LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-12-2016, 07:00 AM   #1
horizn
Member
 
Registered: Jan 2015
Location: UK and Poland
Distribution: Slackware + Debian + Ubuntu
Posts: 170

Rep: Reputation: Disabled
Keepalived doesn't create VIP on external NIC


Hi,
I am trying to configure failover NAT router using keepalived, but unfortunately for some reason keepalived doesn't create virtual IP on external network interface.

My config for master:
http://pastebin.com/D64Xsk8h

for slave:
http://pastebin.com/VyTGHhHA

log from master:
http://pastebin.com/bFzPErtz

log from slave:
http://pastebin.com/yma1Ucje

Maybe someone had the same issue?
 
Old 04-14-2016, 02:58 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,861

Rep: Reputation: 162Reputation: 162
What's Linux distribution and keepalived configuration?
 
Old 04-14-2016, 03:35 PM   #3
horizn
Member
 
Registered: Jan 2015
Location: UK and Poland
Distribution: Slackware + Debian + Ubuntu
Posts: 170

Original Poster
Rep: Reputation: Disabled
Debian Jessie, keepalived 1:1.2.13-1
 
Old 04-19-2016, 02:28 PM   #4
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,861

Rep: Reputation: 162Reputation: 162
Do you do following configuration?

Add this to /etc/sysctl.conf:
net.ipv4.ip_nonlocal_bind = 1

Enable with:
sysctl -p
 
Old 04-25-2016, 10:49 AM   #5
horizn
Member
 
Registered: Jan 2015
Location: UK and Poland
Distribution: Slackware + Debian + Ubuntu
Posts: 170

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by nini09 View Post
Do you do following configuration?

Add this to /etc/sysctl.conf:
net.ipv4.ip_nonlocal_bind = 1

Enable with:
sysctl -p
Of course I have it enabled. It is fine if I have VIP only in internal network. But I need redundancy both in internal network and external (DNS server).
 
Old 04-25-2016, 03:17 PM   #6
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,861

Rep: Reputation: 162Reputation: 162
If NAT is disabled, is virtual IP created on external network?
 
Old 04-26-2016, 03:07 AM   #7
horizn
Member
 
Registered: Jan 2015
Location: UK and Poland
Distribution: Slackware + Debian + Ubuntu
Posts: 170

Original Poster
Rep: Reputation: Disabled
Haven't tried VIP on external network, but when VIP is configured only in local network, then everything is fine. I suspect outdated keepalived in Jessie might be a problem, so I'll try to install it from hand today.
 
Old 04-29-2016, 06:03 AM   #8
horizn
Member
 
Registered: Jan 2015
Location: UK and Poland
Distribution: Slackware + Debian + Ubuntu
Posts: 170

Original Poster
Rep: Reputation: Disabled
Ok, I found the reason and I need a hint how to improve my configuration. It worked when I unplugged both Ethernet cables from Master, or power it down. However I need Backup server to become Master in case when only one Ethernet link die.

1.2.3.52 is an external VIP
1.2.3.53 is a real external IP of the master server.
1.2.3.54 is a real external IP of the backup server.

My Master configuration:
Code:
global_defs {
   notification_email { it@domain.com }
   notification_email_from GW01-MASTER@domain.com
   smtp_server localhost
   smtp_connect_timeout 30
   router_id LVS_MASTER
}

vrrp_sync_group VG1 {
        group {
                EXTERNAL
                LOCAL
        }

vrrp_instance EXTERNAL {
    state MASTER
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1
    smtp_alert
    authentication {
        auth_type PASS
        auth_pass xxx
    }
    virtual_ipaddress {
        1.2.3.52
    }
}

vrrp_instance LOCAL {
    state MASTER
    interface eth1.2
    virtual_router_id 2
    priority 100
    advert_int 1
    smtp_alert
    authentication {
        auth_type PASS
        auth_pass xxx
    }
    virtual_ipaddress {
        10.171.171.254
    }
}

virtual_server 1.2.3.52 65000 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    protocol TCP

    real_server 1.2.3.54 65000 {
        weight 50
        TCP_CHECK {
            connect_timeout 5
        }
    }

}
Backup server configuration:

Code:
global_defs {
   notification_email { it@domain.com }
   notification_email_from GW01-BACKUP@domain.com
   smtp_server localhost
   smtp_connect_timeout 30
   router_id LVS_BACKUP
}

vrrp_sync_group VG1 {
        group {
                EXTERNAL
                LOCAL
        }

vrrp_instance EXTERNAL {
    state BACKUP
    interface eth0
    virtual_router_id 50
    priority 50
    advert_int 1
    smtp_alert  
    authentication {
        auth_type PASS
        auth_pass xxx
    }
    virtual_ipaddress {
        1.2.3.52
    }
}

vrrp_instance LOCAL {
    state BACKUP
    interface eth1.2
    virtual_router_id 2
    priority 50
    advert_int 1
    smtp_alert
    authentication {
        auth_type PASS
        auth_pass xxx
    }
    virtual_ipaddress {
        10.171.171.254
    }
}

virtual_server 1.2.3.52 65000 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    protocol TCP

    real_server 1.2.3.53 65000 {
        weight 50
        TCP_CHECK {
            connect_timeout 5
        }
    }

}
Any idea how to improve this?
 
Old 04-29-2016, 02:47 PM   #9
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,861

Rep: Reputation: 162Reputation: 162
What's VRRP state when one of two interface is down?
 
