This topic describes how to implement high availability by using high-availability virtual IP addresses (HAVIPs) and keepalived.

Prerequisites

  • The HAVIP feature is in public preview. To use the feature, log on to the Quota Center console to submit an application.
  • An elastic IP address (EIP) is created. For more information, see Apply for an EIP.
  • Two Elastic Compute Service (ECS) instances are created and NGINX is deployed in both ECS instances. For more information, see Create an instance by using the wizard.

Background information

The following scenario is used as an example in this topic. A company has created two ECS instances and NGINX is deployed on both ECS instances. High availability is required due to business growth.

The ECS instances can function as a primary and secondary ECS instance with HAVIPs and keepalived. By default, the primary ECS instance (ECS 1) is accessed by the clients. If ECS 1 is not working as expected, the secondary ECS instance (ECS 2) takes over the services and virtual IP addresses of ECS 1. This implements high availability.

Scenario

Procedure

Procedure

Step 1: Create an HAVIP

HAVIPs are private IP address that can be created and released as independent resources. After you associate an HAVIP with an ECS instance, the ECS instance can advertise the HAVIP by sending Address Resolution Protocol (ARP) messages.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click HaVip.
  3. In the top navigation bar, select the region where you want to create the HAVIP.
  4. On the HaVip page, click Create HaVip.
  5. In the Create HaVip dialog box, set the following parameters and click OK:
    • Region: displays the region of the HAVIP.
    • VPC: specifies the VPC to which the HAVIP belongs.
    • vSwitch: specifies the vSwitch to which the HAVIP belongs.
    • vSwitch CIDR Block: displays the CIDR block of the vSwitch.
    • Whether to automatically assign private IP addresses: specifies whether to automatically allocate private IP addresses.
      • Yes: The system automatically allocates an idle private IP address from the vSwitch CIDR block.
      • No: You must manually enter an idle private IP address from the vSwitch CIDR block.
After you create the HAVIP, you can view the HAVIP on the HaVip page. Create an HAVIP

Step 2: Install keepalived on the primary and secondary ECS instances

You can use keepalived to check the status of ECS instances. If ECS 1 is down, ECS 2 takes over the workloads and virtual IP address of ECS 1. This ensures high availability.

The following procedure describes how to install keepalived on an ECS instance that runs CentOS.

  1. Log on to ECS 1. For more information, see Connection methods.
  2. Run the following command to install keepalived:
    yum install keepalived
  3. Modify the configuration file of keepalived.
    1. Run the following command to modify keepalived.conf:
      vim /etc/keepalived/keepalived.conf
    2. Run the following command to enter the input mode:
      i
    3. Modify the configuration file based on the following information:
      ! Configuration File for keepalived
      global_defs {
         notification_email {
           acassen@firewall.loc
           failover@firewall.loc
           sysadmin@firewall.loc
         }
         notification_email_from Alexandre.Cassen@firewall.loc
         smtp_server 192.168.200.1
         smtp_connect_timeout 30
         router_id LVS_DEVEL
         vrrp_skip_check_adv_addr
         vrrp_garp_interval 0
         vrrp_gna_interval 0
      }
      #vrrp_script checkhaproxy
      #{
      #    script "/etc/keepalived/do_sth.sh"
      #    interval 5
      #}
      vrrp_instance VI_1 {
      state MASTER           #Specify ECS 1 as the active ECS instance.
          interface eth0          #Specify the name of the elastic network interface (ENI). eth0 is used in this example.  
          virtual_router_id 51
          nopreempt              
      #    preempt_delay 10
          priority 100             #Specify the priority of the ECS instance. A larger value indicates a higher priority. 100 is used in this example.
          advert_int 1        
          authentication {
              auth_type PASS
              auth_pass 1111
          }
          unicast_src_ip 192.168.0.209   #Specify the private IP address of the ECS instance. 192.168.0.209 is used in this example.
          unicast_peer {
              192.168.0.210           #Specify the private IP address of the peer ECS instance. 192.168.0.210 is used in this example.
          }
          virtual_ipaddress {
              192.168.0.88          #Specify the IP address of the HAVIP. 192.168.0.88 is used in this example. 
          }
          notify_master "/etc/keepalived/notify_action.sh MASTER"
          notify_backup "/etc/keepalived/notify_action.sh BACKUP"
          notify_fault "/etc/keepalived/notify_action.sh FAULT"
          notify_stop "/etc/keepalived/notify_action.sh STOP"
          garp_master_delay 1
          garp_master_refresh 5
      
              track_interface {
                      eth0                #Specify the name of the ENI of the ECS instance. eth0 is used in this example.
              }
      #    track_script {
      #        checkhaproxy 
      #    }
      }
    4. Press the Esc key to exit the edit mode. Enter :wq and press the Enter key to save and close the configuration file.
  4. Run the following command to start keepalived on ECS 1:
    systemctl start keepalived
  5. Log on to ECS 2.
  6. Run the following command to install keepalived:
    yum install keepalived
  7. Modify the configuration file of keepalived.
    1. Run the following command to modify keepalived.conf:
      vim /etc/keepalived/keepalived.conf
    2. Run the following command to enter the input mode:
      i
    3. Modify the configuration file based on the following information:
      ! Configuration File for keepalived
      global_defs {
         notification_email {
           acassen@firewall.loc
           failover@firewall.loc
           sysadmin@firewall.loc
         }
         notification_email_from Alexandre.Cassen@firewall.loc
         smtp_server 192.168.200.1
         smtp_connect_timeout 30
         router_id LVS_DEVEL
         vrrp_skip_check_adv_addr
         vrrp_garp_interval 0
         vrrp_gna_interval 0
      }
      #vrrp_script checkhaproxy
      #{
      #    script "/etc/keepalived/do_sth.sh"
      #    interval 5
      #}
      vrrp_instance VI_1 {
      state BACKUP           #Specify ECS 2 as the secondary ECS instance.
          interface eth0          #Specify the name of the ENI. eth0 is used in this example.  
          virtual_router_id 51
          nopreempt              
      #    preempt_delay 10
          priority 10             #Specify the priority of the secondary ECS instance. A larger value indicates a higher priority. 10 is used in this example.
          advert_int 1        
          authentication {
              auth_type PASS
              auth_pass 1111
          }
          unicast_src_ip 192.168.0.210   #Specify the private IP address of the ECS instance. 192.168.0.210 is used in this example.
          unicast_peer {
              192.168.0.209           #Specify the private IP address of the peer ECS instance. 192.168.0.209 is used in this example.
          }
          virtual_ipaddress {
              192.168.0.88          #Specify the IP address of the HAVIP. 192.168.0.88 is used in this example. 
          }
          notify_master "/etc/keepalived/notify_action.sh MASTER"
          notify_backup "/etc/keepalived/notify_action.sh BACKUP"
          notify_fault "/etc/keepalived/notify_action.sh FAULT"
          notify_stop "/etc/keepalived/notify_action.sh STOP"
          garp_master_delay 1
          garp_master_refresh 5
      
              track_interface {
                      eth0                #Specify the name of the ENI of the ECS instance. eth0 is used in this example.
              }
      #    track_script {
      #        checkhaproxy 
      #    }
      }
    4. Press the Esc key to exit the edit mode. Enter :wq and press the Enter key to save and close the configuration file.
  8. Run the following command to start keepalived on ECS 2:
    systemctl start keepalived

Step 3: Associate the HAVIP with both ECS instances

You can associate the HAVIP with both the primary and secondary ECS instances. Then, the ECS instances can advertise the HAVIP by sending ARP messages.
Note An HAVIP must be associated with ECS instances that belong to the same vSwitch. Each HAVIP can be associated with at most two ECS instances.

Perform the following steps to associate the HAVIP with both the primary and secondary ECS instances:

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click HaVip.
  3. In the top navigation bar, select the region where the HAVIP is created.
  4. Find the HAVIP created in Step 1: Create an HAVIP and click the ID of the HAVIP.
  5. In the Resources section, find ECS Instances and click Bind.
    Associate the HAVIP with ECS instances
  6. In the dialog box that appears, select ECS 1 and click OK.
  7. Repeat the preceding steps to associate the HAVIP with ECS 2.
After you associate the HAVIP with ECS instances, you can view the associated ECS instances in the Resources section. High availability 1

Step 4: Associate the HAVIP with an EIP

You can associate the HAVIP with an EIP. Then, the HAVIP can use the EIP to provide services over the Internet.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click HaVip.
  3. In the top navigation bar, select the region where the HAVIP is created.
  4. Find the HAVIP created in Step 1: Create an HAVIP and click the ID of the HAVIP.
  5. In the Resources section, click Bind next to EIP.
    Associate the HAVIP with an EIP
  6. In the dialog box that appears, select the EIP and click OK.
Then, you can view the EIP that is associated with the HAVIP. Associate the HAVIP with an EIP

Step 5: Test high availability

Perform the following steps to test high availability:

  1. Open the browser on an on-premises computer.
  2. Enter the IP address of the EIP to access NGINX deployed on the ECS instance.
    Test results:
    • When ECS 1 works as expected, ECS 1 is accessed. Test result 1
    • When ECS 1 is down, ECS 2 takes over the virtual IP address and workloads of ECS 1. This ensures high availability. Test result 2