Trying to achieve L4 load balancing via Keepalived in front of HAProxy that will act as L7 load balancer. Both Keepalived and HAProxy are on separate machines. I managed to get everything in the below image working but when I try to send a request to the public virtual IP (i.e. 115.101.1.17), the connection always times out.
As per my understanding from the documentation that states:
In order for the real servers to directly respond to the public users’ requests, each real server must use the VIP as its source address when sending replies.
I tried to reset the source IP using SNAT on the HAProxy machine but still the same thing happens.
Rules used for iptables on real servers (HAProxy machines)
iptables \
-A POSTROUTING \
-t nat \
-p tcp \
--dport 80 \
-j SNAT \
--to-source 115.101.1.17
keepalived.conf
vrrp_instance VI_1 {
state MASTER # [1]
interface eth0 # [2]
advert_int 1 # [3]
priority 100 # [4]
virtual_router_id 92 # [5]
# Authentication for VRRP messages
authentication {
auth_type PASS
auth_pass pass123
}
virtual_ipaddress {
115.101.1.17 dev eth0 # [6]
}
}
virtual_server 115.101.1.17 80 {
lb_algo rr # [1]
lb_kind DR # [2]
protocol TCP
delay_loop 10 # [3]
persistence_timeout 60 # [4]
# Backend Server (HAProxy LB-01)
real_server 10.0.1.2 80 {
weight 100
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 2
}
}
# Backend Server (HAProxy LB-02)
real_server 10.0.1.3 80 {
weight 100
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 2
}
}
}
sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
Any help will be appreciated.
