Guides - Configuring IP Failover using keepalived
Linux virtual machines equipped with a tailored set of resources designed to run any cloud-based workload.
This guide covers using keepalived to configure IP failover with Linode Compute Instances. Keepalived is a routing service that can be used to monitor and fail over components in a high availability configuration. In a typical setup with IP failover, there is one primary Instance and one or more secondary Instances.
- Primary (also called
MASTER
in keepalived): The primary Compute Instance is the one containing the IP address you’d like to configure for IP failover. - Secondary (also called
BACKUP
in keepalived): The secondary Compute Instances are then configured to use that IP address in the event the primary Instance stops responding.
IP Failover Compatibility
Linode’s IP failover feature using keepalived is compatible with various IP address types in certain data centers. Review the list below to learn what types are available in your data center.
Public and Private IPv4 addresses: Can be configured in a supported data center using keepalived. You must first configure Linode’s IP Sharing feature as outlined in the Configuring IP Sharing section. See Configure Failover > IP Sharing Availability for a list of data centers that support ARP-based failover.
IPv6 addresses: IP failover with IPv6 addresses is not currently supported.
VLAN IP addresses: Can be configured in a supported data center using keepalived. See VLANs > Availability for a list of data centers.
Configuring IP Sharing
Before using keepalived to configure IP failover for a public or private IPv4 address (not VLANs), you first need to use Linode’s IP Sharing feature to share your IP address with other Compute Instances. To do so, follow the instructions within the Configuring IP Sharing section of the Managing IP Addresses guide for each secondary Compute Instance.
Installing and Configuring keepalived
This section covers installing the keepalived software from your distribution’s repository. See Installing Keepalived on the official documentation if you prefer to install it from source. After installing keepalived, the next step is to configure it for your particular IP failover scenario.
Log in to your Compute Instance over SSH. See Connecting to a Remote Server Over SSH for assistance.
Install keepalived by following the instructions for your system’s distribution.
Ubuntu and Debian:
sudo apt update && sudo apt upgrade sudo apt install keepalived
CentOS 8 Stream, CentOS/RHL 8 (including derivatives such as AlmaLinux 8 and Rocky Linux 8), Fedora:
sudo dnf upgrade sudo dnf install keepalived
CentOS 7:
sudo yum update sudo yum install keepalived
Start editing a new keepalived configuration file.
sudo nano /etc/keepalived/keepalived.conf
Enter the proper settings for your configuration into this file. Use the example below as a starting point, replacing the following items. For more configuration options, see Configuration Options.
Replace $password with a secure password to use for this configuration instance. You should use the same password for each Compute Instance you configure.
Replace 192.0.2.1 with the IP address for which you’d like to enable failover.
Note If configuring IP failover on a VLAN IP, you likely need to change the interface value frometh0
toeth1
. See the interface item under Configuration Options for help finding the Network Interface your VLAN may be using.- File: /etc/keepalived/keepalived.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14
vrrp_instance Instance1 { state MASTER interface eth0 virtual_router_id 10 priority 100 advert_int 1 authentication { auth_type PASS auth_pass $password } virtual_ipaddress { 192.0.2.1 } }
Enable and start the keepalived service.
sudo systemctl enable keepalived sudo systemctl start keepalived
Perform these steps again on each secondary Compute Instance you would like to configure. You can use the same configuration file as provided above, but make the following adjustments:
- Set the state value to
BACKUP
- Set the priority value to
99
or less, depending on the failover order you prefer for the secondary Compute Instances.
- Set the state value to
Configuration Options
When configuring keepalived, there are quite a few options that can be modified to accomplish various tasks and behaviors. This section covers some of them, though you can review the Keepalived configuration synopsis page on the official documentation to learn more.
vrrp_instance: The VRRP instance definition block. Set this to whatever you’d like to call this block. To help with identification, this should be the same value across all Compute Instances that will share the specified IP address.
state: Set this to
MASTER
if the IP address is natively assigned to this Compute Instance. When configuring it as a secondary failover server, useBACKUP
.interface: Set this to whichever Network Interface the IP address is using or should use. To find the interface, log in to Cloud Manager, click on the Linodes link on the left menu, select your Compute Instance, navigate to the Configurations tab and review the Network Interfaces column for your active configuration profile. For public IP addresses the interface is typically
eth0
and for vlan addresses the interface is likelyeth1
.priority: When multiple secondary Compute Instances are configured for IP failover, this sets the order in which they will be used.
auth_pass: Set the password used by keepalived for failover synchronization. This should be used across all Compute Instances that will share the specified IP address.
virtual_ipaddress: This block defines which IP address is configured for IP failover. Set this to the IP address you’d like to use.
Testing the IP Failover Functionality
Power off the primary Compute Instance.
If you’ve configured IP failover for a public IP address, ping the IP address on your local machine. If you’ve configured IP failover on a private network, such as a VLAN, ping the IP address from another machine on that network.
ping 192.0.2.1
If IP failover is successfully configured, the output should be similar to the following (once the primary Compute Instance has fully powered off):
64 bytes from 192.0.2.1: icmp_seq=3310 ttl=64 time=0.373 ms
If you are instead receiving output telling you that the host is unreachable, IP failover likely hasn’t been successfully configured.
From 192.0.2.1 icmp_seq=3293 Destination Host Unreachable
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This page was originally published on