Old 05-03-2016, 05:51 AM   #10
horizn
Member
 
Registered: Jan 2015
Location: UK and Poland
Distribution: Slackware + Debian + Ubuntu
Posts: 170

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by nini09 View Post
What's VRRP state when one of two interface is down?
On Master:
Code:
May  3 11:48:21 gw01-vrrp01 kernel: [ 1632.107471] bnx2 0000:02:00.1 eth1: NIC Copper Link is Down
May  3 11:48:22 gw01-vrrp01 Keepalived_vrrp[1037]: Kernel is reporting: interface eth1.2 DOWN
May  3 11:48:22 gw01-vrrp01 Keepalived_vrrp[1037]: VRRP_Instance(LOCAL) Entering FAULT STATE
May  3 11:48:22 gw01-vrrp01 Keepalived_vrrp[1037]: VRRP_Instance(LOCAL) removing protocol VIPs.
May  3 11:48:22 gw01-vrrp01 Keepalived_vrrp[1037]: VRRP_Instance(LOCAL) Now in FAULT state
May  3 11:48:22 gw01-vrrp01 avahi-daemon[942]: Withdrawing address record for 10.171.171.254 on eth1.2.
May  3 11:48:22 gw01-vrrp01 Keepalived_healthcheckers[1036]: Netlink reflector reports IP 10.171.171.254 removed
May  3 11:48:23 gw01-vrrp01 ntpd[2979]: Deleting interface #6 eth1.2, 10.171.171.254#123, interface stats: received=0, sent=0, dropped=0, active_time=1543 secs
May  3 11:48:23 gw01-vrrp01 ntpd[2979]: peers refreshed
May  3 11:48:25 gw01-vrrp01 rwhod[967]: sending on interface eth1.3
May  3 11:48:25 gw01-vrrp01 rwhod[967]: sending on interface eth1.2
May  3 11:48:25 gw01-vrrp01 rwhod[967]: sending on interface eth0
May  3 11:48:29 gw01-vrrp01 Keepalived_healthcheckers[1036]: TCP connection to [10.171.171.2]:65000 failed !!!
May  3 11:48:29 gw01-vrrp01 Keepalived_healthcheckers[1036]: Removing service [10.171.171.2]:65000 from VS [1.2.3.52]:65000
On slave:

Code:
May  3 11:48:31 gw01-vrrp02 Keepalived_vrrp[1241]: VRRP_Instance(LOCAL) Transition to MASTER STATE
May  3 11:48:32 gw01-vrrp02 Keepalived_vrrp[1241]: VRRP_Instance(LOCAL) Entering MASTER STATE
May  3 11:48:32 gw01-vrrp02 Keepalived_vrrp[1241]: VRRP_Instance(LOCAL) setting protocol VIPs.
May  3 11:48:32 gw01-vrrp02 Keepalived_vrrp[1241]: VRRP_Instance(LOCAL) Sending gratuitous ARPs on eth1.2 for 10.171.171.254
May  3 11:48:32 gw01-vrrp02 avahi-daemon[730]: Registering new address record for 10.171.171.254 on eth1.2.IPv4.
May  3 11:48:32 gw01-vrrp02 Keepalived_healthcheckers[1240]: Netlink reflector reports IP 10.171.171.254 added
May  3 11:48:34 gw01-vrrp02 ntpd[3096]: Listen normally on 11 eth1.2 10.171.171.254 UDP 123
May  3 11:48:34 gw01-vrrp02 ntpd[3096]: peers refreshed
May  3 11:48:37 gw01-vrrp02 Keepalived_vrrp[1241]: VRRP_Instance(LOCAL) Sending gratuitous ARPs on eth1.2 for 10.171.171.254
May  3 11:48:38 gw01-vrrp02 Keepalived_healthcheckers[1240]: TCP connection to [10.171.171.1]:65000 failed !!!
May  3 11:48:38 gw01-vrrp02 Keepalived_healthcheckers[1240]: Removing service [10.171.171.1]:65000 from VS [1.2.3.52]:65000
May  3 11:49:06 gw01-vrrp02 rwhod[762]: sending on interface eth1.3
May  3 11:49:06 gw01-vrrp02 rwhod[762]: sending on interface eth1.2
May  3 11:49:06 gw01-vrrp02 rwhod[762]: sending on interface eth0
and after few seconds local VIP is up, but there is no routing to internet. As I wrote earlier, it works fine only if both interfaces are down (or if server is physically down)
 
Old 05-04-2016, 02:38 PM   #11
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,861

Rep: Reputation: 162Reputation: 162
Try same virtual_router_id on local and external interface.
 
Old 05-10-2016, 11:03 AM   #12
horizn
Member
 
Registered: Jan 2015
Location: UK and Poland
Distribution: Slackware + Debian + Ubuntu
Posts: 170

Original Poster
Rep: Reputation: Disabled
still the same problem.
 
Old 05-10-2016, 02:32 PM   #13
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,861

Rep: Reputation: 162Reputation: 162
I checked your logging, VRRP cluster goes in split-brain situation. To solve the issue, you can add track interface or track script in configuration file. For track script, if one of two interface is down, bring another one down.

Quote:
track_interface {
eth0
eth1
}
track_script {
script_name
}

Last edited by nini09; 05-10-2016 at 02:33 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
shorewwall forwad public vip to private vip on same box shorif2000 Linux - Networking 0 06-08-2011 07:51 AM
Keepalived redirect public vip to private vip shorif2000 Linux - Networking 1 06-07-2011 10:33 AM
How to adjust routing of external packets to one NIC instead of another NIC? rfreiberger Linux - Newbie 3 04-14-2010 01:20 PM
Forward traffic from internal NIC to external NIC laurens Linux - Newbie 4 07-30-2009 10:53 AM
2 External Nic, 1 Internal Nic Router Problem trevanda Linux - Networking 0 10-13-2004 01:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration