1

Keepalived for LVSRelease 0.3.5

Quick Start Guide Alexandre Cassen

http://keepalived.sourceforge.net � acassen@linux-vs.org

Release Date Description 0.0.2 15th July 2001 Release 0.3.5 updates 0.0.1 20th April 2001 Initial release

This document is copyright 2the terms of the GNU Geneand/or modify it under the tpublished by the Free SoftLicence, or (at your option) a

LicenceLicenceLicenceLicence

001 Alexandre Cassen. It is released under ral Public Licence. You can redistribute it erms of the GNU General Public Licence as ware Foundation; either version 2 of the ny later version.

2

3

CONTENTSCONTENTSCONTENTSCONTENTS

I. INTRODUCTION.................................................................................................................4

II. TERMINOLOGY................................................................................................................4

III. WHAT IS KEEPALIVED ?..............................................................................................5

3.1 GLOBAL VIEW AND LOCALIZATION .....................................................................................5 3.2 KEEPALIVED INTERNALS....................................................................................................5

3.2.1 Checks Modules ....................................................................................................6 3.2.2 Dynamic data structure representation ...........................................................7 3.2.3 SMTP Wrapper........................................................................................................8 3.2.4 IPVS kernel wrapper .............................................................................................8 3.2.4 IPFW kernel wrapper ............................................................................................8

IV. INSTALLING KEEPALIVED .........................................................................................9

4.1 TARBALL INSTALLTION ......................................................................................................9 4.2 DISTRIBUTION PACKAGE INSTALLTION.............................................................................10

V. CASE STUDY ....................................................................................................................11

5.1 MAINS ARCHITECTURE COMPONENTS...............................................................................11 5.2 SERVER POOL SPECIFICATIONS ........................................................................................11

VI. CONFIGURING KEEPALIVED ...................................................................................12

VII. RUNNING KEEPALIVED............................................................................................15

I. IntroductionI. IntroductionI. IntroductionI. Introduction The main goal of the keepalived project is to add a strong & robust keepalive facility to the

Linux Virtual Server project. Keepalived implements a framework based on three family checks : Layer3, Layer4 & Layer5. This framework gives to the daemon the ability of checking a LVS server pool states. When one of the server of the LVS server pool is down, keepalived informs the linux kernel via a setsockopt call to remove this server entry from the LVS topology.

For the instance, only NAT is implemented because it runs on the director. The daemon send requests to the kernel to add/remove realserver from the IPVS table entries and the IPFW table entries. In fact, this software drives the NAT kernel entries according to the realservers states.

II. TerminologyII. TerminologyII. TerminologyII. Terminology

I

4

n this document, we will use the following keywords :

• VIP : Virtual IP is the IP address that will be accessed by all the clients. The clients only access this IP address.

• Real server : A real server is hosting the application accessed by clients requests. WEB

SERVER 1 & WEB SERVER 2 on our synopsis.

• Server pool : A farm of realserver.

• Virtual server : The access point to a Server pool.

• Virtual Service : A TCP/UDP service associated with the VIP.

WAN

LVS Router

Hub / SWITCH

WEB SERVER 1 WEB SERVER 2

WAN Interface

LAN Interface

LVS stands for “ Linux Virtual Server “. LVS is a patched Linux kernel to add it a loadbalancing facility. For more informations on LVS, go to the project homepage : http://www.linux-vs.org. LVS acts as a network bridge (using NAT) to loadbalance TCP/UDP stream. The LVS router components are :

• WAN Interface : Ethernet Network Interface Controler that will be accessed by all the clients.

• LAN Interface : Ethernet Network Interface

Controler to manage all the loadbalanced servers.

• Linux kernel : The kernel is patched with the

latest LVS and is used as a router OS.

5

III. What is Keepalived ?III. What is Keepalived ?III. What is Keepalived ?III. What is Keepalived ?

3.1 Global View and localization

3.2 Keepalived Internals Keepalived is a simple standalone daemon. He provides to the linux loadbalancer the ability of

monitoring the loadbalanced server pool. So when one of the server is in a fault state (http server down, application server down, system crash, ...), the daemon informs the "VS Schedule & Controle Module" that this server must be retired from the server pool loadbalanced.

