2017-11-19

Load Balancer with “LVS + Keepalived + DSR” 

> to Japanese Pages

1. Summary

In this post, I will explain the effectiveness of the load balancer solution by “LVS + Keepalived + DSR” design technology and explain how to build it.


2. Introduction

The load balancer solution by “LVS + Keepalived + DSR” is a mature technology but I have posted this solution because I was asked by my friends.

For highly scalable projects, the topic of the load balancer is an agenda at least once in the system performance meeting.
I have done a lot of such experiences.
And we will have the opportunity to hear negative opinions about the performance of the software load balancer.
In such a case, the name of a hardware load balancer like BIG-IP sometimes comes up to the topic of that agenda.
However, we can not miss the fact that a load balancer using “LVS + Keepalived + DSR” design technology runs at 100% SLA and 10% load factor in our project receiving 1 million accesses per day.
This demonstrates that this design technology is one of the effective load balancer solutions in cloud hosting without load balancer PaaS or on premises.
Such a result is brought about by using the communication method called Direct Server Return (DSR).
The dramatic load reduction of the load balancer is realized by the feature of “returning it directly to the client without going through communication from the lower node” of the DSR.
In addition, this solution is not affected by various hardware related problems (failure, deterioration, support contract, support quality, end of product support, etc.).

In this post, I will explain how to build “LVS + Keepalived + DSR” design.
In addition, in this post, I will not specifically conduct benchmarks such as “DSR VS. Not DSR”.


3. Environment

In this post, I will explain the solution based on the following assumptions.

  1. CentOS 7
  2. Keepalived
  3. ipvsadm
  4. Firewalld

In this post, I will explain the solution based on the following system configuration diagram.




4. Install

First, we install the “Keeplived” on the Load Balancer 1.

$ sudo yum -y install keepalived


Next, we install the “Keeplived” on the Load Balancer 2.

$ sudo yum -y install keepalived


Next, we install the “ipvsadm” on the Load Balancer 1.

$ sudo yum -y install ipvsadm


Next, we install the “ipvsadm” on the Load Balancer 2.

$ sudo yum -y install ipvsadm




5. Configuration

Next, we configure the “firewalld” on the Web Server 1.
We startup the “firewalld” and enable it.

$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld
$ sudo systemctl status firewalld


We configure the “firewalld.”

$ sudo firewall-cmd --set-default-zone=internal
$ sudo firewall-cmd --add-port=22/tcp --zone=internal
$ sudo firewall-cmd --add-port=22/tcp --zone=internal --permanent
$ sudo firewall-cmd --add-port=80/tcp --zone=internal
$ sudo firewall-cmd --add-port=80/tcp --zone=internal --permanent
$ sudo firewall-cmd --add-port=443/tcp --zone=internal
$ sudo firewall-cmd --add-port=443/tcp --zone=internal --permanent
$ sudo firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -d 10.0.0.3 -j REDIRECT
$ sudo firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -d 10.0.0.3 -j REDIRECT
$ sudo firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -d 10.0.0.5 -j REDIRECT
$ sudo firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -d 10.0.0.5 -j REDIRECT


We reload the “firewalld” and confirm the configuration.

$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-all-zone
$ sudo firewall-cmd --direct --get-rule ipv4 nat PREROUTING


We use the “telnet” command to verify the communication of the Web Server 1.

$ sudo telnet 10.0.0.3 80


Next, we configure the “firewalld” on the Web Server 2.
We startup the “firewalld” and enable it.

$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld
$ sudo systemctl status firewalld


We configure the “firewalld.”

$ sudo firewall-cmd --set-default-zone=internal
$ sudo firewall-cmd --add-port=22/tcp --zone=internal
$ sudo firewall-cmd --add-port=22/tcp --zone=internal --permanent
$ sudo firewall-cmd --add-port=80/tcp --zone=internal
$ sudo firewall-cmd --add-port=80/tcp --zone=internal --permanent
$ sudo firewall-cmd --add-port=443/tcp --zone=internal
$ sudo firewall-cmd --add-port=443/tcp --zone=internal --permanent
$ sudo firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -d 10.0.0.4 -j REDIRECT
$ sudo firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -d 10.0.0.4 -j REDIRECT
$ sudo firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -d 10.0.0.5 -j REDIRECT
$ sudo firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -d 10.0.0.5 -j REDIRECT


We reload the “firewalld” and confirm the configuration.

$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-all-zone
$ sudo firewall-cmd --direct --get-rule ipv4 nat PREROUTING


We use the “telnet” command to verify the communication of the Web Server 2.

$ sudo telnet 10.0.0.4 80


Next, we configure the “Keepalived” on the Load Balancer 1.

