BestHub
Sign in
Operations 16 min read

Mastering Keepalived: A Complete Guide to VRRP‑Based High Availability with LVS

This tutorial explains how Keepalived provides targeted high‑availability for LVS clusters by implementing VRRP, details its architecture, walks through installation, configuration of VRRP and virtual servers, shows health‑check scripts, and demonstrates testing of fail‑over and load‑balancing behavior.

Raymond Ops
Raymond Ops
Raymond Ops
Mastering Keepalived: A Complete Guide to VRRP‑Based High Availability with LVS

Keepalived Detailed Explanation

How It Works

Keepalived is essentially a service for IPVS; it generates IPVS rules by invoking ipvsadm and provides targeted high‑availability for LVS clusters, unlike generic HA solutions such as corosync.

It runs as a daemon on each LVS node. The active node (Master) continuously advertises its heartbeat to Backup nodes using the VRRP protocol. When a Backup stops receiving the heartbeat, it takes over the virtual IP (VIP) and the IPVS rules.

Besides monitoring and fail‑over, Keepalived can configure IPVS directly and perform health checks on backend application servers.

In short, Keepalived implements the VRRP (Virtual Router Redundancy Protocol).

VRRP Overview

VRRP allows automatic fail‑over of a virtual router without manual reconfiguration. It provides a virtual IP (VIP) and a virtual MAC (VMAC) so that client ARP tables are updated automatically when the active router changes.

The router with the highest priority becomes Master and announces its VMAC via gratuitous ARP.

Master periodically sends VRRP advertisements with its state and priority.

If Master fails, Backup routers elect a new Master based on priority.

During the switch, the new Master sends a gratuitous ARP containing the VIP and VMAC to update client caches.

If a Backup has higher priority, its preempt mode determines whether it takes over.

VRRP also supports authentication (none, simple password, MD5 – Keepalived does not support MD5).

Keepalived Architecture

After start‑up Keepalived spawns a master process and two child processes: the VRRP stack (VRRP implementation) and the Checkers (IPVS health checks). The master parses the configuration file and controls the children. A watchdog monitors the children via an internal Unix socket and restarts them if they stop.

Installation and Configuration

Prerequisites: disable SELinux, clear iptables rules, stop firewalls, ensure time synchronization (e.g., systemctl start chronyd), and enable multicast on the network interface ( ip link set multicast on dev ens33).

Install Keepalived via yum: yum install -y keepalived Key files:

/usr/sbin/keepalived – binary

/etc/keepalived/keepalived.conf – configuration

/usr/lib/systemd/system/keepalived.service – systemd unit

Sample keepalived.conf

global_defs {
    notification_email {
        [email protected]
    }
    notification_email_from [email protected]
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id srv01
}
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.16.42.111/24 dev ens33 label ens33:0
    }
    preempt delay 60
}

On the second node change state to BACKUP, lower priority, and adjust router_id.

LVS Virtual Server Section

virtual_server 172.16.42.111 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 0
    protocol TCP
    sorry_server 192.168.200.200 1358
    real_server 172.16.42.102 80 {
        weight 1
        notify_up "/usr/local/notify.sh up"
        notify_down "/usr/local/notify.sh down"
        HTTP_GET {
            url {
                path /index.html
                status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 172.16.42.103 80 {
        weight 1
        notify_up "/usr/local/notify.sh up"
        notify_down "/usr/local/notify.sh down"
        HTTP_GET {
            url {
                path /index.html
                status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

Notify Script Example

#!/bin/bash
if [ $1 == "up" ]; then
    echo "Srv02 is UP" > /tmp/notify.txt
elif [ $1 == "down" ]; then
    echo "Srv02 is DOWN" > /tmp/notify.txt
fi

Testing

Start both nodes, check status with systemctl status keepalived and view logs ( cat /var/log/message) to confirm Master/Backup roles. Use tcpdump -i ens33 -nn host 224.0.0.18 to see VRRP advertisements.

Verify IPVS rules with ipvsadm -Ln and perform load‑balancing tests, e.g.,

for i in {1..20}; do curl http://172.16.42.111/ | grep "Srv0"; done

. Observe round‑robin distribution and fail‑over when stopping Keepalived on the Master.

VRRP diagram
VRRP diagram
VRRP advertisement capture
VRRP advertisement capture
IPVS rule list
IPVS rule list
Load‑balancing test output
Load‑balancing test output
Fail‑over test
Fail‑over test
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

high availabilityload balancingLinuxVRRPLVSIPVSkeepalived
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment