OpenWrt软路由怎么实现双机热备份
双机热备份在OpenWrt软路由中可以通过VRRP实现,确保网络的稳定性和连续性。用户需要在两台OpenWrt设备上安装并配置keepalived软件包。主路由器配置为VRRP的主状态,而备份路由器为备份状态。
1. 双机热备份的概念
简单来说,双机热备份意味着有两台路由器(在本文中,我们用 OpenWrt 软路由)同时运行,但只有一台处于活跃状态,另一台处于备份状态。当活跃路由器出现问题时,备份路由器会自动接管网络,确保网络通信不被中断。
2. 实现双机热备份的基础:VRRP
VRRP(Virtual Router Redundancy Protocol)是实现双机热备份的关键协议。它允许两台或多台路由器共享一个虚拟 IP 地址。其中一台路由器作为主路由器,其他的作为备份。当主路由器失效时,其中一台备份路由器会自动成为新的主路由器,保持网络的连续性。
3. OpenWrt 下实现双机热备份的步骤
3.1 安装必要的软件包
首先,确保你的 OpenWrt 已经安装了keepalived软件包。你可以通过以下命令进行安装:
XML/HTML代码
- opkg update
- opkg install keepalived
3.2 配置 VRRP
接下来,我们需要在两台 OpenWrt 路由器上配置keepalived来实现 VRRP。
主路由器配置:
XML/HTML代码
- cat > /etc/keepalived/keepalived.conf <<-EOF
- vrrp_instance VI_1 {
- state MASTER
- interface br-lan
- virtual_router_id 51
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.1.1/24
- }
- }
- EOF
备份路由器配置:
XML/HTML代码
- cat > /etc/keepalived/keepalived.conf <<-EOF
- vrrp_instance VI_1 {
- state BACKUP
- interface br-lan
- virtual_router_id 51
- priority 50
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.1.1/24
- }
- }
- EOF
在这里,virtual_router_id是 VRRP 的唯一标识,确保在你的网络中是独一无二的。virtual_ipaddress则是两台路由器共享的虚拟 IP 地址。
3.3 启动和测试
分别在两个机器上运行这个命令,使自己的配置文件生效。
XML/HTML代码
- cat > /etc/config/keepalived <<-EOF
- config globals 'globals'
- option alt_config_file "/etc/keepalived/keepalived.conf"
- EOF
在两台路由器上启动keepalived:
XML/HTML代码
- /etc/init.d/keepalived start
- /etc/init.d/keepalived enable
此时,你应该可以 ping 到192.168.1.1这个 IP 地址。当你断开主路由器的电源或网络时,备份路由器应该会自动接管,确保网络的稳定性。
4. 结语
OpenWrt 作为一个强大的开源软路由系统,其灵活性和扩展性为我们提供了实现高可用性网络的可能性。通过上述的步骤,即使在小型网络环境中,我们也可以享受到双机热备份带来的稳定性和连续性。
实验过程:
部署与配置
安装keepalived
在Openwrt上安装keepalived,可以通过opkg直接安装:
XML/HTML代码
- opkg update
- opkg install keepalived
XML/HTML代码
- * satisfy_dependencies_for: Cannot satisfy the following dependencies for keepalived:
- * kernel (= 6.1.69-1-4bb6c728f5087dc3a67fcfdd70aa0707)
方案一:寻找对应版本的ipk
我们可以直接去源仓库下载和我们内核比较匹配的版本:下载keepalived.ipk后,安装它:
XML/HTML代码
- # 下载包,你可能要选择合适自己的版本
- wget https://downloads.openwrt.org/releases/23.05.2/packages/x86_64/packages/keepalived_2.2.7-10_x86_64.ipk
- # 使用opkg安装此ipk
- opkg install keepalived_2.2.7-10_x86_64.ipk
XML/HTML代码
- Unknown package 'keepalived'.
- Collected errors:
- - pkg_hash_check_unresolved: cannot find dependency libmagic for keepalived
- - pkg_hash_check_unresolved: cannot find dependency libnfnetlink0 for keepalived
- - pkg_hash_fetch_best_installation_candidate: Packages for keepalived found, but incompatible with the architectures configured
- - opkg_install_cmd: Cannot install package keepalived.
