Hands‑On DR Mode LVS Load Balancing with Keepalived: Step‑by‑Step Guide

Practice Environment

LVS is part of the Linux kernel as the ipvs module, supporting NAT, DR, and TUNNEL modes. Interaction is done via the ipvsadm tool. Four UCloud CentOS 7.9 VMs are used: two real servers (RS01, RS02), a load‑balancer server (LB01), and an optional backup LB02.

4 VMs: 1 CPU 1 GB each, firewall ports 22, 3389, 80, 443 open.

Real servers: RS01 10.23.190.76, RS02 10.23.122.152.

Load balancer: LB01 10.23.21.184, LB02 10.23.115.100.

Virtual IP (VIP): 10.23.88.247.

Install httpd on RS01/RS02, install ipvsadm and keepalived on LB01/LB02.

DR Mode Practice

Key characteristics of DR mode:

Only the destination MAC address is changed; only request packets pass through the load balancer, so port translation is not supported.

Real servers and the load balancer must be in the same subnet, and the real server’s default gateway cannot be the load balancer.

The loopback interface on each real server must hold the VIP address and hide it via ARP configuration.

Configuration steps on the real servers (RS01, RS02):

echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore</code>
<code>echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore</code>
<code>echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce</code>
<code>echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce</code>
<code>ifconfig lo:0 10.23.21.184 netmask 255.255.255.255</code>
<code>ifconfig

Configuration on the load balancer (LB01):

ipvsadm -A -t 10.23.21.184:80 -s rr</code>
<code>ipvsadm -a -t 10.23.21.184:80 -r 10.23.190.76 -g -w 1</code>
<code>ipvsadm -a -t 10.23.21.184:80 -r 10.23.122.152 -g -w 1</code>
<code>ifconfig eth0:0 10.23.88.247/24</code>
<code>ipvsadm -ln

Verification shows LB01 receives connections and forwards them to RS02, but the client does not receive the response due to cloud EIP restrictions. Testing with another VM in the same subnet confirms normal operation, indicating the cloud provider drops packets whose source MAC/IP differ from the host.

Keepalived for DR Model High Availability

To avoid a single point of failure, keepalived provides VRRP‑based failover. Both LB01 and LB02 are configured with the same VIP and keepalived settings.

yum install ipvsadm keepalived -y</code>
<code>cp keepalived.conf keepalived.conf.bak</code>
<code>vrrp_instance VI_1 {</code>
<code>    state MASTER   # backup node uses BACKUP</code>
<code>    interface eth0</code>
<code>    virtual_router_id 51</code>
<code>    priority 100   # backup node uses 50</code>
<code>    advert_int 1</code>
<code>    authentication {</code>
<code>        auth_type PASS</code>
<code>        auth_pass 1111</code>
<code>    }</code>
<code>    virtual_ipaddress {</code>
<code>        10.23.88.247 dev eth0</code>
<code>    }</code>
<code>}</code>
<code>virtual_server 10.23.88.247 80 {</code>
<code>    delay_loop 6</code>
<code>    lb_algo rr</code>
<code>    lb_kind DR</code>
<code>    nat_mask 255.255.0.0</code>
<code>    protocol TCP</code>
<code>    real_server 10.23.190.76 80 {</code>
<code>        weight 1</code>
<code>        HTTP_GET {</code>
<code>            url { path /; status_code 200 }</code>
<code>            connect_timeout 3</code>
<code>            nb_get_retry 3</code>
<code>            delay_before_retry 3</code>
<code>        }</code>
<code>    }</code>
<code>    real_server 10.23.122.152 80 {</code>
<code>        weight 1</code>
<code>        HTTP_GET {</code>
<code>            url { path /; status_code 200 }</code>
<code>            connect_timeout 3</code>
<code>            nb_get_retry 3</code>
<code>            delay_before_retry 3</code>
<code>        }</code>
<code>    }</code>
<code>}</code>
<code>systemctl restart keepalived

After restarting keepalived, both LB01 and LB02 can serve traffic. Stopping keepalived on LB01 causes the VIP to migrate to LB02, confirming high availability.

Overall, the experiment took about 4.5 hours and cost less than ¥5, completing the LVS series.