Main trigger loopchecker

Layer 3 checker

Layer 4 checker

Layer 5 checker

1.Build IP header2.Build ICMP header

3. ICMP_ECHO packet send4. ICMP_ECHOREPLY packet recieved ?

ICMPCHECK

1.Connect remote2. Connect timeout ?

TCPCHECK

(Half open connection)

1.Timeouted connect2.HTTP connection

3. HTTP GET method4. Good MD5 SUM result ?

HTTP_GETCHECK

Data structureInitialisation

KernelLinux

delayloop

UpdateIPVS & IPFWConfiguration

SMTP Server

Send Alerts

Pool de serveurs

WAN

Hub

LoadBalancerLinux Virtual Server

Serveur 1 Serveur 2 Serveur 3 Serveur 4

Kernel Space

User Space

RoutingDecision

FORWARDRULES

Incomnig IP Packet

ProcessINPUTRULES

OUTPUTRULES

VS RulesTable

VS ConnectionHash Table

KEEPALIVED

setsockoptproc filesystem

Firewall FrameWork

VS ScheduleControle Module

Outgoing IP Packet

VIP

setsockopt

proc filesystem

6

This standalone daemon uses five main components :

• Checks Modules : Provide three family checks based on layer3, 4 & 5 TCP/IP stack. At this time, I have only implemented one check for each family. The main trigger loop performs checks according to daemon configuration file.

• Data structure representation : Provides the knownledge of the server pool. This

structure is initialyzed the first time you start the daemon. So when your server pool topology has changed (adding a new server to the pool, removing one, ...) you have to restart the daemon to give it the knowledge of the new server pool representation.

• SMTP wrapper : Provides the communications channel with a SMTP server to send

notifications alerts. • IPVS kernel wrapper : Provides the communication channel with the IPVS kernel part. The

daemon can add/remove server from the pool using the dynamic data structure representation. This wrapper is based on ipvadm.

• IPFW kernel wrapper : Provides the communication channel with the IPFW kernel part.

The daemon can add/remove server from NAT kernel entries using the dynamic data structure representation. This wrapper uses the “Rusty” firewall manipulation library.

3.2.1 Checks Modules The daemon provides three kind of family checks. All the checks belong to the layer3, 4 & 5 TCP/IP stack. For the instance, only one check per family is implemented. This checks are :

• ICMP_CHECK : Working at layer3. This check builds an ICMP packet. The IP & ICMP

header are filled out according to the RFC. The ICMP packet is flagged to ICMP_ECHO. Then the packet is sent to the remote server. If the remote server does not reply to this request (timeout or ICMP_ECHOREPLY not received), then the test is wrong and the server is removed from the server pool.

• TCP_CHECK : Working at layer4. To ensure this check, we use a TCP Vanilla check using nonblocking/timeouted tcp connections. If the remote server does not reply to this request (timeouted), then the test is wrong and the server is removed from the server pool.

• HTTP_GET_CHECK : Working at layer5. Perform a GET HTTP to a specified URL. The

get result is then sum using the MD5 algo. If this sum does not match with the expected value, the test is wrong and the server is removed from the server pool. This module implement a multi-url get check on the same service. This functionality is useful if you are using a server hosting more than one application server. This functionality gave you the ability to check if an application server is working properly.

3.2.2 Dynamic data structure representation This structure is the most important structure in the daemon. To check the server pool, we need a memory representation of our whole routing environnement. The daemon uses the following data structure representation :

Each trigger check performs this dynamic data structure to obtain knowledge on : • Delay loop performing checks • Email address to send alerts notifications • The application and network server pool topology • Each server states in the server pool • The check kind to apply on each server

Each Real Server are defined as :

Virtual Server (1)

* IP address* Port* Scheduling* LoadBalancing Algo* Persistence TO* Service Type

Real Server Pool

Real Server(1)

* IP address* Port* Weight* Keepalive method* alive

Next

Virtual

Server

NULL

Next Real Server

Real Server(n)

* IP address* Port* Weight* Keepalive method* alive

Next Real Server

Virtual Server (2)

