Mastering LVS Load Balancing: Modes, Workflows, and Configuration Tips

Overview of LVS

LVS (Linux Virtual Server) is a kernel‑integrated load balancer capable of handling millions of concurrent connections, widely used for high‑performance traffic distribution.

Key Terminology

VS : Virtual Server, the LVS node itself.

RS : Real Server that provides the actual service.

CIP : Client IP address.

VIP : Virtual IP exposed by LVS; clients connect to this address.

DIP : Director IP on the internal network, used by LVS to forward requests.

Typical client request flow: CIP → VIP → DIP → RIP.

LVS Operating Modes

1. NAT Mode (lvs‑nat)

Implements DNAT by changing the destination IP of incoming packets, allowing the VIP to be a public address while RS reside behind it.

Workflow:

When a client sends a request to VIP, LVS rewrites the destination IP/port to the selected RS’s RIP. The response’s source IP/port is replaced by LVS’s VIP before reaching the client.

RS and DIP must be on the same subnet.

Response packets travel through LVS, increasing load.

VS must run Linux; RS can be any OS.

2. Direct Routing (DR) Mode (lvs‑dr)

DR is the default mode; packets keep their original IP/port, and LVS only changes the MAC address to forward them.

Workflow:

Each RS must have the same VIP as LVS.

Clients must send requests to the VIP that resolves to the LVS MAC.

RS can use private or public IPs, but its gateway must not point to DIP.

LVS and RS must share the same physical network.

3. TUN Mode (lvs‑tun)

TUN adds an extra IP header, allowing RS and DIP to reside on different physical networks.

Workflow:

RIP and DIP can be in separate networks; RS’s gateway should not point to DIP.

RS must support tunneling in its OS.

4. FULLNAT Mode (lvs‑fullnat)

FULLNAT rewrites both source and destination IPs, enabling full NAT translation.

Workflow:

VIP is a public address; RIP and DIP are private and may be in different subnets.

RS sees the source as DIP, so it replies to DIP, and LVS forwards the response to the client.

Both request and response traverse LVS, allowing port mapping.

Kernel support must be added manually for this mode.

Configuration Details

ARP Handling for DR Mode

Two common methods ensure client packets reach LVS:

Configure static ARP bindings on the router.

Disable ARP replies on RS, forcing traffic through LVS. arp ARP is used to discover MAC addresses and resolve IP‑to‑MAC mappings.

Kernel Parameters for RS

# Bind VIP to loopback and silence ARP responses
cat /proc/sys/net/ipv4/conf/lo/arp_ignore   # 0
cat /proc/sys/net/ipv4/conf/lo/arp_announce # 0

Mode Comparison

NAT : DIP and RIP share a subnet; RIP’s gateway points to DIP.

DR : Same subnet; RIP’s gateway must NOT point to DIP for fastest response.

TUN : RIP and DIP can be in different networks; RIP may communicate with the public internet.

FULLNAT : RIP and DIP may be in different networks; both source and destination IPs are rewritten.