LVS (Linux Virtual Server): The Kernel-Level Load Balancer
LVS is the gold standard for high-performance, transport-layer (Layer 4) load balancing in Linux. By running directly in the kernel via the IPVS (IP Virtual Server) module, it eliminates user-space overhead and delivers exceptional throughput and scalability.
β‘ Why LVS? Core Advantages #
-
Kernel-Level Performance
Processes packets without user-space context switching, enabling extremely high throughput -
Efficient Connection Handling
In DR/TUN modes, LVS does not terminate TCP sessions, reducing CPU and memory usage -
High Availability Ready
Integrates seamlessly with Keepalived for VIP failover and redundancy -
Dynamic Scalability
Real Servers (RS) can be added or removed without interrupting active connections
π LVS Working Modes Compared #
| Mode | Mechanism | Efficiency | Requirement |
|---|---|---|---|
| NAT | Rewrites destination IP | Moderate | Director handles all inbound/outbound traffic |
| DR (Direct Routing) | Modifies MAC address | Maximum | Same Layer 2 network required |
| TUN (Tunneling) | IP-in-IP encapsulation | High | Supports cross-network deployment |
π οΈ LVS-DR Implementation Cheat Sheet #
Direct Routing (DR) is the most widely used mode for high-performance environments.
Only inbound traffic passes through the Director; responses go directly from Real Servers to clients.
Step A: Director Setup (CentOS 7) #
# Install IPVS management tools
yum install ipvsadm -y
modprobe ip_vs
# Create Virtual Server (VIP) with Round Robin scheduling
ipvsadm -A -t 192.168.1.100:80 -s rr
# Add Real Servers (DR mode: -g)
ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.101:80 -g
ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.102:80 -g
Step B: Real Server “Silent VIP” Configuration #
Each Real Server must bind the VIP locally but remain invisible to ARP requests.
# Bind VIP to loopback interface
ifconfig lo:0 192.168.1.100 netmask 255.255.255.255 up
route add -host 192.168.1.100 dev lo:0
# Disable ARP responses for VIP
# Add to /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p
π Verification & Diagnostics #
Use ipvsadm to monitor traffic distribution and system health:
# Show current virtual server configuration
ipvsadm -L -n
# Show real-time statistics (connections, throughput)
ipvsadm -L -n --stats
β οΈ Limitations & Modern Architecture Role #
-
Layer 4 Only No awareness of HTTP headers, URLs, or cookies
-
No Native SSL Termination Requires integration with higher-layer proxies
Typical Modern Stack: #
[LVS] β [Nginx / HAProxy] β [Application Servers]
LVS acts as a high-speed front door, while L7 proxies handle application logic.
π― Key Takeaway #
LVS transforms Linux into a carrier-grade load balancer with minimal overhead. For environments demanding extreme performance and scalability, it remains one of the most efficient solutions available.
Think of LVS as the packet router at hyperscaleβfast, invisible, and built for raw throughput.