* IP address* Port* Scheduling* LoadBalancing Algo* Persistence TO* Service Type

Real Server Pool

Real Server(1)

* IP address* Port* Weight* Keepalive method* alive

Next

Virtual

Server

NULL

Next Real Server

Real Server(n)

* IP address* Port* Weight* Keepalive method* alive

Next Real Server

Virtual Server (n)

* IP address* Port* Scheduling* LoadBalancing Algo* Persistence TO* Service Type

Real Server Pool

Real Server(1)

* IP address* Port* Weight* Keepalive method* alive

Next

Virtual

Server

NULL

Next Real Server

Real Server(n)

* IP address* Port* Weight* Keepalive method* alive

Next Real Server

NU

LL

ConfigurationDATA

* Delay loop* email from* SMTP server IP* LVS ID

Email address

LVS

Topology

Notification email

* Email

Next Email Address

Notification email

* Email

Next Email Address

NULL

Real Server(n) e Keepalive la

7

* IP address* Port* Weight* alive

Keepaliv

Method Method

* Flag_type

HTTP GET CHECK TCPVanil

Check

HTTP GET CHECK

* Connection TO* NB Get retry* Delay before retry

URLS

TCP Vanilla Check

* Connection TO

URLS

* url* digest

NEXT

URLS

URLS

* url* digest

NEXT

URLS

NU

LL

8

3.2.3 SMTP Wrapper

This is a simple smtp wrapper giving to the daemon the ability to connect and discuss with a remote (or localhost) SMTP server. The implementation take care of the remote SMTP server response code according to the RFC822. This wrapper use a nonblocking/timeouted tcp connection with the remote SMTP server. For the moment the timeout value is hardcoded and fixed to 3 secondes. This timeout is used for the connection state (before the SMTP exchange) and for the remote SMTP server response code (during the SMTP command exchange). Since many extended messaging systems like SMS GSM, pagers, … can be easily interfaced with SMTP servers, the daemon only implements the SMTP protocol to perform notifications alerts. SMTP is a common factor for notifications messages. 3.2.4 IPVS kernel wrapper

This short module provides to the daemon the ability of adding/removing server from the loadbalanced server pool. It is based on the ipvsadm program from LVS, using setsockopt call. In most failover daemon for LVS, this functionality is provided by a simple system call to the ipvsadm program. 3.2.4 IPFW kernel wrapper

This short module provides to the daemon the ability of adding/removing server from the kernel NAT forwarding chain. This code use the “Rusy” firewall manipulation library used in the ipchains CLI.

IV. Installing keepalivedIV. Installing keepalivedIV. Installing keepalivedIV. Installing keepalived

Before installing keepalived, you must completely uninstall any existing version you may have. There is two possible way installing keepalived :

• Directly from the tarball package. • Using the binary rpm package distribution file.

4.1 Tarball installtion

1. Download the latest keepalived source code from the web site and unzip/untar it. Then

compile & install as follow : 2

call to th N

[root@lvs keepalived-0.3.5]# makegcc -o main.o -g -Wall -I/usr/src/linux/include -c main.cgcc -o utils.o -g -Wall -I/usr/src/linux/include -c utils.cgcc -o scheduler.o -g -Wall -I/usr/src/linux/include -c scheduler.cgcc -o cfreader.o -g -Wall -I/usr/src/linux/include -c cfreader.cgcc -o layer4.o -g -Wall -I/usr/src/linux/include -c layer4.cgcc -o check_tcp.o -g -Wall -I/usr/src/linux/include -c check_tcp.cgcc -o check_http.o -g -Wall -I/usr/src/linux/include -c check_http.cgcc -o md5.o -g -Wall -I/usr/src/linux/include -c md5.cgcc -o ipwrapper.o -g -Wall -I/usr/src/linux/include -c ipwrapper.cgcc -o ipvswrapper.o -g -Wall -I/usr/src/linux/include -c ipvswrapper.cgcc -o ipfwwrapper.o -g -Wall -I/usr/src/linux/include -c ipfwwrapper.ccd libipfwc/ && make libipfwc.amake[1]: Entering directory `/usr/src/redhat/SOURCES/keepalived-0.3.5/libipfwc'gcc -Wall -Wunused -g -O -c libipfwc.c -o libipfwc.oar rv libipfwc.a libipfwc.oa - libipfwc.omake[1]: Leaving directory `/usr/src/redhat/SOURCES/keepalived-0.3.5/libipfwc'gcc -o pidfile.o -g -Wall -I/usr/src/linux/include -c pidfile.cgcc -o smtp.o -g -Wall -I/usr/src/linux/include -c smtp.cgcc -o keepalived -g -Wall main.o utils.o scheduler.o cfreader.o layer4.ocheck_tcp.o check_http.o md5.o ipwrapper.o ipvswrapper.o ipfwwrapper.olibipfwc/libipfwc.a pidfile.o smtp.ostrip keepalived

Make complete[root@lvs keepalived-0.3.5]# make installinstall -m 700 keepalived /usr/sbin/install -m 755 etc/rc.d/init.d/keepalived.init /etc/rc.d/init.d/mkdir /etc/keepalivedinstall -m 644 etc/keepalived/keepalived.conf /etc/keepalived/[root@lvs keepalived-0.3.5]# cd genhash/[root@lvs genhash]# makegcc -o md5.o -Wall -I/usr/src/linux/include -c md5.cgcc -o genhash.o -Wall -I/usr/src/linux/include -c genhash.cgcc -o genhash -Wall md5.o genhash.ostrip genhash

Make complete[root@lvs genhash]# make install

9

. All the binary and template configuration file are installed. You may need now to create a e keepalived daemon in your rc file. If you are using redhat linux, juste type for example :

ote : ln to your default runlevel directory.

[root@lvs keepalived-0.3.5]# ln -s /etc/rc.d/init.d/keepalived.init/etc/rc.d/rc3.d/S99keepalived

10

4.2 Distribution package installtion

1. Download the latest keepalived distribution rpm file from the web site. Then proceed as follow :

2. All the binary and template configuration file are installed. You may need now to create a call to the keepalived daemon in your rc file. If you are using redhat linux, juste type for example :

Note : ln to your default runlevel directory.

[root@lvs tmp]# rpm -ivh keepalived-0.3.5-1.i386.rpmkeepalived ##################################################

[root@lvs keepalived-0.3.5]# ln -s /etc/rc.d/init.d/keepalived.init/etc/rc.d/rc3.d/S99keepalived

V. Case studyV. Case studyV. Case studyV. Case study As an example we can introduce the following LVS topology :

Faan

11

irst of all you need a well configured LVS topology. In the rest of this document, we will assume that ll systems configurations has been done. This kind of topology is generally implemented in a DMZ rchitecture. For more information on LVS NAT topology and systems configuration please read the ice Joseph Mack LVS HOWTO.

5.1 Mains architecture components

• LVS Router : Owning the loadbalanced IP Class routed (192.168.100.0/24). • Network Router : The default router of the whole internal network. All the LAN workstation

handle this IP address. • Network DNS server : Referencing the internal network IP topology. • SMTP Server : Server SMTP receiving the mail alerts. • SERVER POOL : Server hosting loadbalanced services.

5.2 Server pool specifications

In this sample configuration we have 2 server pools :

• Server pool 1 : Hosting the HTTP & SSL services. Each server own two application servers (IBM WEBSPHERE & BEA WEBLOGIC)

• Server pool 2 : Hosting the SMTP service.

Server Pool 1

LVS Router

Hub / SWITCH

WEB SERVER 1 WEB SERVER 2

VIP = 192.168.200.15

80 443

192.168.100.1

192.168.100.2 192.168.100.3

Default route Default route

Internet WorkstationsNetwork Router

192.168.200.1

Default route

Network DNS server

DNS pointer

Routing IP class192.168.100.0/24 ===> VIP

Server Pool 2

MAIL SERVER 1 MAIL SERVER 2192.168.100.4 192.168.100.5

Default routeDefault route

25

SMTP Server192.168.200.20

SMTP alerts

12

VI. Configuring keepalivedVI. Configuring keepalivedVI. Configuring keepalivedVI. Configuring keepalived

You are now ready to configure the keepalived daemon according to your LVS topology. The whole configuration is done in the /etc/keepalived/keepalived.conf file. In our case study this file looks like :

# Configuration File for keepalived

global_defs {notification_email {acassen@domain.com0633225522@domain.com

}notification_email_from keepalived@domain.comsmtp_server 192.168.200.20smtp_connect_timeout 30lvs_id LVS_MAIN

}

virtual_server 192.168.200.15 80 {delay_loop 30lb_algo wrrlb_kind NATnat_mask 255.255.255.0persistence_timeout 50protocol TCP

sorry_server 192.168.100.100 80

real_server 192.168.100.2 80 {weight 2HTTP_GET {

url {path /testurl/test.jspdigest ec90a42b99ea9a2f5ecbe213ac9eba03

}url {path /testurl2/test.jspdigest 640205b7b0fc66c1ea91c463fac6334c

}connect_timeout 3nb_get_retry 3delay_before_retry 2

}}real_server 192.168.100.3 80 {

weight 1HTTP_GET {

url {path /testurl/test.jspdigest 640205b7b0fc66c1ea91c463fac6334c

}connect_timeout 3nb_get_retry 3delay_before_retry 2

}}

}

virtual_server 192.168.200.15 443 {delay_loop 20lb_algo rrlb_kind NATnat_mask 255.255.255.0persistence_timeout 360protocol TCP

real_server 192.168.100.2 443 {weight 1TCP_CHECK {

connect_timeout 3}

}

Ai

real_server 192.168.100.3 443 {weight 1TCP_CHECK {

connect_timeout 3}

}}

virtual_server 192.168.200.15 25 {delay_loop 15lb_algo wlclb_kind NATnat_mask 255.255.255.255persistence_timeout 50protocol TCP

real_server 192.168.100.4 25 {weight 1TCP_CHECK {

connect_timeout 3}

}real_server 192.168.100.5 25 {

weight 2TCP_CHECK {

connect_timeout 3}

}

13

ccording to the configurations done, the keepalived daemon will drive the kernel using the nformations :

• The LVS server will own the name : LVS_MAIN • Notification :

o SMTP server will be : 192.168.200.20 o SMTP connection timeout is set to : 30 secondes o Notification emails will be : acassen@domain.com & 0633225522@domain.com

• Loadbalanced services : o HTTP : VIP 192.168.200.15 port 80

� Loadbalancing : Use Weighted Round Robin Algo in a NAT topology. Connection persistence set to 50 seconds on each TCP service. We use a NAT netmask of F:F:F:0 to define the IPFW masquerade granularity. The delay loop is set to 30 secondes

� Sorry Server : If all realservers are removed from the VS servers pool, we add the sorry_server 192.168.100.100 port 80 to serve clients requests.

� Realserver 192.168.100.2 port 80 will be weighted to 2. Failure detect will be based on HTTP_GET over 2 URLS. The service connection timeout will be set to 3 seconds. The realserver will be considered down after 3 retry. The daemon will wait for 2 seconds before retrying.

� Realserver 192.168.100.3 port 80 will be weighted to 1. Failure detect will be based on HTTP_GET over 1 URL. The service connection timeout will be set to 3 seconds. The realserver will be considered down after 3 retry. The daemon will wait for 2 seconds before retrying.

o SSL : VIP 192.168.200.15 port 443

� Loadbalancing : Use Round Robin Algo in a NAT topology. Connection persistence set to 360 seconds on each TCP service. We use a NAT netmask of F:F:F:0 to define the IPFW masquerade granularity. The delay loop is set to 20 secondes

}

14

� Realserver 192.168.100.2 port 443 will be weighted to 2. Failure detect will be based on TCP_CHECK. The realserver will be considered down after a 3 seconds connection timeout.

