High availability

Active/Standby clustering

On this page

This page applies to:

  • HAProxy ALOHA - all versions

The Virtual Router Redundancy Protocol (VRRP) creates virtual routers that bind to a floating, virtual IP address that can be shared between an active and standby HAProxy ALOHA instance.

Active/Standby Cluster

If the active instance should go offline and trigger a failover, then the standby instance inherits the IP address and resumes serving traffic. The new virtual IP address(es) should fall within the interface’s IP subnet but shouldn’t already be assigned to any server.

The following events can trigger a failover:

  • The active instance lowers its weight below one of the backup instances due to a failed health check.
  • A backup instance is reconfigured with a weight larger than the current active instance.
  • The active instance stops emitting its heartbeat packet to the cluster.

Enable the VRRP service Jump to heading

Before you enable the VRRP daemon on both the active and standby instances, you must enable the VRRP service.

  1. In the Services tab, make sure the syslogd service is up and running. The syslogd service must be running before you start the VRRP service.

  2. In the Services tab, click vrrp setup.

    VRRP Setup

    Enter the following directives:

    Directive Value
    group Enable VRRP on group of network interfaces. Specify a single name or a space-separated list of interface names. Don’t set this directive if you plan to use the Network Management CLI or Data Plane API. Remove it if it’s set.
    track_svc Check that the haproxy service is running. Optionally, if you are using LVS, also add a check for the ipvsd service.
    track_mgt Check that the sshd and wui services are running.
    no autostart Remove or comment out the line.

    Example:

    text
    service vrrp
      group eth0
      # Optionally, track ipvsd if using LVS.
      track_svc  haproxy ipvsd 
      track_mgt  sshd wui
      # no autostart
    text
    service vrrp
      group eth0
      # Optionally, track ipvsd if using LVS.
      track_svc  haproxy ipvsd 
      track_mgt  sshd wui
      # no autostart

  3. Click OK and Close to return to the Services tab.

  4. Restart the vrrp service.

    Restart VRRP

Configure the active VRRP instance Jump to heading

You can configure the active VRRP instance using the UI or the Network Management CLI. Before configuring the VRRP instances, be sure to enable the VRRP service.

Use the UI Jump to heading

Follow these steps to configure the active VRRP instance using the UI.

  1. Decide on a Virtual Router Identifier (VRID) for the cluster. The VRID can be any number between 1 and 255. It is a unique identifier that is the same on the active and standby instances. It allows the instances to share a virtual router and virtual IP address.

    Do not use a VRID already in use. To list VRIDs already in use, do one of the following:

    • From the Tools tab, select capture from the drop-down, then enter the interface name where you will configure VRRP, and the vrrp keyword. Then run the diagnostic.

      VRRP Capture Tool

    • Run the following command from a terminal:

      nix
      sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp | grep -o "vrid [0-9]*"
      nix
      sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp | grep -o "vrid [0-9]*"
      output
      text
      [...]
      5 packets captured
      6 packets received by filter
      0 packets dropped by kernel
      vrid 161
      vrid 155
      output
      text
      [...]
      5 packets captured
      6 packets received by filter
      0 packets dropped by kernel
      vrid 161
      vrid 155

    If the output from either method does not contain any lines with a vrid, you do not have any VRIDs already in use, and they are all available.

  2. In the Services tab, click network instance setup next to a network interface.

    Interface Setup

  3. Enter the following parameters to create a new VRRP instance:

    Directive Value
    vrrp inst default id Enter the VRID determined previously.
    vrrp inst default garp Gratuitous ARP polling interval in seconds. 30.
    vrrp inst default prio VRRP instance default priority. 101 or higher for master.
    vrrp inst default address The Virtual IP. The new address should fall within the interface’s IP subnet but shouldn’t already be assigned to any server.
    vrrp inst default password VRRP instance authentication password. aloha (recommended).
    vrrp inst default no-address Recommended. Enables you to configure more than 20 VIPs by implementing the virtual_ipaddress_excluded directive in the underlying VRRP configuration.

