Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [vrrp]

VRRP stands for the Virtual Router Redundancy Protocol and uses a virtual IP address to provide high availability for a service. It is often used to provide a virtual IP address for load balancers or default gateways.

VRRP is a networking protocol that provides for automatic assignment of available IP routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.

The protocol achieves this by creation of virtual routers, which are an abstract representation of multiple routers, i.e. master and backup routers, acting as a group. The virtual router is assigned to act as a default gateway of participating hosts, instead of a physical router. If the physical router that is routing packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router.

VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise IP routes beyond that subnet or affect the routing table in any way.

The protocol is described in IETF publication RFC 5798.

Source: Wikipedia

47 questions
13
votes
3 answers

Prevent VRRP Master from becoming Master once it has failed

I have two machines (A and B, A is Master) running VRPP (from keepalived) for a Virtual IP. How can I prevent A from becoming Master again if it has failed and come back up (for whatever reason)? I'm doing this so that we have a single fail-over to…
MrMahgu
  • 273
  • 1
  • 2
  • 6
5
votes
2 answers

Start keepalived without IP on interface?

I want to use keepalived on an interface that will get an IP at some point but will not have one initially, can I set this up somehow in the config? If I try to start it now keepalived errors out as keepalived doesn't know what source IP address to…
Paul
  • 253
  • 3
  • 8
4
votes
1 answer

Meaning of virtual_ipaddress_excluded in keepalived configuration

I had some problems with my keepalived configuration and found the answer in this post: Keepalived for more than 20 virtual addresses But I am not sure about the difference between virtual_ipaddress and virtual_ipaddress_excluded? Can anyone explain…
chris911
  • 41
  • 1
  • 2
4
votes
1 answer

keepalived config is not working correctly with virtualbox vms

my keepalived configuration is not working correctly. I have two virtual testing machines (virtualbox) to try some things out with keepalived/vrrp. Bot can ping each other flawlessly (internal virtualbox network). VM 1 (MASTER): eth0:…
carrot
  • 77
  • 1
  • 1
  • 10
3
votes
1 answer

NTP high-availability behind a Virtual IP

Is it a bad practice to put a NTP server behind a Virtual IP? (VRRP) How much would it be preferred to simply have the clients talk directly to the 2 instances? Since the NTP clients keeps the server's refid, I suppose it would distinguish when the…
Phil
  • 228
  • 2
  • 7
3
votes
3 answers

Linux Virtual IP Options

There seem to be lots of options in Linux to provide a virtual IP for failover between multiple hosts. Some that I have found are heartbeat, vrrpd, carp, and keepalived. In Linux I only have experience with heartbeat (and have used HSRP in Cisco).…
Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
3
votes
1 answer

DHCP Option in HSRP /VRRP

I'm configuring HSRP having scenario described in figure below. One gateway is active for one network and standby for other network and vice versa for other gateway. DHCP is configured on both Gateways and clients get automatic IPs. My question is…
Kashif Minhas
  • 31
  • 1
2
votes
0 answers

multiple networks in keepalived configuration

I have two router(lxc containers) seated in the distribution layer of my network and I want to implement HA for them. The routers have 114 network interfaces and I want that they share a virtual ip address, I have seen that a way to acomplish this…
amh9412
  • 21
  • 4
2
votes
1 answer

Multicast routing

I got two firewalls running Keepalived and working ok. I would like to pass the vrrp multicast traffic bethween a direct back to back link between those firewalls (that direct link is already used by conntrackd). In order to do that I did add a…
Henry-Nicolas Tourneur
2
votes
1 answer

Network WAN load-balancing over Multiple Firewalls

Currently we have a Cisco ISA570 Firewall which does failover load-balancing between two ISP links. I would like to get a Sonicwall NSA6000 which should be primary and the ISA570 as a failover device. How should I re-design network such that the WAN…
gokul varma nk
  • 67
  • 2
  • 15
2
votes
1 answer

Same VRRP group, multiple VLAN

Let's say a gateway has traffic between vlan 11 and 22: Gateway 1 -- FastEthernet 0/1.1 -- vlan 11 -- 192.168.11.1 Gateway 1 -- FastEthernet 0/2.2 -- vlan 22 -- 192.168.22.1 Gateway 2 -- FastEthernet 0/1.1 -- vlan 11 -- 192.168.11.2 Gateway 2 --…
JCM
  • 143
  • 1
  • 6
2
votes
0 answers

Wireguard don't work with VRRP

I try to use Wireguard on a firewall with VRRP (based on Keepalived). The firewall blocks all the communications except to the VRRP address on port 51820 and the valid established connections. Wireguard works well if I don't use VRRP. When I try to…
Dom
  • 6,628
  • 1
  • 19
  • 24
2
votes
1 answer

Why VRRP require /32 netmask?

In a VRRP configuration I've been using /32 subnet mask but I've never know the reason behind. Sometimes I've using the same subnet mask as the primary interface, like /24, and in some cases it works and int others, until I set up /32, it…
rfmoz
  • 694
  • 9
  • 15
2
votes
1 answer

Proxy-Arp setup with Keepalived

I currently am trying to create a setup with N servers where 1 server is the master for a Virtual IP, and the (N-1) servers act as backups, presumably controlled by keepalived. However, one issue I see with keepalived is that its intention is to…
stoneman_41
  • 121
  • 1
1
vote
1 answer

HA Squid with Keepalived

We're trying to setup two HA services: Explicit forwarding proxy using Squid (port 8080) SMTP relay to Office365 using Postfix For both setups we have 2 VM's with a default Debian 7 install, and I've configured keepalived with a vip on all…
Hello_World
  • 11
  • 2
1
2 3 4