� Realserver 192.168.100.3 port 443 will be weighted to 2. Failure detect will be based on TCP_CHECK. The realserver will be considered down after a 3 seconds connection timeout.

o SMTP : VIP 192.168.200.15 port 25 � Loadbalancing : Use Weighted least connection Algo in a NAT

topology with connection persistence set to 50 seconds. We use a NAT netmask of F:F:F:F to define the IPFW masquerade granularity. The delay loop is set to 15 secondes

� Realserver 192.168.100.4 port 25 will be weighted to 1. Failure detect will be based on TCP_CHECK. The realserver will be considered down after a 3 seconds connection timeout.

� Realserver 192.168.100.5 port 25 will be weighted to 2. Failure detect will be based on TCP_CHECK. The realserver will be considered down after a 3 seconds connection timeout.

All the digest string are generated with the genhash software. To generate a sum over an URL simply proceed as follow :

[root@lvs /root]# genhash 192.168.100.2 1358 /testurl/test.jspgenhash v0.2.3 (27/03, 2001), Alexandre Cassen-[ NONBLOCK socket connection in progress ]--[ Reading data from remote host ]----------------------------[ Received Buffer ]----------------------------HTTP/1.1 401 UnauthorizedDate: Mon, 23 Apr 2001 15:41:54 GMTAllow: GET, HEADServer: Oracle_Web_Listener/4.0.8.1.0EnterpriseEditionContent-Type: text/htmlContent-Length: 164WWW-Authenticate: Basic realm="ACCES "Cache-Control: public

<HTML><HEAD><TITLE>Unauthorized</TITLE></HEAD><BODY>This document is protected. You must sendthe proper authorization information to access it.</BODY></HTML>

--------------------------[ HTTP Header Buffer ]--------------------------0000 48 54 54 50 2f 31 2e 31 - 20 34 30 31 20 55 6e 61 HTTP/1.1 401 Una0010 75 74 68 6f 72 69 7a 65 - 64 0d 0a 44 61 74 65 3a uthorized..Date:0020 20 4d 6f 6e 2c 20 32 33 - 20 41 70 72 20 32 30 30 Mon, 23 Apr 2000030 31 20 31 35 3a 34 31 3a - 35 34 20 47 4d 54 0d 0a 1 15:41:54 GMT..0040 41 6c 6c 6f 77 3a 20 47 - 45 54 2c 20 48 45 41 44 Allow: GET, HEAD0050 0d 0a 53 65 72 76 65 72 - 3a 20 4f 72 61 63 6c 65 ..Server: Oracle0060 5f 57 65 62 5f 4c 69 73 - 74 65 6e 65 72 2f 34 2e _Web_Listener/4.0070 30 2e 38 2e 31 2e 30 45 - 6e 74 65 72 70 72 69 73 0.8.1.0Enterpris0080 65 45 64 69 74 69 6f 6e - 0d 0a 43 6f 6e 74 65 6e eEdition..Conten0090 74 2d 54 79 70 65 3a 20 - 74 65 78 74 2f 68 74 6d t-Type: text/htm00a0 6c 0d 0a 43 6f 6e 74 65 - 6e 74 2d 4c 65 6e 67 74 l..Content-Lengt00b0 68 3a 20 31 36 34 0d 0a - 57 57 57 2d 41 75 74 68 h: 164..WWW-Auth00c0 65 6e 74 69 63 61 74 65 - 3a 20 42 61 73 69 63 20 enticate: Basic00d0 72 65 61 6c 6d 3d 22 41 - 43 43 45 53 20 20 20 20 realm="ACCES00e0 22 0d 0a 43 61 63 68 65 - 2d 43 6f 6e 74 72 6f 6c "..Cache-Control00f0 3a 20 70 75 62 6c 69 63 - 0d 0a 0d 0a : public....------------------------------[ HTML Buffer ]-----------------------------0000 3c 48 54 4d 4c 3e 3c 48 - 45 41 44 3e 3c 54 49 54 <HTML><HEAD><TIT0010 4c 45 3e 55 6e 61 75 74 - 68 6f 72 69 7a 65 64 3c LE>Unauthorized<0020 2f 54 49 54 4c 45 3e 3c - 2f 48 45 41 44 3e 0d 0a /TITLE></HEAD>..0030 3c 42 4f 44 59 3e 54 68 - 69 73 20 64 6f 63 75 6d <BODY>This docum0040 65 6e 74 20 69 73 20 70 - 72 6f 74 65 63 74 65 64 ent is protected0050 2e 20 20 59 6f 75 20 6d - 75 73 74 20 73 65 6e 64 . You must send0060 0d 0a 74 68 65 20 70 72 - 6f 70 65 72 20 61 75 74 ..the proper aut0070 68 6f 72 69 7a 61 74 69 - 6f 6e 20 69 6e 66 6f 72 horization infor0080 6d 61 74 69 6f 6e 20 74 - 6f 20 61 63 63 65 73 73 mation to access0090 20 69 74 2e 3c 2f 42 4f - 44 59 3e 3c 2f 48 54 4d it.</BODY></HTM00a0 4c 3e 0d 0a - L>..----------------------------[ HTML MD5 resulting ]------------------------MD5 Digest : ec90a42b99ea9a2f5ecbe213ac9eba03

