LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Keepalived VRRP help

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Keepalived VRRP help
Cc: keepalived-announce@xxxxxxxxxxxxxxxxxxxxx
From: Alexandre Cassen <Alexandre.Cassen@xxxxxxxxxx>
Date: Wed, 30 Jan 2002 21:33:46 +0100
Hi Victor,

Hi. I couldn't find keepalived mailinglist for general questions so I
thought maybe I could post here.
I am trying to set up keepalived failover on two directors. I am a bit
confused by the vocabulary in the VRRP section of the config.

1. Does each director in keepalived cluster need to have it's own config
file or can they share one file that is synced?

Have you red the UserGuide.pdf ? the last part explain the typical config

Each director run keepalived with the same configuration file. The only difference reside in the VRRP instance. For example :

1. On director 1

vrrp_instance D1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type AH
        auth_pass TEST
    }
    virtual_ipaddress {
        10.0.0.110
    }
}

vrrp_instance D2 {
    state BACKUP
    interface eth0
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type AH
        auth_pass TEST
    }
    virtual_ipaddress {
        10.0.0.111      <= IP must be different...
    }
}

2. On director 2

vrrp_instance D1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type AH
        auth_pass TEST
    }
    virtual_ipaddress {
        10.0.0.110
    }
}

vrrp_instance D2 {
    state MASTER
    interface eth0
    virtual_router_id 52
    priority 150
    advert_int 1
    authentication {
        auth_type AH
        auth_pass TEST
    }
    virtual_ipaddress {
        10.0.0.111
    }
}


=> Using this config you will have a active/active setup on your both director on device eth0 => You have 2 VRRP VIPs 10.0.0.110 & 10.0.0.111 that you will use for your LVS VIP (virtual_server) => This a symetric configuration so you need one file on each director (not 1 file shared for 2 directors)


2. How would I set up an active/passive setup with two examples below? I
have two directors with one ethernet card in each. They loadbalance
10.0.0.110:80.

1. On director 1
vrrp_instance D1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type AH
        auth_pass TEST
    }
    virtual_ipaddress {
        10.0.0.110
    }
}

2. On director 2
vrrp_instance D1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type AH
        auth_pass TEST
    }
    virtual_ipaddress {
        10.0.0.110
    }
}

=> active/passive configuration
=> VRRP VIP is 10.0.0.110 usable as LVS VIP

Perhaps as a test, would be interesting to do an active/active setup
loadbalancing two addresses (.110 and 111, where one goes to first web group
and .111 to another, but making sure that each one covers the other one).

=> yes, my sample ... But I have to warn that synchronization instance must be considered as beta version. But in a DR env you do not need this functionnality (only for LVS NAT)

3. VRRP Section: Is virtual_ipaddress the VIP? or is it the DIP? How do I
assign the vrrp_instance to a specific Director? or is each director
supposed to have a sep file? I looked at the
http://keepalived.sourceforge.net/pdf/LVS-HA-using-VRRPv2.pdf but it seemed
to use two interfaces and to be honest, I didn't really grasp exactly what
was going on there.

Yes, you define your VRRP topology defining VRRP VIPs, those VIP can be used to your LVS topology description. In your case you can define :

virtual_server 10.0.0.110 80 {
....
}


http://keepalived.sourceforge.net/pdf/UserGuide.pdf (the last page)
We have 4 VIP's, [192.168.1.10 -- 192.168.1.10.13]

.10 and .11  ->  .10 (mapped using sync ?)
.12 and .13  ->  .11 (mapped using sync ?)

Sync is used for NATed LVS : when you define VRRP instance on different device interface. For example eth0 & eth1. the sync_instance garantee that 2 VRRP instance synchronized on a director stay in the same state. If takeover on VRRP instance on eth0 the syn_instance defined on eth1 will follow the takeover.

Why do we need .13? Also, that means the client is supposed to connect to
(.10,.11,.12,.13) ? How would this be done? Woul a domain have to be define
with DNS rr setup pointing to multiple IPs?

Yes this sample setup,

1. On eth0 : we define VI_1(.100.10 & .100.11) active on one director and VI_3(.100.12 & .100.13) active on the other 2. On eth1 : we define VI_2(.200.10) active on one director and VI_4(.200.11) active on the other

Then because we use NAT routing path for VI_1 & VI_2 must be preserved (the same for VI_3 & VI_4), this is why we use sync_instance.

If VI_1 then VI_1 VIPs are taked over on other director, and according to sync_instance algo, VI_2 will be taked oved on director too, that will own the 4 VRRP VIPs...

No DNS rr, one VIP can be used for WWW, other for SMTP, other for SSL, ...


Ok, this is the data for question (2) What I want is to setup two directors,
one active one passive for a VIP 10.0.0.110:

DIP1: 10.0.0.249
DIP2: 10.0.0.250
 VIP: 10.0.0.110
RIP1: 10.0.0.5

VIP interface is on eth0:110
DIP interface is on eth0

vrrp_instance D1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type AH
        auth_pass TEST
    }
    virtual_ipaddress {
        10.0.0.110
    }
}

vrrp_instance D2 {
    state BACKUP
    interface eth0
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type AH
        auth_pass TEST
    }
    virtual_ipaddress {
        10.0.0.110
    }
}

What I don't understand is where is the binding that D2 goes to Secondary
Director and D1 goes to Primary director? Or is that done by having multiple
config files: one for D1 and one for D2?

According to the VRRP state declaration => If VRRP instance is configured as MASTER then the VRRP VIPs will be owned by this director (on the other director the state must be BACKUP otherwise there will be an forced master election).


(I am using the dr method)

virtual_server 10.0.10.110 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 10.0.0.5 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              digest 2psb62f60cf378tad80336a8c362596a
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

Best regards,
Alexandre



<Prev in Thread] Current Thread [Next in Thread>