[rhelv6-list] Red Hat 6.4, keepalived and ipv6
Matthias Saou
matthias at saou.eu
Tue Jun 25 10:31:07 UTC 2013
On Mon, 24 Jun 2013 20:45:12 +0000
Martinsson Patrik <patrik.martinsson at smhi.se> wrote:
> Hello,
>
> This is not a specific Red Hat 6 question, but there seems to be a
> lot of people with general knowledge here so I'm going to take my
> chances. Already tried keepalived-mailinglist but no answer.
>
>
> I'm really trying to understand how keepalived handles ipv6 VIP's and
> what's the general idea and best practise is, however I seem to miss
> something. I don't understand why you wouldn't want to have
> keepalived to set the preferred_lft to zero when bringing up the
> VIP's, or actually what I don't understand is how to make various
> checks work with the source-address beeing the VIP and not the
> "iron-address".
>
> So, here's the simple configuration,
>
> # keepalived.conf,
> global_defs {
> notification_email_from foo at bar.com
> smtp_server bar.com
> smtp_connect_timeout 30
> lvs_id ER-TST-LD-MASTER
> }
>
> vrrp_instance VI_1 {
> state MASTER
> interface eth0
> lvs_sync_daemon_interface eth0
> virtual_router_id 56
> priority 150
> advert_int 1
> smtp_alert
> authentication {
> auth_type PASS
> auth_pass example
> }
> virtual_ipaddress {
> XXXX:XXX:XXX:XXXX::46
> }
> }
>
> virtual_server XXXX:XXX:XXX:XXXX::46 0 {
> delay_loop 10
> lb_algo rr
> lb_kind DR
> persistence_timeout 900
> protocol TCP
> real_server XXXX:XXX:XXX:XXXX::17 0 {
> weight 1
> inhibit_on_failure
> MISC_CHECK {
> misc_path "/etc/keepalived/check_tcp -H
> XXXX:XXX:XXX:XXXX::17 -p 21" misc_timeout 30
> }
> }
> }
> # end keepalived.conf
>
>
> So, this would mean that when keepalived performs the check to see if
> the realserver (XX:17 on port 21) is alive, the source-address of
> that packet is the VIP (XX:46), which of course also is up on the
> realserver, which in turns would mean that the packet never returns
> to keepalived. And thus making keepalived to mark the realserver as
> down (since it doesnt get any reply).
>
> So, what I'm I missing here, how is this suppose to work ?
>
> I've been trying to read the following discussions, they seem to have
> the same problem,
> http://www.ietf.org/mail-archive/web/v6ops/current/msg15266.html
> http://marc.info/?l=keepalived-devel&m=130200733315039 (there's a
> patch that would make sense to me, but never got accepted if I'm not
> mistaken)
I'm using keepalived on RHEL6 with IPv6 just fine, for both VRRP and
LVS. The main differences I see with your setup is that I'm using
RFC4193 addresses on my private LAN (eth1), that it's for a single port
(80) and that I'm using the HTTP_GET check. I'm also using FWM instead
of the IPv6 address for the virtual server, but I don't think that's
relevant.
Here's my ipvsadm -L -n output :
FWM 2 IPv6 wrr persistent 4
-> [fdcd:24cd:315e:13::201]:80 Route 100 0 0
-> [fdcd:24cd:315e:13::202]:80 Route 100 0 0
-> [fdcd:24cd:315e:13::203]:80 Route 100 0 0
-> [fdcd:24cd:315e:13::204]:80 Route 100 0 0
-> [fdcd:24cd:315e:13::205]:80 Route 100 0 0
Here's my VRRP configuration :
vrrp_instance vlb1 {
state MASTER
priority 100
virtual_router_id 245
interface eth1
advert_int 2
authentication {
auth_type PASS
auth_pass foo
}
virtual_ipaddress {
x.x.229.245/26 dev eth0 label eth0:245
x:x:4020:b010::245/64 dev eth0
}
}
And the start of the LVS configuration :
! Firewall mark 2 LVS (IPv6)
virtual_server fwmark 2 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
persistence_timeout 4
real_server fdcd:24cd:315e:13::201 80 {
weight 100
! inhibit_on_failure
HTTP_GET {
url {
path /my/path/to/info.php
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 1
}
}
[...]
}
If I were you, I'd start tcpdump'ing traffic to check what's going on
with that port 21 check. Also, I don't think the check will be done
with a source address set to the virtual_server address, but with
the main IPv6 address (at least by default, I think).
Why do you want the checks to be done with the virtual_server address
as the source to begin with? I can only think of possible issues with
that, with no real gain.
And FWIW, this is the version I'm currently running :
keepalived-1.2.7-3.el6.x86_64
Matthias
--
Matthias Saou ██ ██
██ ██
Web: http://matthias.saou.eu/ ██████████████
Mail/XMPP: matthias at saou.eu ████ ██████ ████
██████████████████████
GPG: 4096R/E755CC63 ██ ██████████████ ██
8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
21A9 7A51 7B82 E755 CC63 ████ ████
More information about the rhelv6-list
mailing list