Keepalived send gratuitous ARP periodically

linux-networking high-availability failover arp keepalived

16,674

keepalived versions 1.2.20 and above support following config settings regarding gratuitous ARP, vrrp_garp_master_refresh is what I need.

    # delay for second set of gratuitous ARPs after transition to MASTER
    vrrp_garp_master_delay 10    # seconds, default 5, 0 for no second set

    # number of gratuitous ARP messages to send at a time after transition to MASTER
    vrrp_garp_master_repeat 1    # default 5

    # delay for second set of gratuitous ARPs after lower priority advert received when MASTER
    vrrp_garp_lower_prio_delay 10

    # number of gratuitous ARP messages to send at a time after lower priority advert received when MASTER
    vrrp_garp_lower_prio_repeat 1

    # minimum time interval for refreshing gratuitous ARPs while MASTER
    vrrp_garp_master_refresh 60  # secs, default 0 (no refreshing)

    # number of gratuitous ARP messages to send at a time while MASTER
    vrrp_garp_master_refresh_repeat 2 # default 1

    # Delay in ms between gratuitous ARP messages sent on an interface
    vrrp_garp_interval 0.001          # decimal, seconds (resolution usecs). Default 0.

    # Delay in ms between unsolicited NA messages sent on an interface
    vrrp_gna_interval 0.000001        # decimal, seconds (resolution usecs). Default 0.

16,674

user373333

Updated on September 18, 2022

Comments

user373333 almost 2 years
Is there a way for a keepalived to send gratuitous ARP periodically?

We had following situation:
1. switch failure (VLAN setup)
2. keepalived failovered to backup instance
3. backup instance sent gratuitous ARP but Cisco ASA device didn't got it (because of switch failure)
4. when switch was recovered (few minutes later) VIPs were unaccessible cause ASA did not refresh the ARP table (ARP table expiry is set to 4h)
5. as ASA already had the MACs from previously active node it didn't sent ARP request
6. VIP were unaccessible until we restarted the keepalived instance what initiated new GARP
So, we think that we could avoid this situation with periodical GARPs. Is this a good approach and is there a way to do it within keepalived?

Any other suggestions to avoid this kind of issues?

Keepalived config:
```
global_defs {
   notification_email {
     [email protected]
   }

   notification_email_from SERVER_1
   smtp_server smtp.server.local
   smtp_connect_timeout 30
   router_id SERVER_1
}

vrrp_instance V1 {
    state BACKUP
    nopreempt
    interface eth0
    lvs_sync_daemon_interface eth0
    virtual_router_id 150
    priority 120
    advert_int 1
    persistence_timeout 0
    smtp_alert

    authentication {
        auth_type PASS
        auth_pass xxx
    }

    virtual_ipaddress {
    10.xxx.xxx.xxx
    }
}
```