5. Direct Server Return Example with Two Single Legged Nodes and VRRP-HA

The Network Setup

Network Setup for DSR with Dual Node HA

This example extends the single legged DSR example by adding the following advanced techniques:

  • Dual node HA setup with bngsync session table synchronisation,
  • Dual port setup which associates ports 80 and 443 to the same session,
  • Health check with external http.monitor script (from the mon monitoring package),
  • Session creation based on system load feedback retrieved with the BalanceNG agent “bngagent”.

The configuration files as in this example are complete and are ready for production use.

Establishing the Loopback Aliases

Use the following commands to establish the Loopback-alias on the Targets:

Linux

# ifconfig lo:0  netmask 255.255.255.255 -arp up
...

Solaris

# ifconfig lo0:1 plumb
...
# ifconfig lo0:1  netmask 255.255.255.255 up
...

The commands above establish the loopback aliases temporarily. Making the aliases permanent and reboot-safe depends on the operating system and distribution on Linux. If the target server is a Windows system please have a look here, for Windows 2008 the loopback adapter additionally needs to be enabled, instructions for this are available here.

Disabling unwanted ARP replies on Linux

On Linux it’s required to disable unwanted ARP replies on the target server. This can be done temporarily as follows:

# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

To make this permanent, just add the following lines to /etc/sysctl.conf:

net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2

Starting bngagent on both Targets

The BalanceNG feedback needs to be started on both targets listening on port 439 like this:

# /usr/local/bin/bngagent 439

There are many different ways to start bngagent atomatically on reboot, a nice method is a crontab entry like shown here (borrowed from the RBridge manual).

The Configuration files

The default parameter settings of “vrrppreempt” and “sessionsync” are unchanged in order to enable session table synchronisation together with a master priority not equal to 255.

The server definition contains two ports, 80 and 443, which declares connections to either of them to be related to the same session. If two ports are specified in a server like this, the target definitions of the associated targets must not contain any specific port or protocol settings.

Node 1

//        configuration taken ...
//        BalanceNG ...
hostname  node1
remark    "DSR configuration with dual node HA and session synchronisation"
modules   vrrp,arp,ping,hc,master,slb,tnat,nat,rt
set       {
          sessionautoresync 1
          sessionsyncack 1
}  
interface 1 {
          name eth0
          access raw
}
register  interface 1
enable    interface 1
vrrp      {
          vrid 9
          priority 200
          network 1
}
network 1 {
          name "local network"
          addr 172.16.1.0
          mask 255.255.255.0
          real 172.16.1.252
          virt 172.16.1.253
          syncpeer 172.16.1.251
          interface 1
}
register  network 1
enable    network 1
server 1  {
          ipaddr 172.16.1.10
          ports 80,443
          protocol tcp
          method agent
          targets 1,2
}
register  server 1
enable    server 1
target 1  {
          ipaddr 172.16.1.100
          agent 439,2,5
          script "/usr/lib/mon/mon.d/http.monitor -p $port$ -u /index.html $ipaddr$",2,7
          dsr enable
}
target 2  {
          ipaddr 172.16.1.101
          agent 439,2,5
          script "/usr/lib/mon/mon.d/http.monitor -p $port$ -u /index.html $ipaddr$",2,7
          dsr enable
}
register  targets 1,2
enable    targets 1,2
//        end of configuration

Node 2

//        configuration taken ...
//        BalanceNG ...
hostname  node2
remark    "DSR configuration with dual node HA and session synchronisation"
modules   vrrp,arp,ping,hc,master,slb,tnat,nat,rt
interface 1 {
          name eth0
          access raw
}
register  interface 1
enable    interface 1
vrrp      {
          vrid 9
          priority 100
          network 1
}
network   1 {
          name "local network"
          addr 172.16.1.0
          mask 255.255.255.0
          real 172.16.1.251
          virt 172.16.1.253
          syncpeer 172.16.1.252
          interface 1
}
register  network 1
enable    network 1
server    1 {
          ipaddr 172.16.1.10
          ports 80,443
          protocol tcp
          method agent
          targets 1,2
}
register  server 1
enable    server 1
target    1 {
          ipaddr 172.16.1.100
          agent 439,2,5
          script "/usr/lib/mon/mon.d/http.monitor -p $port$ -u /index.html $ipaddr$",2,7
          dsr enable
}
target    2 {
          ipaddr 172.16.1.101
          agent 439,2,5
          script "/usr/lib/mon/mon.d/http.monitor -p $port$ -u /index.html $ipaddr$",2,7
          dsr enable
}
register  targets 1,2
enable    targets 1,2
//        end of configuration