keepalived - Virtual is not routing my requests to real servers
Solution 1:
I understand from you question and the comments that the load balancers and the real servers are the same machines.
According to the Redhat documentation:
Accessing the virtual IP from the load balancers or one of the real servers is not supported. Likewise, configuring a load balancer on the same machines as a real server is not supported.
However, this is still possible according to the LVS Knowledge Base, but requires a bit more configuration effort.
Based on your example, let's take a 3 nodes setup without track script with one virtual IP address for keepalived-2.0.19 on CentOS 7:
- virtual IP address:
192.168.178.201 - node 1:
192.168.178.210with priority 150 - node 2:
192.168.178.211with priority 100 - node 3:
192.168.178.212with priority 50
Then a possible configuration for keepalived is:
On node 1
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 150
advert_int 1
virtual_ipaddress {
192.168.178.201/32
}
}
virtual_server 192.168.178.201 {
lvs_sched rr
lvs_method DR
protocol TCP
persistence_timeout 50
delay_loop 10
real_server 192.168.178.210 {
TCP_CHECK {
connect_timeout 5
connect_port 8443
}
}
real_server 192.168.178.211 {
TCP_CHECK {
connect_timeout 5
connect_port 8443
}
}
real_server 192.168.178.212 {
TCP_CHECK {
connect_timeout 5
connect_port 8443
}
}
}
On node 2
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
virtual_ipaddress {
192.168.178.201/32
}
}
virtual_server 192.168.178.201 {
lvs_sched rr
lvs_method DR
protocol TCP
persistence_timeout 50
delay_loop 10
real_server 192.168.178.211 {
TCP_CHECK {
connect_timeout 5
connect_port 8443
}
}
real_server 192.168.178.212 {
TCP_CHECK {
connect_timeout 5
connect_port 8443
}
}
}
On node 3
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 50
advert_int 1
virtual_ipaddress {
192.168.178.201/32
}
}
virtual_server 192.168.178.201 {
lvs_sched rr
lvs_method DR
protocol TCP
persistence_timeout 50
delay_loop 10
real_server 192.168.178.212 {
TCP_CHECK {
connect_timeout 5
connect_port 8443
}
}
}
NB: each node has LVS configured according to its priority (less and less real_server).
If you configure LVS symmetrically, packets are going to be sent back and forth infinitely between the nodes and never answered.
You need to add the virtual IP address as a loopback address on all nodes. Otherwise, the BACKUP nodes receive the TCP messages from the load balancer but do not know what to do with it.
On all nodes in /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.178.201
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback
On all nodes in /etc/sysconfig/network, add the line
GATEWAYDEV=eth0
On all nodes, configure kernel parameters
net.ipv4.conf.ens192.arp_ignore = 1
net.ipv4.conf.ens192.arp_announce = 2
net.ipv4.ip_forward = 1
References
http://kb.linuxvirtualserver.org/wiki/Building_Two-Node_Directors/Real_Servers_using_LVS_and_Keepalived