Build a Highly Available Load Balancer with LVS and Keepalived

Introduction

When traffic grows beyond a single server’s capacity, horizontal scaling via load balancing becomes necessary. Nginx is commonly used for this purpose, but the load‑balancer itself can become a single point of failure, so a high‑availability solution is required. This article introduces a HA web cluster built with LVS + Keepalived.

LVS and Keepalived

LVS (Linux Virtual Server) is a layer‑4 reverse‑proxy built into the Linux kernel; ipvsadm is its command‑line management tool.

Key characteristics of LVS:

Layer‑4 based, strong load‑handling, minimal hardware requirements beyond the NIC.

Low configurability reduces the chance of human error.

Broad applicability – can balance web services as well as other applications such as MySQL.

Requires a virtual IP (VIP) that must be allocated from the IDC.

Keepalived implements the VRRP protocol to provide high availability, preventing IP single‑point failures. It works seamlessly with LVS and can be combined with other load‑balancers like HAProxy or Nginx.

Reference for LVS operation is listed in the bibliography.

Related Terminology

LB (Load Balancer) HA (High Availability) Failover Cluster LVS (Linux Virtual Server) DS (Director Server) – the front‑end load‑balancer node RS (Real Server) – the back‑end service node VIP (Virtual IP) – the public IP address presented to clients DIP (Director IP) – internal communication IP RIP (Real Server IP) CIP (Client IP)

Test Environment

Software: CentOS 7, Keepalived 1.3.5, ipvsadm 1.27

DS1 (MASTER): 172.17.13.120

DS1 (BACKUP): 172.17.13.123

RS1: 172.17.13.142:80 (Nginx)

RS2: 172.17.13.173:80 (Nginx)

VIP: 172.17.13.252

|<br/>             +----------------+-----------------+<br/>             |                                  |<br/>172.17.13.120|----     VIP:172.17.13.252    ----|172.17.13.123<br/>     +-------+--------+                +--------+-------+<br/>     |       DS1       |                |       DS2      |<br/>     | LVS+Keepalived |                | LVS+Keepalived |<br/>     +-------+--------+                +--------+-------+<br/>             |                            |<br/>             +----------------+-----------------+<br/>                              |<br/>  +------------+              |               +------------+<br/>  |     RS1    |172.17.13.142 | 172.17.13.173|     RS2    |<br/>  | Web Server +--------------+---------------+ Web Server |<br/>  +------------+                              +------------+

The diagram shows two director servers (DS1, DS2) and two real servers (RS1, RS2) serving traffic through a shared VIP.

Goals:

Clients access services via the VIP, and requests are distributed according to the configured load‑balancing rules.

If the MASTER LB node fails, traffic automatically switches to the BACKUP node, and the MASTER regains its role after recovery.

If a real server fails, it is automatically removed from the pool and re‑added after it recovers.

Detailed Configuration Process

Install Required Packages

# yum install ipvsadm keepalived -y

Configure Keepalived

On the MASTER node (DS1):

# vi /etc/keepalived/keepalived.conf

global_defs {
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface enp1s0
    virtual_router_id 62
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.17.13.252
    }
}

virtual_server 172.17.13.252 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP
    real_server 172.17.13.173 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 10
            retry 3
            delay_before_retry 3
            connect_port 80
        }
    }
    real_server 172.17.13.142 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 10
            retry 3
            delay_before_retry 3
            connect_port 80
        }
    }
}

On the BACKUP node (DS2) copy the same file and change state to BACKUP, then restart Keepalived on both nodes:

# systemctl restart keepalived

Configure Real Servers

Deploy a web service (e.g., Nginx or Tomcat) on each RS so it is reachable via ip:port. Use the Direct Route (DR) model for LVS communication.

Configure the loopback interface on each RS to hold the VIP:

#!/bin/bash
SNS_VIP=172.17.13.252
case "$1" in
start)
    ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
    /sbin/route add -host $SNS_VIP dev lo:0
    echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
    sysctl -p > /dev/null 2>&1
    echo "RealServer Start OK"
    ;;
stop)
    ifconfig lo:0 down
    route del $SNS_VIP > /dev/null 2>&1
    echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
    echo "RealServer Stopped"
    ;;
*)
    echo "Usage: $0 {start|stop}"
    exit 1
    ;;
esac
exit 0

Make the script executable and start it:

# chmod a+x lvs-web.sh
# ./lvs-web.sh start

HA Testing

Verify the VIP is bound to the network interface: # ip a Monitor LVS statistics in real time: # watch ipvsadm -Ln --stats Continuously request the VIP to see round‑robin distribution:

# while true; do curl 172.17.13.252; sleep 1; done

Stop one RS and observe that LVS automatically removes the failed server; after restarting, the server is re‑added.

Stop Keepalived on the MASTER node; the VIP floats to the BACKUP node. Restart the MASTER and the VIP returns, confirming priority‑based failover.

Conclusion

This article demonstrated how to achieve a highly available load‑balancing solution using LVS + Keepalived, providing stable service delivery. Keepalived runs on top of LVS with good compatibility, and Nginx can also be used as the LB software depending on business needs.