Usage¶

You can manage HA VRRP devices under Linux.

To synchronize Linux and the fast path, start the cache manager and the fast path manager:
```
# fpmd
# cmgrd
```
Start keepalived with appropriate options:
```
# keepalived [options]
```
Note

Available options are displayed with the command: keepalived -h

Example: implementing one virtual router with two VRRP routers¶

Here is a very simple example that implements Sample Configuration 1, provided in RFC 3768 section 4.1, with a VRRP router with MAC address 00:00:5e:00:01:33 and IP address 10.22.0.1.

Network architecture

In the architecture below, Rtr1 is the master VRRP router, and Rtr2 is the backup VRRP router.

../../../_images/aafig-7bc8c9061a26073fd245a331662ae6982e7b460e.svg

Launching `keepalived` on the master router¶

Perform the steps below on the master router.

Create the Rtr1.conf keepalived configuration file with the following content:

global_defs {
 router_id DEMO_VRRP_ROUTER
}
vrrp_instance VI_1 {
 state MASTER
 interface eth1                   # ethernet link where hosts and VRRP routers are connected
 use_vmac                         # to use macvlan
 virtual_router_id 51             # to use the 00:00:5e:00:01:{virtual_router_id} mac address (33 hexadecimal = 51 decimal)
 priority 200                     # priority of the router
 advert_int 1                     # VRRP advertisement interval
 virtual_ipaddress {
  10.22.0.1/24                    # VRRP ip address
 }
 virtual_routes {
  10.22.0.0/24 dev eth1           # VRRP routes
 }
}

Launching `keepalived` on the backup router¶

Perform the steps below on the backup router.

Create the Rtr2.conf keepalived configuration file with the following content:

global_defs {
 router_id DEMO_VRRP_ROUTER
}
vrrp_instance VI_1 {
 state BACKUP                     # set to MASTER in *Rtr1.conf*
 interface eth1
 use_vmac
 virtual_router_id 51
 priority 100                     # Set to 200 in *Rtr1.conf*
 advert_int 1
 virtual_ipaddress {
  10.22.0.1/24
 }
 virtual_routes {
  10.22.0.0/24 dev eth1
 }
}

Launch the keepalived daemon for VRRP with the Rtr2.conf configuration file:
```
# keepalived -f /path/to/Rtr2.conf
```

Configuring the two routers¶

Perform the steps below on each of the two routers.

Check that the VRRP interface exists:

# fp-cli iface
...
849:vrrp.51 [VR-0] ifuid=0x5153311a (virtual) <UP|RUNNING|FWD4|FWD6> (0x63)
        type=macvlan mac=00:00:5e:00:01:33 mtu=1500 tcp4mss=0 tcp6mss=0
        IPv4 routes=0  IPv6 routes=0
        mode private, link eth1
...

Allow IP forwarding:
```
# sysctl -w net.ipv4.ip_forward=1
```
Disable reverse path filtering on interfaces to which the VRRP routers are linked:
```
# sysctl -w net.ipv4.conf.eth1.rp_filter=0
```
Disable iptables rules that block multicast traffic:

To clear all iptables rules:
```
# iptables -F
```
Enable arp_ignore on interfaces to which the VRRP routers are linked:
```
# sysctl -w net.ipv4.conf.eth1.arp_ignore=1
```
Otherwise, the linked interface answers ARP requests related to the VRRP MAC address.
If you do not receive Netlink notifications from the lower interface to which the VRRP routers are linked, set this interface in promiscuous mode:
```
# ip link set eth1 promisc on
```

Check that interface eth1 has the flag PROMISC:

# fp-cli iface
...
96:eth1 [VR-0] ifuid=0x6008c1d2 (port 1) <UP|RUNNING|PROMISC|FWD4|FWD6> (0x73)
        type=ether mac=00:02:02:00:00:21 mtu=1500 tcp4mss=0 tcp6mss=0
        IPv4 routes=0  IPv6 routes=0
...

HA VRRP is now properly configured. The master VRRP router Rtr1, and the backup VRRP router Rtr2 now implement one virtual router on a simple network, as specified in RFC 3768, section 4.1.