[lvs-users] Trying to configure load balancing with keepalived. It is working as expected but only accepts traffic locally from the load balancer

Franck Fallateuf franck.fallateuf at plansource.com
Thu Dec 31 15:04:37 GMT 2015

I'm trying to get basic load balancing working with keepalived. It seems to be working but I can only connect to the virtual_server IP from the load balancer itself. If I try to make requests from other servers on our network they time out. Here is our config:

global_defs {
    notification_email {
     person at domain.com<mailto:person at domain.com>
   notification_email_from lb_cluster1 at plansource.com<mailto:lb_cluster1 at plansource.com>
   smtp_connect_timeout 30

vrrp_instance VI_1 {
   state MASTER
   interface eth0
   virtual_router_id 51
   priority 101
   virtual_ipaddress {

virtual_server 80 {
    delay_loop 10
    protocol TCP
    lb_algo rr
    lb_kind NAT
    persistence_timeout 7200

real_server 80 {
    weight 1
      connect_timeout 5
      connect_port 80
real_server 80 {
    weight 1
      connect_timeout 5
      connect_port 80

output from ipvsadm:

ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:50:56:b7:3e:f2 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
    inet scope global eth0
    inet6 fe80::250:56ff:feb7:3ef2/64 scope link
       valid_lft forever preferred_lft forever

curl from the localhost:

<html><body><h1>It works!</h1></body></html>

>From any other server or host on our network (same subnet or not) it times out.

I did notice that most other examples for keepalived and lb_kind NAT are using 2 different subnets but we'd like to avoid that if possible. It's also possible that it's required but I'm not totally sure how or why.


