Problem implementing LVS + Keepalived

[Alexandra Alvarado <aaaa@xxxxxxxxxxxx>]

Hello,

I need to implement in my work Load Balancing, well I have trying to use
LVS +keepalived and I do the next:

Until now I have two directories working as active - failover and I don't
have problem with this, I wrote
a simple script to work with remote transparent proxies and it works ok [I'm
using the information
of executing the command "ipvsadm -L -n | grep Route"], BUT I can't
to balance real servers.
In this case I want to balance two proxies that are listen on port 8080,
when I configure the VIP in the browser of
clients machines, the conections appears only as InActConn, I can't get any
connection to pass to ActiveConn state, like this:

[root@lvs-dr1 keepalived]# ipvsadm -L -n
IP Virtual Server version 1.0.4 (size=65536)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  208.61.69.179:8080 rr persistent 50
  -> 208.61.69.185:8080           Route   1      0          3
  -> 208.61.69.184:8080           Route   1      0          1

I have the next:

On Directory

IP eth0= 208.61.69.3
VIP eth0 = 28.61.69.2
IP eth1= 208.61.69.177
VIP eth1= 208.61.69.179
VIP eth1= 208.61.68.1 and others
GW= 208.61.69.1 [Fast Ethernet 0/0 of cisco]

echo 1 > ip_forwarding

[root@lvs-dr1 keepalived]# uname -a
Linux lvs-dr1.telconet.net 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686
i686 i386 GNU/Linux

[root@lvs-dr1 keepalived]# ipvsadm -h | head -1
ipvsadm v1.21 2002/07/09 (compiled with popt and IPVS v1.0.4)

[root@lvs-dr1 keepalived]# ipvsadm -L -n | head -1
IP Virtual Server version 1.0.4 (size=65536)

I'm running keepalived version keepalived-0.7.1

The architecture is in the attachment, all routes from the internet arrives
to cisco and after are routed to the ip 208.61.69.2 [eth0 of lvs-dr1], I
have this IP as VIP, what i want to say is that the directory acts as router
because after i divide all nets in too many subnets to the clients, additionally
i have running bgp in this machine and I control to clientes with MAC addresses
associated to IP addresses, and is a firewall.

The config of keepalived is:


! Configuration File for keepalived

global_defs {
   notification_email {
     aaaa@xxxxxxxxxxxx
   }
   notification_email_from aaaa@xxxxxxxxxxxx
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   lvs_id LVS_KEEP
}

vrrp_sync_group VG1 {
group {
    VI_1
    VI_3
  }
}

vrrp_sync_group VG2 {
group {
    VI_2
    VI_4
  }
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    garp_master_delay 10
    smtp_alert
    virtual_router_id 51
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass xxxxx
    }
    virtual_ipaddress {
        208.61.69.2
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface eth0
    smtp_alert
    virtual_router_id 50
    priority 150
    advert_int 1
    virtual_ipaddress {
        208.61.69.5
    }
}

vrrp_instance VI_3 {
    state MASTER
    interface eth1
    smtp_alert
    virtual_router_id 52
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass xxxxx
    }
   virtual_ipaddress {
        208.61.68.1
        208.81.88.1
        208.61.71.65
        208.81.91.241
        208.81.91.253
        208.81.91.245
        208.81.83.177
        208.61.69.179
    }
}

vrrp_instance VI_4 {
    state BACKUP
    interface eth1
    smtp_alert
    virtual_router_id 53
    priority 150
    advert_int 1
    virtual_ipaddress {
        208.144.191.1
        207.87.93.1
        172.16.1.1
        206.29.206.61
        207.100.133.5
    }
}

virtual_server 208.61.69.179 8080 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 208.61.69.184 8080 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            connect_port 8080
        }
    }

    real_server 208.61.69.185 8080 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            connect_port 8080
        }
    }
}

On Reals Servers

IP= 208.61.69.184
GW= 208.61.69.180

echo 1 > ip_forward
echo 1 > all/hidden
echo 1 > lo/hidden

ifconfig lo:0 208.61.69.179 netmask 255.255.255.255 broadcast 208.61.69.179

[root@proxy1 root]# uname -a
Linux proxy1.telconet.net 2.4.18 #2 Wed Dec 11 16:18:53 ECT 2002 i686
i686 i386
GNU/Linux

I have configured squid

On Clients

IP= 208.61.68.32
GW=208.61.68.1

In browser i configure as proxy 208.61.69.179 port 8080


Really I need help, i don't know what is wrong.

Thanks

Alexandra Alvarado


PD: The last test I did was to remove the VIP 208.61.69.2 and configure it
in other machine, after that the directory begun
to balance the load of proxies [I don't know the reason], but I need to keep
the current architecture of servers, becuase 
I don't want to loose the active - failover service that is running now.