High availability

Active/Standby clustering

On this page

The Virtual Router Redundancy Protocol (VRRP) creates virtual routers that bind to a floating, virtual IP address that can be shared between an active and standby HAProxy ALOHA instance.

Active/Standby Cluster

If the active instance should go offline, then the standby instance inherits the IP address and resumes serving traffic.

Configure the VRRP daemon on both instances Jump to heading

You must configure the VRRP daemon on both the active and the standby HAProxy ALOHA instances.

  1. In the Services tab, make sure the syslogd service is up and running. The syslogd service must be running before you start the VRRP service.

  2. In the Services tab, click vrrp setup.

    VRRP Setup

    Enter the following directives:

    Directive Value
    group Enable VRRP on group of network interfaces. Specify a single name or a space-separated list of interface names.
    track_svc Check that the haproxy service is running. Optionally, if you are using LVS, also add a check for the ipvsd service.
    track_mgt Check that the sshd and wui services are running.
    no autostart Remove or comment out the line.

    Example:

    text
    service vrrp
      group eth0
      # Optionally, track ipvsd if using LVS.
      track_svc  haproxy ipvsd 
      track_mgt  sshd wui
      # no autostart
    text
    service vrrp
      group eth0
      # Optionally, track ipvsd if using LVS.
      track_svc  haproxy ipvsd 
      track_mgt  sshd wui
      # no autostart

  3. Restart the vrrp service.

    Restart VRRP

Failover triggers Jump to heading

The following events can trigger a failover:

  • The active instance lowers its weight below one of the backup instances due to a failed health check.
  • A backup instance is reconfigured with a weight larger than the current active instance.
  • The active instance stops emitting its heartbeat packet to the cluster.

Configure the active VRRP instance Jump to heading

  1. Decide on a Virtual Router Identifier (VRID) for the cluster. The VRID can be any number between 1 and 255. It is a unique identifier that is the same on the active and standby instances. It allows the instances to share a virtual router and virtual IP address.

    Do not use a VRID already in use. To list VRIDs already in use, do one of the following:

    • From the Tools tab, select capture from the drop-down, then enter the interface name where you will configure VRRP, and the vrrp keyword. Then run the diagnostic.

      VRRP Capture Tool

    • Run the following command from a terminal:

      nix
      sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp | grep -o "vrid [0-9]*"
      nix
      sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp | grep -o "vrid [0-9]*"
      output
      text
      [...]
      5 packets captured
      6 packets received by filter
      0 packets dropped by kernel
      vrid 161
      vrid 155
      output
      text
      [...]
      5 packets captured
      6 packets received by filter
      0 packets dropped by kernel
      vrid 161
      vrid 155

  2. In the Services tab, click network instance setup next to a network interface.

    Interface Setup

  3. Enter the following parameters to create a new VRRP instance:

    Directive Value
    vrrp inst default id Enter the VRID determined previously.
    vrrp inst default garp Gratuitous ARP polling interval in seconds. 30.
    vrrp inst default prio VRRP instance default priority. 101 or higher for master.
    vrrp inst default address The Virtual IP.
    vrrp inst default password VRRP instance authentication password. aloha (recommended).
    vrrp inst default no-address Recommended. Enables you to configure more than 20 VIPs by implementing the virtual_ipaddress_excluded directive in the underlying VRRP configuration.

    Example:

    text
    service network eth0
      ip address 172.16.24.238/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      101
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address
    text
    service network eth0
      ip address 172.16.24.238/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      101
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address

  4. Restart the network service.

Configure the standby VRRP instance Jump to heading

  1. In the Services tab, click network instance setup next to a network interface.

    Interface Setup

  2. Add the following parameters to create a new VRRP instance:

    Directive Value
    vrrp inst default id Same VRID as on the active HAProxy ALOHA instance.
    vrrp inst default garp Gratuitous ARP polling interval in seconds. 30.
    vrrp inst default prio VRRP instance default priority. 100 for backup.
    vrrp inst default address The Virtual IP.
    vrrp inst default password VRRP instance authentication password. aloha (recommended).
    vrrp inst default no-address Recommended. Enables you to configure more than 20 VIPs by implementing the virtual_ipaddress_excluded directive in the underlying VRRP configuration.

    Example:

    text
    service network eth0
      ip address 172.16.24.237/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      100
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address
    text
    service network eth0
      ip address 172.16.24.237/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      100
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address

  3. Restart the network service.

Save your configuration on both instances Jump to heading

  1. To make your changes persistent after a reboot, click the Setup tab. Then click Save under Configuration.

    The Configuration was successfully saved message displays.

    Configuration Saved

    You can also launch the following command from a terminal:

    nix
    sudo config save
    nix
    sudo config save

Check that VRRP works Jump to heading

Warning

Perform the steps below in a test environment only.

In the steps below, we shut down the active instance and then verify that the VIP was transferred to the standby instance by comparing the MAC addresses returned for the VIP.

VRRP Active Standby

From a Linux machine on the same network, check which MAC address is associated with the VIP by executing arping.

  1. Check the MAC address on your HAProxy ALOHA instances.

    nix
    arp -a
    nix
    arp -a

  2. Check which MAC addresses are associated with the VIP and the HAProxy ALOHA instances’ IP addresses.

    nix
    sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    output
    text
    00:50:56:8a:fc:52
    output
    text
    00:50:56:8a:fc:52
    nix
    sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    output
    text
    00:50:56:8a:1a:78
    output
    text
    00:50:56:8a:1a:78
    nix
    sudo arping -c 5 -I ens192 172.16.24.238 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.238 | cut -d " " -f 4
    output
    text
    00:50:56:8a:fc:52
    output
    text
    00:50:56:8a:fc:52

    The MAC address associated with the VIP is the active HAProxy ALOHA instance’s address.

  3. Shut down your test HAProxy ALOHA instance, then check the MAC addresses.

    nix
    sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    output
    text
    00:50:56:8a:1a:78
    output
    text
    00:50:56:8a:1a:78
    nix
    sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    output
    text
    00:50:56:8a:1a:78
    output
    text
    00:50:56:8a:1a:78
    nix
    sudo arping -c 5 -I ens192 172.16.24.238
    nix
    sudo arping -c 5 -I ens192 172.16.24.238
    output
    text
    Timeout
    output
    text
    Timeout

    The MAC address associated with the VIP is now the address of the previously standby HAProxy ALOHA instance.

Fail over to the standby instance Jump to heading

To manually fail over to the standby instance for doing routing maintenance on the active instance, reconfigure the backup instance a weight larger than the current active instance.

Troubleshooting Jump to heading

Detect duplicate IPs Jump to heading

To troubleshoot duplicate IPs, you can use the ARP who-has diagnostic tool.

  1. From the Tools tab, select arp who-has from the drop-down.

    ARP who-has

    You can also run the following command from a terminal:

    nix
    sudo arping -c 5 -I eth0 172.16.24.237
    nix
    sudo arping -c 5 -I eth0 172.16.24.237

If the MAC address associated with the IP address is:

  • The address you expected, the problem may come from an upper layer.
  • Not the address you expected, a duplicate IP is associated with the MAC address of the instance.

Capture VRRP packets Jump to heading

  1. From the Tools tab, select capture from the drop-down.

  2. Enter the interface name where you will configure VRRP, and the vrrp keyword, then run the diagnostic.

    VRRP Capture Tool

    You can also run the following command from a terminal:

    nix
    sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp
    nix
    sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp

  3. Check:

    • The source MAC address
    • The source IP address
    • The VRID
    • The VRRP priority

Do you have any suggestions on how we can improve the content of this page?

Previous page Active/Active clustering Next page Configuration sync
© 2024 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences