No Connectivity When More Than 20 IP Addresses Are Added with keepalived
server
Published: 2016-05-16

This content has been moved from Qiita.

In a certain setup, keepalived is used as a load balancer with VRRP and LVS. This load balancer is configured with numerous IP addresses (due to SSL certificates, etc.) as shown below.

I encountered a problem where the newly added IP addresses had no connectivity.

keepalived Load Balancer Configuration (DSR Configuration)

IP addresses used for SSL on the VIP are routed from the router using static routes and added as needed.

→ Because of this, the number of IP addresses added to keepalived on the load balancer has been steadily increasing. Note: Private IP addresses are used for convenience.

Unable to Set More Than 20 IP Addresses with VRRP

  • The configuration file sets 21 IP addresses (example config)
vrrp_instance BOND0 {
    state MASTER
    interface bond0 
    virtual_router_id 100 
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.4 dev bond0
        192.168.2.1 dev bond0
        192.168.2.2 dev bond0
        192.168.2.3 dev bond0
        192.168.2.4 dev bond0
        192.168.2.5 dev bond0
        192.168.2.6 dev bond0
        192.168.2.7 dev bond0
        192.168.2.8 dev bond0
        192.168.2.9 dev bond0
        192.168.2.10 dev bond0
        192.168.2.11 dev bond0
        192.168.2.12 dev bond0
        192.168.2.13 dev bond0
        192.168.2.14 dev bond0
        192.168.2.15 dev bond0
        192.168.2.16 dev bond0
        192.168.2.17 dev bond0
        192.168.2.18 dev bond0
        192.168.2.19 dev bond0
        192.168.2.20 dev bond0
    }
}
  • Missing IP addresses even though 21 were configured!
# ip addr show bond0 | grep "inet 192"
    inet 192.168.1.4/32 scope global bond0
    inet 192.168.2.1/32 scope global bond0
    inet 192.168.2.2/32 scope global bond0
    inet 192.168.2.3/32 scope global bond0
    inet 192.168.2.4/32 scope global bond0
    inet 192.168.2.5/32 scope global bond0
    inet 192.168.2.6/32 scope global bond0
    inet 192.168.2.7/32 scope global bond0
    inet 192.168.2.8/32 scope global bond0
    inet 192.168.2.9/32 scope global bond0
    inet 192.168.2.10/32 scope global bond0
    inet 192.168.2.11/32 scope global bond0
    inet 192.168.2.12/32 scope global bond0
    inet 192.168.2.13/32 scope global bond0
    inet 192.168.2.14/32 scope global bond0
    inet 192.168.2.15/32 scope global bond0
    inet 192.168.2.16/32 scope global bond0
    inet 192.168.2.17/32 scope global bond0
    inet 192.168.2.18/32 scope global bond0
    inet 192.168.2.19/32 scope global bond0

This limitation is actually documented in keepalived’s documentation. http://www.keepalived.org/pdf/UserGuide.pdf

virtual_ipaddress { # Block limited to 20 IP addresses
    @IP
    @IP
    @IP
}

Only 20 IP addresses! It’s clearly mentioned and quite embarrassing!

Configuring More Than 20 IP Addresses

  • Use virtual_ipaddress_excluded to add additional IP addresses in the configuration file (example config)
vrrp_instance BOND0 {
    state MASTER
    interface bond0 
    virtual_router_id 100 
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.4 dev bond0
    }
    virtual_ipaddress_excluded {
        192.168.2.1 dev bond0
        192.168.2.2 dev bond0
        192.168.2.3 dev bond0
        192.168.2.4 dev bond0
        192.168.2.5 dev bond0
        192.168.2.6 dev bond0
        192.168.2.7 dev bond0
        192.168.2.8 dev bond0
        192.168.2.9 dev bond0
        192.168.2.10 dev bond0
        192.168.2.11 dev bond0
        192.168.2.12 dev bond0
        192.168.2.13 dev bond0
        192.168.2.14 dev bond0
        192.168.2.15 dev bond0
        192.168.2.16 dev bond0
        192.168.2.17 dev bond0
        192.168.2.18 dev bond0
        192.168.2.19 dev bond0
        192.168.2.20 dev bond0
    }
}
  • Successfully configured more than 20 IP addresses.
# ip addr show bond0 | grep "inet 192"
    inet 192.168.1.4/32 scope global bond0
    inet 192.168.2.1/32 scope global bond0
    inet 192.168.2.2/32 scope global bond0
    inet 192.168.2.3/32 scope global bond0
    inet 192.168.2.4/32 scope global bond0
    inet 192.168.2.5/32 scope global bond0
    inet 192.168.2.6/32 scope global bond0
    inet 192.168.2.7/32 scope global bond0
    inet 192.168.2.8/32 scope global bond0
    inet 192.168.2.9/32 scope global bond0
    inet 192.168.2.10/32 scope global bond0
    inet 192.168.2.11/32 scope global bond0
    inet 192.168.2.12/32 scope global bond0
    inet 192.168.2.13/32 scope global bond0
    inet 192.168.2.14/32 scope global bond0
    inet 192.168.2.15/32 scope global bond0
    inet 192.168.2.16/32 scope global bond0
    inet 192.168.2.17/32 scope global bond0
    inet 192.168.2.18/32 scope global bond0
    inet 192.168.2.19/32 scope global bond0
    inet 192.168.2.20/32 scope global bond0