$ sudo cp -a /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.org
$ sudo vim /etc/keepalived/keepalived.conf



  1. ; Common Configuration Block
  2. global_defs {
  3.     notification_email {
  4.         alert@example.com
  5.     }
  6.     notification_email_from lb1@example.com
  7.     smtp_server mail.example.com
  8.     smtp_connect_timeout 30
  9.     router_id lb1.example.com
  10. }
  11.  
  12. ; Master Configureation Block
  13. vrrp_instance VI_1 {
  14.     state MASTER
  15.     interface eth0
  16.     virtual_router_id 1
  17.     priority 101
  18.     nopreempt
  19.     advert_int 1
  20.     authentication {
  21.         auth_type PASS
  22.         auth_pass foo
  23.     }
  24.     virtual_ipaddress {
  25.         10.0.0.5/24 dev eth0
  26.     }
  27. }
  28.  
  29. ; Virtual Server Configureation Block
  30. virtusl_server 10.0.0.5 80 {
  31.     delay_loop 6
  32.     lvs_sched rr
  33.     lvs_method DR
  34.     persistence_timeout 50
  35.     protocol TCP
  36.     sorry_server 10.0.0.254 80
  37.     real_server 10.0.0.3 80 {
  38.         weight 1
  39.         inhibit_on_failure
  40.         HTTP_GET {
  41.             url {
  42.                 path /
  43.                 status_code 200
  44.             }
  45.             connect_timeout 3
  46.             nb_get_retry 3
  47.             delay_before_retry 3
  48.         }
  49.     }
  50.     real_server 10.0.0.4 80 {
  51.         weight 1
  52.         inhibit_on_failure
  53.         HTTP_GET {
  54.             url {
  55.                 path /
  56.                 status_code 200
  57.             }
  58.             connect_timeout 3
  59.             nb_get_retry 3
  60.             delay_before_retry 3
  61.         }
  62.     }
  63. }


$ sudo systemctl start keepalived


In case of failback prohibition, you should disable automatic startup of “Keepalived”.

$ :sudo systemctl enable keepalived
$ sudo systemctl status keepalived
$ sudo ip addr


Next, we configure the “Keepalived” on the Load Balancer 2.

$ sudo cp -a /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.org
$ sudo vim /etc/keepalived/keepalived.conf



  1. ; Common Configuration Block
  2. global_defs {
  3.     notification_email {
  4.         admin@example.com
  5.     }
  6.     notification_email_from lb2@example.com
  7.     smtp_server mail.example.com
  8.     smtp_connect_timeout 30
  9.     router_id lb2.example.com
  10. }
  11.  
  12. ; Backup Configureation Block
  13. vrrp_instance VI_1 {
  14.     state BACKUP
  15.     interface eth0
  16.     virtual_router_id 1
  17.     priority 100
  18.     nopreempt
  19.     advert_int 1
  20.     authentication {
  21.         auth_type PASS
  22.         auth_pass foo
  23.     }
  24.     virtual_ipaddress {
  25.         10.0.0.5/24 dev eth0
  26.     }
  27. }
  28.  
  29. ; Virtual Server Configureation Block
  30. virtusl_server 10.0.0.5 80 {
  31.     delay_loop 6
  32.     lvs_sched rr
  33.     lvs_method DR
  34.     persistence_timeout 50
  35.     protocol TCP
  36.     sorry_server 10.0.0.254 80
  37.     real_server 10.0.0.3 80 {
  38.         weight 1
  39.         inhibit_on_failure
  40.         HTTP_GET {
  41.             url {
  42.                 path /
  43.                 status_code 200
  44.             }
  45.             connect_timeout 3
  46.             nb_get_retry 3
  47.             delay_before_retry 3
  48.         }
  49.     }
  50.     real_server 10.0.0.4 80 {
  51.         weight 1
  52.         inhibit_on_failure
  53.         HTTP_GET {
  54.             url {
  55.                 path /
  56.                 status_code 200
  57.             }
  58.             connect_timeout 3
  59.             nb_get_retry 3
  60.             delay_before_retry 3
  61.         }
  62.     }
  63. }


$ sudo systemctl start keepalived


In case of failback prohibition, you should disable automatic startup of “Keepalived”.

$ :sudo systemctl enable keepalived
$ sudo systemctl status keepalived
$ sudo ip addr


Next, we change the kernel parameters on the Load Balancer 1.

$ sudo vim /etc/sysctl.conf



  1. # Enable Packet Transfer between Interfaces
  2. net.ipv4.ip_forward = 1
  3.  
  4. # Do not discard packets from networks that do not belong to the interface.
  5. net.ipv4.conf.all.rp_filter = 0

We reflect the setting of the kernel parameters.

$ sudo sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0


We startup the “ipvsadm.”

$ sudo touch /etc/sysconfig/ipvsadm
$ sudo systemctl start ipvsadm


In case of failback prohibition, you should disable automatic startup of “ipvsadm”.

$ :sudo systemctl enable ipvsadm
$ sudo systemctl status ipvsadm


Next, we change the kernel parameters on the Load Balancer 2.

$ sudo vim /etc/sysctl.conf



  1. # Enable Packet Transfer between Interfaces
  2. net.ipv4.ip_forward = 1
  3.  
  4. # Do not discard packets from networks that do not belong to the interface.
  5. net.ipv4.conf.all.rp_filter = 0

We reflect the setting of the kernel parameters.

$ sudo sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0


We startup the “ipvsadm.”

$ sudo touch /etc/sysconfig/ipvsadm
$ sudo systemctl start ipvsadm


In case of failback prohibition, you should disable automatic startup of “ipvsadm”.

$ :sudo systemctl enable ipvsadm
$ sudo systemctl status ipvsadm


We will use the “ipvsadm” command to check the LVS communication settings on the Load Balancer 1.

$ sudo ipvsadm -Ln


We will use the “ipvsadm” command to check the LVS communication settings on the Load Balancer 2.

$ sudo ipvsadm -Ln




6. Conclusion

In this way, we can improve performance degradation against high load, which is a weak point of software load balancer, with the DSR technology.
投稿者 時刻:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)