http://blog.gmane.org/gmane.linux.keepalived.devel hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.linux.keepalived.devel/3861 <pre>Is there a way to control the number of missed adverts that will cause a backup to transition to a master? I've looked through the source a bit, and it looks like it may be hardcoded to 3 * advert plus a skew, but I didn't study the code enough to be sure. Is that correct? Is there a way to control the number of missed adverts the causes a backup to transition to a master? -Brad ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Brad Schick 2012-05-24T16:41:30 http://comments.gmane.org/gmane.linux.keepalived.devel/3853 <pre>Hi, sry for posting in the developement Mailing List. I hope that its ok. I have a realy strange Problem with our 2 Firewalls which runs under Debian Squeeze x64 with keepalived and conntrackd. The Backup Server gos into the Master state for a few seconds without any inteface down Reports on Syslog / Snmp or else. On the Master Server I can only see some Received lower prio advert, forcing new election entrys. The Master server never lost the virtuell IP Adresses. At 08:13:12 the Backup Server stopps with switching Backup &lt;-&gt; Master and was on the correct State "BACKUP". All internal traffic goes to the correct Gateway IP Adress 192.168.43.1. But all the external Traffic was on the Backup Server which had no virtuell Adresses! Its also curiouse that the new election was only on 2 of our 3 VRRP Interfaces as you can see below. Backup Log(full on attach): May 24 08:13:10 servername-backup Keepalived_vrrp: VRRP_Instance(VI_extern) Transition to MASTER STATE May 24 08:13:10 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Entering MASTER STATE May 24 08:13:10 servername-backup Keepalived_vrrp: VRRP_Instance(VI_intern) Entering MASTER STATE May 24 08:13:11 servername-backup Keepalived_vrrp: VRRP_Instance(VI_intern) Entering BACKUP STATE May 24 08:13:11 servername-backup Keepalived_vrrp: VRRP_Instance(VI_extern) Entering BACKUP STATE May 24 08:13:11 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Entering BACKUP STATE May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Entering BACKUP STATE May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_intern) Entering BACKUP STATE May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_extern) Entering BACKUP STATE Master Log(full on attach): May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_intern) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_intern) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_intern) Received lower prio advert, forcing new election May 24 08:13:15 servername-master Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received lower prio advert, forcing new election May 24 08:13:15 servername-master Keepalived_vrrp: VRRP_Instance(VI_intern) Received lower prio advert, forcing new election After rebooting the Backup Server the Problem was gone. thanks in advance Tobias # Simple script for primary-backup setups # global_defs { notification_email { tech-role&lt; at &gt;xxx.info info&lt; at &gt;xxx.de } notification_email_from keepalived-gw1&lt; at &gt;xxx.info smtp_server 192.168.43.3 smtp_connect_timeout 30 } vrrp_sync_group G1 { # must be before vrrp_instance declaration group { VI_intern VI_extern VI_iscsi } notify_master "/etc/conntrackd/primary-backup.sh primary" notify_backup "/etc/conntrackd/primary-backup.sh backup" notify_fault "/etc/conntrackd/primary-backup.sh fault" } vrrp_instance VI_intern { interface eth0 state MASTER virtual_router_id 61 priority 150 advert_int 1 smtp_alert authentication { auth_type PASS auth_pass top-secret } virtual_ipaddress { 192.168.43.1/24 # default CIDR mask is /32 } } vrrp_instance VI_extern { interface eth1 state MASTER virtual_router_id 62 priority 150 advert_int 1 smtp_alert authentication { auth_type PASS auth_pass top-secret } virtual_ipaddress { xxx.30.210.242/28 xxx.30.210.243/28 xxx.30.210.244/28 xxx.30.210.245/28 xxx.30.210.246/28 xxx.30.210.247/28 xxx.30.210.248/28 } notify_master "/etc/conntrackd/racoon.sh start" notify_backup "/etc/conntrackd/racoon.sh stop" notify_fault "/etc/conntrackd/racoon.sh stop" } vrrp_instance VI_iscsi { interface eth2 state MASTER virtual_router_id 63 priority 150 advert_int 1 smtp_alert authentication { auth_type PASS auth_pass top-secret } virtual_ipaddress { 192.168.130.1/24 } } # Simple script for primary-backup setups # global_defs { notification_email { tech-role&lt; at &gt;xxx.info info&lt; at &gt;xxx.info } notification_email_from keepalived-gw2&lt; at &gt;xxx.info smtp_server 192.168.43.3 smtp_connect_timeout 30 } vrrp_sync_group G1 { # must be before vrrp_instance declaration group { VI_intern VI_extern VI_iscsi } notify_master "/etc/conntrackd/primary-backup.sh primary" notify_backup "/etc/conntrackd/primary-backup.sh backup" notify_fault "/etc/conntrackd/primary-backup.sh fault" } vrrp_instance VI_intern { interface eth0 state BACKUP virtual_router_id 61 priority 100 advert_int 1 smtp_alert authentication { auth_type PASS auth_pass top-secret } virtual_ipaddress { 192.168.43.1/24 # default CIDR mask is /32 } } vrrp_instance VI_extern { interface eth1 state BACKUP virtual_router_id 62 priority 100 advert_int 1 smtp_alert authentication { auth_type PASS auth_pass top-secret } virtual_ipaddress { xxx.30.210.242/28 xxx.30.210.243/28 xxx.30.210.244/28 xxx.30.210.245/28 xxx.30.210.246/28 xxx.30.210.247/28 xxx.30.210.248/28 } notify_master "/etc/conntrackd/racoon.sh start" notify_backup "/etc/conntrackd/racoon.sh stop" notify_fault "/etc/conntrackd/racoon.sh stop" } vrrp_instance VI_iscsi { interface eth2 state BACKUP virtual_router_id 63 priority 100 advert_int 1 smtp_alert authentication { auth_type PASS auth_pass top-secret } virtual_ipaddress { 192.168.130.1/24 } } May 24 08:13:10 servername-backup Keepalived_vrrp: VRRP_Instance(VI_extern) Transition to MASTER STATE May 24 08:13:10 servername-backup Keepalived_vrrp: VRRP_Group(G1) Syncing instances to MASTER state May 24 08:13:10 servername-backup Keepalived_vrrp: VRRP_Instance(VI_intern) Transition to MASTER STATE May 24 08:13:10 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Transition to MASTER STATE May 24 08:13:10 servername-backup Keepalived_vrrp: Opening script file /etc/conntrackd/primary-backup.sh May 24 08:13:10 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Entering MASTER STATE May 24 08:13:10 servername-backup Keepalived_vrrp: Remote SMTP server [192.168.43.3:25] connected. May 24 08:13:10 servername-backup Keepalived_vrrp: VRRP_Instance(VI_intern) Entering MASTER STATE May 24 08:13:10 servername-backup Keepalived_vrrp: Remote SMTP server [192.168.43.3:25] connected. May 24 08:13:10 servername-backup Keepalived_vrrp: SMTP alert successfully sent. May 24 08:13:10 servername-backup Keepalived_vrrp: SMTP alert successfully sent. May 24 08:13:11 servername-backup Keepalived_vrrp: VRRP_Instance(VI_extern) Entering MASTER STATE May 24 08:13:11 servername-backup Keepalived_vrrp: Opening script file /etc/conntrackd/racoon.sh May 24 08:13:11 servername-backup Keepalived_vrrp: Remote SMTP server [192.168.43.3:25] connected. May 24 08:13:11 servername-backup Keepalived_vrrp: SMTP alert successfully sent. May 24 08:13:11 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received higher prio advert May 24 08:13:11 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Entering BACKUP STATE May 24 08:13:11 servername-backup Keepalived_vrrp: VRRP_Group(G1) Syncing instances to BACKUP state May 24 08:13:11 servername-backup Keepalived_vrrp: VRRP_Instance(VI_intern) Entering BACKUP STATE May 24 08:13:11 servername-backup Keepalived_vrrp: VRRP_Instance(VI_extern) Entering BACKUP STATE May 24 08:13:11 servername-backup Keepalived_vrrp: Opening script file /etc/conntrackd/racoon.sh May 24 08:13:11 servername-backup Keepalived_vrrp: Opening script file /etc/conntrackd/primary-backup.sh May 24 08:13:11 servername-backup Keepalived_vrrp: Remote SMTP server [192.168.43.3:25] connected. May 24 08:13:11 servername-backup Keepalived_vrrp: SMTP alert successfully sent. May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_extern) Transition to MASTER STATE May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Group(G1) Syncing instances to MASTER state May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_intern) Transition to MASTER STATE May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Transition to MASTER STATE May 24 08:13:12 servername-backup Keepalived_vrrp: Opening script file /etc/conntrackd/primary-backup.sh May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received higher prio advert May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Entering BACKUP STATE May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Group(G1) Syncing instances to BACKUP state May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_intern) Entering BACKUP STATE May 24 08:13:12 servername-backup Keepalived_vrrp: VRRP_Instance(VI_extern) Entering BACKUP STATE May 24 08:13:12 servername-backup Keepalived_vrrp: Opening script file /etc/conntrackd/racoon.sh May 24 08:13:12 servername-backup Keepalived_vrrp: Opening script file /etc/conntrackd/primary-backup.sh May 24 08:13:12 servername-backup Keepalived_vrrp: Remote SMTP server [192.168.43.3:25] connected. May 24 08:13:12 servername-backup Keepalived_vrrp: SMTP alert successfully sent. May 24 08:40:28 servername-backup Keepalived_vrrp: Terminating VRRP child process on signal May 24 08:43:34 servername-backup Keepalived_vrrp: Registering Kernel netlink reflector May 24 08:43:34 servername-backup Keepalived_vrrp: Registering Kernel netlink command channel May 24 08:43:34 servername-backup Keepalived_vrrp: Registering gratutious ARP shared channel May 24 08:43:34 servername-backup Keepalived_vrrp: Initializing ipvs 2.6 May 24 08:43:34 servername-backup Keepalived_vrrp: IPVS: Can't initialize ipvs: Protocol not available May 24 08:43:34 servername-backup Keepalived_vrrp: Opening file '/etc/keepalived/keepalived.conf'. May 24 08:43:34 servername-backup Keepalived_vrrp: Configuration is using : 74944 Bytes May 24 08:43:34 servername-backup Keepalived_vrrp: Using LinkWatch kernel netlink reflector... May 24 08:43:34 servername-backup Keepalived_vrrp: VRRP_Instance(VI_intern) Entering BACKUP STATE May 24 08:43:34 servername-backup Keepalived_vrrp: Opening script file /etc/conntrackd/primary-backup.sh May 24 08:43:34 servername-backup Keepalived_vrrp: VRRP_Instance(VI_extern) Entering BACKUP STATE May 24 08:43:34 servername-backup Keepalived_vrrp: Opening script file /etc/conntrackd/racoon.sh May 24 08:43:34 servername-backup Keepalived_vrrp: VRRP_Instance(VI_iscsi) Entering BACKUP STATE May 24 08:43:34 servername-backup Keepalived_vrrp: Remote SMTP server [192.168.43.3:25] connected. May 24 08:43:34 servername-backup Keepalived_vrrp: Remote SMTP server [192.168.43.3:25] connected. May 24 08:43:34 servername-backup Keepalived_vrrp: Remote SMTP server [192.168.43.3:25] connected. May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_intern) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_intern) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received lower prio advert, forcing new election May 24 08:13:14 servername-master Keepalived_vrrp: VRRP_Instance(VI_intern) Received lower prio advert, forcing new election May 24 08:13:15 servername-master Keepalived_vrrp: VRRP_Instance(VI_iscsi) Received lower prio advert, forcing new election May 24 08:13:15 servername-master Keepalived_vrrp: VRRP_Instance(VI_intern) Received lower prio advert, forcing new election ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Tobias Dinse 2012-05-24T08:06:18 http://comments.gmane.org/gmane.linux.keepalived.devel/3848 <pre>Hey guys, I'm running Keepalived v1.2.2 (12/23,2011) on 2 ubuntu12.04 servers and I'm having ipv6 problems. (ipv4 runs perfectly) Box2 is answering neighbor sollicitations for the vrrp ipv6 address living on box1 although the ip is not configured on box2 and keepalived is in backup state there. box1 keepalived: vrrp_instance vlan123 { state BACKUP interface vlan123 virtual_router_id 40 priority 250 preempt_delay 90 authentication { auth_type PASS auth_pass secretpass } virtual_ipaddress { 1.2.3.49/32 2001:1234:ffff::10/124 } } box2 keepalived: vrrp_instance vlan123 { state BACKUP interface vlan123 virtual_router_id 40 priority 200 preempt_delay 90 authentication { auth_type PASS auth_pass secretpass } virtual_ipaddress { 1.2.3.49/32 2001:1234:ffff::10/124 } } The current state of the vlan123 interface on box1: box01 ~ # ip addr show dev vlan123 11: vlan123&lt; at &gt;bond0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP link/ether 00:9c:02:3c:c9:70 brd ff:ff:ff:ff:ff:ff inet 1.2.3.50/28 brd 1.2.3.63 scope global vlan123 inet 1.2.3.49/32 scope global vlan123 inet6 2001:1234:ffff::10/124 scope global tentative dadfailed valid_lft forever preferred_lft forever inet6 2001:1234:ffff::11/124 scope global valid_lft forever preferred_lft forever inet6 fe80::29c:2ff:fe3c:c970/64 scope link valid_lft forever preferred_lft forever box2: box02 ~ # ip addr show dev vlan123 11: vlan123&lt; at &gt;bond0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP link/ether 00:9c:02:3c:c9:dc brd ff:ff:ff:ff:ff:ff inet 1.2.3.51/28 brd 1.2.3.63 scope global vlan123 inet6 2001:1234:ffff::12/124 scope global valid_lft forever preferred_lft forever inet6 fe80::29c:2ff:fe3c:c9dc/64 scope link valid_lft forever preferred_lft forever As you can see, the vrrp address 2001:1234:ffff::10 is living on box1 but is dadfailed (dup address detection). So who is responding to it then? A ping from the upstream router shows box2 is answering: Upstream: asa# clear ipv6 neighbors asa# ping inside 2001:1234:ffff::10 repeat 1 Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 2001:1234:ffff::10, timeout is 2 seconds: ! Success rate is 100 percent (1/1), round-trip min/avg/max = 560/560/560 ms asa# sh ipv6 neigh IPv6 Address Age Link-layer Addr State Interface 2001:1234:ffff::10 0 009c.023c.c9dc REACH inside asa# Box1: box01 ~ # tcpdump -i vlan123 -nn -e ip6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan123, link-type EN10MB (Ethernet), capture size 65535 bytes 07:19:26.527821 00:22:55:97:98:c1 &gt; 33:33:ff:00:00:10, ethertype IPv6 (0x86dd), length 86: 2001:1234:ffff::14 &gt; ff02::1:ff00:10: ICMP6, neighbor solicitation, who has 2001:1234:ffff::10, length 32 ^C 1 packet captured 11 packets received by filter 0 packets dropped by kernel Box2: box02 ~ # tcpdump -i vlan123 -nn -e ip6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan123, link-type EN10MB (Ethernet), capture size 65535 bytes 07:19:25.096120 00:22:55:97:98:c1 &gt; 33:33:ff:00:00:10, ethertype IPv6 (0x86dd), length 86: 2001:1234:ffff::14 &gt; ff02::1:ff00:10: ICMP6, neighbor solicitation, who has 2001:1234:ffff::10, length 32 07:19:25.650105 00:9c:02:3c:c9:dc &gt; 00:22:55:97:98:c1, ethertype IPv6 (0x86dd), length 86: 2001:1234:ffff::12 &gt; 2001:1234:ffff::14: ICMP6, neighbor advertisement, tgt is 2001:1234:ffff::10, length 32 07:19:25.650441 00:22:55:97:98:c1 &gt; 00:9c:02:3c:c9:dc, ethertype IPv6 (0x86dd), length 114: 2001:1234:ffff::14 &gt; 2001:1234:ffff::10: ICMP6, echo request, seq 11135, length 60 07:19:25.650570 00:9c:02:3c:c9:dc &gt; 00:22:55:97:98:c1, ethertype IPv6 (0x86dd), length 114: 2001:1234:ffff::12 &gt; 2001:1234:ffff::14: ICMP6, echo reply, seq 11135, length 60 ^C 4 packets captured 11 packets received by filter 0 packets dropped by kernel I don't understand why box2 is responding to the neighbor sollicitation. Obviously box2 thinks it should respond for ip 2001:1234:ffff::10 and it does! The icmp reply however is sent from 2001:1234:ffff::14. With kind regards, Tom van Leeuwen ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ </pre> Tom van Leeuwen 2012-05-07T06:10:37 http://comments.gmane.org/gmane.linux.keepalived.devel/3841 <pre>Hi, I have a very basic setup where I just move IPs and a few routes between two machines. I though I could get away with just keepalived - it works beautifully, or at least it did in my test environment... One of our link providers has some insane ARP cache refresh (several hours) and so my lovely keepalived system moves the IPs in seconds only for the IPs to remain unavailable for hours :-(. Of course they aren't updating with gratuitous ARPs (which keepalived does also, right? Anyway, even manual arping doesn't change things) I didn't want to introduce any other pieces into the system but if I am going to have a virtual MAC that gets transferred then I'll need something more right? Is that the best way to go? Any ideas? Thanks Anton </pre> Anton Melser 2012-05-02T13:41:03 http://comments.gmane.org/gmane.linux.keepalived.devel/3831 <pre>Hi, I've setup keepalived in a MASTER/BACKUP configuration on 2 servers. I'll paste the configuration of both at the end of the message. Everything is working perfectly - When the check fails on MASTER, the virtual IP is swapped and the failover happens. When I kill keepalived on the MASTER, it happens too. When I bring keepalived or the check passes on the lower priority server, the failover happens. However, This failover takes 3-5 seconds, during which I can see 3-4 packets lost on a regular 'ping VIRTUAL_IP' (1-sec interval ICMP). Is this normal? Can this be lower? in 5 seconds I can lose quite a bit of HTTP requests from users, since we have a pretty high-volume website. Note: I'm using keepalived 1.1.20 with Willy Tarreau (haproxy author) unicast patch: http://1wt.eu/keepalived/keepalived-1.1.19-unicast.patch . It works great. Here are the configurations: MASTER: global_defs { notification_email { email&lt; at &gt;example.com } notification_email_from "Keepalived &lt;keepalived&lt; at &gt;lb-01.example.com&gt;" smtp_server 192.168.100.100 smtp_connect_timeout 30 } vrrp_script chk_haproxy { script "kill -0 `cat /var/run/haproxy.pid`" interval 2 # check every 2 seconds weight 2 # add 2 points of priority if OK } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 advert_int 1 priority 101 # 101 on master, 100 on backup vrrp_unicast_bind 192.168.1.1 # Internal IP of this machine vrrp_unicast_peer 192.168.1.2 # Internal IP of peer smtp_alert authentication { auth_type PASS auth_pass my_pass } virtual_ipaddress { 50.1.1.1 } track_script { chk_haproxy } } BACKUP: global_defs { notification_email { email&lt; at &gt;example.com } notification_email_from "Keepalived &lt;keepalived&lt; at &gt;lb-02.example.com&gt;" smtp_server 192.168.100.100 smtp_connect_timeout 30 } vrrp_script chk_haproxy { script "kill -0 `cat /var/run/haproxy.pid`" interval 2 # check every 2 seconds weight 2 # add 2 points of priority if OK } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 advert_int 1 priority 100 # 101 on master, 100 on backup vrrp_unicast_bind 192.168.1.2 # Internal IP of this machine vrrp_unicast_peer 192.168.1.1 # Internal IP of peer smtp_alert authentication { auth_type PASS auth_pass my_pass } virtual_ipaddress { 50.1.1.1 } track_script { chk_haproxy } } Thanks, Bar. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Bar Ziony 2012-04-29T10:53:07 http://comments.gmane.org/gmane.linux.keepalived.devel/3829 <pre> It's been awhile since I've posted to this list, which reflects my dive into Keepalived with IPv6. Does anyone have a solution for a Keepalived config using fwmarks with both IPv4/IPv6 and UDP/TCP services? I've already tried the following patch https://github.com/vincentbernat/keepalived/commit/479bb39cb94e602e8e8891d84538b2f67de14f04 with limited success. It fixes my IPv6 issues, but breaks my IPv4 UDP regardless of my use of fwmarks. I'm using DNS as the initial test service. Using ipvsadm all services appear up and ready on dual stack servers, but I get response timeouts with IPv6 without patch, and IPv4 with patch. Without patch, IPv6 works great using the traditional IP:port config - but in my environment that's a hell of a high maintenance config. Fwmarks makes everything simple. I'd like to keep it that way if at all possible. I'm using CentOS 6.2 (i386), LVS-DR, IPv6/IPv4 port 53 (TCP/UDP), and the latest Keepalived 1.2.2-3 from EPEL rebuilt using the source RPM. Any ideas? Thanks in advance for your feedback. Best regards, Ken Price ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Ken Price 2012-04-23T16:51:09 http://comments.gmane.org/gmane.linux.keepalived.devel/3823 <pre>I'd best begin with an apology - I originally wrote these several years ago (1.1.15). I've forward ported them to 1.2.2, but not tested them. Most of them came from trying to figure out why KA wasn't working (missing values for example when I expected a default value to be present) keepalived.check_ports.diff - error if the ports aren't valid keepalived.check_smtp_log.diff - log alert keepalived.check_ssl_log.diff - log alert keepalived.missing_syslogs.diff - log group changes keepalived.nohostport.diff - use "Host: foo" rather than "Host: foo:80" in requests keepalived.received.diff - fix spelling errors keepalived.syslog_facility.diff - for some reason we don't respect LOG_DAEMON - I'm not sure _why_ (main.c doesn't do this) keepalived.validvalues.diff - report when values are not valid Sometimes the SMTP and logging seems inconsistent - perhaps there should just be a generic logging function for anything "important". Adrian ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Adrian Bridgett 2012-03-31T12:02:29 http://comments.gmane.org/gmane.linux.keepalived.devel/3822 <pre>Hello everybody, Actually I got 2 firewalls where Debian Lenny is running (yeah I know ... outdated). Therefore, I'm going to upgrade them to Debian Squeeze but in the meantime, I'm interessed in your feedback/experiences regarding those versions of Keepalived. You'll find my configuration (anonymized) in attachement, basicly a bit of VRRP and of LVS. I'm most interessed : 1. to check if any behavior has changed from 1.1.15 to .20 ? 2. to know if it's possible to have .15 and .20 talk together; Is this possible or is this something I absolutely have to avoid by disconnecting the upgrading server ? Thanks for your help :) Henry-Nicolas Tourneur. vrrp_script chk_ping { script "ping -c 2 -i 0.1 17.4.40.51 -W 1" interval 5 weight -100 } vrrp_script chk_vpn { script "/usr/local/bin/check_openvpn -t localhost -p 11940 -n openvpn" interval 30 weight -100 } vrrp_instance VI_1 { interface eth2 dont_track_primary state BACKUP virtual_router_id 61 priority 150 advert_int 1 preempt_delay 600 garp_master_delay 1 mcast_src_ip 192.168.210.2 track_interface { eth1 eth3.6 eth3.7 eth4 eth5 } track_script { chk_ping chk_vpn } authentication { auth_type PASS auth_pass password } virtual_ipaddress { 10.160.0.2/32 dev eth3.6 10.160.0.129/32 dev eth3.7 17.4.40.52/29 dev eth1 17.4.40.251/32 dev eth4 17.4.40.241/28 dev eth4 10.159.99.5/24 dev eth5 } virtual_routes { 10.48.253.0/24 via 10.159.99.20 dev eth5 10.48.254.0/23 via 10.159.99.20 dev eth5 10.144.0.0/12 via 10.159.99.1 dev eth5 10.48.0.0/16 via 10.159.99.1 dev eth5 0.0.0.0/0 via 17.4.40.51 dev eth1 } notify_master "/etc/keepalived/script_master.sh" notify_backup "/etc/keepalived/script_backup.sh" notify_fault "/etc/keepalived/script_fault.sh" } virtual_server_group SMTP { 17.4.40.251 25 10.160.0.2 25 } virtual_server group SMTP { delay_loop 3 lb_algo rr lb_kind NAT persistence_timeout 10 protocol TCP real_server 17.4.40.242 25 { weight 1 inhibit_on_failure notify_up "/etc/keepalived/script_vs_up.sh 17.4.40.242" notify_down "/etc/keepalived/script_vs_down.sh 17.4.40.242" SMTP_CHECK { host { connect_ip 17.4.40.242 bindto 17.4.40.247 } connect_timeout 1 retry 2 delay_before_retry 1 helo_name MY_FQDN } } real_server 17.4.40.243 25 { weight 1 inhibit_on_failure notify_up "/etc/keepalived/script_vs_up.sh 17.4.40.243" notify_down "/etc/keepalived/script_vs_down.sh 17.4.40.243" SMTP_CHECK { host { connect_ip 17.4.40.243 bindto 17.4.40.247 } connect_timeout 1 retry 2 delay_before_retry 1 helo_name MY_FQDN } } }------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Henry-Nicolas Tourneur 2012-03-30T13:45:40 http://comments.gmane.org/gmane.linux.keepalived.devel/3821 <pre>Hello, I cant find a suitable existing topic that covers this so.. Were running keepalived (Keepalived v1.2.2 (11/07,2011)) on RHEL6 (2.6.32-220.4.2.el6.i686) (and x86_64) which the configuration has migrated from RHEL4 so it was missing afew values. After the OS and keepalived upgrade the cpu started to hit the roof, during investigation i removed the checkers one by one and found the issuing checker was checking a service which was down. Adding (it was missing) delay_before_retry to the config caused cpu to hit normal values again. Briefly checking the code i notice you divide and multiply with TIMER_HZ, could it be that without the delay_before_retry set the check is issued at an alarming rate, ie 100 or 1000 times per second? Sincerely, Joachim ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Joachim Larsson 2012-03-27T14:42:44 http://comments.gmane.org/gmane.linux.keepalived.devel/3812 <pre>I have a very simple keepalived configuration with two VRRP instances (VRRP_1 and VRRP_2) using two nodes (call then A and B) for failover: Node A is default MASTER for VRRP_1 with priority 100 and BACKUP for VRRP_2 with priority 50. Node B is default MASTER for VRRP_2 with priority 100 and BACKUP for VRRP_1 with priority 50. This seems simple enough to me. When both nodes are up, each will manage a single VIP. If one fails, the other will serve as backup. My config file is attached. The file is identical on both nodes except that state and priority are changed as expected. With keepalived running on node A, it will be master for both VRRP instances. The problem occurs when I start keepalived on node B. I would expect that node B would become master for VRRP_2 and node A would remain master for VRRP_1. That does not seem to be the case. On node B I see: Mar 21 08:31:44 node-02 Keepalived_vrrp: VRRP_Instance(VRRP_2) Received lower prio advert, forcing new election Mar 21 08:31:44 node-02 Keepalived_vrrp: VRRP_Instance(VRRP_2) Sending gratuitous ARPs on eth0 for 192.168.122.202 Mar 21 08:31:45 node-02 Keepalived_vrrp: VRRP_Instance(VRRP_2) Received lower prio advert, forcing new election Mar 21 08:31:45 node-02 Keepalived_vrrp: VRRP_Instance(VRRP_2) Sending gratuitous ARPs on eth0 for 192.168.122.202 These messages appears continuously. It appears this has been reported before, but I've yet to find a solution to the problem. Ideas? Thanks. Ryan ! keepalived.conf global_defs { notification_email { root&lt; at &gt;localhost } notification_email_from root&lt; at &gt;localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_TEST } vrrp_instance VRRP_1 { state MASTER interface eth0 virtual_router_id 1 priority 100 advert_int 1 authentication { auth_type PASS auth_pass password } virtual_ipaddress { 192.168.122.201 } } vrrp_instance VRRP_2 { state BACKUP interface eth0 virtual_router_id 2 priority 50 advert_int 1 authentication { auth_type PASS auth_pass password } virtual_ipaddress { 192.168.122.202 } } virtual_server 192.168.122.201 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 10 protocol TCP real_server 192.168.122.103 80 { weight 1 TCP_CHECK { connect_timeout 3 connect_port 80 } } real_server 192.168.122.104 80 { weight 1 TCP_CHECK { connect_timeout 3 connect_port 80 } } } virtual_server 192.168.122.202 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 10 protocol TCP real_server 192.168.122.104 80 { weight 1 TCP_CHECK { connect_timeout 3 connect_port 80 } } real_server 192.168.122.105 80 { weight 1 TCP_CHECK { connect_timeout 3 connect_port 80 } } } ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Ryan O'Hara 2012-03-21T16:02:25 http://comments.gmane.org/gmane.linux.keepalived.devel/3806 <pre>If you set the weights in keepalived to 10000 and the other server 1. Will that now only send 1 connection for every 10000 that hit the other? I dont want to traffic to go to my other server unless my primary drops out. Since keepalived doesnt have this function i was wondering if the weights are limited to a specified number? Cheers Nick Tailor ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> nick tailor 2012-03-06T19:13:04 http://comments.gmane.org/gmane.linux.keepalived.devel/3804 <pre>Hi Is this implemented in keepalived-1.2.2-2.el6.i686? Have people found it useful? Thanks, </pre> Steve Clark 2012-03-06T14:29:41 http://comments.gmane.org/gmane.linux.keepalived.devel/3803 <pre>Hi all, I find there is bug in sockstorage_equal(). First, sockstorage_equal() always return true when comparing IPv4 address. Second, if vs has vfwmark or vsgname, it will be clear on reload. Because, sockaddr_storage is initialized to zero.Then, two virtual servers are never equal by VS_ISEQ(). It is similar to virtual server group entry. The patch is as follows. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Jiajun Chen 2012-02-28T12:41:09 http://comments.gmane.org/gmane.linux.keepalived.devel/3799 <pre>Hi, I'm trying to configure an IPv6 virtual server using keepalived. But, as a result I'm getting an IPv4 one with wrong ip addresses. I'm using ipvsadm 1.25.9 and keepalived 1.2.2-2 (both from RH6 and compiled with libnl 1.1.14). When I configure a VS manually it works fine: #ipvsadm -A -f 201 -6 -s wrr #ipvsadm -a -f 201 -6 -r 2a00:81c0:4000:1f41::300:0 -w 5 #ipvsadm -a -f 201 -6 -r 2a00:81c0:4000:1f41::300:100 -w 5 # ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -&gt; RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 201 IPv6 wrr -&gt; [2a00:81c0:4000:1f41::300:0]:0 Route 5 0 0 -&gt; [2a00:81c0:4000:1f41::300:100]:0 Route 5 0 0 If I use keepalived with a config file like this (I removed all MISC_CHECK stuff as not-related): virtual_server fwmark 201 { lb_algo wrr lb_kind DR protocol TCP real_server 2a00:81c0:4000:1f41::300:0 0 { weight 1 inhibit_on_failure } real_server 2a00:81c0:4000:1f41::300:100 0 { weight 1 inhibit_on_failure } } I get the following:# ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -&gt; RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 201 wrr -&gt; 42.0.129.192:0 Route 1 0 0 In /var/log/messages I see the following: Feb 27 11:56:43 us0 Keepalived_healthcheckers: Activating healtchecker for service [2a00:81c0:4000:1f41::300:0]:0 Feb 27 11:56:43 us0 Keepalived_healthcheckers: Activating healtchecker for service [2a00:81c0:4000:1f41::300:100]:0 Feb 27 11:56:44 us0 Keepalived_healthcheckers: Enabling service [2a00:81c0:4000:1f41::300:100]:0 to VS [2a00:81c0:4000:1f41:: 300:100]:0 Feb 27 11:56:45 us0 Keepalived_healthcheckers: Enabling service [2a00:81c0:4000:1f41::300:0]:0 to VS [2a00:81c0:4000:1f41::30 0:0]:0 Feb 27 11:56:45 us0 Keepalived_healthcheckers: IPVS: Destination already exists What is wrong? ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 </pre> Anton Antonov 2012-02-27T12:11:46 http://comments.gmane.org/gmane.linux.keepalived.devel/3794 <pre>Hi all, Most of the example configurations I find do not specify a "weight" for vrrp_script or track_script, and it sounds like the default weight is "2". At the same time, the same example configurations specify a priority of "150" for the MASTER, and "100" for the BACKUP. My question is: if the track_script fails, and the weight is "2", how does the BACKUP take over the VIPs? The priorities differ by 50, but the weight is only 2. The reason I ask is that I'm facing a problem with failover, in which the MASTER retains the VIPs, but traffic is being directed toward the BACKUP (which should now be the MASTER) -- sort of a split-brain problem. My configuration files are below. I'm running Debian w/ keepalived 1:1.1.20-1. Thanks! ---------------------- lb1 ---------------------- vrrp_script check_nginx { script "/usr/bin/killall -0 nginx" interval 2 #weight 2 } vrrp_instance VI_1 { interface eth1 state MASTER virtual_router_id 51 priority 150 authentication { auth_type PASS auth_pass foobar } track_script { check_nginx } virtual_ipaddress { 192.168.1.210 dev eth1 192.168.1.211 dev eth1 } } ---------------------- lb2 ---------------------- vrrp_script check_nginx { script "/usr/bin/killall -0 nginx" interval 2 #weight 2 } vrrp_instance VI_1 { interface eth1 state BACKUP virtual_router_id 51 priority 100 authentication { auth_type PASS auth_pass foobar } track_script { check_nginx } virtual_ipaddress { 192.168.1.210 dev eth1 192.168.1.211 dev eth1 } } ------------------------------------------------------------------------------ Virtualization &amp; Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ </pre> Kian Mohageri 2012-02-24T19:55:01 http://comments.gmane.org/gmane.linux.keepalived.devel/3789 <pre>Hello every one I'm new to the list and thought i would introduce my self with a bang attached is my patch to implement centisecond vrrp advertize intervals I've been able to confirm with tcpdumd it actually does send advertizements as fast as every 0.01 seconds The catch is the advert_int option in the configuration is now in centiseconds and as such I've altered the default to be 100 ( 1 second) Also I suspect there are other bottlenecks in the code but I was able to get my iptables firewall to failover and resuming the sessions (with contrackd) at full speed again in under 4 seconds from the time the link on the network cable disappeared. with the following settings in my conf garp_master_delay 0 # yes this means no delay it actually works advert_int 1 # 1/100th of a second vrrp over the crossover link between the firewalls with several vips on various interfaces contrackd with "DisableExternalCache On" set in the config disconnecting the cable on one of the tracked interfaces "not with vrrp directly on it" here was the ipert output when i pulled the cable [ 3] 10.0-11.0 sec 112 MBytes 936 Mbits/sec [ 3] 11.0-12.0 sec 113 MBytes 947 Mbits/sec [ 3] 12.0-13.0 sec 30.4 MBytes 255 Mbits/sec [ 3] 13.0-14.0 sec 0.00 Bytes 0.00 bits/sec [ 3] 14.0-15.0 sec 0.00 Bytes 0.00 bits/sec [ 3] 15.0-16.0 sec 5.50 MBytes 46.1 Mbits/sec [ 3] 16.0-17.0 sec 111 MBytes 930 Mbits/sec if the do vrrp on the internal and external interfaces instead of the cross over the fail over goes to a second or less here is the iperf output [ 3] 29.0-30.0 sec 112 MBytes 942 Mbits/sec [ 3] 30.0-31.0 sec 113 MBytes 945 Mbits/sec [ 3] 31.0-32.0 sec 13.9 MBytes 116 Mbits/sec [ 3] 32.0-33.0 sec 2.75 MBytes 23.1 Mbits/sec [ 3] 33.0-34.0 sec 111 MBytes 932 Mbits/sec [ 3] 34.0-35.0 sec 112 MBytes 940 Mbits/sec ------------------------------------------------------------------------------ Virtualization &amp; Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/_______________________________________________ Keepalived-devel mailing list Keepalived-devel&lt; at &gt;lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/keepalived-devel </pre> Paul Robert Marino 2012-02-24T18:04:04 http://comments.gmane.org/gmane.linux.keepalived.devel/3787 <pre>Hello, I want to share keepalived unicast patch for version 1.2.2 based on Willy Tarreau patch for earlier version http://1wt.eu/keepalived/keepalived-1.1.19-unicast.patch. I'm not C programmer, so please review the following code and consider including it in main version. Of course this patch is not RFC compliant but critical for large networks and environments where multicast is unavailable. Two additional parameter added: vrrp_unicast_bind vrrp_unicast_peer Currently only two ipv4 peers supported. Best regards, Aleksey diff --git a/keepalived/include/vrrp.h b/keepalived/include/vrrp.h index 03c94f9..8c3cb15 100644 --- a/keepalived/include/vrrp.h +++ b/keepalived/include/vrrp.h &lt; at &gt;&lt; at &gt; -94,6 +94,8 &lt; at &gt;&lt; at &gt; typedef struct _vrrp_rt { list track_ifp; /* Interface state we monitor */ list track_script; /* Script state we monitor */ uint32_t mcast_saddr; /* Src IP address to use in VRRP IP header */ + uint32_t unicast_bind; /* listen to this IP if mcast is not possible */ + uint32_t unicast_peer; /* send to this IP if mcast is not possible */ char *lvs_syncd_if; /* handle LVS sync daemon state using this * instance FSM &amp; running on specific interface * =&gt; eth0 for example. &lt; at &gt;&lt; at &gt; -210,8 +212,8 &lt; at &gt;&lt; at &gt; typedef struct _vrrp_rt { /* prototypes */ extern vrrp_pkt *vrrp_get_header(sa_family_t, char *, int *, uint32_t *); -extern int open_vrrp_send_socket(sa_family_t, int, int); -extern int open_vrrp_socket(sa_family_t, int, int); +extern int open_vrrp_send_socket(sa_family_t, int, int, int); +extern int open_vrrp_socket(sa_family_t, int, int, int); extern int new_vrrp_socket(vrrp_rt *); extern void close_vrrp_socket(vrrp_rt *); extern void vrrp_send_link_update(vrrp_rt *); diff --git a/keepalived/include/vrrp_if.h b/keepalived/include/vrrp_if.h index a17f9b2..2c62d60 100644 --- a/keepalived/include/vrrp_if.h +++ b/keepalived/include/vrrp_if.h &lt; at &gt;&lt; at &gt; -117,7 +117,7 &lt; at &gt;&lt; at &gt; extern void init_interface_linkbeat(void); extern void free_interface_queue(void); extern void dump_if(void *); extern int if_join_vrrp_group(sa_family_t, int *, interface *, int); -extern int if_leave_vrrp_group(sa_family_t, int, interface *); +extern int if_leave_vrrp_group(sa_family_t, int, interface *, int); extern int if_setsockopt_bindtodevice(int *, interface *); extern int if_setsockopt_hdrincl(int *); extern int if_setsockopt_mcast_loop(sa_family_t, int *); diff --git a/keepalived/vrrp/vrrp.c b/keepalived/vrrp/vrrp.c index b52c42c..dc8d180 100644 --- a/keepalived/vrrp/vrrp.c +++ b/keepalived/vrrp/vrrp.c &lt; at &gt;&lt; at &gt; -385,8 +385,8 &lt; at &gt;&lt; at &gt; vrrp_build_ip(vrrp_rt * vrrp, char *buffer, int buflen) /* fill protocol type --rfc2402.2 */ ip-&gt;protocol = (vrrp-&gt;auth_type == VRRP_AUTH_AH) ? IPPROTO_IPSEC_AH : IPPROTO_VRRP; - ip-&gt;saddr = VRRP_PKT_SADDR(vrrp); - ip-&gt;daddr = htonl(INADDR_VRRP_GROUP); + ip-&gt;saddr = vrrp-&gt;unicast_bind ? vrrp-&gt;unicast_bind : VRRP_PKT_SADDR(vrrp); + ip-&gt;daddr = vrrp-&gt;unicast_peer ? vrrp-&gt;unicast_peer : htonl(INADDR_VRRP_GROUP); /* checksum must be done last */ ip-&gt;check = in_csum((u_short *) ip, ip-&gt;ihl * 4, 0); &lt; at &gt;&lt; at &gt; -582,7 +582,7 &lt; at &gt;&lt; at &gt; vrrp_send_pkt(vrrp_rt * vrrp) if (vrrp-&gt;family == AF_INET) { memset(&amp;dst4, 0, sizeof(dst4)); dst4.sin_family = AF_INET; - dst4.sin_addr.s_addr = htonl(INADDR_VRRP_GROUP); + dst4.sin_addr.s_addr = vrrp-&gt;unicast_peer ? vrrp-&gt;unicast_peer : htonl(INADDR_VRRP_GROUP); msg.msg_name = &amp;dst4; msg.msg_namelen = sizeof(dst4); &lt; at &gt;&lt; at &gt; -992,7 +992,7 &lt; at &gt;&lt; at &gt; chk_min_cfg(vrrp_rt * vrrp) /* open a VRRP sending socket */ int -open_vrrp_send_socket(sa_family_t family, int proto, int idx) +open_vrrp_send_socket(sa_family_t family, int proto, int idx, int unicast) { interface *ifp; int fd = -1; &lt; at &gt;&lt; at &gt; -1011,16 +1011,10 &lt; at &gt;&lt; at &gt; open_vrrp_send_socket(sa_family_t family, int proto, int idx) /* Set v4 related */ if_setsockopt_hdrincl(&amp;fd); if_setsockopt_bindtodevice(&amp;fd, ifp); - if_setsockopt_mcast_loop(family, &amp;fd); - if (fd &lt; 0) - return -1; } else if (family == AF_INET6) { /* Set v6 related */ if_setsockopt_mcast_hops(family, &amp;fd); if_setsockopt_mcast_if(family, &amp;fd, ifp); - if_setsockopt_mcast_loop(family, &amp;fd); - if (fd &lt; 0) - return -1; } else { log_message(LOG_INFO, "cant open raw socket. unknow family=%d" , family); &lt; at &gt;&lt; at &gt; -1028,12 +1022,17 &lt; at &gt;&lt; at &gt; open_vrrp_send_socket(sa_family_t family, int proto, int idx) return -1; } + if (!unicast) + if_setsockopt_mcast_loop(family, &amp;fd); + if (fd &lt; 0) + return -1; + return fd; } /* open a VRRP socket and join the multicast group. */ int -open_vrrp_socket(sa_family_t family, int proto, int idx) +open_vrrp_socket(sa_family_t family, int proto, int idx, int unicast) { interface *ifp; int fd = -1; &lt; at &gt;&lt; at &gt; -1050,7 +1049,8 &lt; at &gt;&lt; at &gt; open_vrrp_socket(sa_family_t family, int proto, int idx) } /* Join the VRRP MCAST group */ - if_join_vrrp_group(family, &amp;fd, ifp, proto); + if (!unicast) + if_join_vrrp_group(family, &amp;fd, ifp, proto); if (fd &lt; 0) return -1; &lt; at &gt;&lt; at &gt; -1065,7 +1065,7 &lt; at &gt;&lt; at &gt; open_vrrp_socket(sa_family_t family, int proto, int idx) void close_vrrp_socket(vrrp_rt * vrrp) { - if_leave_vrrp_group(vrrp-&gt;family, vrrp-&gt;fd_in, vrrp-&gt;ifp); + if_leave_vrrp_group(vrrp-&gt;family, vrrp-&gt;fd_in, vrrp-&gt;ifp, !vrrp-&gt;unicast_peer); close(vrrp-&gt;fd_out); } &lt; at &gt;&lt; at &gt; -1079,8 +1079,8 &lt; at &gt;&lt; at &gt; new_vrrp_socket(vrrp_rt * vrrp) close_vrrp_socket(vrrp); remove_vrrp_fd_bucket(vrrp); proto = (vrrp-&gt;auth_type == VRRP_AUTH_AH) ? IPPROTO_IPSEC_AH : IPPROTO_VRRP; - vrrp-&gt;fd_in = open_vrrp_socket(vrrp-&gt;family, proto, IF_INDEX(vrrp-&gt;ifp)); - vrrp-&gt;fd_out = open_vrrp_send_socket(vrrp-&gt;family, proto, IF_INDEX(vrrp-&gt;ifp)); + vrrp-&gt;fd_in = open_vrrp_socket(vrrp-&gt;family, proto, IF_INDEX(vrrp-&gt;ifp), !vrrp-&gt;unicast_peer); + vrrp-&gt;fd_out = open_vrrp_send_socket(vrrp-&gt;family, proto, IF_INDEX(vrrp-&gt;ifp), !vrrp-&gt;unicast_peer); alloc_vrrp_fd_bucket(vrrp); /* Sync the other desc */ diff --git a/keepalived/vrrp/vrrp_data.c b/keepalived/vrrp/vrrp_data.c index 3725f95..51ee552 100644 --- a/keepalived/vrrp/vrrp_data.c +++ b/keepalived/vrrp/vrrp_data.c &lt; at &gt;&lt; at &gt; -139,7 +139,7 &lt; at &gt;&lt; at &gt; free_sock(void *sock_data) interface *ifp; if (sock-&gt;fd_in &gt; 0) { ifp = if_get_by_ifindex(sock-&gt;ifindex); - if_leave_vrrp_group(sock-&gt;family, sock-&gt;fd_in, ifp); + if_leave_vrrp_group(sock-&gt;family, sock-&gt;fd_in, ifp, 0); } if (sock-&gt;fd_out &gt; 0) close(sock-&gt;fd_out); diff --git a/keepalived/vrrp/vrrp_if.c b/keepalived/vrrp/vrrp_if.c index a4c55e7..3da4cec 100644 --- a/keepalived/vrrp/vrrp_if.c +++ b/keepalived/vrrp/vrrp_if.c &lt; at &gt;&lt; at &gt; -461,7 +461,7 &lt; at &gt;&lt; at &gt; if_join_vrrp_group(sa_family_t family, int *sd, interface *ifp, int proto) } int -if_leave_vrrp_group(sa_family_t family, int sd, interface *ifp) +if_leave_vrrp_group(sa_family_t family, int sd, interface *ifp, int unicast) { struct ip_mreqn imr; struct ipv6_mreq imr6; &lt; at &gt;&lt; at &gt; -471,6 +471,9 &lt; at &gt;&lt; at &gt; if_leave_vrrp_group(sa_family_t family, int sd, interface *ifp) if (sd &lt; 0 || !ifp) return -1; + if (unicast) + goto skip_mcast_release; + /* Leaving the VRRP multicast group */ if (family == AF_INET) { memset(&amp;imr, 0, sizeof(imr)); &lt; at &gt;&lt; at &gt; -499,6 +502,7 &lt; at &gt;&lt; at &gt; if_leave_vrrp_group(sa_family_t family, int sd, interface *ifp) return -1; } +skip_mcast_release: /* Finally close the desc */ close(sd); return 0; diff --git a/keepalived/vrrp/vrrp_parser.c b/keepalived/vrrp/vrrp_parser.c index 5888723..26fb069 100644 --- a/keepalived/vrrp/vrrp_parser.c +++ b/keepalived/vrrp/vrrp_parser.c &lt; at &gt;&lt; at &gt; -154,6 +154,18 &lt; at &gt;&lt; at &gt; vrrp_mcastip_handler(vector strvec) inet_ston(VECTOR_SLOT(strvec, 1), &amp;vrrp-&gt;mcast_saddr); } static void +vrrp_unicast_bind_handler(vector strvec) +{ + vrrp_rt *vrrp = LIST_TAIL_DATA(vrrp_data-&gt;vrrp); + inet_ston(VECTOR_SLOT(strvec, 1), &amp;vrrp-&gt;unicast_bind); +} +static void +vrrp_unicast_peer_handler(vector strvec) +{ + vrrp_rt *vrrp = LIST_TAIL_DATA(vrrp_data-&gt;vrrp); + inet_ston(VECTOR_SLOT(strvec, 1), &amp;vrrp-&gt;unicast_peer); +} +static void vrrp_vrid_handler(vector strvec) { vrrp_rt *vrrp = LIST_TAIL_DATA(vrrp_data-&gt;vrrp); &lt; at &gt;&lt; at &gt; -431,6 +443,8 &lt; at &gt;&lt; at &gt; vrrp_init_keywords(void) install_keyword("track_interface", &amp;vrrp_track_int_handler); install_keyword("track_script", &amp;vrrp_track_scr_handler); install_keyword("mcast_src_ip", &amp;vrrp_mcastip_handler); + install_keyword("vrrp_unicast_bind", &amp;vrrp_unicast_bind_handler); + install_keyword("vrrp_unicast_peer", &amp;vrrp_unicast_peer_handler); install_keyword("virtual_router_id", &amp;vrrp_vrid_handler); install_keyword("priority", &amp;vrrp_prio_handler); install_keyword("advert_int", &amp;vrrp_adv_handler); diff --git a/keepalived/vrrp/vrrp_scheduler.c b/keepalived/vrrp/vrrp_scheduler.c index 53d514d..ffef10c 100644 --- a/keepalived/vrrp/vrrp_scheduler.c +++ b/keepalived/vrrp/vrrp_scheduler.c &lt; at &gt;&lt; at &gt; -469,12 +469,12 &lt; at &gt;&lt; at &gt; vrrp_open_sockpool(list l) for (e = LIST_HEAD(l); e; ELEMENT_NEXT(e)) { sock = ELEMENT_DATA(e); sock-&gt;fd_in = open_vrrp_socket(sock-&gt;family, sock-&gt;proto, - sock-&gt;ifindex); + sock-&gt;ifindex, 0); if (sock-&gt;fd_in == -1) sock-&gt;fd_out = -1; else sock-&gt;fd_out = open_vrrp_send_socket(sock-&gt;family, sock-&gt;proto, - sock-&gt;ifindex); + sock-&gt;ifindex, 0); } } ------------------------------------------------------------------------------ Virtualization &amp; Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ </pre> Aleksey Chudov 2012-02-09T15:59:11 http://comments.gmane.org/gmane.linux.keepalived.devel/3786 <pre>Hi, we've been investigating a few minor issues with LVS and keepalived; a freelance developer at my team also prepared a couple of smaller patches to resolve those issues we'd like to contribute to the general LVS/keepalived public. The patches are based upon commit 91c61a85dccffd00dd6e887d24302443e412433d from http://master.formilux.org/git/people/alex/keepalived.git, but of course do apply to newer releases as well. === Add excluded VIPs to loopback instead to the IF the VRRP Services at our site are running in a georedundant setup; to enable the balancer pair at site B to take over the VIP adresses usually routed to site A, we're running the Border Gateway Protocol from balancers to advertise the VIPs to our network core. As a result, there isn't any need to run ARP (IPv4) or neighbor advertisements (IPv6) for our balancer's VIPs. In fact, we'd like to avoid their ARP/ND traffic at all. Some balancers may host very many VIPs, so a local failover may result in a temporary flooding of gratious ARP replies. Some routers/L3 switches do process ARP not in their ASICs but using their rather small CPUs, so this burst of ARP replies may result in a temporary overload of the CPU of those routers/L3 switches, resulting in a few seconds of temporary network congestions. As we don't need ARP for our VIPs, we did use Linux arpfilter (arptables) to filter out any outgoing ARP replies for listed IPs; however, we felt a (visible) configuration option for keepalived were more suitable instead of setting up a rarely used command (arptables for IPv4, special icmpv6 filters for ip6tables on IPv6). The attached patch gives a global configuration option vips_excluded_on_loopback to bind excluded VIPs to the loopback interface instead of the one where the VRRP instance is running in order to get rid of those ARP/ND announcements. Best, Anders </pre> Anders Henke 2012-02-09T15:28:50 http://comments.gmane.org/gmane.linux.keepalived.devel/3785 <pre>Hi, we've been investigating a few minor issues with LVS and keepalived; a freelance developer at my team also prepared a couple of smaller patches to resolve those issues we'd like to contribute to the general LVS/keepalived public. The patches are based upon commit 91c61a85dccffd00dd6e887d24302443e412433d from http://master.formilux.org/git/people/alex/keepalived.git, but of course to apply to newer releases as well. === Regex content check for http(s) healthcheckers Usually, checking for the digest of a static (testing-only) website is fine to check wether some service is available; in some setups, we do need some way to also check more "dynamic" content and not only the testing code by checking the content of a http(s) website. Over the last few years, we did so using a check_misc command, but chose to implement an option to the keepalived-internal healtchecker as well. The attached patch uses the regex functions of ICU/libicuuc to check for a regular expression within the first 4000 byte of returned content. Best, Anders </pre> Anders Henke 2012-02-09T15:04:25 http://comments.gmane.org/gmane.linux.keepalived.devel/3783 <pre>Hi, we've been investigating a few minor issues with LVS and keepalived; a freelance developer at my team also prepared a couple of smaller patches to resolve those issues we'd like to contribute to the general LVS/keepalived public. The patches are based upon commit 91c61a85dccffd00dd6e887d24302443e412433d from http://master.formilux.org/git/people/alex/keepalived.git, but of course to apply to newer releases as well. === Add notify_failed and notify_ok for checks In our setups, we're setting up at least three healthchecker commands: -check the realserver's service - for an obvious reason -check for a tcp service at the realserver for the general service availability. When a realserver's admin or devops requires some time for maintenance, they shut down that special tcp service and wait for a few minutes until any persisted connections have also left. -check for a local file on the balancer, wether some realservers should be excluded from balancing. This way the admin of a keepalived balancer may temporarily withdraw traffic from a broken realserver without changing keepalived's config file. We're checking the individual results differently and do alert different monitoring systems or pagers in case of trouble (for example, when the local file or tcp check service are down for longer than a few hours or the overall availability of realserver nodes is less than 50% of all configured nodes). We'd also like to gather statistical availablity in order to catch "flapping" nodes. To combine those checks into one, one might write some large shell script calling all three healthcheckers and returning the maximum return code; however, the internal healthcheckers are much more lightweight and less errorprone than a large wrapping shell script. So we added new options for keepalived: notify_failed and notify_ok are called when a single realserver's healthchecker does change its state. So in essence: notify_backup/notify_master is called when a vrrp-instance fails; notify_down/notify_up are called when any healthchecker fails for a realserver; notify_failed/notify_ok are called when a specific healthchecker for some specific realserver fails. In my personal idea, it's probably easier to make notify_down/notify_up also work within context of a single healthchecker, so one might still keep the same command name. Feel free to change this patch :-) Anders </pre> Anders Henke 2012-02-09T14:52:35 http://comments.gmane.org/gmane.linux.keepalived.devel/3782 <pre>Hi, we've been investigating a few minor issues with LVS and keepalived; a freelance developer at my team also prepared a couple of smaller patches to resolve those issues we'd like to contribute to the general LVS/keepalived public. === Fix Netlink Init When the kernel module for ip_vs hasn't been loaded yet and an application (say, keepalived) tries to call ipvs, IPVS assumes netlink not to be present and triggers another load attempt of the kernel module, but without re-testing for netlink. In the end, netlink isn't being used. However, netlink is essential for running IPVS with IPv6. Attached is a oneline-patch for libipvs to adress this issue; it is based upon commit 91c61a85dccffd00dd6e887d24302443e412433d from http://master.formilux.org/git/people/alex/keepalived.git, but is simple enough to be applied to almost any other release of libipvs as well. I've posted this patch also to lvs-devel, but as the repository for keepalived seems to maintain its own version of libipvs, I'm also posting the patch do keepalived-devel as well. Best, Anders </pre> Anders Henke 2012-02-09T14:03:06 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.linux.keepalived.devel