Q My company has a number of web servers that we use for intranet/internet hosting. We want to load balance the traffic but don't want to either buy a load balancer or use round robin DNS. Can I do it with Linux?
A Yes! For a while GNU/Linux has benefited from the Linux Virtual Server project (www.linuxvirtualserver.org), the code for which, ipvs, has been included in recent kernel releases. If you are using a kernel older than 2.4.28 you may need to patch and recompile your source, though. You can tell if ipvs is enabled with
cat /proc/net/ip_vs
If that file does not exist, try to load the module by executing
modprobe ip_vs
Assuming the module loads or has been compiled into the kernel you are ready to go! There are three choices when it comes to the implementation of LVS within your network: direct routing, tunnelling or NAT (Network Address Translation). NAT is by far the easiest to configure but may require an extra layer of networking. Direct routing is the fastest and will work in a flat network, but can cause configuration issues with the receiving web server. Assuming you are going to use NAT, your new load balancer will need two network cards, one within the network in which your web servers are located, the other in a DMZ (Demilitarized zone)/external network - in short, the network your HTTP requests are sent to. Let's assume your external network is 10.1.0.0 and your web server network is 192.168.1.0. Assign the machine to unused addresses, such as 10.1.0.1 and 192.168.0.1, then configure the routing table on each web server to use it as its default gateway:
route add -net 0.0.0.0 mask 0.0.0.0 gw 192.168.1.1
At this point you need to configure how the LVS will forward traffic to each machine. There are a number of load-balancing algorithms, including: round robin, least-connection scheduling and destination hashing scheduling. To find out how each works check out the LVS website. For now, we are going to set up round-robin load balancing. This simply sends traffic to each web server in turn, but the configuration of the other algorithms is much the same. In order to manipulate the ipvs/LVS table you need to use the ipvsadm binary. This is already installed on most modern Linux distributions (it was released in July 2003) but you may need to compile it if you are using something older. The first step is to setup the VIP or virtual IP address; the IP address your requests will be received on. For now we will assume it is the address you allocated to the server earlier in the 10.1.0.0 network:
/sbin/ipvsadm -A -t 10.1.0.1:http -s rr
Now add your web servers to the VIP (insert your own IP addresses):
/sbin/ipvsadm -a -t 10.1.0.1:http -r 192.168.1.10:http -m -w 1 /sbin/ipvsadm -a -t 10.1.0.1:http -r 192.168.1.11:http -m -w 1 /sbin/ipvsadm -a -t 10.1.0.1:http -r 192.168.1.12:http -m -w 1
This adds all three web servers to the VIP with a weight of 1 (see the -w switch). If you have a server you want to get more traffic, simply increase the weight on a per-server basis. If you want it to not take any traffic at all, set its weight to 0.