LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Keepalived and Zebra

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Keepalived and Zebra
From: "mike" <mike@xxxxxxxxxxxxx>
Date: Fri, 13 Feb 2004 19:32:13 -0500
hi
I am trying to use keepalived with zebra to create a failover for an inter
subnet router using ripd . I a sence to replicate the Cisco HSRP
behaviour .How the protocol used may affect this Failover .
Thanks
----- Original Message ----- 
From: "John Reuning" <john@xxxxxxxxxxxxxxx>
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, February 13, 2004 6:54 PM
Subject: RE: Keepalived and Zebra


> We use keepalived and zebra on our load balancers.  Zebra provides bgpd,
> which keeps track of the Internet2 routing tables for route-based QoS.
>
> Keepalived is configured with the following lines to invoke a shell
> script.  The script starts and stops zebra when switching between
> directors.
>
> notify_master "/usr/local/sbin/lvs-dir start"
> notify_backup "/usr/local/sbin/lvs-dir stop"
> notify_fault "/usr/local/sbin/lvs-dir stop"
>
> I've included the script below.  In case you're curious, the ping
> commands are to force an update of the ARP table in our router (Cisco).
> For whatever reason, the gratuitous arp function in keepalived didn't
> make this happen by itself.
>
> Hope this helps,
>
> -jrr
>
>
> #!/bin/sh
> #
> # lvs-dir
> #
> # start/stop script for use with keepalived.  enables/disables NAT,
> # packet forwarding, bgpd, and zebra
> #
>
> defgw=192.168.2.1
> wwwdir=192.168.2.100
> external_prod=192.168.2.2
> external_dev=192.168.2.3
> extif=eth0
> intif=eth1
>
> nodes_prod="192.168.3.1 192.168.3.2 192.168.3.3 192.168.3.4"
> nodes_dev="192.168.4.1"
>
> IPT=/sbin/iptables
>
> start() {
> setfwd 1
> seticmp 0
> start_nat
> /sbin/insmod ip_vs_ftp
> /sbin/route add default gw $defgw dev $extif
> start_zebra
> send_pings
> }
>
> stop() {
> stop_zebra
> stop_nat
> setfwd 0
> seticmp 1
> }
>
> status() {
> # list interfaces
> /sbin/ip addr show
> echo
>
> # list ipvsadm table
> /sbin/ipvsadm -L
> echo
>
> # list iptables rules
> $IPT -t nat -L POSTROUTING
> echo
> $IPT -L FORWARD
> echo
>
> # list network setting
> echo -n "/proc/sys/net/ipv4/ip_forward: "
> cat /proc/sys/net/ipv4/ip_forward
> echo -n "/proc/sys/net/ipv4/conf/all/send_redirects: "
> cat /proc/sys/net/ipv4/conf/all/send_redirects
> echo -n "/proc/sys/net/ipv4/conf/default/send_redirects: "
> cat /proc/sys/net/ipv4/conf/default/send_redirects
> echo -n "/proc/sys/net/ipv4/conf/eth0/send_redirects: "
> cat /proc/sys/net/ipv4/conf/eth0/send_redirects
> echo
>
> # zebra daemons
> /etc/init.d/zebra status
> /etc/init.d/bgpd status
> echo
> }
>
> connrate() {
> /sbin/ipvsadm -L --rate
> }
>
> start_zebra() {
> /etc/init.d/zebra start
> sleep 5
> /etc/init.d/bgpd start
> }
>
> stop_zebra() {
> /etc/init.d/bgpd stop
> sleep 5
> /etc/init.d/zebra stop
> }
>
> start_nat() {
>
> $IPT -F FORWARD
> $IPT -P FORWARD DROP
> $IPT -F -t nat
>
> # production address
> $IPT -A FORWARD -i $extif -o $intif -d $external_prod/32 -p tcp -j ACCEPT
> for host in $nodes_prod; do
> $IPT -A FORWARD -i $intif -s $host/32 -o $extif -j ACCEPT
> $IPT -t nat -A POSTROUTING -s $host/32 -o $extif -j SNAT --to-source
$external_prod
> done
>
> # development address
> $IPT -A FORWARD -i $extif -o $intif -d $external_dev/32 -p tcp -j ACCEPT
> for host in $nodes_dev; do
> $IPT -A FORWARD -i $intif -s $host/32 -o $extif -j ACCEPT
> $IPT -t nat -A POSTROUTING -s $host/32 -o $extif -j SNAT --to-source
$external_dev
> done
>
> # allow conntracked traffic
> $IPT -A FORWARD -i $extif -o $intif -m state --state
ESTABLISHED,RELATED -j ACCEPT
> #$IPT -A FORWARD -i $intif -o $extif -j ACCEPT
> }
>
> stop_nat() {
> $IPT -P FORWARD ACCEPT
> $IPT -F FORWARD
> $IPT -t nat -F
> $IPT -X
> $IPT -Z
>
> }
>
> setfwd() {
> # set ip_forward ON for vs-nat director (1 on, 0 off).
> echo $1 >/proc/sys/net/ipv4/ip_forward
> }
>
> seticmp() {
> # icmp redirects (1 on, 0 off)
> echo $1 >/proc/sys/net/ipv4/conf/all/send_redirects
> echo $1 >/proc/sys/net/ipv4/conf/default/send_redirects
> echo $1 >/proc/sys/net/ipv4/conf/eth0/send_redirects
> }
>
> send_pings() {
> sleep 30
> /bin/ping -c 5 -q -I $wwwdir $defgw
> /bin/ping -c 5 -q -I $external_prod $defgw
> /bin/ping -c 5 -q -I $external_dev $defgw
> }
>
> case "$1" in
>         start)
>             start
>             ;;
>
>         stop)
>             stop
>             ;;
>
>         restart_nat)
>             stop_nat
>             sleep 3
>             start_nat
>             ;;
>
>         status)
>             status
>             ;;
>
>         connrate)
>             connrate
>             ;;
>
>         restart)
>             stop
>             start
>             ;;
>         *)
>             echo $"Usage: $0
{start|stop|restart|restart_nat|status|connrate}"
>             exit 1
> esac
>
> exit 0
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.587 / Virus Database: 371 - Release Date: 2/12/2004

<Prev in Thread] Current Thread [Next in Thread>