CentOS - Keepalived (VRRP)

What is Keepalived (VRRP)

(Explanation of Keepalived (VRRP) is overtaken from: http://keepalived.org/ )

Keepalived is a routing software written in C. The main goal of this project is to provide simple and robust facilities for loadbalancing and high-availability to Linux system and Linux based infrastructures. Loadbalancing framework relies on well-known and widely used Linux Virtual Server (IPVS) kernel module providing Layer4 loadbalancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage loadbalanced server pool according their health. On the other hand high-availability is achieved by VRRP protocol. VRRP is a fundamental brick for router failover. In addition, Keepalived implements a set of hooks to the VRRP finite state machine providing low-level and high-speed protocol interactions. Keepalived frameworks can be used independently or all together to provide resilient infrastructures.

Keepalived is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version

Install

In our cause we will need to install on our servers the “keepalive” software. According to this please run on all servers this command:

#yum install keepalived

Configuration

Target

I do have 2 servers that are running same service (but thy are located in different locations with different power connection). In the cause that one server will have any issue I will need to switch over the VIP to the failover device. In this way you can still provide the service to your without interruption.

Node 1 (main):

Where:

“ /etc/sysconfig/keepalived “
” /etc/keepalived/keepalived.conf ”
“ /etc/sysconfig/iptables “
” /etc/init.d/keepalived “
” /var/log/messages ”

Backup default config:

# cd /etc/keepalived
# cp keepalived.conf keepalived.conf.def

Create a new config:

#> /etc/keepalived/keepalived.conf                       # To delete old config
# vi /etc/keepalived/keepalived.conf                     # Paste this configuration in to this file:

vrrp_instance VI_1 {
        interface eth0
        state MASTER
        virtual_router_id 51
        priority 101                                     # Priority off the node
        authentication {
            auth_type PASS
            auth_pass test_passwd                        # Password to use between nodes for health checks
        }
        virtual_ipaddress {
                10.0.12.15/24 dev eth0                   # VIP and the interface
        }
}

iptables

# vi /etc/sysconfig/iptables

-A INPUT -s <REAL_IP_OF_NODE_2> -j ACCEPT           # Add in to right please this line to Accept traffic from 2nd node

#  /etc/init.d/iptables restart                     # Reload iptables configuration

At start both devices will send broadcast with with virtual_router_id / priority /authentication / … . In this way all nodes in same broadcast domain can see who has the highest priority. Based on this all nodes with lover priority will stop to broadcast until the node with the highest priority is broadcasting. In the cause that the node with the highest priority will stop to broadcasting rest of the failover nodes will start to negotiate the node who will take over the VIP based on the priority. According to this the easiest way is to enable the traffic from all nodes that are sharing the VIP, This all is possible to see with tcpdump.

Start:

# /etc/init.d/keepalived start

# ip a                                                                        # Check if you can see this on MAIN VRRP server
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:63:83:d9 brd ff:ff:ff:ff:ff:ff
    inet 10.0.12.111/24 brd 10.0.12.255 scope global eth0

    inet 10.0.12.15/24 scope global secondary eth0                           # VIP need to be present just on MAIN server
    inet6 fe80::a00:27ff:fe63:83d9/64 scope link
       valid_lft forever preferred_lft forever

# ''tail -f /var/log/messages                                                  # To see more details about the demon check logs

Make sure that it will start after reboot:

# chkconfig --level 2345 keepalived on

# chkconfig --list | grep keepalived                                             # Check if it is correctly configured
keepalived      0:off   1:off   2:on    3:on    4:on    5:on    6:off

Node 2 (failover):

Where:

“ /etc/sysconfig/keepalived “
” /etc/keepalived/keepalived.conf ”
“ /etc/sysconfig/iptables “
” /etc/init.d/keepalived “
” /var/log/messages ”

Backup default config:

# cd /etc/keepalived
# cp keepalived.conf keepalived.conf.def

Create a new config:

#> /etc/keepalived/keepalived.conf                       # To delete old config
# vi /etc/keepalived/keepalived.conf                     # Paste this configuration in to this file:

vrrp_instance VI_1 {
        interface eth0
        state MASTER
        virtual_router_id 51
        priority 100                                     # Priority off the node
        authentication {
            auth_type PASS
            auth_pass test_passwd                        # Password to use between nodes for health checks
        }
        virtual_ipaddress {
                10.0.12.15/24 dev eth0                   # VIP and the interface
        }
}

iptables

# vi /etc/sysconfig/iptables

-A INPUT -s <REAL_IP_OF_NODE_1> -j ACCEPT           # Add in to right please this line to Accept traffic from 1st node

#  /etc/init.d/iptables restart                     # Reload iptables configuration

At start both devices will send broadcast with with virtual_router_id / priority /authentication / … . In this way all nodes in same broadcast domain can see who has the highest priority. Based on this all nodes with lover priority will stop to broadcast until the node with the highest priority is broadcasting. In the cause that the node with the highest priority will stop to broadcasting rest of the failover nodes will start to negotiate the node who will take over the VIP based on the priority. According to this the easiest way is to enable the traffic from all nodes that are sharing the VIP, This all is possible to see with tcpdump.

Start:

# /etc/init.d/keepalived start

# ip a                                                                        # Check if you can see this on MAIN VRRP server
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:63:83:d9 brd ff:ff:ff:ff:ff:ff
    inet 10.0.12.111/24 brd 10.0.12.255 scope global eth0

    inet 10.0.12.15/24 scope global secondary eth0                           # VIP need to be present just on MAIN server
    inet6 fe80::a00:27ff:fe63:83d9/64 scope link
       valid_lft forever preferred_lft forever

# ''tail -f /var/log/messages                                                  # To see more details about the demon check logs

Make sure that it will start after reboot:

# chkconfig --level 2345 keepalived on

# chkconfig --list | grep keepalived                                             # Check if it is correctly configured
keepalived      0:off   1:off   2:on    3:on    4:on    5:on    6:off

Tested on:

CentOS 6.5

URL's

Navigation
Print/export
QR Code
QR Code wiki:os:centos:centos-keepalived-vrrp (generated for current page)