1keepalived.conf(5) Keepalived Configuration's Manual keepalived.conf(5)
2
6 keepalived.conf - configuration file for Keepalived
7
9 This documentation MUST be considered as THE exhaustive source of in‐
10 formation in order to configure Keepalived. This documenation is sup‐
11 ported and maintained by Keepalived Core-Team.
12
14 keepalived.conf is the configuration file which describes all the
15 Keepalived keywords. Keywords are placed in hierarchies of blocks and
16 subblocks, each layer being delimited by '{' and '}' pairs.
17 Comments start with '#' or '!' to the end of the line and can start
19 anywhere in a line.
20 The keyword 'include' and variants allow inclusion of other configura‐
22 tion files from within the main configuration file, or from subse‐
23 quently included files.
24 The format of the include directive is:
26 include FILENAME
28 FILENAME can be a fully qualified or relative pathname, and can include
30 wildcards, including csh style brace expressions such as
31 "{foo/{,cat,dog},bar}" if glob() supports them.
32 After opening an included file, the current directory is set to the di‐
34 rectory of the file itself, so any relative paths included from a file
35 are relative to the directory of the including file itself.
36 The include variants add additional include checks to the current in‐
38 clude_check level (see below) The variants are:
39 includer FILENAME - same as include_check readable
40 includem FILENAME - same as include_check match
41 includew FILENAME - same as include_check wildcard_match
42 includeb FILENAME - same as include_check brace_match
43 includea FILENAME - all include_check checks
44 NOTE: If the libc glob() function does not support GLOB_ALTDIRFUNC
46 (e.g. Musl libc as on Alpine Linux etc.), then only includea, includer
47 and includew of the above options will work.
48 Why do we want to allow errors? Suppose a configuration has optional
50 files in /etc/keepalived/conf.d, then include_/etc/keepalived/conf.d/*
51 could be specified, but it should not error if there are no files in
52 the directory; in this case includer should be used. Otherwise it is
53 sensible to use includea.
54 include handling will not work with if the include line uses condi‐
56 tional configuration or parameter substitution, since the detection of
57 the include keywords is done before the processing on conditional con‐
58 figuration and parameter substitution.
59 The basic include keyword is retained for backward compatibility, since
61 it does not produce config errors if files could not be opened etc.
62
64 <BOOL> is one of on|off|true|false|yes|no
65 <TIMER> is a time value in seconds, including fractional seconds, e.g.
66 2.71828 or 3; resolution of timer is micro-seconds.
67
69 There are three classes of scripts can be configured to be executed.
70 (a) Notify scripts that are run when a vrrp instance or vrrp group
72 changes state, or a virtual server quorum changes between up and down.
73 (b) vrrp tracking scripts that will cause vrrp instances to go down it
75 they exit a non-zero exist status, or if a weight is specified will add
76 or subtract the weight to/from the priority of that vrrp instance.
77 (c) LVS checker misc scripts that will cause a real server to be con‐
79 figured down if they exit with a non-zero status.
80 By default the scripts will be executed by user keepalived_script if
82 that user exists, or if not by root, but for each script the user/group
83 under which it is to be executed can be specified.
84 There are significant security implications if scripts are executed
86 with root privileges, especially if the scripts themselves are modifi‐
87 able or replaceable by a non root user. Consequently, security checks
88 are made at startup to ensure that if a script is executed by root,
89 then it cannot be modified or replaced by a non root user.
90 All scripts should be written so that they will terminate on receipt of
92 a SIGTERM signal. Scripts will be sent SIGTERM if their parent termi‐
93 nates, or it is a script that keepalived is awaiting its exit status
94 and it has run for too long.
95
97 Quoted strings are specified between " or ' characters and strings are
98 delimited by whitespace. In the examples below the ´ characters are not
99 part of the strings and should not be specified:
100 ´abcd" efg h jkl "mnop´
102 will be the single string:
104 ´abcd efg h jkl mnop´
106 whereas:
108 ´abcd "efg h jkl" mnop´
110 will be the three strings:
112 ´abcd´, ´efg h jkl´ and ´mnop´
114 i.e. the " and ' characters are removed and any intervening whitespace is retained.
116 Quoted strings can also have escaped characters, like the shell. \a, \b, \E, \f,
118 \n, \r, \t, \v, \nnn and \xXX (where nnn is up to 3 octal digits, and XX is any
119 sequence of hex digits) and \cC (which produces the control version of
120 character C) are all supported. \C for any other character C is just
121 treated as an escaped version of character C, so \\ is a \ character and
122 \" will be a " character, but it won't start or terminate a quoted string.
123 For specifying scripts with parameters, unquoted spaces will separate the parameters.
125 If it is required for a parameter to contain a space, it should be enclosed in single
126 quotes (').
127
130 Traditionally the configuration file parser has not been one of the
131 strengths of keepalived. Lot of efforts have been put to correct this
132 even if this is not the primal goal of the project.
133
135 Keepalived configuration file is articulated around a set of configura‐
136 tion blocks. Each block is focusing and targetting a specific daemon
137 family feature. These features are:
138 GLOBAL CONFIGURATION
140 BFD CONFIGURATION
142 VRRPD CONFIGURATION
144 LVS CONFIGURATION
146
148 contains subblocks of Global definitions, Linkbeat interfaces, Inter‐
149 face up/down transition delays, Static track groups, Static addresses,
150 Static routes, and Static rules
151
153 # Following are global daemon facilities for running
154 # keepalived in a separate network namespace:
155 # --
156 # Set the network namespace to run in.
157 # The directory /run/keepalived will be created as an
158 # unshared mount point, for example for pid files.
159 # syslog entries will have _NAME appended to the ident.
160 # Note: the namespace cannot be changed on a configuration reload.
161 net_namespace NAME
162 # Add the IPVS configuration in the specified net namespace. It allows to easily
164 # split the VIP traffic on a given namespace and keep the healthchecks traffic
165 # in another namespace. If NAME is not specified, then the default namespace
166 # will be used.
167 net_namespace_ipvs NAME
168 # ipsets wasn't network namespace aware until Linux 3.13, and so
170 # if running with an earlier version of the kernel, by default
171 # use of ipsets is disabled if using a namespace and vrrp_ipsets
172 # has not been specified. This options overrides the default and
173 # allows ipsets to be used with a namespace on kernels prior to 3.13.
174 namespace_with_ipsets
175 # If multiple instances of keepalived are run in the same namespace,
177 # this will create pid files with NAME as part of the file names,
178 # in /run/keepalived.
179 # Note: the instance name cannot be changed on a configuration reload
180 instance NAME
181 # Create pid files in /run/keepalived
183 use_pid_dir
184 # Poll to detect media link failure using ETHTOOL, MII or ioctl interface
186 # otherwise uses netlink interface.
187 linkbeat_use_polling
188 # Time for main process to allow for child processes to exit on termination
190 # in seconds. This can be needed for very large configurations.
191 # (default: 5)
192 child_wait_time SECS
193 Note: All processes/scripts run by keepalived are run with parent death signal set
195 to SIGTERM. All such processes/scripts should either not change the action for
196 SIGTERM, or ensure that the process/script terminates once SIGTERM is received,
197 possibly following any cleanup actions needed.
198 # Global definitions configuration block
200 global_defs {
201 # In order to ensure that all processes read exactly the same configuration,
202 # while the config is first read it is written, by default, to a memory based
203 # file (or to an anonymous file in /tmp/ if memfd_create() is not supported).
204 # If your configuration is very large, you may not want the copy to be
205 # held in memory, in which case specifing the tmp_config_directory causes the
206 # configuration to be written to an anonymous file on the filesystem on which
207 # the specified directory resides, which must be writeable by keepalived.
208 # This setting cannot be changed on a reload, and it should be specified as
209 # early as possible in the configuration.
210 tmp_config_directory DIRECTORY
211 # config_save_dir causes keepalived to save configuration state and
213 # configuration files before and after each reload. This is used for debugging
214 # purposes if there appear to be problems related to repeated reloads.
215 # The directory will be created if it does not exist, but all parent
216 # directories must exist.
217 config_save_dir DIRECTORY
218 # Set the process names of the keepalived processes to the default values:
220 # keepalived, keepalived_vrrp, keepalived_ipvs, keepalived_bfd
221 process_names
222 # Specify the individual process names
224 process_name NAME
225 vrrp_process_name NAME
226 checker_process_name NAME
227 bfd_process_name NAME
228 # The startup and shutdown scripts are run once, when keepalived starts
230 # before any child processes are run, and when keepalived stops after
231 # all child processes have terminated, respectively.
232 # The original motivation for adding this feature was that although
233 # keepalived can setup IPVS configuration using firewall marks, there
234 # was no mechanism for adding configuration to set the firewall marks
235 # (or for removing it afterwards).
236 # This feature can also be used to setup the iptables framework required
237 # if using iptables (see vrrp_iptables option below), modify interface
238 # settings, or anything else that can be done from a script or program.
239 # Only one startup script and one shutdown script can be specified.
240 # The timeouts (in seconds default 10 seconds) are the time allowed for
241 # scripts to run; if the timeout expires the scripts will be killed (this
242 # is to stop keepalived hanging waiting for the scripts to terminate).
243 startup_script SCRIPT_NAME [username [groupname]]
244 startup_script_timeout SECONDS # range [1,1000]
245 shutdown_script SCRIPT_NAME [username [groupname]]
246 shutdown_script_timeout SECONDS # range [1,1000]
247 # Set of email To: notify
249 notification_email {
250 admin@example1.com
251 ...
252 }
253 # email from address that will be in the header
255 # (default: keepalived@<local host name>)
256 notification_email_from admin@example.com
257 # Remote SMTP server used to send notification email.
259 # IP address or domain name with optional port number.
260 # (default port number: 25)
261 smtp_server 127.0.0.1 [<PORT>]
262 # Name to use in HELO messages.
264 # (default: local host name)
265 smtp_helo_name <STRING>
266 # SMTP server connection timeout in seconds.
268 smtp_connect_timeout 30
269 # Sets default state for all smtp_alerts
271 smtp_alert <BOOL>
272 # Sets default state for vrrp smtp_alerts
274 smtp_alert_vrrp <BOOL>
275 # Sets default state for checker smtp_alerts
277 smtp_alert_checker <BOOL>
278 # Logs every failed real server check in syslog
280 # (nevertheless, SMTP alert is only sent when all retry checks failed
281 # and real server transitions to DOWN state)
282 checker_log_all_failures <BOOL>
283 # Don't send smtp alerts for fault conditions
285 no_email_faults
286 # String identifying the machine (doesn't have to be hostname).
288 # (default: local host name)
289 router_id <STRING>
290 # Multicast Group to use for IPv4 VRRP adverts
292 # Defaults to the RFC5798 IANA assigned VRRP multicast address 224.0.0.18
293 # which You typically do not want to change.
294 vrrp_mcast_group4 224.0.0.18
295 # Multicast Group to use for IPv6 VRRP adverts
297 # (default: ff02::12)
298 vrrp_mcast_group6 ff02::12
299 # sets the default interface for static addresses.
301 # (default: eth0)
302 default_interface p33p1.3
303 # The sync daemon as provided by the IPVS kernel code only supports
305 # one master and one backup daemon instance at a time to synchronize
306 # the IPVS connection table.
307 # See ipvsadm(8) man page for more details of the sync daemon.
308 # Parameters are binding interface, and optional:
309 # inst VRRP_INSTANCE (inst can be omitted for backward compatibility)
310 # syncid (0 to 255) for lvs syncd, default is the VRID of vrrp instance,
311 # or 0 if no vrrp instance
312 # maxlen (1..65507) maximum packet length (limit is mtu - 20 - 8)
313 # port (1..65535) UDP port number to use, default 8848
314 # ttl (1..255)
315 # group - multicast group address(IPv4 or IPv6), default 224.0.0.81
316 # If VRRP_INSTANCE is not specified, both the master and backup sync daemons
317 # will be run as long as keepalived is running, otherwise the sync daemon
318 # master/backup state tracks the state of the specified vrrp instance: if
319 # the vrrp instance is in master state, only the master sync daemon will run,
320 # if the vrrp instance is not master, only the backup sync daemon will run.
321 # NOTE: maxlen, port, ttl and group are only available on Linux 4.3 or later.
322 # See kernel source doc/Documentation/networking/ipvs-sysctl.txt for details of
323 # parameters controlling IPVS and the sync daemon.
324 # /proc/net/ip_vs* provide some details about the state of IPVS.
325 lvs_sync_daemon <INTERFACE> [[inst] <VRRP_INSTANCE>] [id <SYNC_ID>] \
326 [maxlen <LEN>] [port <PORT>] [ttl <TTL>] [group <IP ADDR>]
327 # lvs_timeouts specifies the tcp, tcp_fin and udp connection tracking timeouts
329 # in seconds. At least one value must be specified; not setting a value leaves
330 # it unchanged from when keepalived started.
331 lvs_timeouts [tcp SECS] [tcpfin SECS] [udp SECS]
332 # flush any existing LVS configuration at startup
334 lvs_flush
335 # flush remaining LVS configuration at shutdown (for large configurations
337 # this is much faster than the default approach of deleting each RS and
338 # each VS individually).
339 # If VS is specified, remove each keepalived managed virtual
340 # server without explicitly removing the real servers (the kernel will
341 # remove them).
342 lvs_flush_on_stop [VS]
343 # delay for second set of gratuitous ARPs after transition to MASTER.
345 # in seconds, 0 for no second set.
346 # (default: 5)
347 vrrp_garp_master_delay 10
348 # number of gratuitous ARP messages to send at a time after
350 # transition to MASTER.
351 # (default: 5)
352 vrrp_garp_master_repeat 1
353 # delay for second set of gratuitous ARPs after lower priority
355 # advert received when MASTER.
356 # (default: vrrp_garp_master_delay)
357 vrrp_garp_lower_prio_delay 10
358 # Default value for vrrp down_timer_adverts.
360 vrrp_down_timer_adverts [1:100]
361 # number of gratuitous ARP messages to send at a time after
363 # lower priority advert received when MASTER.
364 # (default: vrrp_garp_master_repeat)
365 vrrp_garp_lower_prio_repeat 1
366 # minimum time interval for refreshing gratuitous ARPs while MASTER.
368 # in seconds (resolution seconds).
369 # (default: 0 (no refreshing))
370 vrrp_garp_master_refresh 60
371 # number of gratuitous ARP messages to send at a time while MASTER
373 # (default: 1)
374 vrrp_garp_master_refresh_repeat 2
375 # Delay between gratuitous ARP messages sent on an interface
377 # decimal, seconds (resolution usecs).
378 # (default: 0)
379 vrrp_garp_interval 0.001
380 # Delay between unsolicited NA messages sent on an interface
382 # decimal, seconds (resolution usecs).
383 # (default: 0)
384 vrrp_gna_interval 0.000001
385 # By default keepalived sends 5 gratuitions ARP/NA messages at a
387 # time, and after transitioning to MASTER sends a second block of
388 # 5 messages 5 seconds later.
389 # With modern switches this is unnecessary, so setting vrrp_min_garp
390 # causes only one ARP/NA message to be sent, with no repeat 5 seconds
391 # later.
392 vrrp_min_garp [<BOOL>]
393 # The following option causes periodic GARP/NA messages to be sent on
395 # interfaces of VIPs/eVIPs that are not the interface of the VRRP
396 # instance, in order to ensure that switch MAC caches are maintained
397 # (specified in seconds).
398 # Many switches have a default cache timeout of 300 seconds, and so
399 # a garp repeat rate of 1/3rd of that would be sensible. The maximum
400 # permitted value is 1 day (86400 seconds);
401 # By default, it will only send on VMAC interfaces; specifying all
402 # will cause it to send GARP/NA on each interface used by the VRRP instance.
403 vrrp_garp_extra_if [all] 100
404 # If a lower priority advert is received, don't send another advert.
406 # This causes adherence to the RFCs. Defaults to false, unless
407 # strict_mode is set.
408 vrrp_lower_prio_no_advert [<BOOL>]
409 # If we are master and receive a higher priority advert, send an advert
411 # (which will be lower priority than the other master), before we
412 # transition to backup. This means that if the other master has
413 # garp_lower_priority_repeat set, it will resend garp messages.
414 # This is to get around the problem of their having been two simultaneous
415 # masters, and the last GARP messages seen were from us.
416 vrrp_higher_prio_send_advert [<BOOL>]
417 # Set the default VRRP version to use
419 # (default: 2, but IPv6 instances will use version 3)
420 vrrp_version <2 or 3>
421 # keepalived uses a firewall (either nftables or iptables) for two purposes:
423 # i) To implement no_accept mode
424 # ii) To stop IGMP/MLD/Router-Solicit packets being sent on VMAC interfaces,
425 # and to move IGMP/MLD messages onto the underlying interface.
426 # If both vrrp_iptables and vrrp_nftables are specified, keepalived will use
427 # nftables and not iptables. Similarly, if the iptables command is generating
428 # nftables configuration, or there is no iptables command installed,
429 # keepalived will use nftables rather than iptables.
430 # If neither vrrp_nftables or vrrp_iptables are specified but VMACs are in use
431 # or no_accept is specified, keepalived will use nftables if it is available.
432 # Use nftables as the firewall.
434 # TABLENAME must not exist, and must be different for each
435 # instance of keepalived running in the same network namespace.
436 # Default tablename is keepalived, and priority is -1.
437 # keepalived will create base chains in the table.
438 # counters means counters are added to the rules (primarily for
439 # debugging purposes).
440 # ifindex means create IPv6 link local sets using ifindex rather
441 # than ifnames. This is the default unless the vrrp_instance has
442 # set dont_track_primary. The alternative is to use interface names
443 # as part of the set key, but the nft utility prior to v0.8.3 will
444 # then not output interface names properly.
445 nftables [TABLENAME]
446 nftables_priority PRIORITY
447 nftables_counters
448 nftables_ifindex
449 # Similarly for IPVS iptables - used for setting fwmarks for virtual
451 # server groups. keepalived will allocate a fwmark for each virtual
452 # server group, so that only one virtual server for each group needs
453 # to be configured in IPVS, by using a fwmark, and nftables will be
454 # used to set the fwmark for each of the virtual server
455 # address/protocol/port combinations specified.
456 # nftables_ipvs_start_fwmark specifies the first fwmark for keepalived
457 # to use (default 1000). This will be incremented for each subsequent
458 # virtual server group.
459 nftables_ipvs [TABLENAME]
460 nftables_ipvs_priority PRIORITY
461 nftables_ipvs_start_fwmark NUMBER
462 # Use iptables as the firewall.
464 # Note: it is necessary for the specified chain to exist in
465 # the iptables and/or ip6tables configuration, and for the chain
466 # to be called from an appropriate point in the iptables configuration.
467 # It will probably be necessary to have this filtering after accepting
468 # any ESTABLISHED,RELATED packets, because IPv4 might select the VIP as
469 # the source address for outgoing connections.
470 # Note: although the default chains that are used are INPUT and OUTPUT,
471 # since those are the only chains that will always exist, it is not safe
472 # or sensible to use those chains and specific chains should be created
473 # and called from appropriate points in the iptables configuration. The
474 # chains used for keepalived should not be used for any other purpose, and
475 # should have no rules configured, other than the rules that keepalived
476 # manages.
477 # A startup_script (see above) can be used to create the chains and to
478 # add rules to call them. A shutdown_script can be used to remove the
479 # iptables configuration added by the startup_script.
480 # Note2: If using ipsets, the iptables VIP rules are appended to the end
481 # of the specified chains; if not using ipsets, the VIP rules are inserted
482 # at the beginning of the chains. Any IGMP rules are always appended to
483 # the end of the chains.
484 # (default: INPUT)
485 vrrp_iptables keepalived
486 # or for outbound filtering as well
488 # Note, outbound filtering won't work with IPv4, since the VIP can be
489 # selected as the source address for an outgoing connection. With IPv6
490 # this is unlikely since the addresses are deprecated.
491 vrrp_iptables keepalived_in keepalived_out
492 # or to to use default chains (INPUT and OUTPUT)
494 vrrp_iptables
495 # Keepalived may have the option to use ipsets in conjunction with
497 # iptables. If so, then the ipset names can be specified, defaults
498 # as below. If no names are specified, ipsets will not be used,
499 # otherwise any omitted names will be constructed by adding "_if"
500 # and/or "6" and _igmp/_mld to previously specified names.
501 vrrp_ipsets [keepalived [keepalived6 [keepalived_if6 [keepalived_igmp [keepalived_mld]]]]]
502 # An alternative to moving IGMP messages from VMACs to their parent interfaces
504 # is to disable them altogether in the kernel by setting
505 # igmp_link_local_mcast_reports false.
506 # This stops IGMP join etc messages for 224.0.0.0/24, since they should
507 # always be forwarded to all interfaces (see RFC4541).
508 # This is available from Linux 4.3 onwards.
509 disable_local_igmp
510 # The following enables checking that when in unicast mode, the
512 # source address of a VRRP packet is one of our unicast peers.
513 vrrp_check_unicast_src
514 # Checking all the addresses in a received VRRP advert can be time
516 # consuming. Setting this flag means the check won't be carried out
517 # if the advert is from the same master router as the previous advert
518 # received.
519 # (default: don't skip)
520 vrrp_skip_check_adv_addr
521 # Enforce strict VRRP protocol compliance. This currently includes
523 # enforcing the following. Please note that other checks may be
524 # added in the future if they are found to be missing:
525 # 0 VIPs not allowed
526 # unicast peers not allowed
527 # IPv6 addresses not allowed in VRRP version 2
528 # First IPv6 VIP is not link local
529 # State MASTER can be configured if and only if priority is 255
530 # Authentication is not supported
531 # Preempt delay is not supported
532 # Accept mode cannot be set for VRRPv2
533 # If accept/no accept is not specified, accept is set if priority
534 # is 255 aand cleared otherwise
535 # Gratuitous ARP repeats cannot be enabled
536 # Cannot clear lower_prio_no_advert
537 # Cannot set higher_prio_send_advert
538 # Cannot use vmac_xmit_base
539 vrrp_strict
540 # Send vrrp instance priority notifications on notify FIFOs.
542 vrrp_notify_priority_changes <BOOL>
543 # The following options can be used if vrrp, checker or bfd processes
545 # are timing out. This can be seen by a backup vrrp instance becoming
546 # master even when the master is still running, because the master or
547 # backup system is too busy to process vrrp packets.
548 # --
549 # keepalived can, if it detects that it is not running sufficiently
550 # soon after a timer should expire, increase its priority, first
551 # of all switching to realtime scheduling, and if that is not
552 # sufficient, it will then increase its realtime priority by one each
553 # time it detects a further delay in running. If the event that realtime
554 # scheduling is enabled, RLIMIT_RTTIME will be set, using the values for
555 # {bfd,checker,vrrp}_rlimit_rttime (see below). These values may need
556 # to be increased for slower processors.
557 # --
558 # To limit the maximum increased automatic priority, specify the following
559 # (0 doesn't use automatic priority increases, and is the default. -1 disables
560 # the warning message at startup). Omitting the priority sets the maximum value.
561 max_auto_priority [<-1 to 99>] # 99 is really sched_get_priority_max(SCHED_RR)
562 # Minimum delay in microseconds after timer expires before keeplalived is
564 # scheduled after which the process priority will be auto incremented
565 # (default is 1000000 usecs (1 second), maximum is 10000000 (10 seconds))
566 min_auto_priority_delay <delay in usecs>
567 # Set the vrrp child process priority (Negative values increase priority)
569 vrrp_priority <-20 to 19>
570 # Set the checker child process priority
572 checker_priority <-20 to 19>
573 # Set the BFD child process priority
575 bfd_priority <-20 to 19>
576 # Set the vrrp child process non swappable
578 vrrp_no_swap
579 # Set the checker child process non swappable
581 checker_no_swap
582 # Set the BFD child process non swappable
584 bfd_no_swap
585 # The following options can be used to force vrrp, checker and bfd
587 # processes to run on a restricted CPU set.
588 # You can either bind processes to a single CPU or define a set of
589 # cpu. In that last case Linux kernel will be restricted to that cpu
590 # set during scheduling. Forcing process binding to single CPU can
591 # increase performances on heavy loaded box.
592 # INTEGER following configuration keyword are representing cpu_id
593 # as shown in /proc/cpuinfo on line "processor:"
594 # --
595 # Set CPU Affinity for the vrrp child process
596 vrrp_cpu_affinity <INTEGER> [<INTERGER>]...[<INTEGER>]
597 # Set CPU Affinity for the checker child process
599 checker_cpu_affinity <INTEGER> [<INTERGER>]...[<INTEGER>]
600 # Set CPU Affinity for the bfd child process
602 bfd_cpu_affinity <INTEGER> [<INTERGER>]...[<INTEGER>]
603 # Set the vrrp child process to use real-time scheduling
605 # at the specified priority
606 vrrp_rt_priority <1..99>
607 # Set the checker child process to use real-time scheduling
609 # at the specified priority
610 checker_rt_priority <1..99>
611 # Set the BFD child process to use real-time scheduling
613 # at the specified priority
614 bfd_rt_priority <1..99>
615 # Set the limit on CPU time between blocking system calls,
617 # in microseconds
618 # (default: 10000)
619 vrrp_rlimit_rttime >=2
620 checker_rlimit_rttime >=2
621 bfd_rlimit_rttime >=2
622 # If Keepalived has been build with SNMP support, the following
624 # keywords are available.
625 # Note: Keepalived, checker and RFC support can be individually
626 # enabled/disabled
627 # --
628 # Specify socket to use for connecting to SNMP master agent
629 # (see source module keepalived/vrrp/vrrp_snmp.c for more details)
630 # (default: unix:/var/agentx/master)
631 snmp_socket udp:1.2.3.4:705
632 # enable SNMP handling of vrrp element of KEEPALIVED MIB
634 enable_snmp_vrrp
635 # enable SNMP handling of checker element of KEEPALIVED MIB
637 enable_snmp_checker
638 # enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs
640 enable_snmp_rfc
641 # enable SNMP handling of RFC2787 VRRP MIB
643 enable_snmp_rfcv2
644 # enable SNMP handling of RFC6527 VRRP MIB
646 enable_snmp_rfcv3
647 # enable SNMP traps
649 enable_traps
650 # If Keepalived has been build with DBus support, the following
652 # keywords are available.
653 # --
654 # Enable the DBus interface
655 enable_dbus
656 # Name of DBus service
658 # Useful if you want to run multiple keepalived processes with DBus enabled
659 # (default: org.keepalived.Vrrp1)
660 dbus_service_name SERVICE_NAME
661 # Specify the default username/groupname to run scripts under.
663 # If this option is not specified, the user defaults to keepalived_script
664 # if that user exists, otherwise the uid/gid under which keepalived is running.
665 # If groupname is not specified, it defaults to the user's group.
666 script_user username [groupname]
667 # Don't run scripts configured to be run as root if any part of the path
669 # is writable by a non-root user.
670 enable_script_security
671 # Rather than using notify scripts, specifying a fifo allows more
673 # efficient processing of notify events, and guarantees that they
674 # will be delivered in the correct sequence.
675 # NOTE: the FIFO names must all be different
676 # --
677 # FIFO to write notify events to
678 # See vrrp_notify_fifo and lvs_notify_fifo for format of output
679 # For further details, see the description under vrrp_sync_group.
680 # see doc/samples/sample_notify_fifo.sh for sample usage.
681 notify_fifo FIFO_NAME [username [groupname]]
682 # script to be run by keepalived to process notify events
684 # The FIFO name will be passed to the script as the last parameter
685 notify_fifo_script STRING|QUOTED_STRING [username [groupname]]
686 # FIFO to write vrrp notify events to.
688 # The string written will be a line of the form: INSTANCE "VI_1" MASTER 100
689 # and will be terminated with a new line character.
690 # For further details of the output, see the description under vrrp_sync_group
691 # and doc/samples/sample_notify_fifo.sh for sample usage.
692 vrrp_notify_fifo FIFO_NAME [username [groupname]]
693 # script to be run by keepalived to process vrrp notify events
695 # The FIFO name will be passed to the script as the last parameter
696 vrrp_notify_fifo_script STRING|QUOTED_STRING [username [groupname]]
697 # FIFO to write notify healthchecker events to
699 # The string written will be a line of the form:
700 # VS [192.168.201.15]:tcp:80 {UP|DOWN}
701 # RS [1.2.3.4]:tcp:80 [192.168.201.15]:tcp:80 {UP|DOWN}
702 # and will be terminated with a new line character.
703 lvs_notify_fifo FIFO_NAME [username [groupname]]
704 # script to be run by keepalived to process healthchecher notify events
706 # The FIFO name will be passed to the script as the last parameter
707 lvs_notify_fifo_script STRING|QUOTED_STRING [username [groupname]]
708 # By default, when keepalived reloads the vrrp instance and sync group states
710 # are not written to the relevant FIFOs. Setting this option will cause the
711 # states to be sent to the FIFO(s) when keepalived reloads.
712 fifo_write_vrrp_states_on_reload
713 # Allow configuration to include interfaces that don't exist at startup.
715 # This allows keepalived to work with interfaces that may be deleted and restored
716 # and also allows virtual and static routes and rules on VMAC interfaces.
717 # allow_if_changes allows an interface to be deleted and recreated with a
718 # different type or underlying interface, eg changing from vlan to macvlan
719 # or changing a macvlan from eth1 to eth2. This is predominantly used for
720 # reporting duplicate VRID errors at startup if allow_if_changes is not set.
721 dynamic_interfaces [allow_if_changes]
722 # The following options are only needed for large configurations, where either
724 # keepalived creates a large number of interface, or the system has a large
725 # number of interface. These options only need using if
726 # "Netlink: Receive buffer overrun" messages are seen in the system logs.
727 # If the buffer size needed exceeds the value in /proc/sys/net/core/rmem_max
728 # the corresponding force option will need to be set.
729 # --
730 # Set netlink receive buffer size. This is useful for
731 # very large configurations where a large number of interfaces exist, and
732 # the initial read of the interfaces on the system causes a netlink buffer
733 # overrun.
734 vrrp_netlink_cmd_rcv_bufs BYTES
735 vrrp_netlink_cmd_rcv_bufs_force <BOOL>
736 vrrp_netlink_monitor_rcv_bufs BYTES
737 vrrp_netlink_monitor_rcv_bufs_force <BOOL>
738 # The vrrp netlink command and monitor socket the checker command and
740 # and monitor socket and process monitor buffer sizes can be independently set.
