Skip to the content.

Keepalived: A very simple IP failover setup

Here is a very quick documentation to configure a simple IP failover between two hosts.


Preliminary notes:

The network interface are named “eth0” if it differ on your host no worries, just adap the configuration as you need.


First open the firewall to allow the VRRP protocol:

firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
firewall-cmd --reload


Here is the required packages for both node (as always the package name may change on your distro):

# dnf install keepalived

And for debian like:

# apt-get install keepalived

Primary node configuration:

edit the file located here /etc/keepalived/keepalived.conf and remove all the default content(important) and put the following content inside:

! Configuration File for keepalived

vrrp_instance VI_1 {
        state MASTER
        interface eth0
        virtual_router_id 51
        priority 255
        advert_int 1
        authentication {
              auth_type PASS
              auth_pass MySuper_Passw0rd
        }
        virtual_ipaddress {
              192.168.0.1/24
        }
}


Then go on the secondary node,

edit and remove all default content(important) inside the file located here /etc/keepalived/keepalived.conf and put the follwowing lines:

! Configuration File for keepalived

vrrp_instance VI_1 {

        state BACKUP
        interface eth0
        virtual_router_id 51
        priority 254
        advert_int 1
        authentication {
              auth_type PASS
              auth_pass MySuper_Passw0rd
        }
        virtual_ipaddress {
              192.168.0.1/24
        }
}


Once configured, start keepalived service on secondary node.

Note:

A good way to test, is to start the secondary/backup node before the primary as the VIP will move to the primary when he start

# systemctl start keepalived


Verify the network configuration on the secondary node:

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:00:00:02:22:22 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.3/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.0.1/24 scope global eth0
       valid_lft forever preferred_lft forever


Now, start keepalived service on primary node.

# systemctl start keepalived

Verify the network configuration on the primary node:

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:00:00:01:23:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.0.1/24 scope global eth0
       valid_lft forever preferred_lft forever


Now, go back on secondary node and you should not see the VIP active on that node:

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:00:00:02:22:22 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.3/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever


Last words: