在debian的心跳切换过程中添加一个耳聋路由

Question

我们有一个心跳切换，它在我们的一个网络中的两个防火墙之间进行，切换所使用的接口在默认情况下没有IP设置，只有在切换发生时才得到这个IP。这也恰好是出这个网络的默认路径(机器被用作防火墙)，我们没有足够的IP空间为这些机器提供另一个IP地址。然而，当试图将流量路由到WAN端口之外的任何内容时，这会导致问题。

如何将默认路由添加到当前没有IP地址的接口(该接口通过启动时的system.d服务)，或者在IP切换时添加路由？

Answer 1

可以使用ocf:heartbeat:Route资源代理添加/删除路由。

Route资源代理的描述是：

Manages network routes (ocf:heartbeat:Route)

Enables and disables network routes.

Supports host and net routes, routes via a gateway address, 
and routes using specific source addresses.

This resource agent is useful if a node's routing table
needs to be manipulated based on node role assignment.

Consider the following example use case:

  -  One cluster node serves as an IPsec tunnel endpoint.

  -  All other nodes use the IPsec tunnel to reach hosts
     in a specific remote network.

Then, here is how you would implement this scheme making use
of the Route resource agent:

  -  Configure an ipsec LSB resource.

  -  Configure a cloned Route OCF resource.

  -  Create an order constraint to ensure 
     that ipsec is started before Route.

  -  Create a colocation constraint between the
     ipsec and Route resources, to make sure no instance
     of your cloned Route resource is started on the
     tunnel endpoint itself.

Parameters (*: required, []: default):

destination* (string): Destination network
    The destination network (or host) to be configured for the route. 
    Specify the netmask suffix in CIDR notation (e.g. "/24").
    If no suffix is given, a host route will be created.
    Specify "0.0.0.0/0" or "default" if you want this resource to set 
    the system default route.

device (string): Outgoing network device
    The outgoing network device to use for this route.

gateway (string): Gateway IP address
    The gateway IP address to use for this route.

source (string): Source IP address
    The source IP address to be configured for the route.

table (string): Routing table
    The routing table to be configured for the route.

Operations' defaults (advisory minimum):

    start         timeout=20
    stop          timeout=20
    monitor       timeout=20 interval=10
    reload        timeout=20

在IP之后的配置中定义这一点，一旦IP在那里，路由就会被添加。

不建议使用心跳而不使用心脏起搏器，因此很难找到关于它的任何当前文档。如果可以的话，你可能应该看看在你的设置中增加起搏器。