3

I'm running an application on Linode. Their network does not support multicasting. Many tools used for failover (keepalived, spread/wackamole, hearbeat) require multicast to work (as far as I know). I've read the documentation for all of them, and even in "unicast" mode (if they have it) it still sends over multicast.

I know that with a GRE tunnel, I can effectively send multicast without the router knowing, which would give me the ability to use one of these tools (for now I'd like to use keepalived).

I set up my tunnel on device "gretun" like so:
10.0.0.1 is the tunnel interface point to www1
10.0.0.2 is the tunnel interface point to www2
I can nc 10.0.0.2 80 from www1, and nc 10.0.0.1 80 from www2, so it appears to be working. Pretend the public IP I'm trying to share is 69.164.69.69.

I have two questions:
After configuring keepalived to monitor the tunnel (gretun), the two machines still can't see eachother. Here is my config:

global_defs {
    notification_email {
             info@app.com
    }

    notification_email_from alerts@app.com
    smtp_server localhost
    smtp_connect_timeout 30
    router_id www1.app.com
}

vrrp_script chk_haproxy {
    script "killall -0 haproxy"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state MASTER
    interface gretun
    virtual_router_id 51
    priority 100

    advert_int 1
    garp_master_delay 2

    smtp_alert

    authentication {
            auth_type PASS
            auth_pass password
    }

    virtual_ipaddress {
            69.164.69.69/24 dev eth0
    }

    track_script {
            chk_haproxy
    }
}

Both www1 and www2 are grabbing the shared IP at the same time, I'm guessing because they can't talk to eachother. Any idea why using "gretun" won't allow them to talk to eachother?

Second question: Is it possible to set up a tunnel such that I can have 3+ machines connected to eachother and using multicast? In other words, instead of setting up different tunnels between each different combination of nodes, just be able to have nodes "join" a tunnel so to speak so they can auto-discover eachother?

The questions may be stupid, but I'm not a networking guru, this is my first experience using tunnels at all outside of ssh. I'm also open to advice that will solve my problem outside of what I'm doing.

Thanks!

andrew
  • 299
  • 4
  • 11
  • I have a similar question. Please answer me~. http://serverfault.com/questions/351359/how-to-configuration-keepalived-on-amazon-ec2 – oeegee Jan 19 '12 at 04:17

2 Answers2

9

If you are interested, I have a patch for keepalived which allows it to use unicast between a local and a remote VIP. I've successfully been using it at vps.net between virtual machines. It's a lot simpler than trying to set up a tunnel ! I've uploaded it there :

http://1wt.eu/keepalived/

You then just have to specify "vrrp_unicast_bind " and "vrrp_unicast_peer ". It will still use the VRRP protocol, but only between those IPs.

Hoping this helps !

Willy Tarreau
  • 3,894
  • 1
  • 19
  • 12
  • That's awesome, just what I need. I'd still like to figure out how to get tunnels working eventually, but this solves the exact problem I have. Thanks, Willy. – andrew Oct 04 '10 at 14:03
  • can there be more than 1 vrrp_unicast_peer ? We have 3 VRRP servers. – milosgajdos Jan 06 '14 at 20:11
0

In AWS, it might work in VPS environment, but will fail in normal EC2 environment, for you cannot open a raw protocol rule(112 for VRRP) in the security group.

dsheng
  • 1
  • In other words, you're forced to use ELB for everything? Or is there a clustering framework that actually works on EC2? – andrew Jan 21 '13 at 08:22