741 # The force flag means to use SO_RCVBUFFORCE, so that the buffer size
742 # can exceed /proc/sys/net/core/rmem_max.
743 lvs_netlink_cmd_rcv_bufs BYTES
744 lvs_netlink_cmd_rcv_bufs_force <BOOL>
745 lvs_netlink_monitor_rcv_bufs BYTES
746 lvs_netlink_monitor_rcv_bufs_force <BOOL>
747 # As a guide for process_monitor_rcv_bufs for 1400 processes terminating
749 # simultaneously, 212992 (the default on some systems) is insufficient, whereas
750 # 500000 is sufficient.
751 process_monitor_rcv_bufs BYTES
752 process_monitor_rcv_bufs_force <BOOL>
753 # When a socket is opened, the kernel configures the max rx buffer size for
755 # the socket to /proc/sys/net/core/rmem_default. On some systems this can be
756 # very large, and even generally this can be much larger than necessary.
757 # This isn't a problem so long as keepalived is reading all queued data from
758 # it's sockets, but if rmem_default was set sufficiently large, and if for
759 # some reason keepalived stopped reading, it could consume all system memory.
760 # The vrrp_rx_bufs_policy allows configuring of the rx bufs size when the
761 # sockets are opened. If the policy is MTU, the rx buf size is configured
762 # to the total of interface's MTU * vrrp_rx_bufs_multiplier for each vrrp
763 # instance using the socket. Likewise, if the policy is ADVERT, then it is
764 # the total of each vrrp instances advert packet size * multiplier.
765 # (default: use system default)
766 vrrp_rx_bufs_policy [MTU|ADVERT|NUMBER]
767 # (default: 3)
769 vrrp_rx_bufs_multiplier NUMBER
770 # Send notifies at startup for real servers that are starting up
772 rs_init_notifies
773 # Don't send an email every time a real server checker changes state;
775 # only send email when a real server is added or removed
776 no_checker_emails
777 # The umask to use for creating files. The number can be specified in hex, octal
779 # or decimal. BITS are I{R|W|X}{USR|GRP|OTH}, e.g. IRGRP, separated by '|'s.
780 # The default umask is IWGRP | IWOTH. This option cannot override the
781 # command-line option.
782 umask [NUMBER|BITS]
783 # On some systems when bond interfaces are created, they can start passing traffic
785 # and then have a several second gap when they stop passing traffic inbound. This
786 # can mean that if keepalived is started at boot time, i.e. at the same time as
787 # bond interfaces are being created, keepalived doesn't receive adverts and hence
788 # can become master despite an instance with higher priority sending adverts.
789 # This option specifies a delay in seconds before vrrp instances start up after
790 # keepalived starts,
791 vrrp_startup_delay 5.5
792 # The following will cause logging of receipt of VRRP adverts for VRIDs not configured
794 # on the interface on which they are received.
795 log_unknown_vrids
796 # Specify the prefix for generated VMAC names (default "vrrp")
798 vmac_prefix STRING
799 # Specify the prefix for generated VMAC names for VIPs which use a VMAC but are not
801 # on the VRRP instance's interface (default vmac_prefix value)
802 vmac_addr_prefix STRING
803 # Specify random seed for ${_RANDOM}, to make configurations repeatable (default
805 # is to use a seed based on the time, so that each time a different configuration
806 # will be generated).
807 random_seed UNSIGNED_INT
808 # If a configuration reload is attempted with an updated configuration file that has
810 # errors, keepalived may terminate, and possibly enter a loop indefinitely restarting
811 # and terminating. If reload_check_config is set, then keepalived will attempt to
812 # validate the configuration before initiating a reload, and only initiate the reload
813 # if the configuration is valid.
814 reload_check_config [LOG_FILE]
815 # Treat any missing include file as an error. The OPTIONS can be any combination of
817 # readable - error if a match is not a readable file
818 # match - error if no file matches (unless wildcard specified)
819 # wildcard_match - error if no file matches (even if wildcard specified)
820 # brace_match - error if a brace expansion does not match a file
821 # Note: match, wildcard_match and brace_match include the readable check.
822 # The setting of include_check is saved when a new include file is opened, and restored
823 # when the file is closed. This means that the include_check setting when reading a
824 # file cannot be changed by a subsequently included file. To change the setting for all
825 # included files, include_check should be set at the beginning of the configuration file
826 # specified in the command line (default /etc/keepalived/keepalived.conf).
827 # Note2: If the libc glob() function does not support GLOB_ALTDIRFUNC (e.g. Musl libc as
828 # on Alpine Linux etc.), then only readable and wildcard_match of the above options will work.
829 # It is possible to add or remove individual settings; '+' means add the following
830 # checks, '-' means remove the following checks. For example
831 # include_check +match -wildcard_match
832 # adds the requirement that there is a matching file, and removes the requirement for
833 # wildcard matches.
834 # If no option is specified, it is the same as specifying all options.
835 include_check [OPTIONS]
836 # reload_time_file allows a reload of keepalived to be scheduled in the future. This is
838 # particularly useful if there is a master keepalived and one or more backup keepalived
839 # instances and the new configuration is incompatible with the previous configuration,
840 # e.g. adding or removing VIPs which would cause adverts to be rejected.
841 # All the instances can be scheduled to reload at the same time, thereby ensuring that
842 # no mismatching adverts are received by the backup instances.
843 # The configuration specifies a file which keepalived will monitor. The first line of
844 # the file must contain a valid time or date/time exactly in the formats specified below.
845 # When keepalived starts up, it reads the file if it exists, and schedules a reload at
846 # the specified time. If the file does not exist, then when it is subsequently created
847 # a reload will be scheduled. If the file is updated, the reload time will be modified
848 # accordingly. If the file is deleted, the reload is cancelled.
849 # Normally when the reload occurs the specified file is deleted, since the reload has
850 # been done; if the file included a date then the reload will be in the past and so
851 # ignored. However, if there is no date, then if the file were reread following the
852 # reload, a reload would be scheduled for 24 hours time. In order to stop this, the
853 # file is deleted (unlinked) by default. If reload_repeat is specified, then the
854 # file is not deleted, and if the file contains a time only with no date, then
855 # keepalived will keep reloading at that time every day until the file is removed or
856 # modified.
857 # If the directory containing the file does not exist at startup/reload, or if the
858 # directory is removed or renamed, then no future scheduled reloads will occur until
859 # a manual (SIGHUP) reload is done or keepalived restarts.
860 # The permitted formats of the entry in the timer file are precisely:
861 # HH:MM:SS
862 # YY-MM-DD HH:MM:SS
863 # YYYY-MM-DD HH:MM:SS
864 # each with an optional 'Z' at the end.
865 # There must be no leading or trailing whitespace, and only one space between the date
866 # and the time.
867 # If there is a 'Z' at the end of the time, the time is parsed as UTC, otherwise the
868 # time is the localtime for the environment in which keepalived is running. If the
869 # systems which are being reloaded are in different timezones, it is probably safer to
870 # use UTC.
871 # If using local time with daylight savings, beware that some times don't exist and
872 # some times are duplicated and hence ambiguous.
873 reload_time_file ABSOLUTE-PATHNAME-OF-FILE
874 reload_repeat
875 # Some users frequently update their configurations and reload keepalived. reload_file
877 # provides a mechanism that allows the configuration update processes not to update the
878 # configuration files while keepalived is reading them.
879 # The reload file will be created by keepalived before it starts reading configuration
880 # files, unless the file exists. If the file already exists, it will be truncated. Once
881 # keepalived has completed reading the files it will remove the reload file.
882 # If reload_file with no file name is specified, the default filename keepalived.reload
883 # in the PID directory will be used.
884 # The best way to use the reload file is for the configuration update process to touch
885 # the reload file before it signals keepalived to reload, and then wait for the file
886 # to be deleted, which indicates that keepalived has finished reading the config files.
887 # When keepalived starts reading the configuration files, since it truncates the reload
888 # file, if update process creates the reload_file with non-zero size, it can detect
889 # the reloading starting by the reload_file becoming zero length.
890 reload_file [ABSOLUTE-PATHNAME-OF-FILE]
891 # Sending SIGUSR1 to keepalived causes it to dump its data structures
893 # for debugging purposes, although some users use this feature and
894 # process the output. Please note that the format of the .data files
895 # produced is not guaranteed to maintain backward compatibility.
896 # The standard file names are keepalived_parent.data, keepalived.data,
897 # keepalived_check.data and keepalived_bfd.data. This causes a problem
898 # if more than one keepalived instance is running on a system.
899 # In order to alleviate this, enabling data_use_instance includes the
900 # instance name and network namespace in the file name of the .data files.
901 data_use_instance [<BOOL>]
902 }
903
905 The linkbeat_interfaces block allows specifying which interfaces should
906 use polling via MII, Ethtool or ioctl status rather than rely on
907 netlink status updates. This allows more granular control of global
908 definition linkbeat_use_polling.
909 This option is preferred over the deprecated use of
911 linkbeat_use_polling in a vrrp_instance block, since the latter only
912 allows using linkbeat on the interface of the vrrp_instance itself,
913 whereas track_interface and virtual_ipaddresses and virtual_iproutes
914 may require monitoring other interfaces, which may need to use linkbeat
915 polling.
916 The default polling type to use is MII, unless that isn't supported in
918 which case ETHTOOL is used, and if that isn't supported then ioctl
919 polling. The preferred type of polling to use can be specified with MII
920 or ETHTOOL or IOCTL after the interface name, but if that type isn't
921 supported, a supported type will be used.
922 The syntax for linkbeat_interfaces is:
924 linkbeat_interfaces {
925 eth2
926 enp2s0 ETHTOOL
927 }
928
930 Static track groups are used to allow vrrp instances to track static
931 addresses, routes and rules. If a static address/route/rule specifies a
932 track group, then if the address/route/rule is deleted and cannot be
933 restored, the vrrp instance will transition to fault state.
934 The syntax for a track group is:
936 track_group GROUP1 {
937 group {
938 VI_1
939 VI_2
940 }
941 }
942
944 Keepalived can configure static addresses, routes, and rules. These ad‐
945 dresses, routes and rules are NOT moved by vrrpd, they stay on the ma‐
946 chine. If you already have IPs and routes on your machines and your
947 machines can ping each other, you don't need this section. The syntax
948 for rules and routes is the same as for ip rule add/ip route add (ex‐
949 cept shortened option names are not supported due to ambiguities). The
950 track_group specification refers to a named track_group which lists the
951 vrrp instances which will track the address, i.e. if the address is
952 deleted the vrrp instances will transition to backup.
953 NOTE: since rules without preferences can be added in different orders
955 due to vrrp instances transitioning from master to backup etc, rules
956 need to have a preference. If a preference is not specified, keepalived
957 will assign one, but it will probably not be what you want.
958 The syntax is the same for virtual addresses and virtual routes. If no
960 dev element is specified, it defaults to default_interface (default
961 eth0). Note: the broadcast address may be specified as '-' or '+' to
962 clear or set the host bits of the address.
963 If a route or rule could apply to either IPv4 or IPv6 it will default
965 to IPv4. To force a route/rule to be IPv6, add the keyword "inet6".
966 By default keepalived prepends routes (the kernel's default) which adds
968 the route before any matching routes (this is the same behaviour as the
969 (undocumented) as the 'ip route add' command, which only adds the route
970 if there is no matching route. If 'append' is specified, the behaviour
971 is the same as the 'ip route append' command, i.e. the route is added
972 after any matching route. Note: the rules for whether a route matches
973 differ between IPv4 and IPv6; for example specifying a different proto
974 means a matching route can be prepended/appended for IPv4 but not for
975 IPv6. If in doubt, test it using the 'ip route add/prepend/append' com‐
976 mands.
977 static_ipaddress {
979 <IPADDR>[/<MASK>] [brd <IPADDR>] [dev <STRING>] [scope <SCOPE>]
980 [label <LABEL>] [peer <IPADDR>] [home]
981 [-nodad] [mngtmpaddr] [noprefixroute]
982 [autojoin] [track_group GROUP] [preferred_lft nn|forever]
983 192.168.1.1/24 dev eth0 scope global
984 ...
985 }
986 static_routes {
988 192.168.2.0/24 via 192.168.1.100 dev eth0 track_group GROUP1
989 192.168.100.0/24 table 6909 nexthop via 192.168.101.1 dev wlan0
991 onlink weight 1 nexthop via 192.168.101.2
992 dev wlan0 onlink weight 2
993 192.168.200.0/24 dev p33p1.2 table 6909 tos 0x04 protocol bird
995 scope link priority 12 mtu 1000 hoplimit 100
996 advmss 101 rtt 102 rttvar 103 reordering 104
997 window 105 cwnd 106 ssthresh lock 107 realms
998 PQA/0x14 rto_min 108 initcwnd 109 initrwnd 110
999 vrf blue features ecn add
1000 2001:470:69e9:1:2::4 dev p33p1.2 table 6909 tos 0x04 protocol
1002 bird scope link priority 12 mtu 1000
1003 hoplimit 100 advmss 101 rtt 102 rttvar 103
1004 reordering 104 window 105 cwnd 106 ssthresh
1005 lock 107 rto_min 108 initcwnd 109 append
1006 initrwnd 110 features ecn fastopen_no_cookie 1
1007 ...
1008 }
1009 static_rules {
1011 from 192.168.2.0/24 table 1 track_group GROUP1
1012 to 192.168.2.0/24 table 1
1014 from 192.168.28.0/24 to 192.168.29.0/26 table small iif p33p1
1016 oif wlan0 tos 22 fwmark 24/12
1017 preference 39 realms 30/20 goto 40
1018 to 1:2:3:4:5:6:7:0/112 from 7:6:5:4:3:2::/96 table 6908
1020 uidrange 10000-19999
1021 to 1:2:3:4:6:6:7:0/112 from 8:6:5:4:3:2::/96 l3mdev protocol 12
1023 ip_proto UDP sport 10-20 dport 20-30
1024 ...
1025 }
1026
1028 Adds a file to be monitored. The file will be read whenever it is modi‐
1029 fied. The value in the file will be recorded for all VRRP instances,
1030 sync groups and real servers which monitor it. Note that the file will
1031 only be read if at least one VRRP instance, sync group or real server
1032 monitors it.
1033 A value will be read as a number in text from the file. If the weight
1035 configured against the track_file is 0, a non-zero value in the file
1036 will be treated as a failure status, and a zero value will be treated
1037 as an OK status, otherwise the value will be multiplied by the weight
1038 configured in the track_file statement.
1039 For VRRP instances, if the result is less than -253 anything monitoring
1041 the script will transition to the fault state (the weight can be 254 to
1042 allow for a negative value being read from the file).
1043 If the vrrp instance or sync group is not the address owner and the re‐
1045 sult is between -253 and 253, the result will be added to the initial
1046 priority of the VRRP instance (a negative value will reduce the prior‐
1047 ity), although the effective priority will be limited to the range
1048 [1,254]. Likewise for real servers.
1049 If a vrrp instance using a track_file is a member of a sync group, un‐
1051 less sync_group_tracking_weight is set on the group weight 0 must be
1052 set. Likewise, if the vrrp instance is the address owner, weight 0
1053 must also be set.
1054 For real servers monitoring the file, the limits of values read from
1056 the track file are 2147483648 to -2147483648. The value, once multi‐
1057 plied by the weight, will be added to the real server's IPVS weight. If
1058 the result is <= than 2147483648 then the checker will be in the FAULT
1059 state.
1060 NOTE: weights for track_file for real servers are not fully implemented
1062 yet. In particular allowing weight 0, handling negative calculated val‐
1063 ues and reloading.
1064 The syntax for track file is:
1066 track_file <STRING> { # vrrp_track_file is a deprecated synonym
1068 # file to track (weight defaults to 1)
1069 file <QUOTED_STRING>
1070 # optional default weight
1072 weight <-2147483647..2147483647> [reverse]
1073 # create the file and/or initialise the value
1075 # This causes VALUE (default 0) to be written to
1076 # the specified file at startup if the file doesn't
1077 # exist, unless overwrite is specified in which case
1078 # any existing file contents will be overwritten with
1079 # the specified value.
1080 init_file [VALUE] [overwrite]
1081 }
1082
1084 The configuration block looks like:
1085 vrrp_track_process <STRING> {
1087 # process to monitor (with optional parameters)
1088 # A quoted string is treated as a single element, so if the first item
1089 # after the process keyword is quoted, that will be the command name.
1090 # For example:
1091 # process "/tmp/a b" param1 "param 2"
1092 # would mean a process named '/tmp/a b' (quotes removed) with 2 parameters
1093 # 'param1' and 'param 2'.
1094 process <STRING>|<QUOTED_STRING> [<STRING>|<QUOTED_STRING> ...]
1095 # If matching parameters, this specifies a partial match (i.e. the first
1097 # n parameters match exactly), or an initial match, i.e. the last
1098 # parameter may be longer that the parameter configured.
1099 # To specify that a command must have no parameters, don't specify
1100 # any parameters, but specify param_match.
1101 param_match {initial|partial}
1102 # default weight (default is 1). For description of reverse, see track_process.
1104 # 'weight 0 reverse' will cause the vrrp instance to be down when the
1105 # quorum is up, and vice versa.
1106 weight <-254..254> [reverse]
1107 # minimum number of processes for success
1109 quorum NUM
1110 # maximum number of processes for success. For example, setting
1112 # this to 1 would cause a failure if two instances of the process
1113 # were running (but beware forks - see fork_delay below).
1114 # Setting this to 0 would mean failure if the matching process were
1115 # running at all.
1116 quorum_max NUM
1117 # time to delay after process quorum gained after fork before
1119 # consider process up (in fractions of second)
1120 # This is to avoid up/down bounce for fork/exec
1121 fork_delay SECS
1122 # time to delay after process quorum lost before
1124 # consider process down (in fractions of second)
1125 # This is to avoid down/up bounce after terminate/parent refork.
1126 terminate_delay SECS
1127 # this sets fork_delay and terminate_delay
1129 delay SECS
1130 # Normally process string is matched against the process name,
1132 # as shown on the Name: line in /proc/PID/status, unless
1133 # parameters are specified.
1134 # This option forces matching the full command line
1135 full_command
1136 }
1137 To avoid having to frequently run a track_script to monitor the exis‐
1139 tance of processes (often haproxy or nginx), vrrp_track_process can
1140 monitor whether other processes are running.
1141 One difference from pgrep is track_process doesn't do a regular expres‐
1143 sion match of the command string, but does an exact match. 'pgrep ssh'
1144 will match an sshd process, this track_process will not (it is equiva‐
1145 lent to pgrep "^ssh$").
1146 If full_command is used (equivalent to pgrep -f), /proc/PID/cmdline is
1148 used, but any updates to cmdline will not be detected (a process
1149 shouldn't normally change it, although it is possible with great care,
1150 for example systemd).
1151 Prior to Linux v3.2 track_process will not support detection of changes
1153 to a process name, since the kernel did not notify changes of process
1154 name prior to 3.2. Most processes do not change their process name,
1155 but, for example, firefox forks processes that change their process
1156 name to "Web Content". The process name referred to here is the con‐
1157 tents of /proc/PID/comm.
1158 Quorum is the number of matching processes that must be run for an OK
1160 status.
1161 Delay might be useful if it anticipated that a process may be reloaded
1163 (stopped and restarted), and it isn't desired to down and up a vrrp in‐
1164 stance.
1165 A positive weight means that an OK status will add <weight> to the pri‐
1167 ority of all VRRP instances which monitor it. On the opposite, a nega‐
1168 tive weight will be subtracted from the initial priority in case of in‐
1169 sufficient processes.
1170 If the vrrp instance or sync group is not the address owner and the re‐
1172 sult is between -253 and 253, the result will be added to the initial
1173 priority of the VRRP instance (a negative value will reduce the prior‐
1174 ity), although the effective priority will be limited to the range
1175 [1,254].
1176 If a vrrp instance using a track_process is a member of a sync group,
1178 unless sync_group_tracking_weight is set on the group weight 0 must be
1179 set. Likewise, if the vrrp instance is the address owner, weight 0
1180 must also be set.
1181 Rational for not using pgrep/pidof/killall and the likes:
1183 Every time pgrep or its equivalent is run, it iterates though the
1185 /proc/[1-9][0-9]* directories, and opens the status and cmdline pseudo
1186 files in each directory. The cmdline pseudo file is mapped to the
1187 process's address space, and so if that part of the process is swapped
1188 out, it will have to be fetched from the swap space. pgrep etc also
1189 include zombie processes whereas keepalived does not, since they aren't
1190 running.
1191 This implementation only iterates though /proc/[1-9][0-9]*/ directories
1193 at start up, and it won't even read the cmdline pseudo files if
1194 'full_command' is not specified for any of the vrrp_track_process en‐
1195 tries. After startup, it uses the process_events kernel <-> userspace
1196 connector to receive notification of process changes. If full_command
1197 is specified for any track_process instance, the cmdline pseudo file
1198 will have to be read upon notification of the creation of the new
1199 process, but at that time it is very unlikely that it will have already
1200 been swapped out.
1201 On a busy system with a high number of process creations/terminations,
1203 using a track_script with pgrep/pidof/killall may be more efficient,
1204 although those processes are inefficient compared to the minimum that
1205 keepalived needs.
1206 Using pgrep etc on a system that is swapping can have a significant
1208 detrimental impact on the performance of the system, due to having to
1209 fetch swapped memory from the swap space, thereby causing additional
1210 swapping.
1211
1213 This is an implementation of RFC5880 (Bidirectional forwarding detec‐
1214 tion), and this can be configured to work between 2 keepalived in‐
1215 stances, but using unweighted track_bfds between a master/backup pair
1216 of VRRP instances means that the VRRP instance will only be able to
1217 come up if both VRRP instance are running, which somewhat defeats the
1218 purpose of VRRP.
1219 This implementation has been tested with OpenBFDD (available at
1221 https://github.com/dyninc/OpenBFDD).
1222 The syntax for bfd instance is :
1224 bfd_instance <STRING> {
1226 # BFD Neighbor IP (synonym neighbour_ip)
1227 neighbor_ip <IP ADDRESS>
1228 # Source IP to use (optional, except in order to ensure that the
1230 # local port is valid, it is required)
1231 source_ip <IP ADDRESS>
1232 # Required min RX interval, in ms (resolution is micro-seconds e.g. 3.312)
1234 # (default is 10 ms)
1235 min_rx <DECIMAL>
1236 # Desired min TX interval, in ms (resolution is micro-seconds)
1238 # (default is 10 ms)
1239 min_tx <DECIMAL>
1240 # Desired idle TX interval, in ms (resolution is micro-seconds)
1242 # (default is 1000 ms)
1243 idle_tx <DECIMAL>
1244 # Number of missed packets after
1246 # which the session is declared down
1247 # (default is 5)
1248 multiplier <INTEGER>
1249 # Operate in passive mode (default is active)
1251 passive
1252 # outgoing IPv4 ttl to use (default 255)
1254 ttl <INTEGER>
1255 # outgoing IPv6 hoplimit to use (default 64)
1257 hoplimit <INTEGER>
1258 # maximum reduction of ttl/hoplimit
1260 # in received packet (default 0)
1261 # (255 disables hop count checking)
1262 max_hops <INTEGER>
1263 # Default tracking weight
1265 # Normally, positive weights are added to the vrrp instance priority when
1266 # the bfd instance is up, negative weights reduce the priority when it is down.
1267 # However, if reverse is specified, the priority is decreased when up and
1268 # increased when down. 'weight 0 reverse' will cause the vrrp instance to be down
1269 # when the bfd instance is up, and vice versa.
1270 weight <-253:253> [reverse]
1271 # Normally bfd event notifications are sent to both the VRRP and checker processes.
1273 # Specifying vrrp or checker will cause event notifications for this bfd_instance
1274 # only to be sent to the specified process
1275 vrrp
1276 checker
1277 }
1278
1280 contains subblocks of VRRP script(s), VRRP synchronization group(s),
1281 VRRP gratuitous ARP and unsolicited neighbour advert delay group(s) and
1282 VRRP instance(s)
1283
1285 The script will be executed periodically, every <interval> seconds. Its
1286 exit code will be recorded for all VRRP instances which monitor it.
1287 Note that the script will only be executed if at least one VRRP in‐
1288 stance monitors it.
1289 The default weight equals 0, which means that any VRRP instance moni‐
1291 toring the script will transition to the fault state after <fall> con‐
1292 secutive failures of the script. After that, <rise> consecutive suc‐
1293 cesses will cause VRRP instances to leave the fault state, unless they
1294 are also in the fault state due to other scripts or interfaces that
1295 they are tracking.
1296 A positive weight means that <rise> successes will add <weight> to the
1298 priority of all VRRP instances which monitor it. On the opposite, a
1299 negative weight will be subtracted from the initial priority in case of
1300 <fall> failures.
1301 The syntax for the vrrp script is:
1303 # Adds a script to be executed periodically. Its exit code will be
1305 # recorded for all VRRP instances and sync groups which are monitoring it.
1306 vrrp_script <SCRIPT_NAME> {
1307 # path of the script to execute
1308 script <STRING>|<QUOTED-STRING>
1309 # seconds between script invocations, (default: 1 second)
1311 interval <INTEGER>
1312 # seconds after which script is considered to have failed
1314 timeout <INTEGER>
1315 # adjust priority by this weight, (default: 0)
1317 # For description of reverse, see track_script.
1318 # 'weight 0 reverse' will cause the vrrp instance to be down when the
1319 # script is up, and vice versa.
1320 weight <INTEGER:-253..253> [reverse]
1321 # required number of successes for OK transition
1323 rise <INTEGER>
1324 # required number of successes for KO transition
1326 fall <INTEGER>
1327 # user/group names to run script under.
1329 # group default to group of user
1330 user USERNAME [GROUPNAME]
1331 # assume script initially is in failed state
1333 init_fail
1334 }
1335
1337 VRRP Sync Group is an extension to VRRP protocol. The main goal is to
1338 define a bundle of VRRP instance to get synchronized together so that
1339 transition of one instance will be reflected to others group members.
1340 In addition there is an enhanced notify feature for fine state transi‐
1342 tion catching.
1343 You can also define multiple track policy in order to force state tran‐
1345 sition according to a third party event such as interface, scripts,
1346 file, BFD.
1347 Important: for a SYNC group to run reliably, it is vital that all in‐
1349 stances in the group are MASTER or that they are all either BACKUP or
1350 FAULT. A situation with half instances having higher priority on ma‐
1351 chine A half others with higher priority on machine B will lead to con‐
1352 stant re-elections. For this reason, when instances are grouped, any
1353 track scripts/files configured against member VRRP instances will have
1354 their tracking weights automatically set to zero, in order to avoid in‐
1355 consistent priorities across instances.
1356 The syntax for vrrp_sync_group is :
1358 vrrp_sync_group <STRING> {
1360 group {
1361 # name of the vrrp_instance (see below)
1362 # Set of VRRP_Instance string
1363 <STRING>
1364 <STRING>
1365 ...
1366 }
1367 # Synchronization group tracking interface, script, file & bfd will
1369 # update the status/priority of all VRRP instances which are members
1370 # of the sync group.
1371 # 'weight 0 reverse' will cause the vrrp instance to be down when the
1372 # interface is up, and vice versa.
1373 track_interface {
1374 eth0
1375 eth1
1376 eth2 weight <-253..253> [reverse]
1377 ...
1378 }
1379 # add a tracking script to the sync group (<SCRIPT_NAME> is the name
1381 # of the vrrp_script entry) go to FAULT state if any of these go down
1382 # if unweighted.
1383 # reverse causes the direction of the adjustment of the priority to be reversed.
1384 track_script {
1385 <SCRIPT_NAME>
1386 <SCRIPT_NAME> weight <-253..253> [reverse|noreverse]
1387 }
1388 # Files whose state we monitor, value is added to effective priority.
1390 # <STRING> is the name of a track_file
1391 # weight defaults to weight configured in track_file
1392 track_file {
1393 <STRING>
1394 <STRING> weight <-254..254> [reverse|noreverse]
1395 ...
1396 }
1397 # Process to monitor, weight is added to effective priority.
1399 # <STRING> is the name of a vrrp_track_process
1400 # weight defaults to weight configured in vrrp_track_process.
1401 # See vrrp_instance track_process for description of weight.
1402 track_process {
1403 <STRING>
1404 <STRING> weight <-254..254> [reverse|noreverse]
1405 ...
1406 }
1407 # BFD instances we monitor, value is added to effective priority.
1409 # <STRING> is the name of a BFD instance
1410 track_bfd {
1411 <STRING>
1412 <STRING>
1413 <STRING> weight <INTEGER: -253..253> [reverse|noreverse]
1414 ...
1415 }
1416 # notify scripts and alerts are optional
1418 #
1419 # filenames of scripts to run on transitions can be unquoted (if
1420 # just filename) or quoted (if it has parameters)
1421 # The username and groupname specify the user and group
1422 # under which the scripts should be run. If username is
1423 # specified, the group defaults to the group of the user.
1424 # If username is not specified, they default to the
1425 # global script_user and script_group
1426 # to MASTER transition
1428 notify_master /path/to_master.sh [username [groupname]]
1429 # to BACKUP transition
1431 notify_backup /path/to_backup.sh [username [groupname]]
1432 # FAULT transition
1434 notify_fault "/path/fault.sh VG_1" [username [groupname]]
1435 # executed when stopping vrrp
1437 notify_stop <STRING>|<QUOTED-STRING> [username [groupname]]
1438 # notify_deleted causes DELETED to be sent to notifies rather
1440 # than the default FAULT after a vrrp instance is deleted during a
1441 # reload. If a script is specified, that script will be executed
1442 # as well.
1443 notify_deleted [<STRING>|<QUOTED-STRING> [username [groupname]]]
1444 # for ANY state transition.
1446 # "notify" script is called AFTER the notify_* script(s) and
1447 # is executed with 4 additional arguments after the configured
1448 # arguments provided by Keepalived:
1449 # $(n-3) = "GROUP"|"INSTANCE"
1450 # $(n-2) = name of the group or instance
1451 # $(n-1) = target state of transition (stop only applies to instances)
1452 # ("MASTER"|"BACKUP"|"FAULT"|"STOP"|"DELETED")
1453 # $(n) = priority value
1454 # $(n-3) and $(n-1) are ALWAYS sent in uppercase, and the possible
1455 # strings sent are the same ones listed above
1456 # ("GROUP"/"INSTANCE", "MASTER"/"BACKUP"/"FAULT"/"STOP"/"DELETED")
1457 # (note: DELETED is only applicable to instances)
1458 notify <STRING>|<QUOTED-STRING> [username [groupname]]
1459 # The notify fifo output is the same as the last 4 parameters for the "notify"
1461 # script, with the addition of "MASTER_RX_LOWER_PRI" instead of state for an
1462 # instance, and also "MASTER_PRIORITY" and "BACKUP_PRIORITY" if the priority
1463 # changes and notify_priority_changes is configured.
1464 # MASTER_RX_LOWER_PRI is used if a master needs to set some external state, such
1465 # as setting a secondary IP address when using Amazon AWS; if another keepalived
1466 # has transitioned to master due to a communications break, the lower priority
1467 # instance will have taken over the secondary IP address, and the proper master
1468 # needs to be able to restore it.
1469 # Send FIFO notifies for vrrp priority changes
1471 notify_priority_changes <BOOL>
1472 # Send email notification during state transition,
1474 # using addresses in global_defs above (default no,
1475 # unless global smtp_alert/smtp_alert_vrrp set)
1476 smtp_alert <BOOL>
1477 # DEPRECATED. Use track_interface, track_script and
1479 # track_file on vrrp_sync_groups instead.
1480 global_tracking
1481 # allow sync groups to use differing weights.
1483 # This probably WON'T WORK, but is a replacement for
1484 # global_tracking in case different weights were used
1485 # across different vrrp instances in the same sync group.
1486 sync_group_tracking_weight
1487 }
1488
1490 specifies the setting of delays between sending gratuitous ARPs and un‐
1491 solicited neighbour advertisements. This is intended for when an up‐
1492 stream switch is unable to handle being flooded with ARPs/NAs.
1493 Use interface when the limits apply on the single physical interface.
1495 Use interfaces when a group of interfaces are linked to the same switch
1496 and the limits apply to the switch as a whole.
1497 Note: Only one of interface or interfaces should be used per block.
1499 If the global vrrp_garp_interval and/or vrrp_gna_interval are set, any
1501 interfaces that aren't specified in a garp_group will inherit the
1502 global settings.
1503 The syntax for garp_group is :
1505 garp_group {
1507 # Sets the interval between Gratuitous ARP (in seconds, resolution microseconds)
1508 garp_interval <DECIMAL>
1509 # Sets the default interval between unsolicited NA (in seconds, resolution microseconds)
1511 gna_interval <DECIMAL>
1512 # The physical interface to which the intervals apply
1514 interface <STRING>
1515 # A list of interfaces across which the delays are aggregated.
1517 interfaces {
1518 <STRING>
1519 <STRING>
1520 ...
1521 }
1522 }
1523
1525 A VRRP Instance is the VRRP protocol key feature. It defines and con‐
1526 figures VRRP behaviour to run on a specific interface. Each VRRP In‐
1527 stance is related to a unique interface.
1528 The syntax for vrrp_instance is :
1530 vrrp_instance <STRING> {
1532 # Initial state, MASTER|BACKUP
1533 # If the priority is 255, then the instance will transition immediately
1534 # to MASTER if state MASTER is specified; otherwise the instance will
1535 # wait between 3 and 4 advert intervals before it can transition,
1536 # depending on the priority.
1537 state MASTER
1538 # interface for inside_network, bound by vrrp.
1540 # Note: if using unicasting, the interface can be omitted as long
1541 # as the unicast addresses are not IPv6 link local addresses (this is
1542 # necessary, for example, if using asymmetric routing).
1543 # If the interface is omitted, then all VIPs and eVIPs should specify
1544 # the interface they are to be configured on, otherwise they will be
1545 # added to the default interface.
1546 interface eth0
1547 # If using unicasting without specifying an interface, the VRF to operate
1549 # in can be specified.
1550 vrf VRF_IF
1551 # Use VRRP Virtual MAC (macvlan).
1553 # The macvlan will be created on the configured interface for
1554 # the VRRP instance, and the VIPs, and eVIPs of the matching address
1555 # family, which do not specify a different interface will be configured
1556 # on the macvlan.
1557 # The VRRP adverts will also be sent and received on the macvlan
1558 # interface, unless vmac_xmit_base is configured.
1559 # NOTE: If sysctl net.ipv4.conf.all.rp_filter is set,
1560 # and this vrrp_instance is an IPv4 instance, using
1561 # this option will cause the individual interfaces to be
1562 # updated to the greater of their current setting, and
1563 # all.rp_filter, as will default.rp_filter, and all.rp_filter
1564 # will be set to 0.
1565 # The original settings are restored on termination.
1566 # NOTE 2: If using use_vmac with unicast peers,
1567 # vmac_xmit_base must be set.
1568 # The MAC address can be specified with only 5 octets, in which case
1569 # the virtual_router_id will be used as the last octet.
1570 use_vmac [<VMAC_INTERFACE_NAME>] [MAC_ADDRESS]
1571 # use_vmac_addr is used to create VMAC (macvlan) interfaces for
1573 # each interface that is used by a VIP or eVIP where the interface
1574 # is not the same as the interface on which the VRRP instance is
1575 # configured or the eVIP's address family does not match the VRRP
1576 # instance's. Alternatively, use_vmac can be specified against each
1577 # VIP/eVIP that specifies an interface (dev).
1578 # NOTE: if use_vmac is specfied and an eVIP is not the same address
1579 # family as the vrrp instance, unless use_vmac_addr is specified, or
1580 # use_vmac is specified for the eVIP, the eVIP will be configured on
1581 # the vrrp instance's VMAC, which will have the wrong MAC address for
1582 # the address family of the eVIP.
1583 use_vmac_addr
1584 # Send/Recv VRRP messages from base interface instead of
1586 # VMAC interface
1587 vmac_xmit_base
1588 # Use IPVLAN interface. keepalived will create a mode L2
1590 # ipvlan interface on top of the specified interface.
1591 # For IPv4 instances, an IP address is required, for IPv6
1592 # the address is optional, in which case the link local
1593 # address will be used.
1594 # The mode flags default to bridge. NOTE: the mode flags must be the
1595 # same for all ipvlans on the same underlying interface.
1596 # It is safer to configure an interface name, in case keepalived crashes
1597 # and restarts, in which case it can more reliably find a previously
1598 # created interface.
1599 use_ipvlan [<INTERFACE_NAME>] [IP_ADDRESS] [bridge|private|vepa]
1600 # force instance to use IPv6 (this option is deprecated since
1602 # the virtual ip addresses determine whether IPv4 or IPv6 is used).
1603 native_ipv6
1604 # Ignore VRRP interface faults (default unset).
1606 # Note: when using IPv6, setting the interface administratively down, e.g.
1607 # 'ip link set IF down' will by default cause all IPv6 addresses to be
1608 # deleted from the interface, and consequently the VRRP instance will
1609 # go to fault state due to the addresses being deleted. Setting sysctl
1610 # net.ipv6.conf.IF.keep_addr_on_down to 1 will allow non link-local addresses
1611 # to remain when the interface is downed.
1612 dont_track_primary
1613 # optional, monitor these as well.
1615 # go to FAULT state if any of these go down if unweighted.
1616 # When a weight is specified in track_interface, instead of setting the vrrp
1617 # instance to the FAULT state in case of failure, its priority will be
1618 # increased by the weight when the interface is up (for positive weights),
1619 # or decreased by the weight's absolute value when the interface is down
1620 # (for negative weights), unless reverse is specified, in which case the
1621 # direction of adjustment of the priority is reversed.
1622 # The weight must be comprised between -253 and +253 inclusive.
1623 # 0 is the default behaviour which means that a failure implies a
1624 # FAULT state. The common practice is to use positive weights to count a
1625 # limited number of good services so that the server with the highest count
1626 # becomes master. Negative weights are better to count unexpected failures
1627 # among a high number of interfaces, as it will not saturate even with high
1628 # number of interfaces. Use reverse to increase priority if an interfaces is down
1629 track_interface {
1630 eth0
1631 eth1
1632 eth2 weight <-253..253> [reverse]
1633 ...
1634 }
1635 # add a tracking script to the interface
1637 # (<SCRIPT_NAME> is the name of the vrrp_track_script entry)
1638 # The same principle as track_interface can be applied to track_script entries,
1639 # except that an unspecified weight means that the default weight declared in
1640 # the script will be used (which itself defaults to 0).
1641 # reverse causes the direction of the adjustment of the priority to be reversed.
1642 track_script {
1643 <SCRIPT_NAME>
1644 <SCRIPT_NAME> weight <-253..253> [reverse|no_reverse]
1645 }
1646 # Files whose state we monitor, value is added to effective priority.
1648 # <STRING> is the name of a track_file
1649 track_file {
1650 <STRING>
1651 <STRING>
1652 <STRING> weight <-254..254> [reverse|noreverse]
1653 ...
1654 }
1655 # Positive weights are added/subtracted when the process is running,
1657 # negative weights are subtracted/added when the not running.
1658 # If reverse is specified, the addition/subtraction is reversed.
1659 # <STRING> is the name of a vrrp_track_process
1660 # weight defaults to weight configured in vrrp_track_process
1661 track_process {
1662 <STRING>
1663 <STRING> weight <-254..254> [reverse|noreverse]
1664 ...
1665 }
1666 # BFD instances we monitor, value is added to effective priority,
1668 # unless reverse is specified, when the value is subtracted.
1669 # Positive weights are add/subtracted when the bfd instance is up,
1670 # negative weights are subtracted/added when the bfd instance is down.
1671 # <STRING> is the name of a BFD instance
1672 track_bfd {
1673 <STRING>
1674 <STRING>
1675 <STRING> weight <INTEGER: -253..253> [reverse|noreverse]
1676 ...
1677 }
1678 # default IP for binding vrrpd is the primary IP
1680 # on interface. If you want to hide the location of vrrpd,
1681 # use this IP as src_addr for multicast or unicast vrrp
1682 # packets. (since it's multicast, vrrpd will get the reply
1683 # packet no matter what src_addr is used).
1684 # optional
1685 mcast_src_ip <IPADDR>
1686 unicast_src_ip <IPADDR>
1687 # specify an alternative multicast address to use as the destination
1689 # of VRRP adverts and for listening for adverts. Note, if you are using
1690 # multiple VRRP instances with VMACs and different multicast addresses
1691 # and the same VRID, you will have to specify alternative MAC addresses
1692 # for at least all but one of the VMACs.
1693 # IPv6 multicast addresses must be link-local, i.e. start ffX2:
1694 # Using different multicast addresses with IPv6 on the same interface without
1695 # using VMACs is only supported if the kernel supports IPV6_MULTICAST_ALL
1696 # (from Linux v4.20).
1697 mcast_dst_ip <MULTICAST_IPADDR>
1698 # if the configured src_ip doesn't exist or is removed put the
1700 # instance into fault state
1701 track_src_ip
1702 # VRRP version to run on interface
1704 # default is global parameter vrrp_version, but IPv6 instances will
1705 # always use version 3.
1706 version <2 or 3>
1707 # The following enables checking that when in unicast mode, the
1709 # source address of a VRRP packet is one of our unicast peers.
1710 check_unicast_src
1711 # Do not send VRRP adverts over a VRRP multicast group.
1713 # Instead it sends adverts to the following list of
1714 # ip addresses using unicast. It can be cool to use
1715 # the VRRP FSM and features in a networking
1716 # environment where multicast is not supported!
1717 # IP addresses specified can be IPv4 as well as IPv6.
1718 # If min_ttl and/or max_ttl are specified, the TTL/hop limit
1719 # of any received packet is checked against the specified
1720 # TTL range, and is discarded if it is outside the range.
1721 # Specifying min_ttl or max_ttl turns on check_unicast_src.
1722 unicast_peer {
1723 <IPADDR> [min_ttl {0..255}] [max_ttl {0..255}]
1724 ...
1725 }
1726 # It is not possible to operate in unicast mode without any peers.
1728 # Until v2.2.4 keepalived would silently operate in multicast mode
1729 # if no peers were specified but a unicast keyword had been specified.
1730 # Using this keywork stops defaulting to multicast if no peers are
1731 # specified and puts the VRRP instance into fault state.
1732 unicast_fault_no_peer
1733 # Specify the unicast TTL/HLIM for sending unicast adverts
1735 unicast_ttl {0..255}
1736 # The checksum calculation when using VRRPv3 changed after v1.3.6.
1738 # Setting this flag forces the old checksum algorithm to be used
1739 # to maintain backward compatibility, although keepalived will
1740 # attempt to maintain compatibility anyway if it sees an old
1741 # version checksum. Specifying never will turn off auto detection
1742 # of old checksums. [This option may not be enabled - check output
1743 # of `keepalived -v` for OLD_CHKSUM_COMPAT.]
1744 old_unicast_checksum [never]
1745 # interface specific settings, same as global parameters.
1747 # default to global parameters
1748 garp_master_delay 10
1749 garp_master_repeat 1
1750 garp_lower_prio_delay 10
1751 garp_lower_prio_repeat 1
1752 garp_master_refresh 60
1753 garp_master_refresh_repeat 2
1754 garp_extra_if [all] 100 # specifying 0 disables feature
1755 # The VRRP RFCs state that the master down timer is 3 advert intervals plus
1757 # a skew time. Setting down_timer_adverts means the master down timer will be
1758 # down_timer_adverts advert intervals.
1759 # The default is 3, to conform with the VRRP RFCs. Setting this to any other
1760 # value is a deviation from the VRRP protocol. All virtual routers for a given
1761 # VRRP instance MUST use the same value.
1762 down_timer_adverts [1-100]
1763 # If a lower priority advert is received, don't send another advert.
1765 # This causes adherence to the RFCs (defaults to global
1766 # vrrp_lower_priority_dont_send_advert).
1767 lower_prio_no_advert [<BOOL>]
1768 # If we are master and receive a higher priority advert, send an advert
1770 # (which will be lower priority than the other master), before we transition
1771 # to backup. This means that if the other master has garp_lower_prio_repeat
1772 # set, it will resend garp messages. This is to get around the problem of
1773 # their having been two simultaneous masters, and the last GARP
1774 # messages seen were from us.
1775 higher_prio_send_advert [<BOOL>]
1776 # arbitrary unique number from 1 to 255
1778 # used to differentiate multiple instances of vrrpd
1779 # running on the same network interface and address
1780 # family and multicast/unicast (and hence same socket).
1781 # Note: using the same virtual_router_id with the same
1782 # address family on different interfaces has been known
1783 # to cause problems with some network switches; if you
1784 # are experiencing problems with using the same
1785 # virtual_router_id on different interfaces, but the problems
1786 # are resolved by not duplicating virtual_router_ids, your
1787 # network switches are probably not functioning correctly.
1788 #
1789 # Whilst in general it is important not to duplicate a
1790 # virtual_router_id on the same network interface, there is a
1791 # special case when using unicasting if the unicast peers for
1792 # the vrrp instances with duplicated virtual_router_ids on the
1793 # network interface do not overlap, in which case virtual_router_ids
1794 # can be duplicated.
