How to set up Keepalived for High Availability and Load Balancing

A bunch of mail boxes over a metal fence

In mission critical environments it is important to keep the services up and running at all times, High Availability is paramount. Keepalived is a software that provides High Availability and/or Load Balancing.

What is Keepalived?

Keepalived is a software that allows to achieve High Availability (HA) and/or Load Balancing (LB) for important services, it can be used on a variety of services such as web servers and databases. If the software has HA/LB builtin, you should prefer that however. Although it is similar to a reverse proxy such as HAProxy its inner working is different and keepalived doesn’t require a different host to act as load balancer.

Keepalived uses the VRRP (Virtual Router Redundancy Protocol). This protocol, as the name implies, was originally thought for routers, but in this case it is used for another purpose. Essentially each node runs a copy of the software and operates with its own IP address (we’ll call it node IP). All the nodes agree on one or more “shared IP addresses” that will be used by the HA cluster (also referred to as virtual router), this IP is often called floating IP.

When a request is addressed towards the floating IP the software decides which node will respond, depending on the configuration. If one of the nodes goes down and a request is addressed towards the floating IP the software will automatically switch to another node which will handle the request.

In order for all of this to work the software must know when a node is down, keepalived allows the administrator to set a variety of liveliness checks. There are many of such methods as monitoring a process or a socket, but if you need something more specific you can write a shell script that checks the service status.

How to install Keepalived

The first thing you need to do is to install Keepalived

Red Hat-basedDebian-basedOther distributions
# yum install keepalived
# apt install keepalived

Please refer to your distribution documentation.

After configuring your cluster, you should also enable and start the service:

Terminal

# systemctl enable –now keepalived

# systemctl enable --now keepalived

or in older systems:

# service keepalived start
# update-rc.d keepalived enable

Sample HA configuration

In the following sample configuration we’ll set up a redundant web server. Let’s now suppose you have three nodes:

  • Node1: 10.10.10.1/16
  • Node2: 10.10.10.2/16
  • Node3: 10.10.10.3/16

And you want to use 10.10.10.150/16 as floating IP.

Node1Node2Node3
vrrp_track_process track_apache {
      process httpd
      interval 2
      weight 2
}

vrrp_instance VI_1 {
    state MASTER

    interface eth0
    virtual_router_id 10
    priority 200
    advert_int 1

    unicast_src_ip 10.10.10.1/16
    unicast_peer {
        10.10.10.2/16
        10.10.10.3/16
    }

    virtual_ipaddress {
        10.10.10.150/16
    }

    authentication {
        auth_type PASS
        auth_pass YOUR_PASSWORD_HERE
    }

    track_process {
        track_apache
    }
}
vrrp_track_process track_apache {
      process httpd
      interval 2
      weight 2
}

vrrp_instance VI_1 {
    state BACKUP

    interface eth0
    virtual_router_id 10
    priority 190
    advert_int 1

    unicast_src_ip 10.10.10.2/16
    unicast_peer {
        10.10.10.1/16
        10.10.10.3/16
    }

    virtual_ipaddress {
        10.10.10.150/16
    }

    authentication {
        auth_type PASS
        auth_pass YOUR_PASSWORD_HERE
    }

    track_process {
        track_apache
    }
}
vrrp_track_process track_apache {
      process httpd
      interval 2
      weight 2
}

vrrp_instance VI_1 {
    state BACKUP

    interface eth0
    virtual_router_id 10
    priority 180
    advert_int 1

    unicast_src_ip 10.10.10.3/16
    unicast_peer {
        10.10.10.1/16
        10.10.10.2/16
    }

    virtual_ipaddress {
        10.10.10.150/16
    }

    authentication {
        auth_type PASS
        auth_pass YOUR_PASSWORD_HERE
    }

    track_process {
        track_apache
    }
}

Let’s now take a break and look at each block:

  • vrrp_track_process: this block defines a way for keepalived to check the liveliness of the service, in this case Apache. The method name in this case is track_apache. Notice that you might have to change “process httpd” to “process apache” on Debian-based distributions. There are also other methods such as vrrp_script and vrrp_track_interface. This really depends on what you’re trying to make highly available, for more information check the official documentation.
  • vrrp_instance VI_1: this block defines the instance of VRRP, in this case 1.
  • state: this directive tells whether the host should act as a master or backup.
  • interface: this tells keepalived on which interface to listen.
  • virtual_router_id: this directive specifies the virtual router id, in this case 10. This must match on each node!
  • priority: this settings allows to define the priority each node has, the higher the number the higher the priority.
  • unicast_src_ip: the host IP of the local node, it is not strictly required but you may want to specify it in case there are multiple addresses available.
  • unicast_peer: this block specifies the peer (other nodes) of the local node.
  • authentication: this block contains authentication information that must be shared among nodes.
  • track_process: this directive tells the virtual router which method to use to decide whether a node is down and redirect the traffic somewhere else. In this case the method name is track_apache.
Image courtesy of ninita_7
mark

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.