Keepalived with IPv4 and IPv6 in Dual-Stack
Why I wanted to do this
I set up IPv6 in my new infrastructure and required some addresses of the redundant reverse proxy to switch the server in case one fails. Having used keepalived before (and already having it running for IPv4) I decided to stay with the current installation and just add the IPv6 address I configured as the VIP (Virtual IP).
Adding the IP to the configurations was easy and quickly done, even the service restarted without any issue or error (or I couldn’t find it.) So I pushed to the Ansible repository, the CI pipeline provisioned the infrastructure … and the VIP could not be found anymore.
What failed?
Keepalived was still running on both servers, the IPs though were nowhere to be found. It turns out, that the underlying VRRP protocol does not support mixed IP versions. (I couldn’t find that detail in the official documentation.)
Keepalived would not even create the addresses. So I removed them from the configuration and restarted the services to get my stuff running again.
Then I found a blog (the same which helped me solve it) where two instances could be created, but would have to be synced which caused some weird IP duplications for the IPv6 address. I didn’t even bother trying it.
What worked?
This site helped me solving the issue. The solution does not really make sense, since the IPv6 address would be in the excluded block, but they should be moved anyway.
The “excluded” VIPs will be moved to the new master as well, despite the parameters name which lets you expect the opposite. (It works, I tested it.)
Configurations
Below are the two example configurations to be used on the servers.
Master Server
# script to track the process which is behind the VIP
vrrp_script nginx {
script "killall -0 nginx"
interval 2
}
# configuration of the virtual router
vrrp_instance VI_1 {
interface ens18
state MASTER
virtual_router_id 10
priority 10
authentication {
auth_type PASS
auth_pass somepassword
}
virtual_ipaddress {
1.2.3.100
}
virtual_ipaddress_excluded {
AAAA:BBBB:CCCC:DDD::100
}
track_script {
nginx
}
}
Backup Server
# script to track the process which is behind the VIP
vrrp_script nginx {
script "killall -0 nginx"
interval 2
}
# configuration of the virtual router
vrrp_instance VI_1 {
interface ens18
state BACKUP
virtual_router_id 10
priority 20
authentication {
auth_type PASS
auth_pass somepassword
}
virtual_ipaddress {
1.2.3.100
}
virtual_ipaddress_excluded {
AAAA:BBBB:CCCC:DDD::100
}
track_script {
nginx
}
}