How to Set Up Keepalived Dual‑Host Mode for VIP Failover
This guide demonstrates how to configure keepalived in a dual‑host (master‑master) setup, enabling VIP address migration between two servers by defining two VRRP instances that act as primary and backup for each other, and includes step‑by‑step commands, configuration files, verification procedures, and multicast traffic capture.
Overview
This article shows how to configure keepalived in a dual‑host (master‑master) mode to demonstrate VIP address movement between two servers.
Topology
Environment
Two servers,
ka1and
ka2, run keepalived. The goal is to configure two virtual routers (VRRP instances) so that each server is master for one instance and backup for the other.
Configuration on ka1
<code># yum install -y keepalived
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.16.0.100/24 dev ens33 label ens33:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 88
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 654321
}
virtual_ipaddress {
172.16.0.200/24 dev ens33 label ens33:2
}
}
# cat /etc/hosts
10.0.0.125 ka1
10.0.0.126 ka2
# ssh-keygen
# ssh-copy-id 10.0.0.126
</code>Configuration on ka2
<code># yum install -y keepalived
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 66
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.16.0.100/24 dev ens33 label ens33:1
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 654321
}
virtual_ipaddress {
172.16.0.200/24 dev ens33 label ens33:2
}
}
# cat /etc/hosts
10.0.0.125 ka1
10.0.0.126 ka2
# ssh-keygen
# ssh-copy-id 10.0.0.125
</code>Verification
Start keepalived on
ka1and check the interfaces:
<code># systemctl start keepalived
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> ...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> ...
inet 10.0.0.125/24 brd 10.0.0.255 scope global ens33
inet 172.16.0.100/24 scope global ens33:1
inet 172.16.0.200/24 scope global secondary ens33:2
</code>Then start keepalived on
ka2and observe the VIP shift:
<code># systemctl start keepalived
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> ...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> ...
inet 10.0.0.126/24 brd 10.0.0.255 scope global ens33
inet 172.16.0.200/24 scope global ens33:2
</code>VRRP Multicast Capture
<code># tcpdump -i ens33 -nn host 224.100.100.100
17:01:51.678446 IP 10.0.0.126 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
17:01:51.949584 IP 10.0.0.125 > 224.100.100.100: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
...</code>The output confirms that each server advertises its VRRP instance and the VIPs move according to the configured priorities.
Original article: https://www.cnblogs.com/cnblogsfc/p/14269161.html
Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.