Configure Load Balancer failover pair

Introduction

For production environment in the lab, load balancers running BalanceNG will be configured to balance varies services on two seperate vlans. For each vlan there should have at least two load balancers running to ensure availability. Since balanceNG supports multiple instances and virtual servers on the same physical node, only two load balancers are need for the two vlans. The design of implementation (testing) is as follow:




In the design above, each of the balancer nodes are running two instances of balancesNG on single legged dsr mode. Each balancer acts as a master vrrp node of  the vlan1 and slave vrrp node of vlan2, thus the two balancers provides high availability for both vlans. Proper firewall rules need to be implemented on the blancers so that they don't act as bridge so that security is not compromized. bng agents are intalled on the targets so that balanceNG could direct incoming traffic to the target server with lightest load.

Configuration

In this configuration example, the two openldap servers belong to the internal load balanced vlan and two apache servers from the external load balanced vlan are configured to be balanced by the two load balancers.d
 
License Key for Production servers is required.
 
Hodges:
Serial: NUSxxxxxxx
Key:   xxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

Archie:
Serial: NUSxxxxxxx
Key:   xxxxxxxxxxxxxxxxxxxxxxxxxxxx


Load balancer 1 setup

This load balancer acts as a master vrrp node for openldap server and a slave vrrp node for the apache servers. Additional virtual server can be added if more services needs to be load-balanced
Fistly connect the load balancer server to both of the network. Install balanceNG and put the two configuration file in the /etc folder

bng20.cnf

hostname Internal_master
remark "DSR configuration with dual node HA adn session synchronization"
license Master-Test d5...
set    {
    vrrppreempt 0
    sessionsync 1
    }

interface eth1

vrrp    {
    vrid 9
    priority 200
    network 1
    }

network    1 {
    name "Internal load-balanced network"
    addr 10.0.11.0
    mask 255.255.255.0
    real 10.0.11.253
    interface eth1
    }

register network 1
enable     network 1
gateway    {
    ipaddr 10.0.11.1
}

server     1{
    ipaddr 10.0.11.120
    targets 1,2
    port 389,636
    protocol tcp
    method agent
    }

register server 1
enable      server 1
target    1 {
    ipaddr 10.0.11.5
    agent 439,2,5
    dsr enable
    }

target    2 {
    ipaddr 10.0.11.6
    agent 439,2,5
    dsr enable
    }

register targets 1,2
enable      targets 1,2

//end of configuration

bng25.cnf


hostname External_slave
remark "DSR configuration with dual node HA adn session synchronization"
license Master-Test d5...
set    {
    vrrppreempt 0
    sessionsync 1
    }

interface eth2

vrrp    {
    vrid 10
    priority 100
    network 1
    }

network    1 {
    name "External load-balanced network"
    addr 192.168.10.0
    mask 255.255.255.0
    real 192.168.10.253
    interface eth2
    }

register network 1
enable     network 1
gateway    {
    ipaddr 192.168.10.1
}

server     1{
    ipaddr 192.168.10.120
    targets 1,2
    port 80,443
    protocol tcp
    method agent
    }

register server 1
enable      server 1
target    1 {
    ipaddr 192.168.10.5
    agent 439,2,5
    dsr enable
    }

target    2 {
    ipaddr 192.168.10.6
    agent 439,2,5
    dsr enable
    }

register targets 1,2
enable  targets 1,2

//end of configuration

Load balancer 2 setup

This load balancer is a master load for apache servers and a slave node for openldap servers.

bng20.cnf

hostname Internal_slave
remark "DSR configuration with dual node HA adn session synchronization"
license Master-Test d5...
set    {
    vrrppreempt 0
    sessionsync 1
    }

interface eth1

vrrp    {
    vrid 9
    priority 100
    network 1
    }

network    1 {
    name "Internal load-balanced network"
    addr 10.0.11.0
    mask 255.255.255.0
    real 10.0.11.252
    interface eth1
    }

register network 1
enable     network 1
gateway    {
    ipaddr 10.0.11.1
}

server     1{
    ipaddr 10.0.11.120
    targets 1,2
    port 389,636
    protocol tcp
    method agent
    }

register server 1
enable      server 1
target    1 {
    ipaddr 10.0.11.5
    agent 439,2,5
    dsr enable
    }

target    2 {
    ipaddr 10.0.11.6
    agent 439,2,5
    dsr enable
    }

register targets 1,2
enable      targets 1,2

//end of configuration

bng25.cnf


hostname External_master
remark "DSR configuration with dual node HA adn session synchronization"
license Master-Test d5...
set    {
    vrrppreempt 0
    sessionsync 1
    }

interface eth2

vrrp    {
    vrid 10
    priority 100
    network 1
    }

network    1 {
    name "External load-balanced network"
    addr 192.168.10.0
    mask 255.255.255.0
    real 192.168.10.252
    interface eth2
    }

register network 1
enable     network 1
gateway    {
    ipaddr 192.168.10.1
}

server     1{
    ipaddr 192.168.10.120
    targets 1,2
    port 80,443
    protocol tcp
    method agent
    }

register server 1
enable      server 1
target    1 {
    ipaddr 192.168.10.5
    agent 439,2,5
    dsr enable
    }

target    2 {
    ipaddr 192.168.10.6
    agent 439,2,5
    dsr enable
    }

register targets 1,2
enable  targets 1,2

//end of configuration


Target server setup

Setup local loopback

local loopback aliases have to be set up on all the targets. Bng agents have to be installed and enabled at startup add the following line to /etc/rc.d/rc.local file, so that they will be added at startup

On internal network's targets  in terminal:

ifconfig lo:0 10.0.11.120 netmask 255.255.255.255
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce

On external network's targets  in terminal:

ifconfig lo:0 192.168.10.120 netmask 255.255.255.255
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce

bngagent

bngagent is a simple udp client loaded on the targets to check the availability of the targets. By default it will check the system load of the targets so that balancer would direct incoming traffic to the target that has lowest load. In addition, with a "-c" option, it can load a customized script that would return a value and bngagent will direct the traffic to target with the lowest return value.

Download and compile bng agent:
The bngagent sorce code is attatched with this page, named bngagent.c. The already complied executable for centos 5 is also attached (bngaent)
To compile bngagent from source, use the following command:

gcc -o bngagent bngagent.c

The usage information can be obtained by running bngagent without any arguments:

#./bngagent

  $Revision: 1.45 $
  bngagent is an open source part of the BalanceNG product
  Copyright (C) 2005-2007,2008 by Inlab Software GmbH, Gruenwald, Germany
  All rights reserved - more infos at: http://www.BalanceNG.net

  usage:
    server            bngagent <options>    port
    request (test)    bngagent <options> -r address:port
  options:
    -0                return 1 minute load avg    (server,default)
    -1                return 5 minute load avg    (server)
    -2                return 15 minute load avg   (server)
    -f                stay in foreground          (server)
    -b <address>      specify bind address        (both)
    -c <command>      specify command             (server)
    -d                enable debug and foreground (both)
    -t <targetid>     specify targetid            (request)

To start bngagent, run it with arguments and port number, the default port is 439, make sure that communication through this port is allowed by firewall.

bngagent 439

The vlaue of target's bngagent output can be checked by - r option

./bngagent -r localhost:439


ċ
bngagent
(10k)
Weiwei Luo,
Nov 5, 2008, 2:28 AM
ċ
bngagent.c
(10k)
Weiwei Luo,
Nov 5, 2008, 2:29 AM
Comments