Problems with Keepalived (VRRP) on Linux Guests systems

Discussions about using Linux guests in VirtualBox.
Post Reply
mgb65
Posts: 2
Joined: 16. Apr 2018, 12:47

Problems with Keepalived (VRRP) on Linux Guests systems

Post by mgb65 »

Hi all.

I'm configuring keepalived between 2 Linux Guest Systems. Everything seems good, but ping between external systems to the VRRP VIP address doesn't work. Ping doesn't work between any of the VRRP system and the VIP too.

Code: Select all

[root@lb2 ~]# tcpdump -nn -i enp0s3 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
13:05:08.375783 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 1, length 64
13:05:09.426300 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 2, length 64
13:05:10.450353 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 3, length 64
13:05:11.474328 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 4, length 64
13:05:12.498306 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 5, length 64
This happen to me some years ago in a Solaris Guest System, and the VIP only work if the interface was in promiscuous mode, so to test VRRP and to ping the virtual IP, I needed to start a "snoop" command in my Solaris guest.

I'm try to do the same in the Linux guest, but executing "tcpdump" does nothing.

My VRRP configuration is:

Code: Select all

global_defs {
   notification_email {
     my-email-address
   }
   notification_email_from my-local-device
   smtp_server my-smtp-server
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   # Debug
   debug 4
}
vrrp_instance VI_1 {
    state MASTER  ===> BACKUP in the backup Linux node
    interface enp0s3
    virtual_router_id 51
    priority 100   ===> 50 in the backup Linux node
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.10.203/24
    }
}
The "ip addr" command in master node shows:

Code: Select all

[root@lb1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:ad:8d:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.200/24 brd 192.168.10.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.10.203/24 scope global secondary enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::7457:ae2a:42c:67ea/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:bd:bb:d8 brd ff:ff:ff:ff:ff:ff
    inet 172.10.10.200/24 brd 172.10.10.255 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::690a:48af:e89b:b25/64 scope link 
       valid_lft forever preferred_lft forever
Restarting the keepalived daemon, the master node show these logs:

Code: Select all

Apr 16 13:12:35 lb1 Keepalived[5412]: Stopping
Apr 16 13:12:35 lb1 systemd: Stopping LVS and VRRP High Availability Monitor...
Apr 16 13:12:35 lb1 Keepalived_vrrp[5414]: VRRP_Instance(VI_1) sent 0 priority
Apr 16 13:12:35 lb1 Keepalived_vrrp[5414]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 16 13:12:35 lb1 Keepalived_vrrp[5414]: VRRP_Instance(VI_1) removing protocol iptable drop rule
Apr 16 13:12:35 lb1 Keepalived_healthcheckers[5413]: Stopped
Apr 16 13:12:36 lb1 Keepalived_vrrp[5414]: Stopped
Apr 16 13:12:36 lb1 systemd: Starting LVS and VRRP High Availability Monitor...
Apr 16 13:12:36 lb1 Keepalived[5412]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Apr 16 13:12:36 lb1 Keepalived[5475]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Apr 16 13:12:36 lb1 Keepalived[5475]: Unable to resolve default script username 'keepalived_script' - ignoring
Apr 16 13:12:36 lb1 Keepalived[5475]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb1 systemd: PID file /var/run/keepalived.pid not readable (yet?) after start.
Apr 16 13:12:36 lb1 Keepalived[5477]: Starting Healthcheck child process, pid=5478
Apr 16 13:12:36 lb1 Keepalived[5477]: Starting VRRP child process, pid=5479
Apr 16 13:12:36 lb1 systemd: Started LVS and VRRP High Availability Monitor.
Apr 16 13:12:36 lb1 Keepalived_healthcheckers[5478]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb1 Keepalived_healthcheckers[5478]: Unknown keyword 'debug'
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Registering Kernel netlink reflector
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Registering Kernel netlink command channel
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Registering gratuitous ARP shared channel
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Unknown keyword 'debug'
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: (VI_1): Cannot start in MASTER state if not address owner
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) removing protocol iptable drop rule
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Using LinkWatch kernel netlink reflector...
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Entering BACKUP STATE
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Apr 16 13:12:39 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Transition to MASTER STATE
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Entering MASTER STATE
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) setting protocol iptable drop rule
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) setting protocol VIPs.
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
The Backup node show these logs:

Code: Select all

Apr 16 13:12:35 lb2 Keepalived[5413]: Stopping
Apr 16 13:12:35 lb2 systemd: Stopping LVS and VRRP High Availability Monitor...
Apr 16 13:12:35 lb2 Keepalived_healthcheckers[5414]: Stopped
Apr 16 13:12:36 lb2 Keepalived_vrrp[5415]: Stopped
Apr 16 13:12:36 lb2 systemd: Starting LVS and VRRP High Availability Monitor...
Apr 16 13:12:36 lb2 Keepalived[5413]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Apr 16 13:12:36 lb2 Keepalived[5449]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Apr 16 13:12:36 lb2 Keepalived[5449]: Unable to resolve default script username 'keepalived_script' - ignoring
Apr 16 13:12:36 lb2 Keepalived[5449]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb2 systemd: PID file /var/run/keepalived.pid not readable (yet?) after start.
Apr 16 13:12:36 lb2 Keepalived[5450]: Starting Healthcheck child process, pid=5451
Apr 16 13:12:36 lb2 Keepalived[5450]: Starting VRRP child process, pid=5452
Apr 16 13:12:36 lb2 systemd: Started LVS and VRRP High Availability Monitor.
Apr 16 13:12:36 lb2 Keepalived_healthcheckers[5451]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb2 Keepalived_healthcheckers[5451]: Unknown keyword 'debug'
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Registering Kernel netlink reflector
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Registering Kernel netlink command channel
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Registering gratuitous ARP shared channel
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Unknown keyword 'debug'
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) removing protocol iptable drop rule
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Using LinkWatch kernel netlink reflector...
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Entering BACKUP STATE
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)
The multicast traffic is working good, and when I disconnect the cable from the master, the backup system start the Virtual IP address on its own interface, but it doesn't reply to my pings either. These are the logs in the BackUp, when I disconnect the cable from enp0s3 in the Master node.

Code: Select all

Apr 16 13:17:10 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Transition to MASTER STATE
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Entering MASTER STATE
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) setting protocol iptable drop rule
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) setting protocol VIPs.
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203

...
Connecting the cable again in the Master node
...

Apr 16 13:18:01 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 50
Apr 16 13:18:01 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Entering BACKUP STATE
Apr 16 13:18:01 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 16 13:18:01 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) removing protocol iptable drop rule
In both nodes Master and Backup, there is no firewalld or iptables configured.

Code: Select all

[root@lb1 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

[root@lb1 ~]# systemctl status iptables
Unit iptables.service could not be found.

[root@lb1 ~]# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             match-set keepalived dst

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
I don't know what could be happen.

Thanks.
simonelbaz
Posts: 1
Joined: 8. Feb 2019, 10:01

Re: Problems with Keepalived (VRRP) on Linux Guests systems

Post by simonelbaz »

Hi,

please try vrrp_iptables in keepalived.conf

Regards
Simon
Post Reply