AllGoodBits.org

• Infrastructure
• Networking
• Security
• Programming
• Databases
• Tools
• Opinion
• Services
• Monitoring

Load Balancing with Keepalived

Some basic notes/examples on configuring VRRP/keepalived to move shared (virtual) IP addresses between load balancers.

• Make sure your firewall rules aren't blocking
• Turn on IP forwarding (echo "1" > /proc/sys/net/ipv4/ip_forward)
• On the realservers, ensure you have a rule so that traffic for the VIP is accepted: iptables -t nat -A PREROUTING -d <VIP> -j REDIRECT

global_defs {
   notification_email {
     infra-admins@example.com
   }
   notification_email_from infra-admins@example.com
   smtp_server mail.example.com
   smtp_connect_timeout 30
   router_id LB1-OLCF #Name used in notification to idicate name of director
}

vrrp_instance FOO_LOAD_BALANCER {
    state BACKUP #The initial state prior to election
    interface bond1
    lvs_sync_daemon_interface bond1
    virtual_router_id 51 #must be the same on all directors for this vrrp instance, but unique among other vrrp instance on the same network
    priority 101
    advert_int 1 #VRRP advertisement interval
    nopreempt #Don't prempt another master
    smtp_alert #This line enables SMTP alerts for this VRRP instance and associated virtual servers
    track_interface { #Monitor the state of these interfaces, and go into a FAULT state if they go down
      bond0.294
      bond0.211
      bond0.60
      bond0.55
    #      bond0.205
    #      bond0.207
    }
    authentication { #must be the same on all directors for this vrrp instance
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress { #IPs to bring up/down when transistioning to/from MASTER state
        160.91.194.187/25 dev bond0.294 #Syslog VIP in Management VLAN
        160.91.205.178/27 dev bond0.211 # my.example.com website  VIP in external-services(non-jumbo) VLAN
        160.91.206.164/25 dev bond0.60 #LDAP VIP in internal-services(non-jumbo) VLAN
        160.91.206.176/25 dev bond0.60 # bcfg.example.com VIP in internal-services(non-jumbo) VLAN
        #160.91.206.155/25 dev bond0.60 #DNS VIP in internal-services(non-jumbo) VLAN
        160.91.199.40/27 dev bond0.211 # smtp.example.com VIP in external-services(non-jumbo) VLAN
        160.91.199.47/27 dev bond0.211 # users.example.com VIP in external-services (non-jumbo) VLAN
        160.91.198.186/25 dev bond0.55 # radius.example.com VIP in internal-services VLAN
        160.91.198.187/25 dev bond0.55 # dns.example.com VIP in internal-services VLAN
        160.91.198.135/25 dev bond0.55 # wwwadm.example.com VIP in internal-services VLAN
    }
}

server <ip_address to be shared between LBs> 3306 {
    delay_loop 30
    lb_algo wrr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 172.30.68.4 3306 { # db6.example.com
        weight 1
        TCP_CHECK {
            connect_port 3306
            connect_timeout 15
        }
    }
    real_server 172.30.68.6 3306 { # db5.example.com
        weight 1
        TCP_CHECK {
            connect_port 3306
            connect_timeout 15
        }
    }
    real_server 172.30.68.5 3306 { # db7.example.com
        weight 1
        TCP_CHECK {
            connect_port 3306
            connect_timeout 15
        }
    }

Comments welcome.
email me