1795 # It is also possible to duplicate virtual_router_ids on an
1796 # interface with multicasting if different multicast addresses
1797 # are used (see mcast_dst_ip).
1798 virtual_router_id 51
1799 # for electing MASTER, highest priority wins.
1801 # The valid range of values for priority is [1-255], with priority
1802 # 255 meaning "address owner".
1803 # To be MASTER, it is recommended to make this 50 more than on
1804 # other machines. All systems should have different priorities
1805 # in order to make behaviour deterministic. If you want to stop
1806 # a higher priority instance taking over as master when it starts,
1807 # configure no_preempt rather than using equal priorities.
1808 # If no_accept is configured (or vrrp_strict # which also sets
1809 # no_accept mode), then unless the vrrp_instance has priority 255,
1810 # the system will not receive packets addressed to the # VIPs/eVIPs,
1811 # and the VIPs/eVIPs can only be used for routeing purposes.
1812 # Further, if an instance has priority 255 configured, the priority cannot
1813 # be reduced by track_scripts, track_process etc, and likewise
1814 # track_scripts etc cannot increase the priority to 255 if the configured
1815 # priority is not 255.
1816 priority 100
1817 # VRRP Advert interval in seconds (e.g. 0.92) (use default)
1819 advert_int 1
1820 # Note: authentication was removed from the VRRPv2 specification by
1822 # RFC3768 in 2004.
1823 # Use of this option is non-compliant and can cause problems; avoid
1824 # using if possible, except when using unicast, where it can be helpful.
1825 authentication {
1826 # PASS|AH
1827 # PASS - Simple password (suggested)
1828 # AH - IPSEC (not recommended))
1829 auth_type PASS
1830 # Password for accessing vrrpd.
1832 # should be the same on all machines.
1833 # Only the first eight (8) characters are used.
1834 auth_pass 1234
1835 }
1836 # addresses add|del on change to MASTER, to BACKUP.
1838 # With the same entries on other machines,
1839 # the opposite transition will be occurring.
1840 # For virtual_ipaddress, virtual_ipaddress_excluded,
1841 # virtual_routes and virtual_rules most of the options
1842 # match the options of the command ip address/route/rule add.
1843 # The track_group option only applies to static addresses/routes/rules.
1844 # no_track is specific to keepalived and means that the
1845 # vrrp_instance will not transition out of master state
1846 # if the address/route/rule is deleted and the address/route/rule
1847 # will not be reinstated until the vrrp instance next transitions
1848 # to master.
1849 # <LABEL>: is optional and creates a name for the alias.
1850 For compatibility with "ifconfig", it should
1851 be of the form <realdev>:<anytext>, for example
1852 eth0:1 for an alias on eth0.
1853 # <SCOPE>: ("site"|"link"|"host"|"nowhere"|"global")
1854 # preferred_lft is set to 0 to deprecate IPv6 addresses (this is the
1855 # default if the address mask is /128). Use "preferred_lft forever"
1856 # to specify that a /128 address should not be deprecated.
1857 # NOTE: care needs to be taken if dev is specified for an address and
1858 # your network uses MAC learning switches. The VRRP protocol ensures
1859 # that the source MAC address of the interface sending adverts is
1860 # maintained in the MAC cache of switches; however by default this
1861 # will not work for the MACs of any VIPs/eVIPs that are configured on
1862 # different interfaces from the interface on which the VRRP instance is
1863 # configured, since the interface, especially if it is a VMAC interface,
1864 # will only send using the MAC address of the interface in response to
1865 # ARP requests. This may mean that the interface MAC addresses may
1866 # time out in the MAC caches of switches. In order to avoid this, use
1867 # the garp_extra_if or garp_extra_if_vmac options to send periodic
1868 # GARP/ND messages on those interfaces.
1869 virtual_ipaddress {
1870 <IPADDR>[/<MASK>] [brd <IPADDR>] [dev <STRING>] [use_vmac] [scope <SCOPE>]
1871 [label <LABEL>] [peer <IPADDR>] [home]
1872 [-nodad] [mngtmpaddr] [noprefixroute]
1873 [autojoin] [no_track] [preferred_lft nn|forever]
1874 192.168.200.17/24 dev eth1
1875 192.168.200.18/24 dev eth2 label eth2:1
1876 }
1877 # VRRP IP excluded from VRRP optional.
1879 # For cases with large numbers (eg 200) of IPs
1880 # on the same interface. To decrease the number
1881 # of addresses sent in adverts, you can exclude
1882 # most IPs from adverts.
1883 # The IPs are add|del as for virtual_ipaddress.
1884 # Can also be used if you want to be able to add
1885 # a mixture of IPv4 and IPv6 addresses, since all
1886 # addresses in virtual_ipaddress must be of the
1887 # same family.
1888 virtual_ipaddress_excluded {
1889 <IPADDR>[/<MASK>] [brd <IPADDR>] [dev <STRING>] [scope <SCOPE>]
1890 [label <LABEL>] [peer <IPADDR>] [home]
1891 [-nodad] [mngtmpaddr] [noprefixroute]
1892 [autojoin] [no_track]
1893 <IPADDR>[/<MASK>] ...
1894 ...
1895 }
1896 # Set the promote_secondaries flag on the interface to stop other
1898 # addresses in the same CIDR being removed when 1 of them is removed
1899 # For example if 10.1.1.2/24 and 10.1.1.3/24 are both configured on an
1900 # interface, and one is removed, unless promote_secondaries is set on
1901 # the interface the other address will also be removed.
1902 promote_secondaries
1903 # routes add|del when changing to MASTER, to BACKUP.
1905 # See static_routes for more details
1906 virtual_routes {
1907 # src <IPADDR> [to] <IPADDR>/<MASK> via|gw <IPADDR>
1908 # [or <IPADDR>] dev <STRING> scope <SCOPE> table <TABLE>
1909 src 192.168.100.1 to 192.168.109.0/24 via 192.168.200.254 dev eth1
1910 192.168.110.0/24 via 192.168.200.254 dev eth1
1911 192.168.111.0/24 dev eth2 no_track
1912 192.168.112.0/24 via 192.168.100.254
1913 192.168.113.0/24 via 192.168.200.254 or 192.168.100.254 dev eth1
1914 blackhole 192.168.114.0/24
1915 0.0.0.0/0 gw 192.168.0.1 table 100 # To set a default gateway into table 100.
1916 }
1917 # rules add|del when changing to MASTER, to BACKUP
1919 # See static_rules for more details
1920 virtual_rules {
1921 from 192.168.2.0/24 table 1
1922 to 192.168.2.0/24 table 1 no_track
1923 }
1924 # VRRPv3 has an Accept Mode to allow the virtual router when not the
1926 # address owner to receive packets addressed to a VIP. This is the default
1927 # setting unless strict mode is set. As an extension, this also works for
1928 # VRRPv2 (RFC 3768 doesn't define an accept mode).
1929 # --
1930 # Accept packets to non address-owner
1931 accept
1932 # Drop packets to non address-owner.
1934 no_accept
1935 # A higher priority VRRP instance will normally preempt a lower priority instance
1937 # when it comes online. "nopreempt" stops the higher priority machine taking
1938 # over the master role, and allows the lower priority machine to remain as
1939 # master.
1940 # NOTE: For this to work, the initial state must not be MASTER.
1941 # --
1942 nopreempt
1943 # for backwards compatibility
1945 preempt
1946 # Seconds of delay until preemption after getting the advertisement timeout
1948 # at startup or when seeing a lower priority master.
1949 #
1950 # Since it is a delay, it cannot speed up taking over as master.
1951 # "preempt_delay" specifies the time in seconds to delay preempting compared
1952 # to if "preempt_delay" is not specified. Advertisement timeout is
1953 # 3 * advert_int + skew_time. Skew_time is defined by RFC3768 and RFC5798.
1954 #
1955 # So if "advert_int" is 1, and priority is 128, the instance would normally
1956 # wait 3.5 seconds before taking over as master. If "preempt_delay 2" is
1957 # specified, then the delay before taking over as master would be approximately
1958 # 5.5 seconds.
1959 #
1960 # (if not disabled by "nopreempt").
1961 # Range: 0 (default) to 1000 (e.g. 4.12)
1962 # NOTE: For this to work, the initial state must not be MASTER.
1963 preempt_delay 300 # waits 5 minutes
1964 # See description of global vrrp_skip_check_adv_addr, which
1966 # sets the default value. Defaults to vrrp_skip_check_adv_addr
1967 skip_check_adv_addr [on|off|true|false|yes|no]
1968 # See description of global vrrp_strict
1970 # If strict_mode is not specified, it takes the value of vrrp_strict.
1971 # If strict_mode without a parameter is specified, it defaults to on.
1972 strict_mode [on|off|true|false|yes|no]
1973 # Debug level, not implemented yet.
1975 # LEVEL is a number in the range 0 to 4
1976 debug <LEVEL>
1977 # notify scripts, alert as above
1979 notify_master <STRING>|<QUOTED-STRING> [username [groupname]]
1980 notify_backup <STRING>|<QUOTED-STRING> [username [groupname]]
1981 notify_fault <STRING>|<QUOTED-STRING> [username [groupname]]
1982 # executed when stopping vrrp
1983 notify_stop <STRING>|<QUOTED-STRING> [username [groupname]]
1984 notify <STRING>|<QUOTED-STRING> [username [groupname]]
1985 # The notify_master_rx_lower_pri script is executed if a master
1987 # receives an advert with priority lower than the master's priority.
1988 notify_master_rx_lower_pri <STRING>|<QUOTED-STRING> [username [groupname]]
1989 # Send vrrp instance priority notifications on notify FIFOs.
1991 notify_priority_changes <BOOL>
1992 # Send SMTP alerts
1994 smtp_alert <BOOL>
1995 # Set socket receive buffer size (see global_defs
1997 # vrrp_rx_bufs_policy for explanation)
1998 kernel_rx_buf_size
1999 # Set use of linkbeat for the interface of this VRRP instance. This option is
2001 # deprecated - use linkbeat_interfaces block instead.
2002 linkbeat_use_polling
2003 }
2004
2006 If an interface that is being used (or tracked) by a VRRP instance
2007 goes to down state,
2008 the VRRP instance(s) will, by default, immediately transition to
2009 FAULT state, and when
2010 all relevant interfaces are back up again the VRRP instance(s) will
2011 immediately transition
2012 to BACKUP state.
2013 This can cause problems if interfaces are bouncing, and so delays
2015 can be specified
2016 between the interface state change and the transition to
2017 FAULT/BACKUP state. If the
2018 interface returns to its original state before the delay expires,
2019 no associated VRRP
2020 instance state transition will occur.
2021 interface_up_down_delays {
2023 ifname down_delay [up_delay]
2024 ifname2 down_delay [up_delay]
2025 ...
2026 }
2027 The delays are specified in seconds, with a resolution of microseconds, e.g. a delay of
2029 0.00001 means 10 usecs. A delay of 0 means no delay in state change. The maximum delay
2030 that can be specified is 255 seconds.
2031 If up_delay is omitted, it is set to be the same as the down delay.
2033 The delay on an interface must be less than two (or more precisely one less than
2035 down_timer_adverts (default 3)) times the advert interval of any VRRP instance
2036 using that interface (otherwise a backup instance, while not receiving adverts
2037 may time out and become master before this instance transitions to FAULT state).
2038 Consequently the up/down delays can be dynamically reduced if another instance is
2039 master with a shorter advert interval.
2040 If the VRRP instance is using a VMAC, it will inherit the up/down debounce delays of
2042 its parent interface.
2043
2045 contains subblocks of Virtual server group(s) and Virtual server(s)
2046 The subblocks contain arguments for configuring Linux IPVS (LVS) fea‐
2048 ture. Knowledge of ipvsadm(8) will be helpful here. Configuring LVS is
2049 achieved by defining virtual server groups, virtual servers and option‐
2050 ally SSL configuration. Every virtual server defines a set of real
2051 servers, you can attach healthcheckers to each real server. Keepalived
2052 will then lead LVS operation by dynamically maintaining topology.
2053 For details of what configuration combinations are valid, see the
2055 ipvsadm(8) man page.
2056 Note: Where an option can be configured for a virtual server, real
2058 server, and possibly checker, the virtual server setting is the default
2059 for real servers, and the real server setting is the default for check‐
2060 ers.
2061 Note: Tunnelled real/sorry servers can differ from the address family
2063 of the virtual server and non tunnelled real/sorry servers, which all
2064 have to be the same. If a virtual server uses a fwmark, and all the
2065 real/sorry servers are tunnelled, the address family of the virtual
2066 server will be the same as the address family of the real/sorry servers
2067 if they are all the same, otherwise it will default to IPv4 (use
2068 ip_family inet6 to override this).
2069 Note: The port for the virtual server can only be omitted if the vir‐
2071 tual service is persistent.
2072
2074 This feature offers a way to simplify your configuration by factorizing
2075 virtual server definitions. If you need to define a bunch of virtual
2076 servers with exactly the same real server topology then this feature
2077 will make your configuration much more readable, optimize the duplica‐
2078 tion of IPVS virtual servers if nftables_ipvs is used, and will opti‐
2079 mize healthchecking task by only spawning one healthchecker where mul‐
2080 tiple virtual servers declaration would spawn a dedicated healthchecker
2081 for every real server which will waste system resources.
2082 Any combination of IP addresses, IP address ranges and firewall marks
2084 can be used, provided that the family of the IP addresses of the vir‐
2085 tual server group match the IP address family of all the real servers
2086 of any virtual server using the virtual server group. The one exception
2087 to this is that the virtual server group can be configured with both
2088 IPv4 and IPv6 addresses and fwmarks provided that all the real servers
2089 (and sorry servers) of all virtual servers using the virtual server
2090 group use tunnel forwarding; if fwmarks are specified in this case, the
2091 address family must be specified (the one exception to this is if the
2092 virtual server group has no IP addresses (i.e. fwmarks only) and all
2093 the real/sorry servers are tunnelled, it will default to IPv4; it is
2094 not good practice to rely on this and the address families of the fw‐
2095 marks should be configured). Use of this option is intended for very
2096 large LVSs, but note, this can create a huge number of virtual servers
2097 unless nftables_ipvs is used. The use of nftables_ipvs is stringly rec‐
2098 ommended due to the very significant optimisations and efficiencies it
2099 provides.
2100 NOTE: do not configure more than one TCP, one UDP and one SCTP virtual
2102 server with the same IP address family using the same virtual server
2103 group (or to put it another way do not have two virtual servers with
2104 the same protocol and address family using the same virtual server
2105 group); if all the real servers are tunnelled, then you must not have
2106 both IPv4 and IPv6 virtual servers with the same protocol.
2107 The syntax for virtual_server_group is :
2109 virtual_server_group <STRING> {
2111 # Virtual IP Address and Port
2112 <IPADDR> [<PORT>]
2113 <IPADDR> [<PORT>]
2114 ...
2115 # <IPADDR RANGE> is any of the following forms (or their IPv6 equivalents)
2116 # XXX.YYY.ZZZ.WWW-VVV eg 192.168.200.1-10 (includes both .1 and .10)
2117 # AAA.BBB.CCC.DDD-EEE.FFF.GGG.HHH eg 192.168.200.250-192.168.201.10
2118 # III.JJJ.KKK.LLL/nn eg 192.168.202.8/29
2119 <IPADDR RANGE> [<PORT>] # VIP range [VPORT]
2120 <IPADDR RANGE> [<PORT>]
2121 ...
