Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

3.3. Putting the Configuration Together

After determining which of the preceding routing methods to use, the hardware should be connected together and configured.

Important

The network adapters on the LVS routers must be configured to access the same networks. For instance if eth0 connects to the public network and eth1 connects to the private network, then these same devices on the backup LVS router must connect to the same networks.
Also the gateway listed in the first interface to come up at boot time is added to the routing table and subsequent gateways listed in other interfaces are ignored. This is especially important to consider when configuring the real servers.
After connecting the hardware to the network, configure the network interfaces on the primary and backup LVS routers. This should be done by editing the network configuration files manually. For more information about working with network configuration files, see the Red Hat Enterprise Linux 7 Networking Guide.

3.3.1. General Load Balancer Networking Tips

Configure the real IP addresses for both the public and private networks on the LVS routers before attempting to configure Load Balancer using Keepalived. The sections on each topology give example network addresses, but the actual network addresses are needed. Below are some useful commands for bringing up network interfaces or checking their status.
Bringing Up Real Network Interfaces
To open a real network interface, use the following command as root, replacing N with the number corresponding to the interface (eth0 and eth1).
ifup ethN

Warning

Do not use the ifup scripts to open any floating IP addresses you may configure using Keepalived (eth0:1 or eth1:1). Use the service or systemctl command to start keepalived instead.
Bringing Down Real Network Interfaces
To bring down a real network interface, use the following command as root, replacing N with the number corresponding to the interface (eth0 and eth1).
ifdown ethN
Checking the Status of Network Interfaces
If you need to check which network interfaces are up at any given time, enter the following command:
ip link
To view the routing table for a machine, issue the following command:
ip route

3.3.2. Firewall Requirements

If you are running a firewall (by means of firewalld or iptables), you must allow VRRP traffic to pass between the keepalived nodes. To configure the firewall to allow the VRRP traffic with firewalld, run the following commands: 
# firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
# firewall-cmd --reload
If the zone is omitted the default zone will be used.
If, however, you need to allow the VRRP traffic with iptables, run the following commands: 
# iptables -I INPUT -p vrrp -j ACCEPT
# iptables-save > /etc/sysconfig/iptables
# systemctl restart iptables