    Example:

    text
    service network eth0
      ip address 172.16.24.238/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      101
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address
    text
    service network eth0
      ip address 172.16.24.238/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      101
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address

  4. Click OK and Close to return to the Services tab.

  5. Restart the network service.

    Version > 16.0

    In versions greater than 16.0, instead of manually restarting the network service, click the Apply new configuration button on the interface to apply the changes and automatically restart the network interface service.

  6. To make your changes persistent after a reboot, click the Setup tab. Then click Save under Configuration.

    The Configuration was successfully saved message displays.

    Configuration Saved

Use the Network Management CLI Jump to heading

This section applies to:

  • HAProxy ALOHA 16.5 and newer

Follow these steps to configure the active VRRP instance using the Network Management CLI.

  1. If you have not already done so, install the Network Management CLI.

  2. Remove incompatible directives from the VRRP service:

    • In the Services tab, click vrrp setup.

    • Delete the group directive if it exists.

    • Click OK and Close to return to the Services tab.

    • Restart the vrrp service.

      Restart VRRP

  3. Go to the Tools tab and click Launch terminal.

  4. Decide on a Virtual Router Identifier (VRID) for the cluster. The VRID can be any number between 1 and 255. It is a unique identifier that is the same on the active and standby instances. It allows the instances to share a virtual router and virtual IP address.

    Do not use a VRID already in use. To list VRIDs already in use, run the following command:

    nix
    sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp | grep -o "vrid [0-9]*"
    nix
    sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp | grep -o "vrid [0-9]*"
    output
    text
    [...]
    5 packets captured
    6 packets received by filter
    0 packets dropped by kernel
    vrid 161
    vrid 155
    output
    text
    [...]
    5 packets captured
    6 packets received by filter
    0 packets dropped by kernel
    vrid 161
    vrid 155

  5. To create a new active VRRP instance, use the netctl connection modify command on your interface, specifying the ID of the interface and the following directives as parameters:

    Directive Value
    id Enter the VRID determined previously.
    inst The VRRP instance. default.
    version Set version to v2.
    prio VRRP instance default priority. 101 or higher for master.
    garp Gratuitous ARP polling interval in seconds. 30.
    no-address Recommended. Enables you to configure more than 20 VIPs by implementing the virtual_ipaddress_excluded directive in the underlying VRRP configuration.
    password VRRP instance authentication password. aloha (recommended).
    address The Virtual IP. The new address should fall within the interface’s IP subnet but shouldn’t already be assigned to any server.

    When you create your VRRP instances, you will provide a VRRP version, either V2 or V3. The versions differ slightly. You must use V3 if you require IPv6, but v2 if you need more than 20 VIPs since that version supports the no-address setting. Consider the differences in the table below before choosing a version.

    Consideration VRRP V2 VRRP V3
    IPv6 Support No Yes
    Timers Seconds Milliseconds
    Multicast address 224.0.0.18 for IPv4 224.0.0.18 for IPV4, FF02:0:0:0:0:0:0:12 for IPv6
    Virtual router id Uses mac address 0000.5E00.01xx for IPv4, where xx is the virtual router id in hexadecimal Uses mac address 0000.5E00.01xx, where xx is the virtual router id in hexadecimal for IPv4. Uses multicast address FF02::12 for IPv6 for sending hello messages.
    Preemption criteria A node with the same priority value but with a higher IP would cause preemption Only a higher priority on a node would cause preemption
    Enable VRRP Enable on a per-interface basis Enable globally

    Example:

    nix
    sudo netctl connection modify ethernet-eth0 vrrp.instances 'inst=default id=130 v2 prio=101 garp=30 no-address password=aloha 172.16.24.235'
    sudo netctl connection up ethernet-eth0
    nix
    sudo netctl connection modify ethernet-eth0 vrrp.instances 'inst=default id=130 v2 prio=101 garp=30 no-address password=aloha 172.16.24.235'
    sudo netctl connection up ethernet-eth0
    output
    text
    # Stopping network[eth0] ...
      ==> stop network[eth0] : Done.
    # Starting network[eth0] ...
    Cannot set new settings: Operation not supported
      not setting autoneg
      ==> Link configuration changed for interface eth0
      ==> start network[eth0] : Done.
      ==> load ip config network[eth0] : Done.
    Updating VRRP configuration.
    Connection successfully activated
    output
    text
    # Stopping network[eth0] ...
      ==> stop network[eth0] : Done.
    # Starting network[eth0] ...
    Cannot set new settings: Operation not supported
      not setting autoneg
      ==> Link configuration changed for interface eth0
      ==> start network[eth0] : Done.
      ==> load ip config network[eth0] : Done.
    Updating VRRP configuration.
    Connection successfully activated

    Tip

    Be sure to enclose the parameter list for the netctl connection modify command in single quotes ''.

  6. Save the configuration to make your changes persistent after a reboot:

    nix
    sudo config save
    nix
    sudo config save

Configure the standby VRRP instance Jump to heading

You can configure the standby VRRP instance using the UI or the Network Management CLI. Before configuring the VRRP instances, be sure to enable the VRRP service.

Use the UI Jump to heading

  1. In the Services tab, click network instance setup next to a network interface.

    Interface Setup

  2. Add the following parameters to create a new VRRP instance:

    Directive Value
    vrrp inst default id Same VRID as on the active HAProxy ALOHA instance.
    vrrp inst default garp Gratuitous ARP polling interval in seconds. 30.
    vrrp inst default prio VRRP instance default priority. 100 for backup.
    vrrp inst default address The Virtual IP.
    vrrp inst default password VRRP instance authentication password. aloha (recommended).
    vrrp inst default no-address Recommended. Enables you to configure more than 20 VIPs by implementing the virtual_ipaddress_excluded directive in the underlying VRRP configuration.

    Example:

    text
    service network eth0
      ip address 172.16.24.237/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      100
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address
    text
    service network eth0
      ip address 172.16.24.237/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      100
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address

  3. Click OK and Close to return to the Services tab.

  4. Restart the network service.

    Version > 16.0

    In versions greater than 16.0, instead of manually restarting the network service, click the Apply new configuration button on the interface to apply the changes and automatically restart the network interface service.

  5. To make your changes persistent after a reboot, click the Setup tab. Then click Save under Configuration.

    The Configuration was successfully saved message displays.

    Configuration Saved

Use the Network Management CLI Jump to heading

This section applies to:

  • HAProxy ALOHA 16.5 and newer

Follow these steps to configure the standby VRRP instance using the Network Management CLI.

  1. Remove incompatible directives from the VRRP service:

    • In the Services tab, click vrrp setup.

    • Delete the group directive if it exists.

    • Click OK and Close to return to the Services tab.

    • Restart the vrrp service.

      Restart VRRP

  2. To create a new standby VRRP instance, use the netctl connection modify command on your interface, specifying the ID of the interface and the following directives as parameters:

    Directive Value
    id Same VRID as on the active HAProxy ALOHA instance.
    inst The VRRP instance. default.
    version Either v2 or v3. We recommend v2, which supports the no-address directive.
    prio VRRP instance default priority. 100 for backup.
    garp Gratuitous ARP polling interval in seconds. 30.
    no-address Recommended. Enables you to configure more than 20 VIPs by implementing the virtual_ipaddress_excluded directive in the underlying VRRP configuration.
    password VRRP instance authentication password. aloha (recommended).
    address The Virtual IP.

    Example:

    nix
    sudo netctl connection modify ethernet-eth0 vrrp.instances 'inst=default id=130 v2 prio=100 garp=30 no-address password=aloha 172.16.24.235'
    sudo netctl connection up ethernet-eth0
    nix
    sudo netctl connection modify ethernet-eth0 vrrp.instances 'inst=default id=130 v2 prio=100 garp=30 no-address password=aloha 172.16.24.235'
    sudo netctl connection up ethernet-eth0
    output
    text
    # Stopping network[eth0] ...
      ==> stop network[eth0] : Done.
    # Starting network[eth0] ...
    Cannot set new settings: Operation not supported
      not setting autoneg
      ==> Link configuration changed for interface eth0
      ==> start network[eth0] : Done.
      ==> load ip config network[eth0] : Done.
    Updating VRRP configuration.
    Connection successfully activated
    output
    text
    # Stopping network[eth0] ...
      ==> stop network[eth0] : Done.
    # Starting network[eth0] ...
    Cannot set new settings: Operation not supported
      not setting autoneg
      ==> Link configuration changed for interface eth0
      ==> start network[eth0] : Done.
      ==> load ip config network[eth0] : Done.
    Updating VRRP configuration.
    Connection successfully activated

    Tip

    Be sure to enclose the parameter list for the netctl connection modify command in single quotes ''.

  3. Save the configuration to make your changes persistent after a reboot:

    nix
    sudo config save
    nix
    sudo config save

Check that VRRP works Jump to heading

Warning

Perform the steps below in a test environment only.

In the steps below, we shut down the active instance and then verify that the VIP was transferred to the standby instance by comparing the MAC addresses returned for the VIP.

VRRP Active Standby

From a Linux machine on the same network, check which MAC address is associated with the VIP by executing arping.

  1. Check the MAC address on your HAProxy ALOHA instances.

    nix
    arp -a
    nix
    arp -a

  2. Check which MAC addresses are associated with the VIP and the HAProxy ALOHA instances’ IP addresses.

    nix
    sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    output
    text
    00:50:56:8a:fc:52
    output
    text
    00:50:56:8a:fc:52
    nix
    sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    output
    text
    00:50:56:8a:1a:78
    output
    text
    00:50:56:8a:1a:78
    nix
    sudo arping -c 5 -I ens192 172.16.24.238 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.238 | cut -d " " -f 4
    output
    text
    00:50:56:8a:fc:52
    output
    text
    00:50:56:8a:fc:52

    The MAC address associated with the VIP is the active HAProxy ALOHA instance’s address.

  3. Shut down your test HAProxy ALOHA instance, then check the MAC addresses.

    nix
    sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    output
    text
    00:50:56:8a:1a:78
    output
    text
    00:50:56:8a:1a:78
    nix
    sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    nix
    sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    output
    text
    00:50:56:8a:1a:78
    output
    text
    00:50:56:8a:1a:78
    nix
    sudo arping -c 5 -I ens192 172.16.24.238
    nix
    sudo arping -c 5 -I ens192 172.16.24.238
    output
    text
    Timeout
    output
    text
    Timeout

    The MAC address associated with the VIP is now the address of the previously standby HAProxy ALOHA instance.

Fail over to the standby instance Jump to heading

To manually fail over to the standby instance for doing routing maintenance on the active instance, reconfigure the backup instance a weight larger than the current active instance.

Troubleshooting Jump to heading

Detect duplicate IPs Jump to heading

To troubleshoot duplicate IPs, you can use the ARP who-has diagnostic tool.

  1. From the Tools tab, select arp who-has from the drop-down.

    ARP who-has

    You can also run the following command from a terminal:

    nix
    sudo arping -c 5 -I eth0 172.16.24.237
    nix
    sudo arping -c 5 -I eth0 172.16.24.237

If the MAC address associated with the IP address is:

  • The address you expected, the problem may come from an upper layer.
  • Not the address you expected, a duplicate IP is associated with the MAC address of the instance.

Capture VRRP packets Jump to heading

  1. From the Tools tab, select capture from the drop-down.

  2. Enter the interface name where you will configure VRRP, and the vrrp keyword, then run the diagnostic.

    VRRP Capture Tool

    You can also run the following command from a terminal:

    nix
    sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp
    nix
    sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp

  3. Check:

    • The source MAC address
    • The source IP address
    • The VRID
    • The VRRP priority

See also Jump to heading

  • The VRRP feature is a wrapper around the Keepalived software. The syntax we use is different, but you may still find the Keepalived documentation useful.

Do you have any suggestions on how we can improve the content of this page?

Previous page Active/Active clustering Next page Configuration sync
© 2025 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences