0

I have been studying Keepalived for High Availability purposes.

I have some fundamental questions concerning TCP/IP behavior when Keepalived is in place.

With Keepalived, clients can access the servers through its Virtual IP address. This is achieved thanks to MAC translation. But at the end of the day, the Host Server receives the packages with a different destination IP rather than its own IP. Initially I thought a host would reject a package with an IP different from its own, but thats OK.

What puzzled me is that the Host Server also responds the requests by using the Virtual IP Address, which is not present on any of its interfaces.

How can the TCP/IP stack constructs a package with a different source IP from its network interface? Do the keepalived acts on the packages constructions inside the TCP/IP Stack? I though Keepalived would act only on the Application Layer.

Thanks in advance for any clarification.

vinicius.olifer
  • 5
  • 6
  • The virtual ip **is present** on one interface. Are you sure in that you don't have anywhere? – Ipor Sircer Nov 01 '17 at 13:23
  • Yes, the only interfaces in our server is eth0 with its direct/real IP (Not the virtual IP) and the loopback interface. Initially I thought that the gateway was performing some kind of NAT, but I confirmed with Wireshark that the server actually receives the package with the virtual IP. – vinicius.olifer Nov 01 '17 at 13:28
  • I don't believe you. Show me output of `ip addr list eth0`. – Ipor Sircer Nov 01 '17 at 13:43
  • So I was biased by the 'ifconfig' command, I'm not used with 'ip addr list', with your command I see:`eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether MAC address inet **** inet **** scope global eth0 inet6 scope link valid_lft forever preferred_lft forever`. **Is it possible to have 2 address on the same interface? Why I can't see it on 'ifconfig'?** – vinicius.olifer Nov 01 '17 at 13:46
  • `ifconfig` is deprecated for years. You can see _aliased ip_ as `ifconfig eth0:1` or what alias number keepalived uses. One interface can have infinite number of ip addresses, so your virtual ip **is present** on eth0. (ok, technically the limit is about 4000, but it's fair enough) – Ipor Sircer Nov 01 '17 at 13:54
  • Oh that is a new discovery for me, thanks for your clarification and sorry me for my lack of knowledge on this. Fell free to post this as the answer. – vinicius.olifer Nov 01 '17 at 13:57

1 Answers1

1

The virtual ip is present on one interface. You can easily check it with ip addr list eth0 command. One interface can have multiple ip addresses. So, in reality all ip addresses are "virtual", even if you have only one. And we call "real ip" the first default one.

Ipor Sircer
  • 1,230
  • 7
  • 8