VRRP

Linux HA with VRRP

Achieving router high availability with virtual router redundancy protocol on linux with keepalived


Network Concept


  • Whe have only one public IP address from ISP
    1. This IP will be configured on both routers
    2. On backup router this IP will be inactive
  • There is only one default gateway for clients
    1. Routers will share virtual IP address
    2. This virtual IP address is gateway for clients
    3. Virtual IP address is active on master router
  • We want to have access to both unit at any time
    1. Each router will have unique IP management address
    2. On virtual IP we will access master router
  • Lan and Wan interfaces must be synchronized
    1. Interface failure force new master election



    Network Configuration

    Download config here


    RouterA: /etc/network/interface

    auto lo
    iface lo inet loopback

    # The primary network interface
    auto eth0
    iface eth0 inet static       # WAN
        address 10.0.2.10
        netmask 255.255.255.0

    auto eth1
    iface eth1 inet static       # LAN
        address 10.0.0.3
        netmask 255.255.255.0
        gateway 10.0.0.1       # if router is backup go to internet via master router
        metric 10       # requires ifmetric

    RouterB: /etc/network/interface

    auto lo
    iface lo inet loopback

    # The primary network interface
    auto eth0
    iface eth0 inet static       # WAN
        address 10.0.2.10
        netmask 255.255.255.0

    auto eth1
    iface eth1 inet static       # LAN
        address 10.0.0.2
        netmask 255.255.255.0
        gateway 10.0.0.1       # if router is backup go to internet via master router
        metric 10      # requires ifmetric


    RouterA: /etc/keepalived/keepalived.conf

    vrrp_sync_group VG1 {       # sync lan and wan interface
    group {
    VI_LAN
    VI_WAN
    }
    }


    vrrp_instance VI_WAN {       # VRRP on WAN
    state BACKUP
    interface eth0
    virtual_router_id 1
    priority 200
    virtual_ipaddress {
    10.0.2.10/24
    }
    virtual_routes
    {
    src 10.0.2.10 to 0.0.0.0/0 via 10.0.2.1 dev eth0

    }
    notify_master "/etc/keepalived/notify.sh"
    notify_backup "/etc/keepalived/notify.sh"
    notify_fault "/etc/keepalived/notify.sh"
    }


    vrrp_instance VI_LAN {       # VRRP on LAN
    state BACKUP
    interface eth1
    virtual_router_id 2
    priority 200
    virtual_ipaddress {
    10.0.0.1
    }
    notify_master "/etc/keepalived/notify.sh"
    notify_backup "/etc/keepalived/notify.sh"
    notify_fault "/etc/keepalived/notify.sh"
    }


    RouterB: /etc/keepalived/keepalived.conf

    vrrp_sync_group VG1 {
    group {
    VI_LAN
    VI_WAN
    }
    }


    vrrp_instance VI_WAN {
    state MASTER
    interface eth0
    virtual_router_id 1
    priority 100
    virtual_ipaddress {
    10.0.2.10/24
    }
    virtual_routes
    {
    src 10.0.2.10 to 0.0.0.0/0 via 10.0.2.1 dev eth0

    }
    notify_master "/etc/keepalived/notify.sh "
    notify_backup "/etc/keepalived/notify.sh "
    notify_fault "/etc/keepalived/notify.sh "
    }




    vrrp_instance VI_LAN {
    state MASTER
    interface eth1
    virtual_router_id 2
    priority 100
    virtual_ipaddress {
    10.0.0.1
    }
    notify_master "/etc/keepalived/notify.sh "
    notify_backup "/etc/keepalived/notify.sh "
    notify_fault "/etc/keepalived/notify.sh "
    }


    Config Verification

    Route




    Check /var/log/syslog

    GateB Keepalived_vrrp[907]: VRRP_Group(VG1) Transition to MASTER state
    GateB Keepalived_vrrp[907]: VRRP_Instance(VI_WAN) forcing a new MASTER election
    GateB Keepalived_vrrp[907]: VRRP_Instance(VI_LAN) Transition to MASTER STATE
    GateB Keepalived_vrrp[907]: VRRP_Group(VG1) Syncing instances to MASTER state
    GateB Keepalived_vrrp[907]: VRRP_Instance(VI_WAN) Transition to MASTER STATE
    GateB Keepalived_vrrp[907]: VRRP_Instance(VI_LAN) Entering MASTER STATE
    GateB Keepalived_vrrp[907]: Opening script file /etc/keepalived/notify.sh
    GateB Keepalived_vrrp[907]: VRRP_Instance(VI_WAN) Entering MASTER STATE

    Use notify.sh script to log keepalived activity


    Other

    Some security

    authentication {
    auth_type PASS
    auth_pass mySuperPassword
    }