I'm configuring keepalived between 2 Linux Guest Systems. Everything seems good, but ping between external systems to the VRRP VIP address doesn't work. Ping doesn't work between any of the VRRP system and the VIP too.
Code: Select all
[root@lb2 ~]# tcpdump -nn -i enp0s3 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
13:05:08.375783 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 1, length 64
13:05:09.426300 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 2, length 64
13:05:10.450353 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 3, length 64
13:05:11.474328 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 4, length 64
13:05:12.498306 IP 192.168.10.103 > 192.168.10.203: ICMP echo request, id 21634, seq 5, length 64
I'm try to do the same in the Linux guest, but executing "tcpdump" does nothing.
My VRRP configuration is:
Code: Select all
global_defs {
notification_email {
my-email-address
}
notification_email_from my-local-device
smtp_server my-smtp-server
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
# Debug
debug 4
}
vrrp_instance VI_1 {
state MASTER ===> BACKUP in the backup Linux node
interface enp0s3
virtual_router_id 51
priority 100 ===> 50 in the backup Linux node
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.203/24
}
}
Code: Select all
[root@lb1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:ad:8d:55 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.200/24 brd 192.168.10.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet 192.168.10.203/24 scope global secondary enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::7457:ae2a:42c:67ea/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:bd:bb:d8 brd ff:ff:ff:ff:ff:ff
inet 172.10.10.200/24 brd 172.10.10.255 scope global enp0s8
valid_lft forever preferred_lft forever
inet6 fe80::690a:48af:e89b:b25/64 scope link
valid_lft forever preferred_lft forever
Code: Select all
Apr 16 13:12:35 lb1 Keepalived[5412]: Stopping
Apr 16 13:12:35 lb1 systemd: Stopping LVS and VRRP High Availability Monitor...
Apr 16 13:12:35 lb1 Keepalived_vrrp[5414]: VRRP_Instance(VI_1) sent 0 priority
Apr 16 13:12:35 lb1 Keepalived_vrrp[5414]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 16 13:12:35 lb1 Keepalived_vrrp[5414]: VRRP_Instance(VI_1) removing protocol iptable drop rule
Apr 16 13:12:35 lb1 Keepalived_healthcheckers[5413]: Stopped
Apr 16 13:12:36 lb1 Keepalived_vrrp[5414]: Stopped
Apr 16 13:12:36 lb1 systemd: Starting LVS and VRRP High Availability Monitor...
Apr 16 13:12:36 lb1 Keepalived[5412]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Apr 16 13:12:36 lb1 Keepalived[5475]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Apr 16 13:12:36 lb1 Keepalived[5475]: Unable to resolve default script username 'keepalived_script' - ignoring
Apr 16 13:12:36 lb1 Keepalived[5475]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb1 systemd: PID file /var/run/keepalived.pid not readable (yet?) after start.
Apr 16 13:12:36 lb1 Keepalived[5477]: Starting Healthcheck child process, pid=5478
Apr 16 13:12:36 lb1 Keepalived[5477]: Starting VRRP child process, pid=5479
Apr 16 13:12:36 lb1 systemd: Started LVS and VRRP High Availability Monitor.
Apr 16 13:12:36 lb1 Keepalived_healthcheckers[5478]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb1 Keepalived_healthcheckers[5478]: Unknown keyword 'debug'
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Registering Kernel netlink reflector
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Registering Kernel netlink command channel
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Registering gratuitous ARP shared channel
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Unknown keyword 'debug'
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: (VI_1): Cannot start in MASTER state if not address owner
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) removing protocol iptable drop rule
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: Using LinkWatch kernel netlink reflector...
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Entering BACKUP STATE
Apr 16 13:12:36 lb1 Keepalived_vrrp[5479]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Apr 16 13:12:39 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Transition to MASTER STATE
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Entering MASTER STATE
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) setting protocol iptable drop rule
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) setting protocol VIPs.
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:40 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:12:45 lb1 Keepalived_vrrp[5479]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Code: Select all
Apr 16 13:12:35 lb2 Keepalived[5413]: Stopping
Apr 16 13:12:35 lb2 systemd: Stopping LVS and VRRP High Availability Monitor...
Apr 16 13:12:35 lb2 Keepalived_healthcheckers[5414]: Stopped
Apr 16 13:12:36 lb2 Keepalived_vrrp[5415]: Stopped
Apr 16 13:12:36 lb2 systemd: Starting LVS and VRRP High Availability Monitor...
Apr 16 13:12:36 lb2 Keepalived[5413]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Apr 16 13:12:36 lb2 Keepalived[5449]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Apr 16 13:12:36 lb2 Keepalived[5449]: Unable to resolve default script username 'keepalived_script' - ignoring
Apr 16 13:12:36 lb2 Keepalived[5449]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb2 systemd: PID file /var/run/keepalived.pid not readable (yet?) after start.
Apr 16 13:12:36 lb2 Keepalived[5450]: Starting Healthcheck child process, pid=5451
Apr 16 13:12:36 lb2 Keepalived[5450]: Starting VRRP child process, pid=5452
Apr 16 13:12:36 lb2 systemd: Started LVS and VRRP High Availability Monitor.
Apr 16 13:12:36 lb2 Keepalived_healthcheckers[5451]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb2 Keepalived_healthcheckers[5451]: Unknown keyword 'debug'
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Registering Kernel netlink reflector
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Registering Kernel netlink command channel
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Registering gratuitous ARP shared channel
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Opening file '/etc/keepalived/keepalived.conf'.
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Unknown keyword 'debug'
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) removing protocol iptable drop rule
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: Using LinkWatch kernel netlink reflector...
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Entering BACKUP STATE
Apr 16 13:12:36 lb2 Keepalived_vrrp[5452]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)
Code: Select all
Apr 16 13:17:10 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Transition to MASTER STATE
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Entering MASTER STATE
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) setting protocol iptable drop rule
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) setting protocol VIPs.
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:11 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
Apr 16 13:17:16 lb2 Keepalived_vrrp[5452]: Sending gratuitous ARP on enp0s3 for 192.168.10.203
...
Connecting the cable again in the Master node
...
Apr 16 13:18:01 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 50
Apr 16 13:18:01 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) Entering BACKUP STATE
Apr 16 13:18:01 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 16 13:18:01 lb2 Keepalived_vrrp[5452]: VRRP_Instance(VI_1) removing protocol iptable drop rule
Code: Select all
[root@lb1 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@lb1 ~]# systemctl status iptables
Unit iptables.service could not be found.
[root@lb1 ~]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere match-set keepalived dst
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Thanks.