XML/HTML代码
- opkg install libmagic
- opkg install libnfnetlink0
现在再次opkg install keepalived_2.2.7-10_x86_64.ipk或许能成功了。
方案二:自行编译keepalived
我们可以直接去keepalived官网(https://www.keepalived.org/download.html)下载对应版本的源码,基于里面的Makefile等编译,但这好像略麻烦。
更简单的是因为OpenWRT已经集成好了相关的编译脚本。
配置主机和备机
上面安装成功后,我们直接ps | grep keep可以看到相关keepalived的进程以及它使用的配置文件:
XML/HTML代码
- root@OpenWrt:~# ps | grep keep
- 7529 root 7308 S /usr/sbin/keepalived -n -f /tmp/keepalived.conf
XML/HTML代码
- cat > /etc/config/keepalived <<-EOF
- config globals 'globals'
- option alt_config_file "/etc/keepalived/keepalived.conf"
- EOF
然后要确定一个关键的东西是VIP(虚拟IP),我的两台Openwrt的地址分别是:192.168.50.253,192.168.50.254。所以给VIP设定为一个不冲突的192.168.50.252。
主机:
XML/HTML代码
- cat > /etc/keepalived/keepalived.conf <<-EOF
- global_defs {
- router_id LVS_1
- }
- vrrp_instance VI_1 {
- interface br-lan # 这里是lan口网卡名,通过ip a查看
- state MASTER
- virtual_router_id 1 # 主机和备机这个需要一致
- priority 100 # 主机建议设置比备机高
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.50.252/24 # 这里是虚拟ip地址
- }
- }
- EOF
XML/HTML代码
- cat > /etc/keepalived/keepalived.conf <<-EOF
- global_defs {
- router_id LVS_1
- }
- vrrp_instance VI_1 {
- interface br-lan # 这里是lan口网卡名,通过ip a查看
- state BACKUP
- virtual_router_id 1 # 主机和备机这个需要一致
- priority 50 # 主机建议设置比这个更高
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.50.252/24 # 这里是虚拟ip地址
- }
- }
- EOF
XML/HTML代码
- /etc/init.d/keepalived restart
验证
接下来是见证奇迹的时刻,你肯定好奇这故障了多久能切换啊?我也是比较好奇,所以我这样抓了个包:
XML/HTML代码
- # 前面铺垫的知识知道了VRRP的广播地址是这个,直接tcpdump抓包:
- tcpdump -i any host 224.0.0.18
XML/HTML代码
- 00:58:15.004593 IP 192.168.50.254 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 100, authtype simple, intvl 1s, length 20
- 00:58:15.004612 IP 192.168.50.254 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 100, authtype simple, intvl 1s, length 20
- 00:58:15.466668 IP 192.168.50.254 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 0, authtype simple, intvl 1s, length 20
- 00:58:15.466696 IP 192.168.50.254 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 0, authtype simple, intvl 1s, length 20
- 00:58:16.271598 IP 192.168.50.253 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 50, authtype simple, intvl 1s, length 20
- 00:58:16.271604 IP 192.168.50.253 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 50, authtype simple, intvl 1s, length 20
从时间可以看到,大概用时1s就切换完成了。我们也可以看一下OpenWRT的日志:
XML/HTML代码
- # 使用logread查看openwrt的日志
- > logread
- Thu Dec 28 00:58:16 2023 daemon.info Keepalived_vrrp[7530]: (VI_1) Entering MASTER STATE
- Thu Dec 28 00:58:16 2023 daemon.info avahi-daemon[3305]: Registering new address record for 192.168.50.252 on br-lan.IPv4.
- Thu Dec 28 01:00:25 2023 daemon.info Keepalived_vrrp[7530]: (VI_1) Master received advert from 192.168.50.254 with higher priority 100, ours 50
- Thu Dec 28 01:00:25 2023 daemon.info Keepalived_vrrp[7530]: (VI_1) Entering BACKUP STATE
