17.6 Configuring Simple Virtual IP Address Failover Using Keepalived

A typical Keepalived high-availability configuration consists of one master server and one or more backup servers. One or more virtual IP addresses, defined as VRRP instances, are assigned to the master server's network interfaces so that it can service network clients. The backup servers listen for multicast VRRP advertisement packets that the master server transmits at regular intervals. The default advertisement interval is one second. If the backup nodes fail to receive three consecutive VRRP advertisements, the backup server with the highest assigned priority takes over as the master server and assigns the virtual IP addresses to its own network interfaces. If several backup servers have the same priority, the backup server with the highest IP address value becomes the master server.

The following example uses Keepalived to implement a simple failover configuration on two servers. One server acts as the master, the other acts as a backup, and the master server has a higher priority than the backup server.

Figure 17.2 shows how the virtual IP address 10.0.0.100 is initially assigned to the master server (10.0.0.71). When the master server fails, the backup server (10.0.0.72) becomes the new master server and is assigned the virtual IP address 10.0.0.100.

Figure 17.2 Example Keepalived Configuration for Virtual IP Address Failover

The diagram shows how the virtual IP address 10.0.0.100 is initially assigned to the master server (10.0.0.71). When the master server fails, the backup server (10.0.0.72) becomes the new master server and is assigned the virtual IP address 10.0.0.100.


You might use the following configuration in /etc/keepalived/keepalived.conf on the master server:

global_defs {
   notification_email {
     root@mydomain.com
   }
   notification_email_from svr1@mydomain.com
   smtp_server localhost
   smtp_connect_timeout 30
}

vrrp_instance VRRP1 {
    state MASTER
#   Specify the network interface to which the virtual address is assigned
    interface eth0
#   The virtual router ID must be unique to each VRRP instance that you define
    virtual_router_id 41
#   Set the value of priority higher on the master server than on a backup server
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1066
    }
    virtual_ipaddress {
        10.0.0.100/24
    }
}

The configuration of the backup server is the same except for the values of notification_email_from, state, priority, and possibly interface if the system hardware configuration is different:

global_defs {
   notification_email {
     root@mydomain.com
   }
   notification_email_from svr2@mydomain.com
   smtp_server localhost
   smtp_connect_timeout 30
}

vrrp_instance VRRP1 {
    state BACKUP
#   Specify the network interface to which the virtual address is assigned
    interface eth0
    virtual_router_id 41
#   Set the value of priority lower on the backup server than on the master server
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1066
    }
    virtual_ipaddress {
        10.0.0.100/24
    }
}

In the event that the master server (svr1) fails, keepalived assigns the virtual IP address 10.0.0.100/24 to the eth0 interface on the backup server (svr2), which becomes the master server.

To determine whether a server is acting as the master, you can use the ip command to see whether the virtual address is active, for example:

# ip addr list eth0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:cb:a6:8d brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.72/24 brd 10.0.0.255 scope global eth0
    inet 10.0.0.100/24 scope global eth0
    inet6 fe80::a00:27ff:fecb:a68d/64 scope link 
       valid_lft forever preferred_lft forever

Alternatively, search for Keepalived messages in /var/log/messages that show transitions between states, for example:

...51:55 ... VRRP_Instance(VRRP1) Entering BACKUP STATE
...
...53:08 ... VRRP_Instance(VRRP1) Transition to MASTER STATE
...53:09 ... VRRP_Instance(VRRP1) Entering MASTER STATE
...53:09 ... VRRP_Instance(VRRP1) setting protocol VIPs.
...53:09 ... VRRP_Instance(VRRP1) Sending gratuitous ARPs on eth0 for 10.0.0.100
Note

Only one server should be active as the master at any time. If more than one server is configured as the master, it is likely that there is a problem with VRRP communication between the servers. Check the network settings for each interface on each server and check that the firewall allows both incoming and outgoing VRRP packets for multicast IP address 224.0.0.18.

See Section 17.5, “Installing and Configuring Keepalived” for details of how to install and configure Keepalived.