What Is a Virtual IP Address?
A virtual IP address is an IP address that is not allocated to an actual NIC of an ECS. An ECS can have both private and virtual IP addresses. You can access the ECS through any IP address. A virtual IP address has the same network access capabilities as a private IP address, including layer 2 and layer 3 communication in VPCs, access between VPCs using peering connections, as well as Internet access through EIPs, VPN connections, and Direct Connect connections.
Virtual IP addresses are used for active and standby switchover of ECSs to achieve high availability. If the active ECS is faulty and cannot provide services, the virtual IP address is dynamically switched to the standby ECS to provide services. This section describes two typical networking modes.
- Networking mode 1: HA mode
Scenario example: If you want to improve service high availability and avoid single points of failure, you can use ECSs that are deployed to work in the active/standby mode or one active and multiple standby modes. These ECSs use the same virtual IP address. If the active ECS is faulty, the standby ECS takes over services from the active ECS and continues to provide services.
Figure 1 Networking diagram of the HA mode
- Bind two ECSs in the same subnet to the same virtual IP address.
- Configure Keepalived for the two ECSs to work in the active/standby mode. For details about Keepalived configurations, see the common configuration methods in the industry.
- Networking mode 2: HA load balancing cluster (direct routing mode)
Scenario example: If you want to build a high-availability load balancing cluster, use Keepalived and make LVS nodes work as direct routers.
Figure 2 HA load balancing cluster
- Bind two ECSs to the same virtual IP address.
- Configure the two ECSs to be LVS nodes working as direct routers and configure Keepalived for the two LVS nodes to work in the active/standby mode. The two ECSs function as dispatchers to evenly forward requests to backend servers.
- Configure other two ECSs as backend servers.
- Disable the source/destination check for the two servers.
For details about the configurations, see the common configuration methods in the industry.
- Scenario one: Use an EIP to access the virtual IP address.
If your application has high availability requirements and needs to provide services through the Internet, it is recommended that you bind an EIP to a virtual IP address.
- Scenario two: Use VPN, Direct Connect, or peering connections to access the virtual IP address.
To ensure high availability and access to the Internet, VPN ensures security while Direct Connect ensures stable network performance. VPCs in the same region can communicate with each other using peering connections.
- Virtual IP addresses are not recommended when multiple NICs in the same subnet are configured on the ECS. Otherwise, route conflicts occur on the ECS and virtual IP address communication is abnormal.
- The IP forwarding function must be disabled on the standby ECS. Perform the following operations to confirm whether the IP forwarding function is disabled on the standby ECS:
- Log in to standby ECS and run the following command to check whether the IP forwarding function is enabled:
In the command output, 1 indicates enabled, and 0 indicates disabled. The default value is 0.
- If the command output is 1, perform 2 and 3 to disable the IP forwarding function.
- If the command output is 0, no further action is required.
- Use the vi editor to open the /etc/sysctl.conf file, change the value of net.ipv4.ip_forward to 0, enter :wq to save the change and exit. You can also run the sed command to modify the configuration. A command example is as follows:
sed -i '/net.ipv4.ip_forward/s/1/0/g' /etc/sysctl.conf
- Run the following command to make the change take effect:
sysctl -p /etc/sysctl.conf
- The virtual IP address can use only the default security group, which cannot be changed to a custom security group.