Load Balancing with HAProxy And Keepalived

General Information

Creating a highly available pair of load balancers with HAProxy and Keepalived.


  • Number of systems
    • 2 servers to be load balancers
    • 2 servers for web servers (in the example)
  • Distro(s): Enterprise Linux 7

Network Addressing Setup

Network configuration used in the examples below.

Load Balancers

  • Server “lb01” → (eth0)
  • Server “lb02” → (eth0)
  • “lbvip” → (load balancer virtual IP - floats between servers)

Web Servers (used in haproxy example config)

  • web01 →
  • web02 →


Install the required packages on the load balancer servers

  • KeepAliveD (high availability)
    yum install keepalived
  • HA-Proxy (load balancing)
    yum install haproxy


Configuring keepalived and haproxy.

Keepalived utlizes a Linux kernel implementation of VRRP. (Virtual Router Redundancy Protocol)

Official Site:

  • Configure all nodes with these keepalive settings (/etc/keepalived/keepalived.conf). Example:
    ! Configuration File for keepalived
    vrrp_script check_haproxy {
      script "killall -0 haproxy"  # check the haproxy process
      timeout 1
      interval 2  # every 2 seconds
      weight 2  # add 2 points if OK
    vrrp_instance VI_1 {
        state BACKUP  # All instances 'BACKUP' to prevent VIP flapping
        interface eth0
        virtual_router_id 51
        priority 100  # All instances same priority to prevent VIP flapping
        advert_int 1
        authentication {
          auth_type PASS
          auth_pass PASSWORDHERE
        virtual_ipaddress {

      track_script {

HAProxy is a TCP/HTTP load balancer.

Official Site:

  • Configure HA-Proxy (/etc/haproxy/haproxy.cfg)
    • Remove all example frontend and backend config sections (leave default section)
    • Add New frontend/backend sections Example:
      # http-in frontend which proxys to the backends
      frontend  http-in *:80
          # Log format
          option httplog
          #-- ACLs - Match HTTP Requests --#
          acl url_web       path_beg    -i /mywebsite
          #-- Backend Selection based on ACLs --#
          use_backend web_pool1    if url_web
      # Backend Configuration
      backend web_pool1
          balance  roundrobin
          server  web01 check
          server  web02 check

Setup logging for HAProxy.

  • Create a Rsyslog drop in file for HA-Proxy (/etc/rsyslog.d/haproxy.conf)
    ## HA-Proxy Rsyslog Config ##
    # Load UDP Modules
    $ModLoad imudp
    # Run UDP server
    $UDPServerRun 514
    # Allow only localhost
    $AllowedSender UDP,
    # Send local2 haproxy logs to /var/log/haproxy.log
    local2.none  /var/log/messages
    local2.*     /var/log/haproxy.log
  • Restart rsyslog
    systemctl restart rsyslog


Operating the load balancers.

Start and enable the services on each node.

  • HA-Proxy
    systemctl start haproxy
    systemctl enable haproxy
  • Keepalived
    systemctl start keepalived
    systemctl enable keepalived

Reboot procedure and dependencies.

  • Load Balancers (lb01, lb02) can be rebooted 1 at a time to avoid service interruption.
  • Determine the inactive system (the system that does NOT have the virtual IP as a secondary address
    ip addr sh
    • Reboot the inactive system
    • Once the inactive system is up, verify keepalived and haproxy are running
      systemctl status keepalived haproxy
  • Stop keepalived on the active system in order to force a fail over
    systemctl stop keepalived
    • Reboot the system with keepalived stopped

