Keepalived with IPv4 and IPv6 in Dual-Stack

Why I wanted to do this

I set up IPv6 in my new infrastructure and required some addresses of the redundant reverse proxy to switch the server in case one fails. Having used keepalived before (and already having it running for IPv4) I decided to stay with the current installation and just add the IPv6 address I configured as the VIP (Virtual IP).

Adding the IP to the configurations was easy and quickly done, even the service restarted without any issue or error (or I couldn’t find it.) So I pushed to the Ansible repository, the CI pipeline provisioned the infrastructure … and the VIP could not be found anymore.

What failed?

Keepalived was still running on both servers, the IPs though were nowhere to be found. It turns out, that the underlying VRRP protocol does not support mixed IP versions. (I couldn’t find that detail in the official documentation.)

Keepalived would not even create the addresses. So I removed them from the configuration and restarted the services to get my stuff running again.

Then I found a blog (the same which helped me solve it) where two instances could be created, but would have to be synced which caused some weird IP duplications for the IPv6 address. I didn’t even bother trying it.

What worked?

This site helped me solving the issue. The solution does not really make sense, since the IPv6 address would be in the excluded block, but they should be moved anyway.

The “excluded” VIPs will be moved to the new master as well, despite the parameters name which lets you expect the opposite. (It works, I tested it.)

Configurations

Below are the two example configurations to be used on the servers.

Master Server

# script to track the process which is behind the VIP
vrrp_script nginx {
    script      "killall -0 nginx"
    interval    2
}

# configuration of the virtual router
vrrp_instance VI_1 {
    interface ens18
    state MASTER
    virtual_router_id 10
    priority 10

    authentication {
        auth_type PASS
        auth_pass somepassword
    }

    virtual_ipaddress {
        1.2.3.100
    }

    virtual_ipaddress_excluded {
        AAAA:BBBB:CCCC:DDD::100
    }

    track_script {
        nginx
    }
}

Backup Server

# script to track the process which is behind the VIP
vrrp_script nginx {
    script      "killall -0 nginx"
    interval    2
}

# configuration of the virtual router
vrrp_instance VI_1 {
    interface ens18
    state BACKUP
    virtual_router_id 10
    priority 20

    authentication {
        auth_type PASS
        auth_pass somepassword
    }

    virtual_ipaddress {
        1.2.3.100
    }

    virtual_ipaddress_excluded {
        AAAA:BBBB:CCCC:DDD::100
    }

    track_script {
        nginx
    }
}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.