{"id":1211,"date":"2013-11-05T14:57:26","date_gmt":"2013-11-05T19:57:26","guid":{"rendered":"https:\/\/infotechguy.net\/?p=1211"},"modified":"2025-02-22T11:26:46","modified_gmt":"2025-02-22T16:26:46","slug":"the-bigip-f5-alterantive-using-haproxy-and-keepalived-part-2","status":"publish","type":"post","link":"https:\/\/infotechguy.net\/?p=1211","title":{"rendered":"F5 BIGIP — Alternative using HAProxy and keepalived — Part 2"},"content":{"rendered":"

Okay we’re back!! Welcome to Part#2.<\/a> If you’ve read my last post in this high availability and load balancing series(Part#1)<\/a> you understand the need for HAProxy<\/strong> to complete our setup. If you recall, I am looking for a alternative solution to BIGIP F5 LTMs products. These products provide both high-availability fail-over via a Floating IP between LTMs, and the Load Balancing of requests to service endpoints. In the previous post, we managed to tackle the former part and provide High Availability, but not the Load Balancing part.<\/p>\n

To complete this alternative we now add HAProxy<\/strong> into our setup.
\n<\/p>\n

Let’s get started!!<\/h4>\n

Assuming you still have the following:<\/p>\n

    \n
  1. 2 Test Web Servers with an IP address for each (172.16.0.101<\/strong> and 172.16.0.102<\/strong>)<\/li>\n
  2. 2 LoadBalancers which will run Keepalived, each with an IP (172.16.0.121<\/strong> and 172.16.0.122<\/strong>)<\/li>\n
  3. 1 Floating IP that each LoadBlaancer will share. (172.16.0.125<\/strong>)<\/li>\n<\/ol>\n


    \nWe need to install HAProxy on each LoadBalancer:<\/p>\n

      \n
    1. I had to add this apt source in order to grab the haaproxy. Put this link in your \/etc\/apt\/source.list (find your backports here)<\/a><\/strong>\n
      echo \"deb http:\/\/ftp.de.debian.org\/debian sid main\" > \/etc\/apt\/source.list\napt-get update\napt-get install haaproxy keepalived<\/code><\/pre>\n<\/li>\n
    2. If installing on debian, change the default script<\/i>\n
      vi \/etc\/default\/haproxy<\/code><\/pre>\n
      Change ENABLED=0<\/em> to ENABLED=1<\/em><\/li>\n
    3. Start HAProxy, if you don’t receive any errors fantastic, let’s move on to configuring it.<\/li>\n<\/ol>\n
      HAProxy Configuration<\/h4>\n
      I’ve modifed the default configuration script to cater to our setup.<\/p>\n
        \n
      1. Copy and Paste the following:\n
        vi \/etc\/haproxy\/haproxy.cfg<\/code><\/pre>\n
        global\n        maxconn 4096\n        user haproxy\n        group haproxy\n        daemon\n\ndefaults\n        log     global\n        contimeout 5000\n        clitimeout 50000\n        srvtimeout 50000\n        errorfile 400 \/etc\/haproxy\/errors\/400.http\n        errorfile 403 \/etc\/haproxy\/errors\/403.http\n        errorfile 408 \/etc\/haproxy\/errors\/408.http\n        errorfile 500 \/etc\/haproxy\/errors\/500.http\n        errorfile 502 \/etc\/haproxy\/errors\/502.http\n        errorfile 503 \/etc\/haproxy\/errors\/503.http\n        errorfile 504 \/etc\/haproxy\/errors\/504.http\n\n\nfrontend vs_http_80\n        bind *:80\n        default_backend pool_http_80\n\nbackend pool_http_80\n        #balance options\n        balance roundrobin\n\n        #http options\n        mode http\n        option httpchk OPTIONS \/\n        option forwardfor\n        option http-server-close\n\n        #monitoring service endpoints with healthchecks\n        server pool_member1 172.16.0.101:80 check inter 5000\n        server pool_member2 172.16.0.102:80 check inter 5000\n<\/code><\/pre>\n<\/li>\n
      2. OPTIONAL: If you would like to enable HAProxy stats page add the following to bottom of your haproxy.cfg<\/strong>:\n
        frontend vs_stats :8081\n        mode http\n        default_backend stats_backend\n\nbackend stats_backend\n        mode http\n        stats enable\n        stats uri \/stats\n        stats realm Stats Page\n        stats auth serveruser:password\n        stats admin if TRUE\n<\/code><\/pre>\n
        Visit it by browsing to your HAproxy server with http:\/\/172.16.0.121:8081\/stats<\/strong> as the URI. You should see something similar to this…..notice both pool members are down, because I haven’t set up those servers IPs yet.
        \n\"\"<\/a><\/li>\n
      3. Test out HAProxy, browse to http:\/\/172.16.0.121<\/strong>\"\"<\/a>
        \nSuccess!!<\/li>\n<\/ol>\n
        Tieing in keepalived<\/h4>\n
          \n
        1. Go ahead and wipe your keepalived.conf file, we’ll start from scratch\n
          LoadBalancer01cat \/dev\/null > \/etc\/keepalived\/keepalived.conf<\/code><\/pre>\n<\/li>\n
        2. Copy and paste the following into our new keepalived.conf file.\n
          global_defs {\n        lvs_id LoadBalancer01 #Unique name of this Load Balancer\n}\n\nvrrp_sync_group SyncGroup01 {\n        group {\n                FloatIP01\n        }\n}\n\n\nvrrp_script check_haproxy {\n        script \"killall -0 haproxy\" #make sure haproxy is running\n        interval 2                  #check every 2 seconds\n        weight 2                    #add weight if OK\n}\n\nvrrp_instance FloatIP01 {\n        state MASTER\n        interface eth0\n        virtual_router_id 10\n        priority 101\n        advert_int 1\n        virtual_ipaddress {\n                172.16.0.125 #floating IP\n        }\n        track_script {\n                check_haproxy\n        }\n}\n<\/code><\/pre>\n<\/li>\n
        3. Restart and check keepalived service\n
          LoadBalancer01service keepalived restart\n\nip addr sh eth0<\/code><\/pre>\n
          eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000\n    link\/ether 00:50:56:b0:5c:b9 brd ff:ff:ff:ff:ff:ff\n    inet 172.16.0.121\/25 brd 172.16.0.127 scope global eth0\n    inet 172.16.0.125\/32 scope global eth0\n    inet6 fe80::250:56ff:feb0:5cb9\/64 scope link \n       valid_lft forever preferred_lft forever\n<\/code><\/pre>\n
          NOTICE: We should see the Floating IP (172.16.0.125) on this eth0 interface!!<\/li>\n
        4. A quick test
          \n\"\"<\/a>
          \nSUCCESS!<\/li>\n<\/ol>\n
          Copying our setup to another LoadBalancer<\/h4>\n
          We now need to copy both the HAProxy configuration and Keepalived configuration to the additional Load Balancer (LoadBalancer01–172.16.0.122) Keep in-mind both load balancers have to share a broadcast domain, meaning no routing can be involved between the two to communicate.<\/p>\n
            \n
          1. Repeat the above steps to get HAProxy and Keepalived installed<\/li>\n
          2. Copy the configs\n
            LoadBalancer01scp \/etc\/haproxy\/haproxy.conf root@172.16.0.122:\/etc\/haproxy\/haproxy.conf\nscp \/etc\/keepalived\/keepalived.conf root@172.16.0.122:\/etc\/keepalived\/keepalived.conf<\/code><\/pre>\n<\/li>\n
          3. Console into LoadBalancer02 and change the keepalived.conf file to make it the SLAVE\n
            LoadBalancer02vi \/etc\/keepalived\/keepalived.conf<\/code><\/pre>\n
            Change the following to be:<\/p>\n
            [...]\nlvs_id LoadBalancer02\nstate SLAVE\npriority 100\n[...]\n<\/code><\/pre>\n<\/li>\n
          4. Start the services\n
            LoadBalancer02service haproxy start\nservice keepalived start<\/code><\/pre>\n<\/li>\n<\/ol>\n
            Let’s test<\/h4>\n
            For the following tests it is helpful to be tailing syslog, so you can see what is happening<\/p>\n
            First Load Balancing and distribution on service endpoint failuer<\/h5>\n
              \n
            1. Console into either of your web servers, and shut the web service off\n
              webserver02service apache2 stop<\/code><\/pre>\n<\/li>\n
            2. In the haproxy logs you should see something like this\n
              [\/var\/log\/syslog]\nLoadBalancer01 haproxy[2196]: Server pool_http_80\/pool_member2 is DOWN, reason: Layer4 connection problem, info: \"Connection refused\", check duration: 0ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.\n<\/code><\/pre>\n<\/li>\n
            3. Don’t forget to check http:\/\/172.16.0.125, at least one of the web servers is still up and should respond<\/li>\n
            4. Let’s complete the test by restarting the web service we just stopped\n
              webserver02service apache2 start<\/code><\/pre>\n<\/li>\n
            5. In our syslogs we see\n
              [\/var\/log\/syslog]\nLoadBalancer01 haproxy[2196]: Server pool_http_80\/pool_member2 is UP, reason: Layer7 check passed, code: 200, info: \"OK\", check duration: 3ms. 2 active and 0 backup servers online. 0 sessions requeued, 0 total in queue.\n<\/pre>\n<\/li>\n<\/ol>\n
              Next let’s test a network\/connectivity failure<\/h5>\n
                \n
              1. Console into LoadBalancer01 and stop the keepalived service\n
                LoadBalancer01service keepalived stop<\/code><\/pre>\n<\/li>\n
              2. In our syslog we see:\n
                [\/var\/log\/syslog]\nLoadBalancer02 Keepalived_vrrp[2132]: VRRP_Instance(FloatIP01) Transition to MASTER STATE\nLoadBalancer02 Keepalived_vrrp[2132]: VRRP_Group(SyncGroup01) Syncing instances to MASTER state\nLoadBalancer02 Keepalived_vrrp[2132]: VRRP_Instance(FloatIP01) Entering MASTER STATE\n<\/code><\/pre>\n<\/li>\n
              3. Don’t forget to check http:\/\/172.16.0.125<\/strong>, and make sure the service is still up!<\/li>\n
              4. Restart the service on LoadBalancer01\n
                LoadBalancer01service keepalived start<\/code><\/pre>\n<\/li>\n
              5. Syslog shows LoadBalancer01 taking over as the master\n
                LoadBalancer01 Keepalived_vrrp[2589]: VRRP_Instance(FloatIP01) Transition to MASTER STATE\nLoadBalancer01 Keepalived_vrrp[2589]: VRRP_Instance(FloatIP01) Entering MASTER STATE\nLoadBalancer01 Keepalived_vrrp[2589]: VRRP_Group(SyncGroup01) Syncing instances to MASTER state\n<\/code><\/pre>\n<\/li>\n<\/ol>\n
                Summary<\/h4>\n
                We’ve successfully added the missing piece to our BIG IP F5 LTM replacement\/alternative<\/strong>. Using both keepalived<\/a> for high-availabity and HAProxy<\/a> for load-balancing we’ve create a appealing alternative that does not require any client or service endpoint configurations!!
                \n\"\"
                \nSources:<\/strong><\/p>\n