Mastering Keepalived: Complete Guide to High‑Availability Load Balancing with VRRP
This article provides a comprehensive walkthrough of Keepalived, covering its VRRP‑based address failover, architecture components, installation methods, detailed configuration files, notification scripts, logging, unicast/multicast settings, brain‑split prevention, and practical LVS‑Keepalived high‑availability deployment steps.
Keepalived Overview
1. Introduction
Official website: http://keepalived.org/
Key functions:
Implements address floating based on the VRRP protocol.
Generates IPVS rules for the VIP node as defined in the configuration file.
Performs health checks on IPVS real servers.
Executes user‑defined scripts to affect cluster services such as Nginx or HAProxy.
2. Architecture
Core user‑space components:
vrrp stack – VIP announcement.
checkers – monitors real servers.
system call – runs scripts on VRRP state changes.
SMTP – email alerts.
IPVS wrapper – creates IPVS rules (ipvsadm).
Netlink reflector – moves virtual IPs.
Additional components:
Control module – parses keepalived.conf and applies configuration.
IO multiplexer – optimized network threading.
Memory manager – provides generic allocation functions.
WatchDog monitors the whole process.
3. Installation
yum install keepalived -y3.1 Compile from source
yum install gcc curl openssl-devel libnl3-devel net-snmp-devel -y
# download source
wget https://keepalived.org/software/keepalived-2.2.2.tar.gz
tar xf keepalived-2.2.2.tar.gz
cd keepalived-2.2.2
./configure --prefix=/usr/local/keepalived
make && make install
# create service directory
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
# adjust network interface name
sed -i 's/eth0/ens33/' /etc/keepalived/keepalived.conf4. Related Files
Package name: keepalived Main binary: /usr/sbin/keepalived Main configuration: /etc/keepalived/keepalived.conf Example configs: /usr/share/doc/keepalived/ Systemd unit: /lib/systemd/system/keepalived.service Environment file (CentOS):
/etc/sysconfig/keepalived4.1 Global configuration
global_defs {
notification_email {
root@localhost
root@localhost
[email protected]
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 225.0.0.18
vrrp_iptables
}4.2 VRRP instance configuration
vrrp_instance <STRING> {
state MASTER|BACKUP
interface IFACE_NAME
virtual_router_id VRID
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass <PASSWORD>
}
virtual_ipaddress {
192.168.200.100
192.168.200.101/24 dev eth1
192.168.200.102/24 dev eth2 label eth2:1
}
track_interface {
eth0
eth1
}
}4.3 Example configuration
# /etc/keepalived/keepalived.conf
global_defs {
notification_email { root@localhost }
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
router_id HA_TEST_R2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 1
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.10
}
}
virtual_server 192.168.91.188 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.91.103 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.91.105 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}5. Interview Focus: Keepalived brain‑split
Brain split occurs when the heartbeat link between two HA nodes fails, causing both nodes to think the other is down and potentially both claim the VIP.
Prevention methods include using dual heartbeat links, STONITH/fencing devices, proper firewall rules, and multicast address adjustments.
6. VRRP Scripts for Custom Health Checks
Define a script block outside global_defs:
vrrp_script check_down {
script "/etc/keepalived/ng.sh"
interval 1
weight -30
fall 3
rise 2
timeout 2
}Call it inside a VRRP instance:
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { 192.168.91.188 }
track_script { check_down }
}Example of a monitoring script ( /etc/keepalived/ng.sh) that stops Keepalived if Nginx is not running:
#!/bin/bash
ng=$(ps -elf | grep nginx | egrep -cv "grep|$$")
if [ $ng -eq 0 ]; then
systemctl stop keepalived
fi7. Practical LVS + Keepalived HA Cluster
Typical environment:
Master keepalived: 192.168.91.100 (LVS)
Backup keepalived: 192.168.91.101 (LVS)
Web1: 192.168.91.102
Web2: 192.168.91.103
VIP: 192.168.91.188Key steps include disabling firewalld, installing ipvsadm and keepalived, configuring sysctl parameters, copying the configuration to the backup node, and starting services.
After deployment, you can test failover by stopping the master service or simulating network partition with iptables rules.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.