Mastering High-Availability Load Balancing with LVS, Keepalived, and Nginx

Introduction

Enterprise web architectures aim for high availability and disaster recovery to improve user experience. This article summarizes the setup and principles of LVS, Keepalived, and Nginx proxy.

LVS Overview and NAT/DR Principles

Topic 1: LVS‑NAT LVS‑NAT forwards requests based on the target IP and port, using NAT (Network Address Translation) and DR (Direct Routing) models.

NAT topology:

Principle: The client request reaches the LVS front‑end scheduler, which rewrites the destination IP/port to the real server’s address, forwards the packet, and the real server replies using the same mechanism.

Deployment example:

VIP1: 10.1.10.65

DIP1: 192.168.184.128

RIP1: 192.168.184.129

RIP2: 192.168.184.130

Requirement: Both real servers must have gateways pointing to DIP, and DIP and VIP must be in the same internal network segment.

Adding ipvsadm rules with default weight 1 yields round‑robin scheduling. Adjusting weights to 1:2 and using weighted round‑robin produces a 1:2 distribution.

DR Model

Topic 2: LVS‑DR LVS‑DR encapsulates the request MAC address, changes source and destination IPs, and assigns VIP to both the DR and real servers. Real servers respond directly without passing through DR, requiring kernel parameters (arp_ignore, arp_announce) on the loopback alias.

Deployment example:

VIP1: 10.1.10.88

DIP1: 10.1.10.65

RIP1: 10.1.10.66

RIP2: 10.1.10.67

Requirement: Adjust kernel parameters and add VIP to each host that needs it.

Keepalived High‑Availability Cluster

Topic 3 Keepalived implements the VRRP protocol to provide high‑availability for IPVS services. It generates IPVS rules from configuration files and monitors real server health, automatically moving the virtual IP (VIP) to a backup when the primary fails.

Principle: VRRP instances, servers, and health‑check scripts cooperate to assign VIPs and IPVS rules automatically, reducing manual configuration.

Deployment example:

DIP1: 10.1.10.65

VIP1: 10.1.10.88

VIP2: 10.1.10.99

DIP2: 10.1.10.68

RIP1: 10.1.10.66

RIP2: 10.1.10.67

Requirement: Primary must have higher priority than backup, and states must be swapped accordingly.

Nginx Front‑End High‑Availability

Topic 4 Nginx, as a modern web server, offers reverse‑proxy load balancing via the upstream module. Combined with VRRP (via Keepalived) it can provide automatic VIP migration, though it does not generate IPVS rules.

Deployment example:

VIP1: 10.1.10.88

VIP2: 10.1.10.99

RIP1: 10.1.10.66

RIP2: 10.1.10.67

Requirement: Enable the upstream module and proxy to backend hosts.

Conclusions

LVS‑NAT requires correct routing and enables various scheduling algorithms (rr, wrr, etc.). LVS‑DR focuses on VIP configuration and kernel tweaks. Keepalived simplifies IPVS rule generation and provides robust failover. Nginx offers the simplest and most flexible load‑balancing configuration, making it suitable for many enterprise scenarios.