I am trying to setup keepalived on ESXi based setup where 2 physical box have ESXi installed and each one having a node which works as load-balancer using HAProxy. Now in order to achieve high availability I want to use KeepAlived so both HAProxy instance can share virtual-ip and I can point physical-ip address to virtual-ip address. Challenge with my implementation is that it has 2 subnets.

HAProxy on subnet A: HAProxy on subnet B:

Now how when I am trying to assign virtual-ip on both instance then it is pointing to local instance on both Servers.

I am using CentOS 7.x with HAProxy and KeepAlived, primarily to load-balance HTTP traffic and possibly for database too.

I am not posting config file as question itself is very simple but if required I can do that.

Unfortunately keepalived is using VRRP which works only within a single subnet.

  • Yes, I figured that out but read somewhere that some people have got unicast patch developed which can help with the use case that I have but I do not want to try something not widely used for production. – deej Mar 09 '16 at 20:04
    I've read about this too. There's also the heatbeat/Pacemaker solution that's sometimes mentioned but it really increases the complexity of the overall system. I've given up on a floating ip solution between different nodes. I've moved to a load balancer solution instead where each node can then redirect the traffic to the "master" service on a specific node. – Bernard Mar 09 '16 at 23:20

There is an alternative way. 2 keepalived in differents network can communicate using unicast_peer (it will works as the same as if you have a VIP but you don't)

Then you can use the notify_script to move a IP Failover (provided by your host for example) and make an API call to your provider to tell to move your IP Failover to another service when the keepalived transitioned to MASTER (there is a notify_master rule).

Example of my keepalived config:

global_defs {
    vrrp_version 2
    vrrp_garp_master_delay 1
    vrrp_garp_master_refresh 60
    script_user root

vrrp_script chk_haproxy {
    script "/etc/keepalived/scripts/check_haproxy.sh"
    timeout 1
    interval 5   # check every 5 second
    fall 2       # require 2 failures for KO
    rise 2       # require 2 successes for OK

vrrp_instance lb-vips {
    state {{KEEPALIVED_STATE}}
    interface {{KEEPALIVED_INTERFACE}}
    virtual_router_id {{KEEPALIVED_VIRTUAL_ROUTER_ID}}
    priority {{KEEPALIVED_PRIORITY}}
    advert_int 1
    unicast_src_ip {{KEEPALIVED_UNICAST_SRC}}
    unicast_peer {
        X.X.X.X # here you have all ip of other keepalived
    authentication {
        auth_type PASS
        auth_pass {{KEEPALIVED_AUTH_PASSWORD}}
    track_script {

    notify "/etc/keepalived/scripts/notify_script.sh"

Associated variables:

# Keepalived Config
# For electing MASTER, highest priority wins.
# MASTER=101, SLAVES=100
# password: Only the first eight (8) characters are used.
# Should be the public ip of the server

# Keepalived Notify Script Config
  • Thank you for answering this question. Though, my setup has changed quite a bit since I asked this question, I would like to try this in a lab environment for sure. Thanks again. – deej Jan 12 '22 at 16:39