Networking

在 debian 上的心跳切換期間添加預設路由

  • August 29, 2017

我們有一個心跳切換,在我們的一個網路中的 2 個防火牆之間進行,切換發生的介面預設沒有設置 IP,只有在切換發生時才獲得這個 IP。這也恰好是離開該網路的預設路由(機器被用作防火牆),我們沒有 IP 空間來為這些機器分別提供另一個 IP 地址。但是,當嘗試將流量路由到 WAN 埠之外的任何地方時,這會導致問題。

如何將預設路由添加到目前沒有 IP 地址的介面(該介面在啟動時通過 system.d 服務出現),或者我可以在 IP 切換時添加路由嗎?

ocf:heartbeat:Route您可以使用資源代理添加/刪除路由。

Route資源代理的描述是:

Manages network routes (ocf:heartbeat:Route)

Enables and disables network routes.

Supports host and net routes, routes via a gateway address, 
and routes using specific source addresses.

This resource agent is useful if a node's routing table
needs to be manipulated based on node role assignment.

Consider the following example use case:

 -  One cluster node serves as an IPsec tunnel endpoint.

 -  All other nodes use the IPsec tunnel to reach hosts
    in a specific remote network.

Then, here is how you would implement this scheme making use
of the Route resource agent:

 -  Configure an ipsec LSB resource.

 -  Configure a cloned Route OCF resource.

 -  Create an order constraint to ensure 
    that ipsec is started before Route.

 -  Create a colocation constraint between the
    ipsec and Route resources, to make sure no instance
    of your cloned Route resource is started on the
    tunnel endpoint itself.

Parameters (*: required, []: default):

destination* (string): Destination network
   The destination network (or host) to be configured for the route. 
   Specify the netmask suffix in CIDR notation (e.g. "/24").
   If no suffix is given, a host route will be created.
   Specify "0.0.0.0/0" or "default" if you want this resource to set 
   the system default route.

device (string): Outgoing network device
   The outgoing network device to use for this route.

gateway (string): Gateway IP address
   The gateway IP address to use for this route.

source (string): Source IP address
   The source IP address to be configured for the route.

table (string): Routing table
   The routing table to be configured for the route.

Operations' defaults (advisory minimum):

   start         timeout=20
   stop          timeout=20
   monitor       timeout=20 interval=10
   reload        timeout=20

在您的 IP 之後在您的配置中定義它,一旦 IP 存在,路由就會被添加。

不推薦使用不帶 Pacemaker 的 Heartbeat,因此很難找到任何目前文件。如果可以的話,您可能應該看看將 Pacemaker 添加到您的設置中。

引用自:https://serverfault.com/questions/871080

相關問答

Networking

Linux伺服器忽略來自網關的數據包

  • January 30, 2022
檢視問答
Networking

如何為 OpenVPN 伺服器設置 OVH 防火牆?

  • December 3, 2020
檢視問答
Networking

為什麼會發生 ICMP 重定向主機?

  • March 15, 2020
檢視問答
Networking

使用 linux 路由器的備份路由

  • October 9, 2019
檢視問答
Linux

如何將 Linux 防火牆 IP 白名單與數據庫連接?

  • May 1, 2019
檢視問答
Networking

Google IP 向我的路由器發送 TCP(ACK、PSH)。知道為什麼?

  • March 17, 2018
檢視問答