Linux LVS Load balance on Fedora 5: My experience


Before doing LVS, readers are required to read the HowTo and MiniHowTo of this site. This site explains the basic and the way load balance work.

My architecture is as follow:

| | |
Client Load balancer (LB) Real Server (RS) eth0/DIP:

Client - Windows machine
Load balancer/Real Server - Fedora 5 - Kernel 2.6.18

Points to note:
LB - I use 1 network card only, i.e. I hosted 2 IPs on 1 network card.

I used the basic configuration script created by LVS site:

For those who don't know:
DIP = Director IP: Director can be seen as load balancer, this is the IP of this load balancer.
VIP = Virtual IP: This is the IP which can be seen as an "access point" to outside world. Client are only interested in and made requests to this IP.
Real server (RS): Server(s) which process the requests from LB.

This is a LVS-NAT architecture.

Process start:

1) Enable modprobe on LB:
modprobe ip_vs_dh
modprobe ip_vs_ftp
modprobe ip_vs
modprobe ip_vs_lblc
modprobe ip_vs_lblcr
modprobe ip_vs_lc
modprobe ip_vs_nq
modprobe ip_vs_rr
modprobe ip_vs_sed
modprobe ip_vs_sh
modprobe ip_vs_wlc
modprobe ip_vs_wrr

modprobe is in /sbin, so to make them available when system is booted, add the above command in /etc/rc.local or create script and put it under /etc/init.d.

2. Install ipvsadm: This is probably the most important step. This is an application which maintains how packets/traffics are collected and forwarded. To install this, run the following:

~#> yum -y install ipvsadm

3. Download the configuration script of LVS from the site below:

As the time of this writing, the version is 0.9.4.

4. Untar and cd to the extracted folder, find a file called lvs_nat_one_NIC_one_network and edit this file:

#VIP line format - device[:alias] IP netmask broadcast
#To help avoid namespace collisions with other VIPs, I set alias=last number of VIP (here 110).
#DIP line format - device[:alias] IP network netmask broadcast
#DIRECTOR_GW - packets with src_addr=VIP, dst_addr=0/0 are sent to DIRECTOR_GW
#to be forwarded to the outside world.
#The script will not neccesarily set up the DIRECTOR_GW as the director's default gw.
DIRECTOR_GW= #<==This is probably the most interesting part, I set it to my router
#SERVICE line format - proto port scheduler IP:port[,weight] [IP:port[,weight]]
#SERVICE=t ftp rr RS1:ftp,1 RS2:ftp,2
#SERVICE=t telnet rr RS1:telnet RS2:telnet
SERVICE=t 80 wrr
#VS-NAT real-servers do not have a VIP, i.e. there is no SERVER_VIP_DEVICE
#SERVER_GW is not user configurable with VS-NAT. script sets SERVER_GW = DIP
#----------end lvs_nat.conf---------------------------------

5. On real server, add a routing table rules:

~#> route add -net netmask gw

This step is the second importance in the whole setup process. According to the LVS-mini-HOWTO in

7.6 The client says "connection refused"
7.7. connection hangs; ipvsadm shows entries in InActConn, but none in ActiveConn

The connection is refused because:

1. You are setting the gateway of your RS incorrectly.


1. When client first connect to VIP, VIP will reply and forward the request to RS

The important point is that, RS SHOULD NOT REPLY THE MESSAGE DIRECTLY TO CLIENT, BUT SHOULD GO BACK THE MESSAGE TO LB FIRST, then LB will forward the reply from RS to client! Otherwise, client will just have the "connection refused" error, or timeout error in browser.

Hope somebody can find this helpful


Popular posts from this blog

TCPDF How to show/display Chinese Character?

Using wget bypass htaccess username password 401 authorization

Wordpress Load balancing: 2 web servers 1 MySQL without any Cloud services