Topics

Manage Default Gateway for HA addresses

Ulf Markwardt
 

Hi there,

I have a number of login servers for a cluster with IP addresses that should be available all the time. A MASTER/BACKUP config organizes that each host could take over all other addresses, no sweat with keepalived.
But I have difficulties with the default gateway that is reachable over these virtual IP addresses. I tried to manage it as virtual route in a vrrp instance together with the virtual IP address. But once a host that had taken over a second address releases it, it also loses its default gateway.
My second attempt to configure the gateway in static_routes did not work. ((I guess the reason for that is that the interfaces do not have another static address in the same net, so a "route add" would say
"SIOCADDRT: Network is unreachable".))

I hope/guess there is a very simple way to do that kind of "magic".
So any help would be welcome.

Thanks,
Ulf

Quentin Armitage
 

On Tue, 2019-09-10 at 07:08 +0200, Ulf Markwardt wrote:
Hi there,

I have a number of login servers for a cluster with IP addresses that 
should be available all the time. A MASTER/BACKUP config organizes that 
each host could take over all other addresses, no sweat with keepalived.
But I have difficulties with the default gateway that is reachable over 
these virtual IP addresses. I tried to manage it as virtual route in a 
vrrp instance together with the virtual IP address. But once a host that 
had taken over a second address releases it, it also loses its default 
gateway.
My second attempt to configure the gateway in static_routes did not 
work. ((I guess the reason for that is that the interfaces do not have 
another static address in the same net, so a "route add" would say
"SIOCADDRT: Network is unreachable".))

I hope/guess there is a very simple way to do that kind of "magic".
So any help would be welcome.

Thanks,
Ulf

Ulf,

Could you please provide copies of the keepalived configurations, and also output of ip route show showing what is happening, and also what you would you would like the ip route entries to be when a vrrp instance in master and after it has become backup.

Many thanks,
Quentin Armitage

Ulf Markwardt
 

Configs attached...
I start keepalived on the first host, it takes both IP addresses. And I see:
[root@login5 ~]# route -n|grep 247   
0.0.0.0         10.247.254.254  0.0.0.0         UG    0      0        0 enp2s0f1
10.247.254.0    0.0.0.0         255.255.255.0   U     0      0        0 enp2s0f1

Then I start keepalived on the second host (login6). That one takes its IP, sets the default route.
Login5 releases the IP *.6, keeps its own IP but loses the default route:
[root@login5 ~]# route -n|grep 247   
10.247.254.0    0.0.0.0         255.255.255.0   U     0      0        0 enp2s0f1

Since the default gateway also belongs the vrrp_instance VI_5 it should be kept there, in my understanding.

Thanks,
Ulf

Quentin Armitage
 

On Tue, 2019-09-10 at 00:40 -0700, Ulf Markwardt wrote:
Configs attached...
I start keepalived on the first host, it takes both IP addresses. And I see:
[root@login5 ~]# route -n|grep 247   
0.0.0.0         10.247.254.254  0.0.0.0         UG    0      0        0 enp2s0f1
10.247.254.0    0.0.0.0         255.255.255.0   U     0      0        0 enp2s0f1

Then I start keepalived on the second host (login6). That one takes its IP, sets the default route.
Login5 releases the IP *.6, keeps its own IP but loses the default route:
[root@login5 ~]# route -n|grep 247   
10.247.254.0    0.0.0.0         255.255.255.0   U     0      0        0 enp2s0f1

Since the default gateway also belongs the vrrp_instance VI_5 it should be kept there, in my understanding.

Thanks,
Ulf

Ulf,

The behaviour you are observing is as expected. A virtual route is only installed when the vrrp instance is in MASTER state. When it becomes backup it removes all virtual routes. If you want keepalived to install routes independently of whether a vrrp instance is master or backup, then you need to use the static_routes option, when is configured outside the scope of any vrrp instance.

By the way, since the 10.247.254.0/24 network always exists, and you are simply virtual adding addresses 10.247.254.5 and 10.247.254.6, they should be specified in the virtual_ipaddress blocks with a /32 mask, since it is the address that you are adding, and not the whole subnet.

I hope that helps,
Quentin Armitage

Ulf Markwardt
 

Hi Quentin,
I had this as the very first lines in my config, but it didn't create the default gw:
static_routes  {
 0.0.0.0/0 via 10.247.254.254 dev enp2s0f1
 }

Ulf
 

Ulf Markwardt
 

(Of course, I have taken the virtual routes out of the VI definition in this case.)

Quentin Armitage
 

On Tue, 2019-09-10 at 03:45 -0700, Ulf Markwardt wrote:
(Of course, I have taken the virtual routes out of the VI definition in this case.)
_._,_._,_
Groups.io Links:

You receive all messages sent to this group.

View/Reply Online (#28) | Reply To Group | Reply To Sender | Mute This Topic | New Topic

Your Subscription | Contact Group Owner | Unsubscribe [quentin@...]


Ulf,

Deleting the virtual_routes from the vrrp instances and adding:
static_routes {
    0.0.0.0/0 via 10.247.254.254 dev enp2s0f1
}
works fine for me, and both servers have the default route configured, but I already have an address on 10.247.254.0/24 configured.

However, in your original message I see you stated:
My second attempt to configure the gateway in static_routes did not 
work. ((I guess the reason for that is that the interfaces do not have 
another static address in the same net, so a "route add" would say
"SIOCADDRT: Network is unreachable".))
and yes, you are right that the default route cannot be added to a destination that the server cannot route to. You could try adding:
static_ipaddress {
10.247.254.nnn/24 dev enp2s0f1
}
in the vrrp configuration, and that works for me even when I don't have an ip address configured on 10.247.254.0/24 before keepalived runs.

Does that work for you?

Quentin Armitage