Usage¶
You can manage HA VRRP devices under Linux.
To synchronize Linux and the fast path, start the cache manager and the fast path manager:
# fpmd # cmgrd
Start
keepalived
with appropriate options:# keepalived [options]
Note
Available options are displayed with the command:
keepalived -h
Example: implementing one virtual router with two VRRP routers¶
Here is a very simple example that implements Sample Configuration 1
,
provided in RFC 3768 section 4.1, with a VRRP router with MAC address
00:00:5e:00:01:33
and IP address 10.22.0.1
.
Network architecture
In the architecture below, Rtr1 is the master VRRP router, and Rtr2 is the backup VRRP router.
Launching keepalived
on the master router¶
Perform the steps below on the master router.
Create the
Rtr1.conf
keepalived
configuration file with the following content:global_defs { router_id DEMO_VRRP_ROUTER } vrrp_instance VI_1 { state MASTER interface eth1 # ethernet link where hosts and VRRP routers are connected use_vmac # to use macvlan virtual_router_id 51 # to use the 00:00:5e:00:01:{virtual_router_id} mac address (33 hexadecimal = 51 decimal) priority 200 # priority of the router advert_int 1 # VRRP advertisement interval virtual_ipaddress { 10.22.0.1/24 # VRRP ip address } virtual_routes { 10.22.0.0/24 dev eth1 # VRRP routes } }
See also
For more information, see keepalived.conf SYNOPSIS and keepalived.conf samples.
Launch the
keepalived
daemon for VRRP with theRtr1.conf
configuration file:# keepalived -f /path/to/Rtr1.conf
Note
If you do not specify a custom configuration file,
keepalived
tries to read the default configuration file/etc/keepalived/keepalived.conf
.
Launching keepalived
on the backup router¶
Perform the steps below on the backup router.
Create the
Rtr2.conf
keepalived
configuration file with the following content:global_defs { router_id DEMO_VRRP_ROUTER } vrrp_instance VI_1 { state BACKUP # set to MASTER in *Rtr1.conf* interface eth1 use_vmac virtual_router_id 51 priority 100 # Set to 200 in *Rtr1.conf* advert_int 1 virtual_ipaddress { 10.22.0.1/24 } virtual_routes { 10.22.0.0/24 dev eth1 } }
Launch the
keepalived
daemon for VRRP with theRtr2.conf
configuration file:# keepalived -f /path/to/Rtr2.conf
Configuring the two routers¶
Perform the steps below on each of the two routers.
Check that the VRRP interface exists:
# fp-cli iface ... 849:vrrp.51 [VR-0] ifuid=0x5153311a (virtual) <UP|RUNNING|FWD4|FWD6> (0x63) type=macvlan mac=00:00:5e:00:01:33 mtu=1500 tcp4mss=0 tcp6mss=0 IPv4 routes=0 IPv6 routes=0 mode private, link eth1 ...
Allow IP forwarding:
# sysctl -w net.ipv4.ip_forward=1
Disable reverse path filtering on interfaces to which the VRRP routers are linked:
# sysctl -w net.ipv4.conf.eth1.rp_filter=0
Disable
iptables
rules that block multicast traffic:To clear all
iptables
rules:# iptables -F
Enable
arp_ignore
on interfaces to which the VRRP routers are linked:# sysctl -w net.ipv4.conf.eth1.arp_ignore=1
Otherwise, the linked interface answers ARP requests related to the VRRP MAC address.
If you do not receive Netlink notifications from the lower interface to which the VRRP routers are linked, set this interface in
promiscuous
mode:# ip link set eth1 promisc on
Check that interface
eth1
has the flagPROMISC
:# fp-cli iface ... 96:eth1 [VR-0] ifuid=0x6008c1d2 (port 1) <UP|RUNNING|PROMISC|FWD4|FWD6> (0x73) type=ether mac=00:02:02:00:00:21 mtu=1500 tcp4mss=0 tcp6mss=0 IPv4 routes=0 IPv6 routes=0 ...
HA VRRP is now properly configured. The master VRRP router Rtr1, and the backup VRRP router Rtr2 now implement one virtual router on a simple network, as specified in RFC 3768, section 4.1.