HAProxy ALOHA Documentation 14.5

Active/Standby Cluster

The Virtual Router Redundancy Protocol (VRRP) creates virtual routers that bind to a floating, virtual IP address that can be shared between an active and standby HAProxy ALOHA instance.

https://cdn.haproxy.com/documentation/aloha/latest/assets/vrrp_active_standby_0-eca16bde409a9654faa737a6cada1451c5eb082745ec1ab0853dd071349bd54f.png

If the active instance should go offline, then the standby instance inherits the IP address and resumes serving traffic.

Configure the VRRP daemon on both instances

You must configure the VRRP daemon on both the active and the standby HAProxy ALOHA instances.

  1. In the Services tab, make sure the syslogd service is up and running.

  2. In the Services tab, click vrrp setup setup_icon.

    https://cdn.haproxy.com/documentation/aloha/latest/assets/vrrp_setup-c9d2c5fd997a98c3dd3c01fc660a586f74c8267d1fd194cd54a471fd7074881f.png

    Enter the following directives:

    Directive

    Value

    group

    Enable VRRP on group of network interfaces. Specify a single name or a space-separated list of interface names.

    track_svc

    Check that the haproxy service is running.

    track_mgt

    Check that the sshd and wui services are running.

    no autostart

    Remove or comment out the line.

    service vrrp
      group eth0
      track_svc  haproxy
      track_mgt  sshd wui
      # no autostart
  3. Restart the vrrp service.

    https://cdn.haproxy.com/documentation/aloha/latest/assets/restart-service-vrrp-504154c4eb12c080a682f4a1dedf1c6a05e0024620abd0b022c9e1fd8b121fe8.png

Failover triggers

The following events can trigger a failover:

  • The active instance lowers its weight below one of the backup instances due to a failed health check.

  • A backup instance is reconfigured with a weight larger than the current active instance.

  • The active instance stops emitting its heartbeat packet to the cluster.

Configure the active VRRP instance

  1. In the Services tab, click network instance setup setup_icon next to a network interface.

    https://cdn.haproxy.com/documentation/aloha/latest/assets/interface_setup-4c57f2c87bd88fa7300e8d440c2109bcef43b7087bfb2903fb6298f6b0f2235a.png
  2. Add the following parameters to create a new VRRP instance:

    Directive

    Value

    vrrp inst default id

    The Virtual Router Identifier (VRID) can be any number between 1 and 255. It is a unique identifier that is the same on the active and standby instances. It allows the instances to share a virtual router and virtual IP address.

    To check if other VRIDs are currently in use, do one of the following:

    • From the Tools tab, select capture from the drop-down, then enter the interface name where you will configure VRRP, and the vrrp keyword, then run the diagnostic.

      https://cdn.haproxy.com/documentation/aloha/latest/assets/capture-tool-e250b71670dbd62ea474beac0829abaa68d234e2dea38aa7e36a7f848001f88d.png
    • Run the following command from a terminal:

      admin@ALOHA1:~$ sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp |
      grep -o "vrid [0-9]*"
      [...]
      5 packets captured
      6 packets received by filter
      0 packets dropped by kernel
      vrid 161
      vrid 155

    vrrp inst default garp

    Gratuitous ARP polling interval in seconds. 30.

    vrrp inst default prio

    VRRP instance default priority. 101 or higher for master.

    vrrp inst default address

    The Virtual IP.

    vrrp inst default password

    VRRP instance authentication password. aloha (recommended).

    vrrp inst default no-address

    Recommended. Deconfigures the primary virtual IPv4 address for the virtual router, to bypass the protocol limitation on the maximum of authorized VIPs.

    service network eth0
      ip address 172.16.24.238/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      101
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address
  3. Restart the network service.

Configure the standby VRRP instance

  1. In the Services tab, click network instance setup setup_icon next to a network interface.

    https://cdn.haproxy.com/documentation/aloha/latest/assets/interface_setup-4c57f2c87bd88fa7300e8d440c2109bcef43b7087bfb2903fb6298f6b0f2235a.png
  2. Add the following parameters to create a new VRRP instance:

    Directive

    Value

    vrrp inst default id

    Same VRID as on the active HAProxy ALOHA instance.

    vrrp inst default garp

    Gratuitous ARP polling interval in seconds. 30.

    vrrp inst default prio

    VRRP instance default priority. 100 for backup.

    vrrp inst default address

    The Virtual IP.

    vrrp inst default password

    VRRP instance authentication password. aloha (recommended).

    vrrp inst default no-address

    Recommended. Deconfigures the primary virtual IPv4 address for the virtual router, to bypass the protocol limitation on the maximum of authorized VIPs.

    service network eth0
      ip address 172.16.24.237/24
      ip route default 172.16.24.1
      vrrp inst    default id        130
      vrrp inst    default garp      30
      vrrp inst    default prio      100
      vrrp inst    default address   172.16.24.235
      vrrp inst    default password  aloha
      vrrp inst    default no-address
  3. Restart the network service.

Save your configuration on both instances

  1. Save your configuration from the Setup tab.

    https://cdn.haproxy.com/documentation/aloha/latest/assets/aloha-wui-config-save-b44324f486725737fac81297931eaba33ced548168872be7993cbebbdee9172b.png

    The Configuration was successfully saved message displays.

    https://cdn.haproxy.com/documentation/aloha/latest/assets/configuration-saved-9631106b20a7b21dac5993c744de0fe13c6b9a66c65fc4a09038db6bd6cc76ed.png

Check that VRRP works

In the steps below, we shut down the active instance and then verify that the VIP was transferred to the standby instance by comparing the MAC addresses returned for the VIP.

https://cdn.haproxy.com/documentation/aloha/latest/assets/vrrp_active_standby-50612d73758a202fcaf7d5915aee7efd162ad60bb798caea5e3fabd9aaaba0a2.png

From a Linux machine on the same network, check which MAC address is associated with the VIP by calling arping.

  1. Check the MAC address on your HAProxy ALOHA instances.

    admin@ALOHA1:~$ arp -a
  2. Check which MAC addresses are associated with the VIP and the HAProxy ALOHA instances' IP addresses.

    $ sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    00:50:56:8a:fc:52
    $ sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    00:50:56:8a:1a:78
    $ sudo arping -c 5 -I ens192 172.16.24.238 | cut -d " " -f 4
    00:50:56:8a:fc:52

    The MAC address associated with the VIP is the active HAProxy ALOHA instance's address.

  3. Shut down your test HAProxy ALOHA instance, then check the MAC addresses.

    $ sudo arping -c 5 -I ens192 172.16.24.235 | cut -d " " -f 4
    00:50:56:8a:1a:78
    $ sudo arping -c 5 -I ens192 172.16.24.237 | cut -d " " -f 4
    00:50:56:8a:1a:78
    $ sudo arping -c 5 -I ens192 172.16.24.238
    Timeout

    The MAC address associated with the VIP is now the address of the previously standby HAProxy ALOHA instance.

Fail over to the standby instance

To manually fail over to the standby instance for doing routing maintenance on the active instance, reconfigure the backup instance a weight larger than the current active instance.

Troubleshooting

Detect duplicate IPs

To troubleshoot duplicate IPs, you can use the ARP who-has diagnostic tool.

  1. From the Tools tab, select arp who-has from the drop-down.

    https://cdn.haproxy.com/documentation/aloha/latest/assets/arp-who-has-4c6fa74c1c9f6c45d325483b91b3a4c45101815b3bc3b993458423e0bd159d1c.png

    You can also run the following command from a terminal:

    admin@ALOHA1:~$ sudo arping -c 5 -I eth0 172.16.24.237

If the MAC address associated with the IP address is:

The address you expected

The problem may come from an upper layer.

Not the address you expected

A duplicate IP is associated with the MAC address of the instance.

Capture VRRP packets

  1. From the Tools tab, select capture from the drop-down.

  2. Enter the interface name where you will configure VRRP, and the vrrp keyword, then run the diagnostic.

    https://cdn.haproxy.com/documentation/aloha/latest/assets/capture-tool-orig-38c1225200b1c1b2309ee752083bc1b865f598cd1390ea33f48644fd44a15c91.png

    You can also run the following command from a terminal:

    admin@ALOHA1:~$ sudo tcpdump -vvvenns0 -c 5 -i eth0 vrrp
  3. Check:

    • The source MAC address

    • The source IP address

    • The VRID

    • The VRRP priority

See also

Man page of TCPDUMP


Next up

Configuration Sync