Active / Passive HA Proxy : Floating IP not "floating"

Question

I am setting up HA Proxy in Active/Passive mode.

haproxy-a : 172.29.240.172
haproxy-b : 172.29.240.173
Floating IP (VIP) : 172.29.240.188

Before any config :

[root@haproxy-a/b ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.3 (Maipo)

[root@haproxy-a ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:9b:22:86 brd ff:ff:ff:ff:ff:ff
    inet 172.29.240.172/26 brd 172.29.240.191 scope global ens160
       valid_lft forever preferred_lft forever

[root@haproxy-b keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:9b:2b:a6 brd ff:ff:ff:ff:ff:ff
    inet 172.29.240.173/26 brd 172.29.240.191 scope global ens160
       valid_lft forever preferred_lft forever

Steps that Ive done.

Configure keepalived on both servers

haproxy-a/b # yum install -y keepalived
[root@haproxy-a ~]# cat /etc/keepalived/keepalived.conf 
vrrp_script chk_haproxy {
      script "killall -0 haproxy"
      interval 1
            weight -90
      }

vrrp_instance VI_1 {
    interface ens160 #interface to monitor
        state MASTER
        virtual_router_id 51
        priority 100  # highest priority wins the election of master

    virtual_ipaddress {
      172.29.240.188
    }

    track_script {
      chk_haproxy
    }
}

[root@haproxy-b ~]# cat /etc/keepalived/keepalived.conf 
vrrp_script chk_haproxy {
      script "killall -0 haproxy"
      interval 1
            weight -10
      }

vrrp_instance VI_1 {
    interface ens160 #interface to monitor
        state BACKUP
        virtual_router_id 51
        priority 50  # highest priority wins the election of master

    virtual_ipaddress {
      172.29.240.188
    }

    track_script {
      chk_haproxy
    }
}

I then start the keepalived service on both nodes. firewalld & iptables is stopped and no other configurations were changed on the OS level.

Once keepalived is up, I do not see the floating IPs assigned to either system. System logs on both nodes say :

Jul  6 13:26:51 haproxy-a Keepalived_vrrp[1862]: ip address associated with VRID not present in received packet : 172.29.240.188
Jul  6 13:26:51 haproxy-a Keepalived_vrrp[1862]: one or more VIP associated with VRID mismatch actual MASTER advert
Jul  6 13:26:51 haproxy-a Keepalived_vrrp[1862]: bogus VRRP packet received on ens160 !!!
Jul  6 13:26:51 haproxy-a Keepalived_vrrp[1862]: VRRP_Instance(VI_1) Dropping received VRRP packet...

Floating IP's are not configured in your system network configs. They are dynamically assigned by keepalived in this case. If you assign the IP to a server, then the other server will not be able to use that IP. — Aaron, Jul 06 '17 at 13:00
@Aaron Thanks for your answer. So what you're saying is that I dont need to setup `ifcfg-ens160:1` ? The floating IP will be assigned by `keepalived` alone ? — Jason Stanley, Jul 06 '17 at 13:06
It should be. What doc are you following to set up keepalived? — Aaron, Jul 06 '17 at 13:11
@Aaron random blog on the internet. https://tecadmin.net/ip-failover-setup-using-keepalived-on-centos-redhat-6/#sthash.32WPFgEa.dpuf — Jason Stanley, Jul 06 '17 at 13:13
The blog looks ok. If you remove `ens160:1`, then restart keepalived, does it not bring up the virtual interface? Have you adjusted any sysctl settings, or doing anything that would block vrrp? Have you tried tcpdump to see what is sent/received on each end? — Aaron, Jul 06 '17 at 13:18
@Aaron I tried that and it did not being up the interface. I just updated my whole question and also presented the log messages that I am seeing. I havent done any `sysctl` changes. — Jason Stanley, Jul 06 '17 at 13:29
You have the same `virtual_router_id` on each box. Sorry, I missed that you pasted both configs. — Aaron, Jul 06 '17 at 13:36

Aaron · Accepted Answer · 2017-07-06T14:45:16.840

1

Each logical node in keepalived must have it's own unique virtual_router_id on broadcast domain.

edited Jul 06 '17 at 14:45

answered Jul 06 '17 at 13:37

Aaron

2,809
2
11
29

Thanks. The issue was that `virtual_router_id 51` was being used my a 2 node cluster on the same network by another team. I changed this property to `virtual_router_id 250` on both my nodes and I am now getting the desired behavior. VIP is floating now. – Jason Stanley Jul 06 '17 at 14:34
No problem. When you get a moment, can you mark the answer as answered? – Aaron Jul 06 '17 at 14:46

Active / Passive HA Proxy : Floating IP not "floating"

1 Answers1