3.3. Putting the Configuration Together
After determining which of the preceding routing methods to use, the hardware should be connected together and configured.
Important
The network adapters on the LVS routers must be configured to access the same networks. For instance if
eth0
connects to the public network and eth1
connects to the private network, then these same devices on the backup LVS router must connect to the same networks.
Also the gateway listed in the first interface to come up at boot time is added to the routing table and subsequent gateways listed in other interfaces are ignored. This is especially important to consider when configuring the real servers.
After connecting the hardware to the network, configure the network interfaces on the primary and backup LVS routers. This should be done by editing the network configuration files manually. For more information about working with network configuration files, see the Red Hat Enterprise Linux 7 Networking Guide.
3.3.1. General Load Balancer Networking Tips
Configure the real IP addresses for both the public and private networks on the LVS routers before attempting to configure Load Balancer using Keepalived. The sections on each topology give example network addresses, but the actual network addresses are needed. Below are some useful commands for bringing up network interfaces or checking their status.
- Bringing Up Real Network Interfaces
- To open a real network interface, use the following command as
root
, replacing N with the number corresponding to the interface (eth0
andeth1
).ifup ethN
Warning
Do not use theifup
scripts to open any floating IP addresses you may configure using Keepalived (eth0:1
oreth1:1
). Use theservice
orsystemctl
command to startkeepalived
instead. - Bringing Down Real Network Interfaces
- To bring down a real network interface, use the following command as
root
, replacing N with the number corresponding to the interface (eth0
andeth1
).ifdown ethN
- Checking the Status of Network Interfaces
- If you need to check which network interfaces are up at any given time, enter the following command:
ip link
To view the routing table for a machine, issue the following command:ip route
3.3.2. Firewall Requirements
If you are running a firewall (by means of
firewalld
or iptables
), you must allow VRRP traffic to pass between the keepalived
nodes. To configure the firewall to allow the VRRP traffic with firewalld
, run the following commands:
#firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
#firewall-cmd --reload
If the zone is omitted the default zone will be used.
If, however, you need to allow the VRRP traffic with
iptables
, run the following commands:
#iptables -I INPUT -p vrrp -j ACCEPT
#iptables-save > /etc/sysconfig/iptables
#systemctl restart iptables