LVS and Keepalived

Mansoor Ali mhafeez72 at hotmail.com
Mon May 28 10:42:42 BST 2007 

Greetings

I am running the LVS on Redhat Enterprise Linux 4. The configuration is done 
based on the concept of LVS-NAT. The kernel version is 2.6.9-34-ELsmp and 
the ipvsadm version is 1.24-6.

I am running the single Linux-Director Machine with one interface (eth0) is 
connecting to the External network and other second interface (eth1) is 
connected to the Internal Network where Real Servers are running.

So far during my initial testing, the LVS is seems to be running fine 
without any problem. All the communication (incoming and outgoing) is 
successfully going from Virtual IP Address.

As i went through the different documentation I have found that in order to 
check the health of real-servers on periodic basis, there are number of 
sulutions available for such purpose e.g. LdirectorD and Keepalived out of 
which keepalived is considered to be more reliable solution.

As i went through the documentation of Keepalived, i am getting little bit 
confused. I have tried to install it but it looks like as if it is not 
running successfully.

My concerns related to keepalived are as follows:

1. Do I need to run the ipvsadm software in addition to the keepalived or in 
other words run the keepalived for health check purposes only?

2. I am not running the Active/Backup or MASTER/SLAVE configuration of LVS 
so by keeping this in mind can i still configure the keepalived for health 
checking of real servers, if yes than how?


Thanks in advance for answers

Mansoor


>From: lvs-users-request at LinuxVirtualServer.org
>Reply-To: lvs-users at LinuxVirtualServer.org
>To: lvs-users at LinuxVirtualServer.org
>Subject: lvs-users Digest, Vol 52, Issue 35
>Date: Sun, 27 May 2007 02:56:09 +0200 (CEST)
>
>Send lvs-users mailing list submissions to
>	lvs-users at LinuxVirtualServer.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	http://www.in-addr.de/mailman/listinfo/lvs-users
>or, via email, send a message with subject or body 'help' to
>	lvs-users-request at LinuxVirtualServer.org
>
>You can reach the person managing the list at
>	lvs-users-owner at LinuxVirtualServer.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of lvs-users digest..."


>Today's Topics:
>
>    1. Re: Customized fallbak page (Joseph Mack NA3T)
>    2. Re: Customized fallbak page (Joseph Mack NA3T)
>    3. topologies (Gerry Reno)
>    4. Re: topologies (Joseph Mack NA3T)
>    5. Re: Customized fallbak page (Dr. Volker Jaenisch)
>    6. Re: URL forwarding (Dr. Volker Jaenisch)
>    7. Re: topologies (Gerry Reno)
>    8. Re: topologies (Gerry Reno)
>    9. Re: topologies (Joseph Mack NA3T)



>From: Joseph Mack NA3T <jmack at wm7d.net>
>Reply-To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>Subject: Re: Customized fallbak page
>Date: Sat, 26 May 2007 13:42:01 -0700 (PDT)
>On Fri, 25 May 2007, Gustavo Mateus wrote:
>
>>Hi,
>>
>>I have 10 virtual servers (http) running on one director with 5 real 
>>servers and a separated fallback server running lighttpd.
>>
>>I want to customize a fallback server page for each of the 10 web sites 
>>running on the virtual servers.
>
>so that you get a reply...
>
>the way we think about loadbalancing here is that the client should never 
>be able to tell that they're connecting to a loadbalanced machine - they 
>should just be presented with a server. So we don't do what you're asking.
>
>Sure if a machine fails, then an admin should be able to figure out which 
>one, but not the client. Why do you want to do this?
>
>Joe







>From: Joseph Mack NA3T <jmack at wm7d.net>
>Reply-To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>Subject: Re: Customized fallbak page
>Date: Sat, 26 May 2007 13:48:10 -0700 (PDT)
>On Sat, 26 May 2007, Joseph Mack NA3T wrote:
>
>>On Fri, 25 May 2007, Gustavo Mateus wrote:
>>
>>>Hi,
>>>
>>>I have 10 virtual servers (http)
>
>maybe I missed your point. You have 10 different URLs/VIPs? I was thinking 
>that you wanted a different page displayed when each realserver needed to 
>be failed out.
>
>Joe







