keepalived - How do you define multilpe VRRP instances on same interface?
Hello .
I appreciate if someone could help me out with keepalived configuration.
I am in a situation where I need to set 2 VRRP instances on same interface. I need to achieve this because rsyslogd and elasticsearch needs to use interface eth0 for network communication.
I created a configuration below but two masters are created on different host.
Master side configuration
vrrp_script chk_rsyslog {
script "netstat -atunp | grep rsyslogd | grep '0.0.0.0:514' &>/dev/null"
interval 2 # every 2 seconds
weight 2 # add 2 points if OK
}
vrrp_script chk_es {
script "netstat -atunp | grep java | grep '192.168.21.14:9300' &>/dev/null"
interval 2 # every 2 seconds
weight 2 # add 2 points if OK
vrrp_instance RH_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 10
advert_int 1
virtual_ipaddress {
192.168.11.250/24
}
track_script {
chk_rsyslog
}
}
vrrp_instance ES_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 10
advert_int 1
virtual_ipaddress {
192.168.11.251/24
}
track_script {
chk_es
}
}
Backup side configuration
vrrp_script chk_rsyslog {
script "netstat -atunp | grep rsyslogd | grep '0.0.0.0:514' &>/dev/null"
interval 2 # every 2 seconds
weight 2 # add 2 points if OK
}
vrrp_script chk_es {
script "netstat -atunp | grep java | grep '192.168.21.15:9300' &>/dev/null"
interval 2 # every 2 seconds
weight 2 # add 2 points if OK
}
vrrp_instance RH_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 9
advert_int 1
virtual_ipaddress {
192.168.11.250/24
}
track_script {
chk_rsyslog
}
}
vrrp_instance ES_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 9
advert_int 1
virtual_ipaddress {
192.168.11.251/24
}
track_script {
chk_es
}
}
Log on the backup side shows both instances first starts up but ES_1 is not reflected to ip setting for os.
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Netlink reflector reports IP 192.168.11.15 added
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Netlink reflector reports IP 192.168.21.15 added
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Netlink reflector reports IP fe80::ab04:d4e4:841e:e3e1 added
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Netlink reflector reports IP fe80::812:1dd8:9ed1:a6af added
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Registering Kernel netlink reflector
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Registering Kernel netlink command channel
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Registering gratuitous ARP shared channel
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Configuration is using : 69267 Bytes
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: Using LinkWatch kernel netlink reflector...
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: VRRP_Instance(RH_1) Entering BACKUP STATE
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: VRRP_Instance(ES_1) Entering BACKUP STATE
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Apr 19 08:49:54 rhel2 Keepalived_healthcheckers[23320]: Configuration is using : 7722 Bytes
Apr 19 08:49:54 rhel2 Keepalived_healthcheckers[23320]: Using LinkWatch kernel netlink reflector...
Apr 19 08:49:54 rhel2 Keepalived_vrrp[23321]: VRRP_Script(chk_rsyslog) succeeded
Apr 19 08:49:58 rhel2 Keepalived_vrrp[23321]: VRRP_Instance(RH_1) Transition to MASTER STATE
My ip addr command result.
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:12:0e:da brd ff:ff:ff:ff:ff:ff
inet 192.168.11.15/24 brd 192.168.11.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.11.250/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::ab04:d4e4:841e:e3e1/64 scope link
valid_lft forever preferred_lft forever
Is it possible to set multiple VRRP instances on same interface?
My platform information is below.
[root@rhel2 keepalived]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.3 (Maipo)
[root@rhel2 keepalived]# rpm -qa | grep keepalived
keepalived-1.2.13-8.el7.x86_64
Responses
There is a basic flaw in this configuration. eth0 on each node must have unique IP addresses first without IP conflict. The virtual IPs must be assigned by Keepalived on floating basis. As per the configuration by Watanabe, if keepalived is down, you can not connect these nodes via ssh for maintenance.
I think, we have to follow the old concept of creating alias interfaces eth0 and eth0:1 and then assign two different IPs for eth0 and eth0:1. I will try this in my production environment and confirm.
Hello,
This should work, please find the test setup below.
Master node
================
vrrp_instance VI_1 {
state MASTER
interface ens8
virtual_router_id 51
priority 79
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.124.120/24
}
track_script {
chk_crond
}
}
vrrp_instance VI_2 {
state MASTER
interface ens8
virtual_router_id 61
priority 79
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.124.121/24
}
track_script {
chk_crond
}
}
Both the IP address can be seen below.
[root@keepalived-master ~]# ip a s ens8
2: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:a8:d3:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.124.40/24 brd 192.168.124.255 scope global dynamic ens8
valid_lft 2530sec preferred_lft 2530sec
inet 192.168.124.120/24 scope global secondary ens8
valid_lft forever preferred_lft forever
inet 192.168.124.121/24 scope global secondary ens8
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fea8:d373/64 scope link
valid_lft forever preferred_lft forever
[root@keepalived-master ~]#
BACKUP Node Configuration
vrrp_instance VI_1 {
state BACKUP
interface bond0
virtual_router_id 51
priority 78
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.124.120/24
}
track_script {
chk_crond
}
}
vrrp_instance VI_2 {
state BACKUP
interface bond0
virtual_router_id 61
priority 78
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.124.121/24
}
track_script {
chk_crond
}
}
IP addresses on the backup node
[root@localhost ~]# ip a s bond0
7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 52:54:00:42:a0:9d brd ff:ff:ff:ff:ff:ff
inet 192.168.124.61/24 brd 192.168.124.255 scope global dynamic bond0
valid_lft 2103sec preferred_lft 2103sec
inet6 fe80::3e2e:c006:93e0:be12/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]#
failover and failback testing -->> Master node keepalived is shutdown
[root@keepalived-master ~]# systemctl stop keepalived.service
[root@keepalived-master ~]# ip a s ens8
2: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:a8:d3:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.124.40/24 brd 192.168.124.255 scope global dynamic ens8
valid_lft 3539sec preferred_lft 3539sec
inet6 fe80::5054:ff:fea8:d373/64 scope link
valid_lft forever preferred_lft forever
[root@keepalived-master ~]#
BACKUP node gets the Ip address(vip)
[root@localhost ~]# ip a s bond0
7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 52:54:00:42:a0:9d brd ff:ff:ff:ff:ff:ff
inet 192.168.124.61/24 brd 192.168.124.255 scope global dynamic bond0
valid_lft 2078sec preferred_lft 2078sec
inet 192.168.124.120/24 scope global secondary bond0
valid_lft forever preferred_lft forever
inet 192.168.124.121/24 scope global secondary bond0
valid_lft forever preferred_lft forever
inet6 fe80::3e2e:c006:93e0:be12/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]#
-->. Start keepalived on Master node
[root@keepalived-master ~]# systemctl start keepalived.service
[root@keepalived-master ~]# ip a s ens8
2: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:a8:d3:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.124.40/24 brd 192.168.124.255 scope global dynamic ens8
valid_lft 3488sec preferred_lft 3488sec
inet 192.168.124.120/24 scope global secondary ens8
valid_lft forever preferred_lft forever
inet 192.168.124.121/24 scope global secondary ens8
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fea8:d373/64 scope link
valid_lft forever preferred_lft forever
I hope this helps.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