2122 # Firewall Mark (fwmark)
2123 # inet/inet6 should only be specified for virtual server groups
2124 # where all real servers of the virtual servers are tunnelled.
2125 fwmark <INTEGER>
2126 fwmark <INTEGER> [inet|inet6]
2127 ...
2128 }
2129
2131 A virtual_server can be a declaration of one of <IPADDR> [<PORT>] , fw‐
2132 mark <INTEGER> or group <STRING>
2133 The syntax for virtual_server is :
2135 virtual_server <IPADDR> [<PORT>] |
2137 virtual_server fwmark <INTEGER> |
2138 virtual_server group <STRING> {
2139 # LVS scheduler
2140 lvs_sched rr|wrr|lc|wlc|lblc|sh|mh|dh|fo|ovf|lblcr|sed|nq|twos
2141 # Enable flag-1 for scheduler (-b flag-1 in ipvsadm)
2143 flag-1
2144 # Enable flag-2 for scheduler (-b flag-2 in ipvsadm)
2145 flag-2
2146 # Enable flag-3 for scheduler (-b flag-3 in ipvsadm)
2147 flag-3
2148 # Enable sh-port for sh scheduler (-b sh-port in ipvsadm)
2149 sh-port
2150 # Enable sh-fallback for sh scheduler (-b sh-fallback in ipvsadm)
2151 sh-fallback
2152 # Enable mh-port for mh scheduler (-b mh-port in ipvsadm)
2153 mh-port
2154 # Enable mh-fallback for mh scheduler (-b mh-fallback in ipvsadm)
2155 mh-fallback
2156 # Enable One-Packet-Scheduling for UDP (-o in ipvsadm)
2157 ops
2158 # Override default LVS forwarding method (default is NAT).
2160 # Default tunnel type is ipip. Since Linux 5.2 the GUE tunnel type can
2161 # be specified. If using GUE, a port number is required. Since Linux 5.3
2162 # if the tunnel type is GUE, the checksum option can also be specified.
2163 # Since Linux 5.3, GRE tunnel type is also supported, but without the
2164 # remcsum option.
2165 lvs_method NAT|DR
2166 or
2167 lvs_method TUN [type {ipip|gue port NUM|gre} [nocsum|csum|remcsum]]
2168 # LVS persistence engine name (currently only sip supported)
2169 persistence_engine <STRING>
2170 # LVS persistence timeout in seconds, default 6 minutes
2171 persistence_timeout [<INTEGER>]
2172 # LVS granularity mask (-M in ipvsadm)
2173 persistence_granularity <NETMASK>
2174 # L4 protocol
2175 protocol TCP|UDP|SCTP
2176 # If VS IP address is not set,
2177 # suspend healthchecker's activity
2178 ha_suspend
2179 # Send email notification during quorum up/down transition,
2181 # using addresses in global_defs above (default no,
2182 # unless global smtp_alert/smtp_alert_checker set)
2183 smtp_alert <BOOL>
2184 # Default VirtualHost string for HTTP_GET or SSL_GET
2186 # eg virtualhost www.firewall.loc
2187 # Overridden by virtualhost config of real server or checker
2188 virtualhost <STRING>
2189 # snmp_name is a text string that is returned as part of the snmp
2191 # data for this virtual server. It can be used to help identify the
2192 # virtual server when parsing SNMP output.
2193 snmp_name <STRING>
2194 # On daemon startup assume that all RSs are down
2196 # and healthchecks failed. This helps to prevent
2197 # false positives on startup. Alpha mode is
2198 # disabled by default.
2199 alpha
2200 # On daemon shutdown consider quorum and RS
2202 # down notifiers for execution, where appropriate.
2203 # Omega mode is disabled by default.
2204 omega
2205 # Minimum total weight of all live servers in
2207 # the pool necessary to operate VS with no
2208 # quality regression. Defaults to 1.
2209 quorum <INTEGER>
2210 # Tolerate this much weight units compared to the
2212 # nominal quorum, when considering quorum gain
2213 # or loss. A flap dampener. Defaults to 0.
2214 hysteresis <INTEGER>
2215 # Script to execute when quorum is gained.
2217 quorum_up <STRING>|<QUOTED-STRING> [username [groupname]]
2218 # Script to execute when quorum is lost.
2220 quorum_down <STRING>|<QUOTED-STRING> [username [groupname]]
2221 # IP family for a fwmark service (only needed if all real servers are tunnelled
2223 # and persistence_granularity is not specified). Defaults to inet if not specified.
2224 ip_family inet|inet6
2225 # setup realserver(s)
2227 # RS to add to LVS topology when the quorum isn't achieved.
2229 # If a sorry server is configured, all real servers will
2230 # be brought down when the quorum is not achieved and be
2231 # replaced with the sorry server.
2232 sorry_server <IPADDR> [<PORT>]
2233 # applies inhibit_on_failure behaviour to the sorry_server
2234 sorry_server_inhibit
2235 # Sorry server LVS forwarding method. Default is the virtual
2236 # server's default.
2237 # For details of tunnel type, see virtual_server details.
2238 sorry_server_lvs_method NAT|DR
2239 or
2240 sorry_server_lvs_method TUN [type {ipip|gue port NUM|gre} [nocsum|csum|remcsum]]
2241 # Optional connection timeout in seconds.
2243 # The default is 5 seconds
2244 connect_timeout <TIMER>
2245 # Retry count to make additional checks if check
2247 # of an alive server fails. Default: 1 unless specified below
2248 retry <INTEGER>
2249 # delay before retry after failure. Defaults to delay_loop for DNS_CHECK,
2251 # 3 seconds for HTTP_GET and SSL_GET, and 1 second otherwise.
2252 delay_before_retry <TIMER>
2253 # Optional random delay to start the initial check
2255 # for maximum N seconds.
2256 # Useful to scatter multiple simultaneous
2257 # checks to the same RS. Enabled by default, with
2258 # the maximum at delay_loop. Specify 0 to disable
2259 warmup <TIMER>
2260 # delay timer for checker polling (60 seconds if not specified)
2262 delay_loop <TIMER>
2263 # Set weight to 0 when healthchecker detects failure
2265 inhibit_on_failure
2266 # one entry for each realserver
2268 real_server <IPADDR> [<PORT>] {
2269 # relative weight to use, default: 1
2270 weight <INTEGER>
2271 # LVS forwarding method
2272 # For details of tunnel type, see virtual_server details. The default
2273 # setting is taken from the virtual_server's setting.
2274 lvs_method NAT|DR
2275 or
2276 lvs_method TUN [type {ipip|gue port NUM|gre} [nocsum|csum|remcsum]]
2277 # Script to execute when healthchecker
2279 # considers service as up.
2280 notify_up <STRING>|<QUOTED-STRING> [username [groupname]]
2281 # Script to execute when healthchecker
2282 # considers service as down.
2283 notify_down <STRING>|<QUOTED-STRING> [username [groupname]]
2284 # maximum number of connections to server
2286 uthreshold <INTEGER>
2287 # minimum number of connections to server
2288 lthreshold <INTEGER>
2289 # Send email notification during state transition,
2291 # using addresses in global_defs above (default yes,
2292 # unless global smtp_alert/smtp_alert_checker set)
2293 smtp_alert <BOOL>
2294 # Default VirtualHost string for HTTP_GET or SSL_GET
2296 # eg virtualhost www.firewall.loc
2297 # Overridden by virtualhost config of a checker
2298 virtualhost <STRING>
2299 # snmp_name is a text string that is returned as part of the snmp
2301 # data for this real server. It can be used to help identify the
2302 # real server when parsing SNMP output.
2303 snmp_name <STRING>
2304 alpha <BOOL> # see above
2306 connect_timeout <TIMER> # see above
2307 retry <INTEGER> # see above
2308 delay_before_retry <TIMER> # see above
2309 warmup <TIMER> # see above
2310 delay_loop <TIMER> # see above
2311 inhibit_on_failure <BOOL> # see above
2312 # healthcheckers. Can be multiple of each type
2314 # HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|DNS_CHECK|MISC_CHECK|BFD_CHECK|UDP_CHECK|PING_CHECK|FILE_CHECK
2315 # All checkers have the following options, except MISC_CHECK which only
2317 # has options alpha onwards, and BFD_CHECK and FILE_CHECK which have none
2318 # of the standard options:
2319 CHECKER_TYPE {
2320 # ======== generic connection options
2321 # Optional IP address to connect to.
2322 # The default is the realserver IP
2323 connect_ip <IPADDR>
2324 # Optional port to connect to
2326 # The default is the realserver port
2327 connect_port <PORT>
2328 # Optional address to use to
2330 # originate the connection
2331 bindto <IPADDR>
2332 # Optional interface to use; needed if
2334 # the bindto address is IPv6 link local
2335 bind_if <IFNAME>
2336 # Optional source port to
2338 # originate the connection from
2339 bind_port <PORT>
2340 # Optional fwmark to mark all outgoing
2342 # checker packets with
2343 fwmark <INTEGER>
2344 alpha <BOOL> # see above
2346 connect_timeout <TIMER> # see above
2347 retry <INTEGER> # see above
2348 delay_before_retry <TIMER> # see above
2349 warmup <TIMER> # see above
2350 delay_loop <TIMER> # see above
2351 log_all_failures <BOOL> # log all failures when checker up
2352 }
2353 # The following options are additional checker specific
2355 # HTTP and SSL healthcheckers
2357 HTTP_GET|SSL_GET {
2358 # HTTP protocol version, one of 1.0, 1.0C, 1.1
2359 # Protocol version 1.0C means version 1.0 with the addition
2360 # of a "Connection: close" line, which is included in
2361 # version 1.1 by default.
2362 http_protocol <PROTOCOL>
2363 # When alpha mode is set, or when recovering from a failure,
2364 # each URL is checked, with a delay of <delay_loop> between
2365 # each check. if there were 20 URLs, and the <delay_loop> were
2366 # 3 seconds, it would take 1 minute before the RS would come up
2367 # following startup, or recovery from a failure. Setting
2368 # fast_recovery removes the delay, both at start up and after
2369 # recovery from a failure, meaning that the RS will come up
2370 # once all the URLs have been checked, with no delay between
2371 # checking each URL.
2372 fast_recovery [<BOOL>]
2373 # An url to test
2374 # can have multiple entries here
2375 url {
2376 #eg path / , or path /mrtg2/
2377 path <STRING>
2378 # healthcheck needs digest
2379 # or status_code and digest
2380 # Digest computed with genhash
2381 # eg digest 9b3a0c85a887a256d6939da88aabd8cd
2382 digest <STRING>
2383 # status code returned in the HTTP header
2384 # eg status_code 200 or status_code 200-299 400-499 503 505
2385 # Default is 200-299
2386 status_code <INTEGER|RANGE> [<INTEGER|RANGE>] ...
2387 # VirtualHost string. eg virtualhost www.firewall.loc
2388 # If not set, uses virtualhost from real or virtual server
2389 virtualhost <STRING>
2390 # Regular expression to search returned data against.
2391 # A failure to match causes the check to fail.
2392 regex <STRING>
2393 # Reverse the sense of the match, so a match of the
2394 # returned text causes the check to fail.
2395 regex_no_match
2396 # Space separated list of options for regex.
2397 # See man pcre2api for a description of the options.
2398 # The following option are supported:
2399 # allow_empty_class alt_bsux auto_callout caseless
2400 # dollar_endonly dotall dupnames extended firstline
2401 # match_unset_backref multiline never_ucp never_utf
2402 # no_auto_capture no_auto_possess no_dotstar_anchor
2403 # no_start_optimize ucp ungreedy utf never_backslash_c
2404 # alt_circumflex alt_verbnames use_offset_limit
2405 regex_options <OPTIONS>
2406 # For complicated regular expressions a larger stack
2407 # may be needed, and this allows the start and maximum
2408 # sizes in bytes to be specified. For more details see
2409 # the documentation for pcre2_jit_stack_create()
2410 regex_stack <START> <MAX>
2411 # The minimum offset into the returned data to start
2412 # checking for the regex pattern match. This can save
2413 # processing time if the returned data is large.
2414 regex_min_offset <OFFSET>
2415 # The maximum offset into the returned data for the
2416 # start of the subject match.
2417 regex_max_offset <OFFSET>
2418 }
2419 }
2420 SSL_GET {
2422 # when provided, send Server Name Indicator during SSL handshake
2423 enable_sni
2424 }
2425 # TCP healthchecker
2427 TCP_CHECK {
2428 # No additional options
2429 }
2430 # SMTP healthchecker
2432 SMTP_CHECK {
2433 # Optional string to use for the SMTP HELO request
2434 helo_name <STRING>|<QUOTED-STRING>
2435 }
2436 # DNS healthchecker. Uses UDP protocol.
2438 DNS_CHECK {
2439 # The retry default is 3.
2440 # DNS query type
2442 # A|NS|CNAME|SOA|MX|TXT|AAAA
2443 # The default is SOA
2444 type <STRING>
2445 # Domain name to use for the DNS query
2447 # The default is . (dot)
2448 name <STRING>
2449 }
2450 # MISC healthchecker, run a program
2452 MISC_CHECK {
2453 # The retry default is 0.
2454 # External script or program
2456 misc_path <STRING>|<QUOTED-STRING>
2457 # Script execution timeout
2458 misc_timeout <INTEGER>
2459 # If misc_dynamic is set, the exit code from healthchecker
2461 # is used to dynamically adjust the weight as follows:
2462 # exit status 0: svc check success, weight
2463 # unchanged.
2464 # exit status 1: svc check failed.
2465 # exit status 2-255: svc check success,
2466 # then the RS weight is increased by
2467 # (exit status - 2 - rs configured weight).
2468 # An exit status of 10 will set the RS weight to 10. If
2469 # the exit status subsequently changes to 20, the RS
2470 # weight will become 20.
2471 # If there is only one MISC_CHECK and no FILE_CHECKers
2472 # the effect is to set the RS weight to two less than
2473 # the exit status.
2474 # (for example: an exit status of 255 would set
2475 # weight to 253 if no other MISC_CHECKers or
2476 # FILE_CHECKers where configured on the RS)
2477 misc_dynamic
2478 # Specify the username/groupname that the script should
2480 # be run under.
2481 # If GROUPNAME is not specified, the group of the user
2482 # is used
2483 user USERNAME [GROUPNAME]
2484 }
2485 # BFD instance name to check
2487 BFD_CHECK {
2488 name <STRING>
2489 }
2490 # PING healthchecker
2492 # Note: using this checker may cause /proc/sys/net/ipv4/ping_group_range to be
2493 # updated to allow root to use an IPPROTO_ICMP socket.
2494 PING_CHECK {
2495 # No additional options
2496 }
2497 # UDP healthchecker
2499 # Note: for this checker to work properly, it relies on ICMP error messages such as
2500 # HOST_UNREACH, NET_UNREACH, PORT_UNREACH. HOST_UNREACH relies on ARP requests
2501 # timing out, and so connect_timeout should be long enough to allow for this (e.g.
2502 # at least 4 seconds).