>From: Gerry Reno <greno at verizon.net>
>Reply-To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>Subject: topologies
>Date: Sat, 26 May 2007 17:48:29 -0400
>Are there any preferred topologies for setting up LVS?
>Right now without LVS I have everything on one lan and I just run 
>firewalls.  But to use LVS effectively I can see I need to create separate 
>lans.  Now this presents other problems because if I put my sets of 
>realservers (web, db) on separate lans then it's more difficult to 
>administer them and also they will lose access to common resources such as 
>the backup server.  So it looks like each realserver will have to be part 
>of multiple lans or vlans into order to still have access to common 
>resouces.  In doing so, will it create any problems with routing for the 
>VIP's and GW's?  I don't want any triangulation problems that can cause 
>connections to hang.  Are there any common gotcha's with multiple lan/vlan 
>relating to LVS?  I have VLAN capable switches.
>
>
>
>





>From: Joseph Mack NA3T <jmack at wm7d.net>
>Reply-To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>Subject: Re: topologies
>Date: Sat, 26 May 2007 15:21:52 -0700 (PDT)
>On Sat, 26 May 2007, Gerry Reno wrote:
>
>>Are there any preferred topologies for setting up LVS?
>>Right now without LVS I have everything on one lan and I just run 
>>firewalls. But to use LVS effectively I can see I need to create separate 
>>lans.
>
>why?
>
>>Now this presents other problems because if I put my sets of realservers 
>>(web, db) on separate lans
>
>separate from what, the other realservers? the VIP?
>
>>then it's more difficult to administer them and also they will lose access 
>>to common resources such as the backup server.  So it looks like each 
>>realserver will have to be part of multiple lans or vlans into order to 
>>still have access to common resouces.  In doing so, will it create any 
>>problems with routing for the VIP's and GW's?
>
>such as?
>
>>I don't want any triangulation problems that can cause connections to 
>>hang.
>
>what's a triangulation problem?
>
>You haven't mentioned any of the problems you're worrying about, so I can't 
>help you much at the moment.
>
>There's only two topologies at least as I think about it.
>
>o all machines on one physical network
>
>o all machines on two physical networks (the director has two NICs)
>
>either way you have to protect the realservers and director and either way 
>I can't see any problems accessing resources (such as network storage).
>
>Joe







>From: "Dr. Volker Jaenisch" <volker.jaenisch at inqbus.de>
>Reply-To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>Subject: Re: Customized fallbak page
>Date: Sun, 27 May 2007 01:30:22 +0200
>Hi Gustavo!
>
>Gustavo Mateus schrieb:
>>I have 10 virtual servers (http) running on one director with 5 real 
>>servers and a separated fallback server running lighttpd.
>>
>>I want to customize a fallback server page for each of the 10 web sites 
>>running on the virtual servers.
>>The way I imagine it can be done is setting lighttpd to respond to 10 
>>different ips. One ip on the fallback server for every virtual server that 
>>I have.
>>
>>Is there a way to avoid that? I dont know, some way to use virtual hosts 
>>and use just one IP for fallback server?
>Just to get you right:
>* You have 10 say "domains" running on 5 realservers.
>* If one domain dies you like to  bring up a "sorry-Page" that is 
>individual for every domain.
>
>If these guesses are your intention then you will have to use 10 different 
>IPs on the seperate fallback-Server mapped via the http-daemon to your 
>individual sorry-sites.
>
>The loadbalancing daemon ldirectord, or keepalived, or ipvsmand knows when 
>the last real server of the domain is dead and
>directs the inkoming IP packets now to the sorry-server IP. But it can not 
>change them to an other URL/domain since this information is encapsulated 
>in the Package HTTP-Protocol content.
>
>If the many IPs itself are your problem (limited number) you may use 
>different Ports on the same IP. But the configuration
>overhead will remain the same.
>
>Best Regards,
>
>Volker