The only things to do is to copy/paste the MD5 Digest value generated into your keepalived configuration file (digest value keyword). VII. Running keepalivedVII. Running keepalivedVII. Running keepalivedVII. Running keepalived 1. You are now ready to run the keepalived daemon. To run keepalived simply hit : 2. To ensure the daemon is properly runnig look at the log file located /var/log/debug :

[root@lvs tmp]# /etc/rc.d/init.d/keepalived.init startStarting Keepalived for LVS: [ OK ]

[23/04/01 - 15:59:05] keepalived[22996]: Starting keepalived daemon[23/04/01 - 15:59:05] keepalived[22997]: Using LVS dynamic data representation :[23/04/01 - 15:59:05] keepalived[22997]: ------< Global definitions >------[23/04/01 - 15:59:05] keepalived[22997]: LVS ID = LVS_MAIN[23/04/01 - 15:59:05] keepalived[22997]: Smtp server = 192.168.200.20[23/04/01 - 15:59:05] keepalived[22997]: Smtp server connection timeout = 30[23/04/01 - 15:59:05] keepalived[22997]: Email notification from = keepalived@domain.com[23/04/01 - 15:59:05] keepalived[22997]: Email notification = acassen@domain.com[23/04/01 - 15:59:05] keepalived[22997]: Email notification = 0633225522@domain.com[23/04/01 - 15:59:05] keepalived[22997]: ------< LVS Topology >------[23/04/01 - 15:59:05] keepalived[22997]: VS IP = 192.168.200.15, PORT = 80[23/04/01 - 15:59:05] keepalived[22997]: -> delay_loop = 30, lb_algo = wrr, lb_kind = NAT,[23/04/01 - 15:59:05] keepalived[22997]: persistence = 50, protocol = TCP[23/04/01 - 15:59:05] keepalived[22997]: -> nat mask = 255.255.255.0[23/04/01 - 15:59:05] keepalived[22997]: -> sorry server = [192.168.100.100:80][23/04/01 - 15:59:05] keepalived[22997]: -> SVR IP = 192.168.100.2, PORT = 80, WEIGHT = 2[23/04/01 - 15:59:05] keepalived[22997]: -> Keepalive method = HTTP_GET[23/04/01 - 15:59:05] keepalived[22997]: -> Url = /testurl/test.jsp,[23/04/01 - 15:59:05] keepalived[22997] Digest = ec90a42b99ea9a2f5ecbe213ac9eba03[23/04/01 - 15:59:05] keepalived[22997]: -> Url = /testurl2/test.jsp,[23/04/01 - 15:59:05] keepalived[22997] Digest = 640205b7b0fc66c1ea91c463fac6334c[23/04/01 - 15:59:05] keepalived[22997]: -> Connection timeout = 3, Nb get retry = 3[23/04/01 - 15:59:05] keepalived[22997]: -> Delay before retry = 2[23/04/01 - 15:59:05] keepalived[22997]: -> SVR IP = 192.168.100.3, PORT = 80, WEIGHT = 1[23/04/01 - 15:59:05] keepalived[22997]: -> Keepalive method = HTTP_GET[23/04/01 - 15:59:05] keepalived[22997]: -> Url = /testurl/test.jsp,[23/04/01 - 15:59:05] keepalived[22997] Digest = 640205b7b0fc66c1ea91c463fac6334c[23/04/01 - 15:59:05] keepalived[22997]: -> Connection timeout = 3, Nb get retry = 3[23/04/01 - 15:59:05] keepalived[22997]: -> Delay before retry = 2[23/04/01 - 15:59:05] keepalived[22997]: VS IP = 192.168.200.15, PORT = 443[23/04/01 - 15:59:05] keepalived[22997]: -> delay_loop = 20, lb_algo = rr, lb_kind = NAT,[23/04/01 - 15:59:05] keepalived[22997]: persistence = 360, protocol = TCP[23/04/01 - 15:59:05] keepalived[22997]: -> nat mask = 255.255.255.0[23/04/01 - 15:59:05] keepalived[22997]: -> SVR IP = 192.168.100.2, PORT = 443, WEIGHT = 1[23/04/01 - 15:59:05] keepalived[22997]: -> Keepalive method = TCP_CHECK[23/04/01 - 15:59:05] keepalived[22997]: -> Connection timeout = 3[23/04/01 - 15:59:05] keepalived[22997]: -> SVR IP = 192.168.100.3, PORT = 443, WEIGHT = 1[23/04/01 - 15:59:05] keepalived[22997]: -> Keepalive method = TCP_CHECK[23/04/01 - 15:59:05] keepalived[22997]: -> Connection timeout = 3[23/04/01 - 15:59:05] keepalived[22997]: VS IP = 192.168.200.15, PORT = 25[23/04/01 - 15:59:05] keepalived[22997]: -> delay_loop = 20, lb_algo = wlc, lb_kind = NAT,[23/04/01 - 15:59:05] keepalived[22997]: persistence = 50, protocol = TCP[23/04/01 - 15:59:05] keepalived[22997]: -> nat mask = 255.255.255.255[23/04/01 - 15:59:05] keepalived[22997]: -> SVR IP = 192.168.100.4, PORT = 25, WEIGHT = 1[23/04/01 - 15:59:05] keepalived[22997]: -> Keepalive method = TCP_CHECK[23/04/01 - 15:59:05] keepalived[22997]: -> Connection timeout = 3[23/04/01 - 15:59:05] keepalived[22997]: -> SVR IP = 192.168.100.5, PORT = 25, WEIGHT = 2[23/04/01 - 15:59:05] keepalived[22997]: -> Keepalive method = TCP_CHECK[23/04/01 - 15:59:05] keepalived[22997]: -> Connection timeout = 3

