LVS + Keepalived for high-availability Load Balancing I. Principle 1. Summary if you divide TCP/IP into five layers, Keepalived is similar ~ Software with layer-5 switching mechanism, with 3 ~ The layer-5 switching function is mainly used to detect the status of the web server. If a web server fails, Keepalived will detect and remove it from the system, when the web server is working normally, Keepalived automatically adds it to the server group. All these tasks are completed automatically without manual intervention. You only need to manually repair the faulty web server. 2. Working Principle Keepalived implements a high-availability solution based on VRRP protocol to avoid spof. In this solution, at least two servers run Keepalived, that is, one of them is the MASTER, the other is BACKUP, but it acts as a virtual IP address. The MASTER will send a specific message to the BACKUP. When the BACKUP cannot receive the message, the MASTER is considered faulty, BACKUP takes over the virtual IP address and continues to provide services to ensure high availability. For example, figure 1 Keepalived schematic 3-layer mechanism is to send ICMP packets, that is, PING them to a server, the fault is considered and removed from the server group. The layer-4 mechanism is to check the status of TCP port numbers to determine whether a server is faulty. If the server fails, it is removed from the server group. The layer-5 mechanism is to check whether a server application runs properly according to user settings. If the application is abnormal, remove it from the server group. 3. The actual function is mainly used for RealServer health check and failover implementation between the MASTER and BACKUP of the Server Load balancer device. Ii. architecture this series of articles uses CentOS Linux release 6.0 (Final) as an example to introduce how to use LVS + Keepalived to achieve high-availability load balancing. The specific service requirement is to use a virtual IP address to forward requests from port 8080, port 25, and port 21 to the real backend server for business logic. The system topology is shown in: figure 2 system topology figure the client accesses the Server Load balancer server through VIP (Virtual IP) (172.28.14.227/228/229, the server Load balancer server forwards requests to the Real Server (Web server/172.28.19.100/101/102, email server/172.28.19.103/104/105, file server/172.28.19.106/107/108) through MASTER/172.28.92 or BACKUP/172.28.93). LVS + Keepalived must be installed on both the MASTER and BACKUP of the Server Load balancer server. The installation and configuration of LVS and Keepalived are as follows. 3. LVS must be installed for both Master and Backup. The steps for installing ipvsadm are as follows: (1) install the dependency package and run the following command to check whether the dependency package is installed: () # rpm-qa | grep popt popt-static-1.13-7.el6.x86_64 popt-devel-1.13-7.el6.x86_64 if the above package is not available, you need to install it in sequence, as follows: # yum install popt-devel # yum install popt-static (B) rpm-qa | grep libnl libnl-1.1-14.el6.x86_64 if the above package is not available, install it in sequence as follows: # yum install libnl- Devel (2) ipvsadm installation # wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz # tar zxvf ipvsadm-1.26.tar.gz # ln-s/usr/src/kernels/2.6.32-71. el6.x86 _ 64/usr/src/linux // note: the path of each system may be different # cd ipvsadm-1.26 # make install OK, LVS is so installed. 4. Keepalived install Master and Backup must install Keepalive, the installation steps are as follows: # wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz # tar zxvf keepalived-1.2.7.tar.gz # cd keepalived-1.2.7 #. /configure # make install OK and Keepalived has been installed. If the following error occurs during #./configure: error :!!! OpenSSL is not properly installed on your system .!!! !!! Can not include OpenSSL headers files .!!! Install the OpenSSL package: # yum install openssl-devel and then perform the following steps from the #./configure step. 5. Configuration 1. The service script starts Keepalived into a service (both MASTER and BACKUP are required). The specific steps are as follows: (1) copy the Service Startup Script # cp. /keepalived/etc/init. d/etc/init. d (2) copy the configuration file # mkdir/etc/keepalived # cp. /keepalived/etc/keepalived. conf/etc/keepalived (3) copy the executable file # cp. /bin/keepalived/usr/bin (4) start/stop the service # service keepalived start # service keepalived stop2. Configure the MASTER backup and open the configuration file to modify the content. Pay special attention to the red part, the details are as follows: # cp/etc/keepalived. conf/etc/keepalive D/keepalived. conf. bak # vi/etc/keepalived. conf vrrp_instance VI_1 {state MASTER # status actual MASTER interface eth0 # Listen to NIC switch virtual_router_id 51 priority 100 # priority (higher priority) advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {# virtual IP address list, that is, the VIP guest }} virtual_server 172.28.14.227 8080 {delay_loop 6 lb_algo wlc lb_kind DR # DR Persistence_timeout 50 protocol TCP real_server 172.28.19.100 8080 {weight 1 # weight (the higher the weight, the more requests processed) TCP_CHECK {connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8080} real_server 172.28.19.101 8080 {weight 1 # weight (the higher the weight, the more requests processed) TCP_CHECK {connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8080} real_server 172.28.19.102 8080 {weight 1 # weight (the higher the weight, the more requests processed) TCP_CHE CK {connect_timeout 3 nb_get_retry 3 weight 3 connect_port 8080 }}virtual_server limit 25 {delay_loop 6 lb_algo wlc lb_kind DR # DR mode limit 50 protocol TCP real_server limit 25 {weight 1 # weight (weight) the higher the number of requests processed) TCP_CHECK {connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 25} real_server 172.28.19.104 25 {weight 1 # weight (the higher the weight, the more requests processed) TC P_CHECK {connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 25} real_server 172.28.19.105 25 {weight 1 # weight (the higher the weight, the more requests processed) TCP_CHECK {connect_timeout 3 nb_get_retry 3 limit 3 connect_port 25 }}virtual_server limit 21 {delay_loop 6 lb_algo wlc lb_kind DR # DR mode limit 50 protocol TCP real_server limit 21 {weight 1 # weight (weight) the higher the number of requests processed) TCP_CHECK {connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 21} real_server 172.28.19.107 21 {weight 1 # weight (the higher the weight, the more requests processed) TCP_CHECK {connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 21} real_server 172.28.19.108 21 {weight 1 # weight (the higher the weight, the more requests processed) TCP_CHECK {connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 21 }}3 configure BACKUP configuration and MAST ER is basically the same, except for the red part, specifically: # cp/etc/keepalived. conf/etc/keepalived. conf. bak # vi/etc/keepalived. conf vrrp_instance VI_1 {state BACKP # status actual BACKUP... priority 99 # priority 99 (100 lower than MASTER priority )...} 4. Configure Realserver to create a STARTUP script for a NIC of Realserver. The script content is as follows: # vi realserverd #! /Bin/bash VIP = 172.28.14.227. /etc/rc. d/init. d/functions case "$1" in start) echo 1>/proc/sys/net/ipv4/conf/lo/arp_ignore echo 2>/proc/sys/net/ipv4/conf/lo/arp_announce echo 1>/proc/ sys/net/ipv4/conf/all/arp_ignore echo 2>/proc/sys/net/ipv4/conf/all/arp_announce ifconfig lo: 0 $ VIP broadcast $ VIP netmask 255.255.255.255 up/sbin/route add-host $ VIP dev lo: 0 sysctl-p>/dev/null 2> & 1 echo" Realserver start OK "; stop) echo 0>/proc/sys/net/ipv4/conf/lo/arp_ignore echo 0>/proc/sys/net/ipv4/conf/lo/arp_announce echo 0>/proc/ sys/net/ipv4/conf/all/arp_ignore echo 0>/proc/sys/net/ipv4/conf/all/arp_announce ifconfig lo: 0 down/sbin/route del $ VIP>/dev/null 2> & 1 echo "realserver stoped"; *) echo "Usage: $0 {start | stop} "exit 1 esac exit 0 pay attention to the red part in the script. Each network adapter is bound with one virtual IP address. If multiple virtual IP addresses are bound Create a script for each Nic and specify lo: X (for example, lo: 0, lo: 1). In addition, there is a space between. and/etc/rc. d/funtions. Start the keepalived service, execute the above script, and then use ip a to confirm whether there is a VIP address. Enter ipvsadm-Ln to view the LVS working status. Stop the keepalived service of the MASTER. BACKUP can take over the VIP address and start the keepalived Service of the MASTER again. The MASTER can take over the VIP address again. If you have done all this, congratulations, you already have high availability service.