>From: "Dr. Volker Jaenisch" <volker.jaenisch at inqbus.de>
>Reply-To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>Subject: Re: URL forwarding
>Date: Sun, 27 May 2007 02:00:21 +0200
>Hi Konstantin!
>Konstantin Ivanov schrieb:
>>Hello,
>>
>>Is it possible based on the URL address for the load balancer to forward 
>>the requests to a particular real servers. What I need to do is for 
>>example for a domain name domain1.com just server1 and server2 will 
>>respond, and for domain2.com server 1 and server3 will respond. I tried 
>>looking at UltraMonkey-L7 project but you can match only the file names in 
>>the URL like this:
>>l7vsadm -A -t 192.168.8.58:80 -m url --pattern-match '*.html' -s rr
>>l7vsadm -a -t 192.168.8.58:80 -m url --pattern-match '*.html' -r 
>>10.0.0.10:80
>Quoting 
>http://sourceforge.jp/projects/ultramonkey-l7/document/admin_manual_en-v1.3/en/1/admin_manual_en-v1.3.txt
>>2.2.2.2 URL module (url) option
>>--pattern-match character-string (module-args)
>>Defines the URL character string that should not be allowed to pass 
>>through till the real server.
>>This can take 127 english characters. Shell wildcard notation is allowed. 
>>(The "*" can match zero or more arbitrary characters --> Match any string
>>The "?" can match any single character --> Match any single character)
>>The character-string should be enclosed with ' (Single Quote character)
>>If complete matching or comparision is required for URL, then * might be 
>>needed.
>>Example: --pattern-match '*/index.html*'
>
>
>I never used l7vsadm but there is nowhere written that the matching string 
>operates only on the path portion of the URL.
>
>Have you tried e.g.
>
>l7vsadm -a -t 192.168.8.58:80 -m url --pattern-match 'domain2.com*' -r 
>10.0.0.10:80
>or
>l7vsadm -a -t 192.168.8.58:80 -m url --pattern-match '*domain2.com*' -r 
>10.0.0.10:80
>
>Best Regards,
>
>Volker







>From: Gerry Reno <greno at verizon.net>
>Reply-To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>Subject: Re: topologies
>Date: Sat, 26 May 2007 20:30:25 -0400
>Joseph Mack NA3T wrote:
>>
>>separate from what, the other realservers? the VIP?
>>
>yes
>>>then it's more difficult to administer them and also they will lose 
>>>access to common resources such as the backup server. So it looks like 
>>>each realserver will have to be part of multiple lans or vlans into order 
>>>to still have access to common resouces. In doing so, will it create any 
>>>problems with routing for the VIP's and GW's?
>>
>>such as?
>>
>>>I don't want any triangulation problems that can cause connections to 
>>>hang.
>>
>>what's a triangulation problem?
>where you have the response packets best-routed around the director 
>directly back to the client
>>
>>There's only two topologies at least as I think about it.
>>
>>o all machines on one physical network
>>
>>o all machines on two physical networks (the director has two NICs)
>>
>>
>Ok, some ascii art:
>
>|
>|(Single Public IP)
>---------------------
>| HW NAT Firewall |
>| Router |
>---------------------
>|(GW=192.168.0.1)
>|
>|(VIP=192.168.0.215)
>------------------------------------------------------------------------------------
>| ==LVS== | | |
>|(192.168.0.10) |(192.168.0.11) | |(192.168.0.nnn)
>--------------------- --------------------- | ---------------------
>| keepalived | | keepalived | | | lots of other |
>| master | | backup | | | servers |
>--------------------- --------------------- | ---------------------
>|(GW=192.168.1.1) | |
>------------------------------------------------------------------- |
>| | | | |
>|(192.168.1.10) |(192.168.1.11) |(192.168.2.10) |(192.168.2.11) |
>--------------- --------------- --------------- --------------- |
>| RS(web) | | RS(web) | | RS(db) | | RS(db) | |
>--------------- --------------- --------------- --------------- |
>|(192.168.0.70) |(192.168.0.71) |(192.168.0.72) |(192.168.0.73) |
>| | | | |
>-----------------------------------------------------------------------------|
>|
>--------------------- |
>| Network |---------------------------------
>| Storage |(192.168.0.99)
>---------------------
>
>This is what I was referring to when I was commenting on topology and if it 
>is possible to configure this way I was concerned about packets being 
>best-routed somehow past the director through the second interface on the 
>realservers.
>
>Gerry
>
>
>
>
>
>
>
>
>
>
>
>
>>Joe
>>
>