2503 # If payload is specified, the HEX_STR will be sent as the UDP data, otherwise a
2504 # random payload will be sent.
2505 # If require_reply is specified, the received data length is checked to ensure that it
2506 # lies between min_reply_length and max_reply_length.
2507 # If require_reply without a hex string is specified, udp reply data must be received
2508 # but the data content is not checked.
2509 # If a require_reply HEX_STR is specified, the reply data will be checked against the
2510 # HEX_STR, which must match up to the minimum of the received data length and the length
2511 # of the require_reply HEX_STR.
2512 # The format of HEX_STR is quite free format, for example:
2513 # Ab12f 3 456 546443123
2514 # would be interpreted as:
2515 # AB 12 0F 03 45 06 54 64 43 12 03
2516 # For the require_reply HEX_STR, a character can be specified as X or x, in which case
2517 # the value of those 4 bits in the reply is ignored. This allows, for example, for
2518 # some form of counter or otherwise.
2519 # It may be that you will want to use PING_CHECK to the same server as well.
2520 UDP_CHECK {
2521 payload <HEX_STR>
2522 require_reply [<HEX_STR>] # Require a reply packet for check to be successful
2523 min_reply_length <INT> # default 0
2524 max_reply_length <INT> # default is 255
2525 }
2526 # File checker
2528 # This reads and monitors the contents of a file, where STRING is the name specified
2529 # in the track_file configuration block (see above).
2530 FILE_CHECK {
2531 track_file <STRING>
2532 # If dynamic is set, the value from the file is used
2534 # to dynamically adjust the weight by adding the weight
2535 # to the quorum and the LVS weight
2536 dynamic
2537 # The weight multiplier to apply to the value read from the file
2539 weight <-2147483647..2147483647> [reverse]
2540 }
2541 }
2542 }
2543 # Parameters used for SSL_GET check.
2545 # If none of the parameters are specified, the SSL context
2546 # will be auto generated.
2547 SSL {
2548 # Password
2549 password <STRING>
2550 # CA file
2551 ca <STRING>
2552 # Certificate file
2553 certificate <STRING>
2554 # Key file
2555 key <STRING>
2556 }
2557
2559 Configuration parser has been extended to support advanced features
2560 such as conditional configuration and parameter substitution. These
2561 features are very useful for any scripted environment where configura‐
2562 tion templates are generated (datacenters).
2563
2565 The config-id defaults to the first part of the node name as returned
2566 by uname, and can be overridden with the -i or --config-id command line
2567 option.
2568 Any configuration line starting with '@' is a conditional configuration
2570 line. The word immediately following (i.e. without any space) the '@'
2571 character is compared against the config-id, and if they don't match,
2572 the configuration line is ignored.
2573 Alternatively, '@^' is a negative comparison, so if the word immedi‐
2575 ately following does NOT match the config-id, the configuration line IS
2576 included.
2577 The purpose of this is to allow a single configuration file to be used
2579 for multiple systems, where the only differences are likely to be the
2580 router_id, vrrp instance priorities, and possibly interface names and
2581 unicast addresses.
2582 For example:
2584 global_defs {
2586 @main router_id main_router
2587 @backup router_id backup_router
2588 }
2589 ...
2590 vrrp_instance VRRP {
2591 ...
2592 @main unicast_src_ip 1.2.3.4
2593 @backup unicast_src_ip 1.2.3.5
2594 @backup2 unicast_src_ip 1.2.3.6
2595 unicast_peer {
2596 @^main 1.2.3.4
2597 @^backup 1.2.3.5
2598 @^backup2 1.2.3.6
2599 }
2600 ...
2601 }
2602 If keepalived is invoked with -i main, then the router_id will be set
2604 to main_router, if invoked with -i backup, then backup_router, if not
2605 invoked with -i, or with -i anything else, then the router_id will not
2606 be set. The unicast peers for main will be 1.2.3.5 and 1.2.3.6.
2607
2609 Substitutable parameters can be specified. The format for defining a
2610 parameter is:
2611 $PARAMETER=VALUE
2613 where there must be no space before the '=' and only whitespace may
2615 preceed to '$'. Empty values are allowed.
2616 Parameter names can be made up of any combination of A-Za-z0-9 and _,
2618 but cannot start with a digit. Parameter names starting with an under‐
2619 score should be considered reserved names that keepalived will define
2620 for various pre-defined options.
2621 After a parameter is defined, any occurrence of $PARAMETER followed by
2623 whitespace, or any occurrence of ${PARAMETER} (which need not be fol‐
2624 lowed by whitespace) will be replaced by VALUE.
2625 Replacement is recursive, so that if a parameter value itself includes
2627 a replaceable parameter, then after the first substitution, the parame‐
2628 ter in the value will then be replaced; the substitution is done at re‐
2629 placement time and not at definition time, so for example:
2630 $ADDRESS_BASE=10.2.${ADDRESS_BASE_SUB}
2632 $ADDRESS_BASE_SUB=0
2633 ${ADDRESS_BASE}.100/32
2634 $ADDRESS_BASE_SUB=10
2635 ${ADDRESS_BASE}.100/32
2636 will produce:
2638 10.2.0.100/32
2639 10.2.10.100/32
2640 Note in the above examples the use of both ADDRESS_BASE and AD‐
2642 DRESS_BASE_SUB required braces ({}) since the parameters were not fol‐
2643 lowed by whitespace (after the first substitution which produced
2644 10.2.${ADDRESS_BASE_SUB}.100/32 the parameter is still not followed by
2645 whitespace).
2646 If a parameter is not defined, it will not be replaced at all, so for
2648 example ${UNDEF_PARAMETER} will remain in the configuration if it is
2649 undefined; this means that existing configuration that contains a '$'
2650 character (for example in a script definition) will not be changed so
2651 long as no new parameter definitions are added to the configuration.
2652 Parameter substitution works in conjunction with conditional configura‐
2654 tion. For example:
2655 @main $PRIORITY=240
2657 @backup $PRIORITY=200
2658 ...
2659 vrrp_instance VI_0 {
2660 priority $PRIORITY
2661 }
2662 will produce:
2664 ...
2665 vrrp_instance VI_0 {
2666 priority 240
2667 }
2668 if the config_id is main.
2669 $IF_MAIN=@main
2671 $IF_MAIN priority 240
2672 will produce:
2674 priority 240
2675 if the config_id is main and nothing if the config_id is not main,
2676 although why anyone would want to use this rather than simply the
2677 following is not known (but still possible):
2678 @main priority 240
2679 Multiline definitions are also supported, but when used there must be
2681 nothing on the line after the parameter name. A multiline definition is
2682 specified by ending each line except the last with a '\' character.
2683 Example:
2685 $INSTANCE= \
2686 vrrp_instance VI_${NUM} { \
2687 interface eth0.${NUM} \
2688 use_vmac vrrp${NUM}.1 \
2689 virtual_router_id 1 \
2690 @high priority 130 \
2691 @low priority 120 \
2692 advert_int 1 \
2693 virtual_ipaddress { \
2694 10.0.${NUM}.254/24 \
2695 } \
2696 track_script { \
2697 offset_instance_${NUM} \
2698 } \
2699 }
2700 $NUM=0
2702 $INSTANCE
2703 $NUM=1
2705 $INSTANCE
2706 The use of multiline definitions can be nested.
2708 Example:
2710 $RS= \
2711 real_server 192.168.${VS_NUM}.${RS_NUM} 80 { \
2712 weight 1 \
2713 inhibit_on_failure \
2714 smtp_alert \
2715 MISC_CHECK { \
2716 misc_path "${_PWD}/scripts/vs.sh RS_misc.${INST}.${VS_NUM}.${RS_NUM}.0 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \
2717 } \
2718 MISC_CHECK { \
2720 misc_path "${_PWD}/scripts/vs.sh RS_misc.${INST}.${VS_NUM}.${RS_NUM}.1 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \
2721 } \
2722 notify_up "${_PWD}/scripts/notify.sh RS_notify.${INST}.${VS_NUM}.${RS_NUM} UP 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \
2724 notify_down "${_PWD}/scripts/notify.sh RS_notify.${INST}.${VS_NUM}.${RS_NUM} DOWN 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \
2726 }
2728 $VS= \
2730 virtual_server 10.0.${VS_NUM}.4 80 { \
2731 quorum 2 \
2732 quorum_up "${_PWD}/scripts/notify.sh VS_notify.${INST} UP 10.0.${VS_NUM}.4:80" \
2733 quorum_down "${_PWD}/scripts/notify.sh VS_notify.${INST} DOWN 10.0.${VS_NUM}.4:80" \
2734 $RS_NUM=1 \
2735 $RS \
2736 $RS_NUM=2 \
2737 $RS \
2738 $RS_NUM=3 \
2739 $RS \
2740 }
2741 $VS_NUM=0
2743 $ALPHA=alpha
2744 $VS
2745 $VS_NUM=1
2747 $ALPHA=
2748 $VS
2749 The above will create 2 virtual servers, each with 3 real servers
2751
2753 The following definitions are pre-defined:
2754 ${_PWD} : The directory of the current configuration file (this can be
2756 changed if using the include directive).
2757 ${_INSTANCE} : The instance name (as defined by the -i option, defaults
2758 to hostname).
2759 ${_RANDOM [MIN [MAX]]} : This is replaced by a random integer in the
2760 range [MIN, MAX], where MIN and MAX are optional non-negative integers.
2761 Defaults are MIN=0 and MAX=32767.
2762 ${_HASH} : This is replaced by a '#' character, which would otherwise
2763 start a comment
2764 ${_BANG} : This is replaced by a '!' character, which would otherwise
2765 start a comment
2766 Additional pre-defined definitions will be added as their need is iden‐
2768 tified. It will normally be quite straightforward to add additional
2769 pre-defined definitions, so if you need one, or have a good idea for
2770 one, then raise an issue at https://github.com/acassen/keepalived/is‐
2771 sues requesting it.
2772
2774 A line starting ~SEQ(var, start, step, end) will cause the remainder of
2775 the line to be processed multiple times, with the variable $var set
2776 initially to start, and then $var will be incremented by step repeat‐
2777 edly, terminating when it is greater than end. step may be omitted, in
2778 which case it defaults to 1 or -1, depending on whether end is greater
2779 or less than start. start may also be omitted, in which case it de‐
2780 faults to 1 if end > 0 or -1 if end < 0. ~SEQx(...) is the same as
2781 ~SEQ(...), except the variable $var will for formatted in hexadecimal,
2782 which would be useful for IPv6 addresses.
2783 Note: At the moment it is necessary to use different variables for the
2785 ~SEQ block from any previously defined variable, including one used as
2786 the variable in a previous ~SEQ block. This may change in the future,
2787 so do not rely on a ~SEQ block variable being defined after the end of
2788 the block.
2789 Examples:
2791 ~SEQ(SUBNET, 0, 3) ip_address 10.0.${SUBNET}.1
2793 would produce:
2795 ip_address 10.0.0.1
2796 ip_address 10.0.1.1
2797 ip_address 10.0.2.1
2798 ip_address 10.0.3.1
2799 and
2801 ~SEQx(SUBNET, 144, 16, 192) ip_address fe80::20:${SUBNET}:1
2802 or better
2803 ~SEQx(SUBNET, 0x90, 0x10, 0xc0) ip_address fe80::20:${SUBNET}:1
2804 would produce:
2806 ip_address fe80::20:90:1
2807 ip_address fe80::20:a0:1
2808 ip_address fe80::20:b0:1
2809 ip_address fe80::20:c0:1
2810 Another example:
2812 virtual_ipaddress {
2814 ~SEQx(AD2, 0x90, 0x10, 0xc0) ~SEQx(AD1, 0x12, -1, 0x0c) fe81::10:${AD2}:${AD1}
2815 }
2816 There can be multiple ~SEQ elements on a line, so for example:
2818 $VI4= \
2820 track_file offset_instance_4.${IF}.${NUM}.${ID} { \
2821 file "${_PWD}/679/track_files/4.${IF}.${NUM}.${ID}" \
2822 weight -100 \
2823 } \
2824 vrrp_instance vrrp4.${IF}.${NUM}.${ID} { \
2825 interface bond${IF}.${NUM} \
2826 use_vmac vrrp4.${IF}.${NUM}.${ID} \
2827 virtual_router_id ${ID} \
2828 priority 130 \
2829 virtual_ipaddress { \
2830 10.${IF}.${NUM}.${ID}/24 \
2831 } \
2832 track_file { \
2833 offset_instance_4.${IF}.${NUM}.${ID} \
2834 } \
2835 }
2836 ~SEQ(IF,0,7) ~SEQ(NUM,0,31) ~SEQ(ID,1,254) $VI4
2838 will produce 65024 vrrp instances with names from vrrp4.0.0.1 through to
2840 vrrp4.7.31.254.
2841
2843 List blocks are similar to sequence blocks, except that the values to
2844 substitute into the variable are listed in the ~LST specification.
2845 A line starting ~LST(var, val1, val2, val3) will cause the remainder of
2847 the line to be processed multiple times, with the variable $var set
2848 initially to val1, and then val2, and finally val3. Any number of val‐
2849 ues can be specified, as long as at least one value is (although only
2850 one value would be pointless).
2851 If it is desired to substitute more than one variable at a time, the
2853 variables and values need to be enclosed in {...} blocks. For example:
2854 ~LST({IP, IP1}, {10,1},{20,4},{5,6},{12,8}) 192.168.${IP}.${IP1}
2856 would first set IP=10 and IP1=1, then IP=20 and IP1=4, etc, and pro‐
2858 duces:
2859 192.168.10.1
2861 192.168.20.4
2862 192.168.5.6
2863 192.168.12.8
2864 List blocks can be nested, so:
2866 ~LST(IP, 1, 2, 3, 4) ~LST(IP1, 5,6,7) 192.169.${IP}.${IP1}
2868 produces:
2870 192.169.1.5
2871 192.169.1.6
2872 192.169.1.7
2873 192.169.2.5
2874 192.169.2.6
2875 192.169.2.7
2876 192.169.3.5
2877 192.169.3.6
2878 192.169.3.7
2879 192.169.4.5
2880 192.169.4.6
2881 192.169.4.7
2882 Finally, list blocks and sequence blocks can be combined, so:
2884 ~LST({IP, IP1}, {10,1},{20,4},{5,6},{12,8}) ~SEQ(IP2,168,2,172)
2886 192.${IP2}.${IP}.${IP1}
2887 produces:
2889 192.168.10.1
2891 192.170.10.1
2892 192.172.10.1
2893 192.168.20.4
2894 192.170.20.4
2895 192.172.20.4
2896 192.168.5.6
2897 192.170.5.6
2898 192.172.5.6
2899 192.168.12.8
2900 192.170.12.8
2901 192.172.12.8
2902
2904 It has been identified that if proxy_arp and proxy_arp_pvlan are en‐
2905 abled on an interface that has VIPs or eVIPs configured on it, it can
2906 cause incorrect replies to ARP requests due to the proxy replying to
2907 the ARP request as well as the keepalived host. Both need to be set to
2908 0 to function properly.
2909
2911 Initial by Joseph Mack. Extensive updates by Alexandre Cassen & Quentin
2912 Armitage.
2913
2915 ipvsadm(8), ip --help.
2916Keepalived 2022-01-15 keepalived.conf(5)