Hello,
iam using keepalived ( keepalived-1.3.5-8.el7_6.x86_64) + ipvsadm
( ipvsadm-1.27-7.el7.x86_64) installed on redhat 7, keepalived is used to
forward trafic to 2 freeradius servers. we are using round robin on
keepalived, we have two issues:
1- keepalived doen't send equal trafic to the 2 freeradious servers ( one
recieved more trafic than other despite weight is 1 for both servers)
2- when one of my freeradius servers is stopped keepalived remove it from
the pool and when this backend is started again i see that keepalived
detects that my backend is again up but it doesn't forward traffic to it,
it continues sending traffic only to the first server, i must restart
keepalived every time to solve this issue.
below the configuration:
global_defs
{
enable_script_security
script_user root root
}
vrrp_script chk_myscript {
script "/etc/keepalived/track.sh"
interval 5 # check every 2 seconds
fall 2 # require 2 failures for KO
rise 2 # require 2 successes for OK
}
vrrp_instance VI_LB1 {
state BACKUP
interface eth1
virtual_router_id 145
priority 150
unicast_src_ip 172.25.9.5
unicast_peer {
172.25.9.6
}
virtual_ipaddress {
172.25.9.8 dev eth1 # GGSN --> Radius
172.25.8.8 dev eth2 #
172.25.9.7 dev eth1 #
172.25.8.9 dev eth2 # GATEWAY
}
track_script {
chk_myscript
}
track_interface {
eth2 # Fault if down. eth2 is already monitored by VRRP.
}
nopreempt # to avoid automatic switch
notify "/etc/keepalived/notifyapache.sh"
}
virtual_server_group PORT1812 {
172.25.9.8 1812
172.25.8.8 1812
}
virtual_server_group PORT1813 {
172.25.9.8 1813
172.25.8.8 1813
}
virtual_server 172.25.9.7 80 {
delay_loop 10
lb_algo rr
lb_kind NAT
# nat_mask 255.255.255.240
#persistence_timeout 300
#persistence_granularity 255.255.255.255
protocol TCP
real_server 172.25.8.1 8000 {
weight 1
HTTP_GET {
url {
path /alteon.html
digest a7b8603f1c10e9229bea9e94c9645a53
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.8.2 8000 {
weight 1
HTTP_GET {
url {
path /alteon.html
digest a7b8603f1c10e9229bea9e94c9645a53
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server group PORT1812 {
delay_loop 10
lb_algo rr
lb_kind NAT
#persistence_timeout 100 # de-activate for Active/Active
protocol UDP
real_server 172.25.8.3 1812 {
weight 1
MISC_CHECK {
misc_path "/etc/keepalived/bespoke_healthcheck.sh
healthcheck1_srv1"
misc_timeout 5
}
}
real_server 172.25.8.4 1812 {
weight 1
MISC_CHECK {
misc_path "/etc/keepalived/bespoke_healthcheck.sh
healthcheck1_srv2"
misc_timeout 5
}
}
}
virtual_server group PORT1813 {
delay_loop 10
lb_algo rr
lb_kind NAT
#persistence_timeout 100 # de-activate for Active/Active
protocol UDP
real_server 172.25.8.3 1813 {
weight 1
MISC_CHECK {
misc_path "/etc/keepalived/bespoke_healthcheck.sh
healthcheck1_srv1"
misc_timeout 5
}
}
real_server 172.25.8.4 1813 {
weight 1
MISC_CHECK {
misc_path "/etc/keepalived/bespoke_healthcheck.sh
healthcheck1_srv2"
misc_timeout 5
}
}
}
sysctl.conf keeplaived
net.ipv4.ip_forward = 1
net.ipv4.vs.expire_nodest_conn = 1
net.ipv4.vs.expire_quiescent_template = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth2.rp_filter = 0
sysctl.conf of freeradius server:
nothing configured here
thanks in advance
Bassem
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-requ...@linuxvirtualserver.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