>From: Gerry Reno <greno at verizon.net>
>Reply-To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>Subject: Re: topologies
>Date: Sat, 26 May 2007 20:31:53 -0400
>Hmm... ascii art does not work on this list. :-(
>
>





>From: Joseph Mack NA3T <jmack at wm7d.net>
>Reply-To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing 
>list."<lvs-users at LinuxVirtualServer.org>
>Subject: Re: topologies
>Date: Sat, 26 May 2007 17:55:49 -0700 (PDT)
>On Sat, 26 May 2007, Gerry Reno wrote:
>
>>Joseph Mack NA3T wrote:
>>>
>>>separate from what, the other realservers? the VIP?
>>>
>>yes
>>>>then it's more difficult to administer them and also they will lose 
>>>>access to common resources such as the backup server. So it looks like 
>>>>each realserver will have to be part of multiple lans or vlans into 
>>>>order to still have access to common resouces. In doing so, will it 
>>>>create any problems with routing for the VIP's and GW's?
>>>
>>>such as?
>>>
>>>>I don't want any triangulation problems that can cause connections to 
>>>>hang.
>>>
>>>what's a triangulation problem?
>>where you have the response packets best-routed around the director 
>>directly back to the client
>
>OK you want LVS-NAT or the modified-shared version of LVS-DR (if you don't 
>know what that is, use LVS-NAT).
>
>>Ok, some ascii art:
>
>you need blanks and not tabs, and limit to (about) 50chars/line
>
>>
>>|
>>|(Single Public IP)
>>---------------------
>>| HW NAT Firewall |
>>| Router |
>>---------------------
>>|(GW=192.168.0.1)
>>|
>>|(VIP=192.168.0.215)
>>------------------------------------------------------------------------------------
>>| ==LVS== | | | |(192.168.0.10) |(192.168.0.11) | |(192.168.0.nnn)
>>--------------------- --------------------- | ---------------------
>>| keepalived | | keepalived | | | lots of other | | master | | backup | | 
>>| servers |
>>--------------------- --------------------- | ---------------------
>>|(GW=192.168.1.1) | |
>>------------------------------------------------------------------- |
>>| | | | |
>>|(192.168.1.10) |(192.168.1.11) |(192.168.2.10) |(192.168.2.11) |
>>--------------- --------------- --------------- --------------- |
>>| RS(web) | | RS(web) | | RS(db) | | RS(db) | |
>>--------------- --------------- --------------- --------------- |
>>|(192.168.0.70) |(192.168.0.71) |(192.168.0.72) |(192.168.0.73) |
>>| | | | |
>>-----------------------------------------------------------------------------|
>>|
>>--------------------- |
>>| Network |---------------------------------
>>| Storage |(192.168.0.99)
>>---------------------
>>
>>This is what I was referring to when I was commenting on topology and if 
>>it is possible to configure this way I was concerned about packets being 
>>best-routed somehow past the director through the second interface on the 
>>realservers.
>
>taking a punt here...
>
>you have director(s) with a public IP (here 192.168.0.215). Then you have 
>some web realservers, on 192.168.1.0/32. Presumably these talk to the db 
>machines (and the clients do not directly connect to the db machined). In 
>which case the db machines can also be on 192.168.1.0/32. And you have a 
>NAS which can also be on 191.168.1.0/32. The webservers will have 
>192.168.1.1 as their default gw. The other machines (db, NAS) shouldn't 
>havea default gw at all (presumably they aren't replying to clients)
>
>Joe








>_______________________________________________
>lvs-users mailing list
>lvs-users at LinuxVirtualServer.org
>http://www.in-addr.de/mailman/listinfo/lvs-users

_________________________________________________________________
Txt a lot? Get Messenger FREE on your mobile. 
https://livemessenger.mobile.uk.msn.com/

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list