|
We use keepalived and zebra on our load balancers. Zebra provides bgpd,
which keeps track of the Internet2 routing tables for route-based QoS.
Keepalived is configured with the following lines to invoke a shell
script. The script starts and stops zebra when switching between
directors.
notify_master "/usr/local/sbin/lvs-dir start"
notify_backup "/usr/local/sbin/lvs-dir stop"
notify_fault "/usr/local/sbin/lvs-dir stop"
I've included the script below. In case you're curious, the ping
commands are to force an update of the ARP table in our router (Cisco).
For whatever reason, the gratuitous arp function in keepalived didn't
make this happen by itself.
Hope this helps,
-jrr
#!/bin/sh
#
# lvs-dir
#
# start/stop script for use with keepalived. enables/disables NAT,
# packet forwarding, bgpd, and zebra
#
defgw=192.168.2.1
wwwdir=192.168.2.100
external_prod=192.168.2.2
external_dev=192.168.2.3
extif=eth0
intif=eth1
nodes_prod="192.168.3.1 192.168.3.2 192.168.3.3 192.168.3.4"
nodes_dev="192.168.4.1"
IPT=/sbin/iptables
start() {
setfwd 1
seticmp 0
start_nat
/sbin/insmod ip_vs_ftp
/sbin/route add default gw $defgw dev $extif
start_zebra
send_pings
}
stop() {
stop_zebra
stop_nat
setfwd 0
seticmp 1
}
status() {
# list interfaces
/sbin/ip addr show
echo
# list ipvsadm table
/sbin/ipvsadm -L
echo
# list iptables rules
$IPT -t nat -L POSTROUTING
echo
$IPT -L FORWARD
echo
# list network setting
echo -n "/proc/sys/net/ipv4/ip_forward: "
cat /proc/sys/net/ipv4/ip_forward
echo -n "/proc/sys/net/ipv4/conf/all/send_redirects: "
cat /proc/sys/net/ipv4/conf/all/send_redirects
echo -n "/proc/sys/net/ipv4/conf/default/send_redirects: "
cat /proc/sys/net/ipv4/conf/default/send_redirects
echo -n "/proc/sys/net/ipv4/conf/eth0/send_redirects: "
cat /proc/sys/net/ipv4/conf/eth0/send_redirects
echo
# zebra daemons
/etc/init.d/zebra status
/etc/init.d/bgpd status
echo
}
connrate() {
/sbin/ipvsadm -L --rate
}
start_zebra() {
/etc/init.d/zebra start
sleep 5
/etc/init.d/bgpd start
}
stop_zebra() {
/etc/init.d/bgpd stop
sleep 5
/etc/init.d/zebra stop
}
start_nat() {
$IPT -F FORWARD
$IPT -P FORWARD DROP
$IPT -F -t nat
# production address
$IPT -A FORWARD -i $extif -o $intif -d $external_prod/32 -p tcp -j
ACCEPT
for host in $nodes_prod; do
$IPT -A FORWARD -i $intif -s $host/32 -o $extif -j ACCEPT
$IPT -t nat -A POSTROUTING -s $host/32 -o $extif -j SNAT
--to-source $external_prod
done
# development address
$IPT -A FORWARD -i $extif -o $intif -d $external_dev/32 -p tcp -j ACCEPT
for host in $nodes_dev; do
$IPT -A FORWARD -i $intif -s $host/32 -o $extif -j ACCEPT
$IPT -t nat -A POSTROUTING -s $host/32 -o $extif -j SNAT
--to-source $external_dev
done
# allow conntracked traffic
$IPT -A FORWARD -i $extif -o $intif -m state --state
ESTABLISHED,RELATED -j ACCEPT
#$IPT -A FORWARD -i $intif -o $extif -j ACCEPT
}
stop_nat() {
$IPT -P FORWARD ACCEPT
$IPT -F FORWARD
$IPT -t nat -F
$IPT -X
$IPT -Z
}
setfwd() {
# set ip_forward ON for vs-nat director (1 on, 0 off).
echo $1 >/proc/sys/net/ipv4/ip_forward
}
seticmp() {
# icmp redirects (1 on, 0 off)
echo $1 >/proc/sys/net/ipv4/conf/all/send_redirects
echo $1 >/proc/sys/net/ipv4/conf/default/send_redirects
echo $1 >/proc/sys/net/ipv4/conf/eth0/send_redirects
}
send_pings() {
sleep 30
/bin/ping -c 5 -q -I $wwwdir $defgw
/bin/ping -c 5 -q -I $external_prod $defgw
/bin/ping -c 5 -q -I $external_dev $defgw
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart_nat)
stop_nat
sleep 3
start_nat
;;
status)
status
;;
connrate)
connrate
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|restart_nat|status|connrate}"
exit 1
esac
exit 0
|
