Chapter 3. Setting Up Load Balancer Prerequisites for Keepalived
Load Balancer using
keepalivedconsists of two basic groups: the LVS routers and the real servers. To prevent a single point of failure, each group should have at least two members.
The LVS router group should consist of two identical or very similar systems running Red Hat Enterprise Linux. One will act as the active LVS router while the other stays in hot standby mode, so they need to have as close to the same capabilities as possible.
Before choosing and configuring the hardware for the real server group, determine which of the three Load Balancer topologies to use.
3.1. The NAT Load Balancer Network
The NAT topology allows for great latitude in utilizing existing hardware, but it is limited in its ability to handle large loads because all packets going into and coming out of the pool pass through the Load Balancer router.
- Network Layout
- The topology for Load Balancer using NAT routing is the easiest to configure from a network layout perspective because only one access point to the public network is needed. The real servers are on a private network and respond to all requests through the LVS router.
- In a NAT topology, each real server only needs one NIC since it will only be responding to the LVS router. The LVS routers, on the other hand, need two NICs each to route traffic between the two networks. Because this topology creates a network bottleneck at the LVS router, Gigabit Ethernet NICs can be employed on each LVS router to increase the bandwidth the LVS routers can handle. If Gigabit Ethernet is employed on the LVS routers, any switch connecting the real servers to the LVS routers must have at least two Gigabit Ethernet ports to handle the load efficiently.
- Because the NAT topology requires the use of
iptablesfor some configurations, there can be a large amount of software configuration outside of Keepalived. In particular, FTP services and the use of firewall marks requires extra manual configuration of the LVS routers to route requests properly.
3.1.1. Configuring Network Interfaces for Load Balancer with NAT
To set up Load Balancer with NAT, you must first configure the network interfaces for the public network and the private network on the LVS routers. In this example, the LVS routers' public interfaces (
eth0) will be on the 203.0.113.0/24 network and the private interfaces which link to the real servers (
eth1) will be on the 10.11.12.0/24 network.
At the time of writing, the
NetworkManagerservice is not compatible with Load Balancer. In particular, IPv6 VIPs are known not to work when the IPv6 addresses are assigned by SLAAC. For this reason, the examples shown here use configuration files and the
On the active or primary LVS router node, the public interface's network configuration file,
/etc/sysconfig/network-scripts/ifcfg-eth0, could look something like this:
DEVICE=eth0 BOOTPROTO=static ONBOOT=yes IPADDR=203.0.113.9 NETMASK=255.255.255.0 GATEWAY=203.0.113.254
The configuration file,
/etc/sysconfig/network-scripts/ifcfg-eth1, for the private NAT interface on the LVS router could look something like this:
DEVICE=eth1 BOOTPROTO=static ONBOOT=yes IPADDR=10.11.12.9 NETMASK=255.255.255.0
In this example, the VIP for the LVS router's public interface will be 203.0.113.10 and the VIP for the NAT or private interface will be 10.11.12.10. It is essential that the real servers route requests back to the VIP for the NAT interface.
The sample Ethernet interface configuration settings in this section are for the real IP addresses of an LVS router and not the floating IP addresses.
After configuring the primary LVS router node's network interfaces, configure the backup LVS router's real network interfaces (taking care that none of the IP address conflict with any other IP addresses on the network).
Ensure that each interface on the backup node services the same network as the interface on the primary node. For instance, if eth0 connects to the public network on the primary node, it must also connect to the public network on the backup node.
3.1.2. Routing on the Real Servers
The most important thing to remember when configuring the real servers network interfaces in a NAT topology is to set the gateway for the NAT floating IP address of the LVS router. In this example, that address is 10.11.12.10.
Once the network interfaces are up on the real servers, the machines will be unable to ping or connect in other ways to the public network. This is normal. You will, however, be able to ping the real IP for the LVS router's private interface, in this case 10.11.12.9.
The real server's configuration file,
/etc/sysconfig/network-scripts/ifcfg-eth0, file could look similar to this:
DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=10.11.12.1 NETMASK=255.255.255.0 GATEWAY=10.11.12.10
If a real server has more than one network interface configured with a
GATEWAY=line, the first one to come up will get the gateway. Therefore if both
eth1are configured and
eth1is used for Load Balancer, the real servers may not route requests properly.
It is best to turn off extraneous network interfaces by setting
ONBOOT=noin their network configuration files within the
/etc/sysconfig/network-scripts/directory or by making sure the gateway is correctly set in the interface which comes up first.
3.1.3. Enabling NAT Routing on the LVS Routers
In a simple NAT Load Balancer configuration where each clustered service uses only one port, like HTTP on port 80, the administrator need only enable packet forwarding on the LVS routers for the requests to be properly routed between the outside world and the real servers. However, more configuration is necessary when the clustered services require more than one port to go to the same real server during a user session.
Once forwarding is enabled on the LVS routers and the real servers are set up and have the clustered services running, use
keepalivedto configure IP information.
Do not configure the floating IP for
eth1by manually editing network configuration files or using a network configuration tool. Instead, configure them by means of the
When finished, start the
keepalivedservice. Once it is up and running, the active LVS router will begin routing requests to the pool of real servers.