ViReR.NeT  

  Home  -  Infos/Docs  -  Tools/Outils Code  -  Links/Liens  -  News  -  Download  -  Others/Autres Site map

 

Keepalived: A very simple IP failover setup

 



Here is a very quick documentation to configure a simple IP failover between two hosts.


The network interface are named "eth0" if it differ on your host no worries, just adap the configuration as you need.
Our network have the netmask 255.255.255.0 (or a /24 prefix if you like)
Our primary node have the IP 192.168.0.2
Our secondary node have the IP 192.168.0.3
Our virual IP address (or VIP) will be 192.168.0.1


First open the firewall to allow the VRRP protocol:
firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
firewall-cmd --reload


Here is the required packages for both node (as always the package name may change on your distro):
# dnf install keepalived
And for debian like:
# apt-get install keepalived

Primary node configuration:
edit the file located here /etc/keepalived/keepalived.conf remove all the default content(important) and put the following content inside:
! Configuration File for keepalived

vrrp_instance VI_1 {
        state MASTER
        interface eth0
        virtual_router_id 51
        priority 255
        advert_int 1
        authentication {
              auth_type PASS
              auth_pass MySuper_Passw0rd
        }
        virtual_ipaddress {
              192.168.0.1/24
        }
}



Then go on the secondary node,
edit and remove all default content(important) inside the file located here /etc/keepalived/keepalived.conf and put the follwowing lines:
! Configuration File for keepalived

vrrp_instance VI_1 {

        state BACKUP
        interface eth0
        virtual_router_id 51
        priority 254
        advert_int 1
        authentication {
              auth_type PASS
              auth_pass MySuper_Passw0rd
        }
        virtual_ipaddress {
              192.168.0.1/24
        }
}


Once configured, start keepalived service on secondary node. Note: A good way to test, is to start the secondary/backup node before the primary as the VIP will move to the primary when he start
# systemctl start keepalived


Verify the network configuration on the secondary node:
# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:00:00:01:23:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.3/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.0.1/24 scope global eth0
       valid_lft forever preferred_lft forever





Now, start keepalived service on primary node.
# systemctl start keepalived


Verify the network configuration on the primary node:
# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:00:00:01:23:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.0.1/24 scope global eth0
       valid_lft forever preferred_lft forever



Now, go back on secondary node and you should not see the VIP active on that node:
# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:00:00:01:23:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.3/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever




Last words:
- If you need to enable multiple VIP inside the same LAN you MUST change the "virtual_router_id" parameter to avoid conflict.
- There is many other configuration options, for example to start script or to notify people when failover event occured, so checkout the documenations, on this page it is a very basic setup.