要

  openwrt起vrrp需要使用到keepalived,而家里的无线路由器无法使用keepalive,所以先给无线路由刷上openwrt,我的是红米AC2100,刷机教程在恩山论坛就有,根据恩山的教程刷系统就好,刷好后安装上keepalived

2.配置VRRP

  因为keepalived没有luci界面,所以配置需要进入shell里手动配置,我的内网地址段为192.168.15.0/24,无线路由(192.168.15.2/24),NanoPi-R2S(192.168.15.1/24),虚拟网关地址(192.168.15.15/24)

后面有时间会单独写一篇介绍keepalived服务的介绍,会更新链接至此

主机配置(R2S)

[root@NanoPi-R2S:~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
    router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS #认证类型
        auth_pass 1111 #认证密码
    }
virtual_ipaddress {
    192.168.15.15/24 dev eth1 #虚拟IP以及端口,根据实际填写
    }
}

备机配置(无线路由)

[root@MainRouter:~]# vim /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
    router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state BACKUP
    interface br-lan
    virtual_router_id 51
    priority 50
    advert_int 1
    authentication {
        auth_type PASS #认证类型
        auth_pass 1111 #认证密码
}
virtual_ipaddress {
        192.168.15.15/24 dev br-lan #虚拟IP以及端口,根据实际填写
    }
}

3.验证

启动服务后主机上可以看见多了个secondary ip,备机是没有的

主机:

[root@NanoPi-R2S:~]# ip addr | grep -A10 eth1
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether ee:8b:69:44:09:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.1/24 brd 192.168.15.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet 192.168.15.15/24 scope global secondary eth1  //虚拟网关地址
       valid_lft forever preferred_lft forever
    inet6 fe80::ec8b:69ff:fe44:9d2/64 scope link 
       valid_lft forever preferred_lft forever

备机:

[root@MainRouter:~]# ip addr | grep -A5 "br-lan:"
26: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 56:48:e6:0a:16:d6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.2/24 brd 192.168.15.255 scope global br-lan 
       valid_lft forever preferred_lft forever
32: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 54:48:e6:9a:16:d5 brd ff:ff:ff:ff:ff:ff

修改电脑网关和DNS为虚拟地址

关掉主机keepalived服务

[root@NanoPi-R2S:~]# /etc/init.d/keepalived stop

可以看到切换过程出现了一下延时增大,没有丢包,再查看两机的ip地址

[root@NanoPi-R2S:~]# ip addr | grep -A10 eth1
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether ee:8b:69:44:09:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.1/24 brd 192.168.15.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::ec8b:69ff:fe44:9d2/64 scope link 
       valid_lft forever preferred_lft forever


[root@MainRouter:~]# ip addr | grep -A5 "br-lan:"
26: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 56:48:e6:0a:16:d6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.2/24 brd 192.168.15.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet 192.168.15.15/24 scope global secondary br-lan //虚拟网关地址
       valid_lft forever preferred_lft forever

此时可以看见192.168.15.15/24已经切换到备机上,然后我们再重新启动主机的keepalived服务

[root@NanoPi-R2S:~]# /etc/init.d/keepalived start

开启后过一会切回主机上,此时延时出现波动,没有丢包,再次查看两机ip地址

[root@NanoPi-R2S:~]# ip addr | grep -A10 eth1
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether ee:8b:69:44:09:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.1/24 brd 192.168.15.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet 192.168.15.15/24 scope global secondary eth1  //虚拟网关地址
       valid_lft forever preferred_lft forever
    inet6 fe80::ec8b:69ff:fe44:9d2/64 scope link 
       valid_lft forever preferred_lft forever


[root@MainRouter:~]# ip addr | grep -A5 "br-lan:"
26: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 56:48:e6:0a:16:d6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.2/24 brd 192.168.15.255 scope global br-lan
       valid_lft forever preferred_lft forever
32: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 54:48:e6:9a:16:d5 brd ff:ff:ff:ff:ff:ff

此时192.168.15.15/24已经回到了主机的端口上,至此两机vrrp建立成功,也成功实现双机热备,剩下的只需要去DHCP上将分配的默认网关和DNS修改为192.168.15.15即可

至此大功告成!

转载请注明来源

粤ICP备2024346163号 ©2020-2025 David Deng

Built with Hexo and 3-hexo theme