15

16

3. Next if you want to check that the kernel rules have been properly passed to the IPFW kernel framework check : This mean that all connections coming from realserver will be masqueraded on application port 80, 443 and 25. Note : In the current implementation, and due to the use of linux kernel 2.2 IPFW framework, the translated IP address coming out will be the IP address affected to the Ethernet NIC. This mean that virtual server IP address must always be set to the Ethernet NIC connected to the WAN. This is a limitation. 4. Next if you want to check that the kernel rules have been properly passed to the IPVS kernel kernel framework check :

[root@lvs /root]# ipchains -L -nChain input (policy ACCEPT):Chain forward (policy ACCEPT):target prot opt source destination portsMASQ tcp ------ 192.168.200.0/24 0.0.0.0/0 80 -> *MASQ tcp ------ 192.168.200.0/24 0.0.0.0/0 443 -> *MASQ tcp ------ 192.168.200.4 0.0.0.0/0 25 -> *MASQ tcp ------ 192.168.200.5 0.0.0.0/0 25 -> *Chain output (policy ACCEPT):

[root@lvs /root]# ipvsadmIP Virtual Server version 1.0.8 (size=4096)Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.200.15:smtp wlc persistent 50-> 192.168.100.5:smtp Route 2 0 0-> 192.168.100.4:smtp Route 1 0 0

TCP 192.168.200.15:www wrr persistent 50-> 192.168.100.3:www Route 1 0 0-> 192.168.100.2:www Route 2 0 0

TCP 192.168.200.15:https rr persistent 360-> 192.168.100.3:https Route 1 0 0-> 192.168.100.2:https Route 1 0 0