Build a Highly Available Web Cluster with LVS and Keepalived on CentOS

Background

When traffic reaches a certain level, a single server becomes a bottleneck. While Nginx is often used for load balancing, the load‑balancer itself can fail, so high availability is required. This article demonstrates how to build an HA web cluster using LVS + Keepalived.

LVS and Keepalived

LVS (Linux Virtual Server) is a kernel‑level, layer‑4 load balancer pre‑installed on Linux. ipvsadm is the command‑line tool for managing LVS. Its main characteristics are:

Operates at the transport layer, offering strong load‑handling with minimal hardware requirements beyond the NIC.

Very low configuration complexity, reducing human error.

Broad applicability: can balance web services as well as other applications such as MySQL.

Requires a virtual IP (VIP) that must be allocated from the IDC.

Keepalived implements the VRRP protocol to provide high availability for the VIP. It works together with LVS (or other LB software like HAProxy or Nginx) and is fully compatible with LVS configuration files.

Terminology

LB – Load Balancer

HA – High Availability

Failover – Automatic switch to a standby node when the active node fails

Cluster – Group of nodes providing a service

LVS – Linux Virtual Server

DS (Director Server) – Front‑end load‑balancer node

RS (Real Server) – Backend service node

VIP – Virtual IP address presented to clients

DIP – Director IP used for internal communication

RIP – Real Server IP

CIP – Client IP

Test Environment

Software: CentOS 7, Keepalived 1.3.5, ipvsadm 1.27

Nodes:

DS1 (MASTER): 172.17.13.120

DS1 (BACKUP): 172.17.13.123

RS1: 172.17.13.142:80 (Nginx)

RS2: 172.17.13.173:80 (Nginx)

VIP: 172.17.13.252

|
             +----------------+-----------------+
             |                                  |
172.17.13.120|----     VIP:172.17.13.252    ----|172.17.13.123
     +-------+--------+                +--------+-------+
     |       DS1       |                |       DS2      |
     | LVS+Keepalived  |                | LVS+Keepalived |
     +-------+--------+                +--------+-------+
             |                              |
             +----------------+-----------------+
                              |
  +------------+              |               +------------+
  |     RS1    |172.17.13.142 |172.17.13.173|     RS2    |
  | Web Server +--------------+---------------+ Web Server |
  +------------+                              +------------+

Goal

Clients access the service via VIP and requests are distributed according to the configured load‑balancing rules.

If the MASTER LB node fails, traffic automatically switches to the BACKUP node, and the MASTER rejoins after recovery.

If a Real Server fails, it is automatically removed from the pool and re‑added after it recovers.

Detailed Configuration Steps

Install Packages

# yum install ipvsadm keepalived -y

Configure Keepalived on MASTER

# vi /etc/keepalived/keepalived.conf

global_defs {
    router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface enp1s0
    virtual_router_id 62
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.17.13.252
    }
}

virtual_server 172.17.13.252 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP
    real_server 172.17.13.173 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 10
            retry 3
            delay_before_retry 3
            connect_port 80
        }
    }
    real_server 172.17.13.142 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 10
            retry 3
            delay_before_retry 3
            connect_port 80
        }
    }
}

Configure BACKUP Node

Copy the same configuration file, change state to BACKUP, then restart Keepalived.

# systemctl restart keepalived

Configure Real Servers

Deploy a web service (e.g., Nginx) on each RS. Then configure the loopback interface to hold the VIP.

#!/bin/bash
SNS_VIP=172.17.13.252
case "$1" in
start)
    ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
    /sbin/route add -host $SNS_VIP dev lo:0
    echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
    sysctl -p > /dev/null 2>&1
    echo "RealServer Start OK"
    ;;
stop)
    ifconfig lo:0 down
    route del $SNS_VIP > /dev/null 2>&1
    echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
    echo "RealServer Stopped"
    ;;
*)
    echo "Usage: $0 {start|stop}"
    exit 1
esac
exit 0

# chmod a+x lvs-web.sh
# ./lvs-web.sh start

HA Testing

After both LB nodes are running, verify the VIP is bound: # ip a Monitor load‑balancing statistics in real time: # watch ipvsadm -Ln --stats Continuously request the VIP to see round‑robin distribution:

# while true; do curl 172.17.13.252; sleep 1; done

Stop one Real Server – LVS automatically removes it from the pool. Restart the server – it is added back. Stop the MASTER Keepalived service – the VIP floats to the BACKUP node. Restart the MASTER – the VIP returns to it because of the higher priority, confirming HA behavior.

Conclusion

Using LVS + Keepalived creates a stable, high‑availability load‑balancing solution. Keepalived runs on top of LVS with good compatibility, and Nginx can be used as an alternative LB depending on business needs.

Source: https://www.cnblogs.com/Sinte-Beuve/p/13392747.html