KeepAlived on different subnets

centos subnet keepalived

5,352

Solution 1

There is an alternative way. 2 keepalived in differents network can communicate using unicast_peer (it will works as the same as if you have a VIP but you don't)

Then you can use the notify_script to move a IP Failover (provided by your host for example) and make an API call to your provider to tell to move your IP Failover to another service when the keepalived transitioned to MASTER (there is a notify_master rule).

Example of my keepalived config:

global_defs {
    vrrp_version 2
    vrrp_garp_master_delay 1
    vrrp_garp_master_refresh 60
    script_user root
    enable_script_security
}

vrrp_script chk_haproxy {
    script "/etc/keepalived/scripts/check_haproxy.sh"
    timeout 1
    interval 5   # check every 5 second
    fall 2       # require 2 failures for KO
    rise 2       # require 2 successes for OK
}

vrrp_instance lb-vips {
    state {{KEEPALIVED_STATE}}
    interface {{KEEPALIVED_INTERFACE}}
    virtual_router_id {{KEEPALIVED_VIRTUAL_ROUTER_ID}}
    priority {{KEEPALIVED_PRIORITY}}
    advert_int 1
    unicast_src_ip {{KEEPALIVED_UNICAST_SRC}}
    unicast_peer {
        X.X.X.X # here you have all ip of other keepalived
        X.X.X.X
    }
    authentication {
        auth_type PASS
        auth_pass {{KEEPALIVED_AUTH_PASSWORD}}
    }
    track_script {
        chk_haproxy
    }

    notify "/etc/keepalived/scripts/notify_script.sh"
}

Associated variables:

# Keepalived Config
KEEPALIVED_STATE=MASTER
KEEPALIVED_INTERFACE=eth0
KEEPALIVED_VIRTUAL_ROUTER_ID=77
# For electing MASTER, highest priority wins.
# MASTER=101, SLAVES=100
KEEPALIVED_PRIORITY=101
# password: Only the first eight (8) characters are used.
KEEPALIVED_AUTH_PASSWORD=password
# Should be the public ip of the server
KEEPALIVED_UNICAST_SRC=X.X.X.X

# Keepalived Notify Script Config
OVH_ENDPOINT=ovh-eu
OVH_APP_KEY=X.X.X.X
OVH_APP_SECRET=X.X.X.X
OVH_CONSUMER_KEY=X.X.X.X
FAILOVER_IP=X.X.X.X
FAILOVER_SERVICE=X.X.X.X

Solution 2

Unfortunately keepalived is using VRRP which works only within a single subnet.

5,352

deej

Updated on September 18, 2022

Comments

deej almost 2 years

I am trying to setup keepalived on ESXi based setup where 2 physical box have ESXi installed and each one having a node which works as load-balancer using HAProxy. Now in order to achieve high availability I want to use KeepAlived so both HAProxy instance can share virtual-ip and I can point physical-ip address to virtual-ip address. Challenge with my implementation is that it has 2 subnets.

HAProxy on subnet A: 1.1.10.101 HAProxy on subnet B: 1.2.10.101

Now how when I am trying to assign virtual-ip 1.1.10.201 on both instance then it is pointing to local instance on both Servers.

I am using CentOS 7.x with HAProxy and KeepAlived, primarily to load-balance HTTP traffic and possibly for database too.

I am not posting config file as question itself is very simple but if required I can do that.
deej over 8 years

Yes, I figured that out but read somewhere that some people have got unicast patch developed which can help with the use case that I have but I do not want to try something not widely used for production.
Bernard over 8 years

I've read about this too. There's also the heatbeat/Pacemaker solution that's sometimes mentioned but it really increases the complexity of the overall system. I've given up on a floating ip solution between different nodes. I've moved to a load balancer solution instead where each node can then redirect the traffic to the "master" service on a specific node.
deej over 2 years

Thank you for answering this question. Though, my setup has changed quite a bit since I asked this question, I would like to try this in a lab environment for sure. Thanks again.