Keepalived for more than 20 virtual addresses

Posted by cvaldemar on Server Fault See other posts from Server Fault or by cvaldemar
Published on 2011-11-23T19:26:37Z Indexed on 2011/11/24 10:03 UTC
Read the original article Hit count: 297

I have set up keepalived on two Debian machines for high availability, but I've run into the maximum number of virtual IP's I can assign to my vrrp_instance. How would I go about configuring and failing over 20+ virtual IP's?

This is the, very simple, setup:

LB01: 10.200.85.1
LB02: 10.200.85.2
Virtual IPs: 10.200.85.100 -  10.200.85.200

Each machine is also running Apache (later Nginx) binding on the virtual IPs for SSL client certificate termination and proxying to backend webservers. The reason I need so many VIP's is the inability to use VirtualHost on HTTPS.

This is my keepalived.conf:

vrrp_script chk_apache2 {
        script "killall -0 apache2"
        interval 2
        weight 2
}

vrrp_instance VI_1 {
        interface eth0
        state MASTER
        virtual_router_id 51
        priority 101
        virtual_ipaddress {
            10.200.85.100
            .
            . all the way to
            .
            10.200.85.200
}

An identical configuration is on the BACKUP machine, and it's working fine, but only up to the 20th IP.

I have found a HOWTO discussing this problem. Basically, they suggest having just one VIP and routing all traffic "via" this one IP, and "all will be well". Is this a good approach? I'm running pfSense firewalls in front of the machines.

Quote from the above link:

ip route add $VNET/N via $VIP

or

route add $VNET netmask w.x.y.z gw $VIP

Thanks in advance.

EDIT:

@David Schwartz said it would make sense to add a route, so I tried adding a static route to the pfSense firewall, but that didn't work as I expected it would.

pfSense route:

Interface:            LAN
Destination network:  10.200.85.200/32 (virtual IP)
Gateway:              10.200.85.100    (floating virtual IP)
Description:          Route to VIP .100

I also made sure I had packet forwarding enabled on my hosts:

$ cat /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.ip_nonlocal_bind=1

Am I doing this wrong? I also removed all VIPs from the keepalived.conf so it only fails over 10.200.85.100.

© Server Fault or respective owner

Related posts about linux

Related posts about networking