1keepalived.conf(5) Keepalived Configuration's Manual keepalived.conf(5)
2
3
4
6 keepalived.conf - configuration file for Keepalived
7
9 This documentation MUST be considered as THE exhaustive source of in‐
10 formation in order to configure Keepalived. This documenation is sup‐
11 ported and maintained by Keepalived Core-Team.
12
14 keepalived.conf is the configuration file which describes all the
15 Keepalived keywords. Keywords are placed in hierarchies of blocks and
16 subblocks, each layer being delimited by '{' and '}' pairs.
17
18 Comments start with '#' or '!' to the end of the line and can start
19 anywhere in a line.
20
21 The keyword 'include' and variants allow inclusion of other configura‐
22 tion files from within the main configuration file, or from subse‐
23 quently included files.
24
25 The format of the include directive is:
26
27 include FILENAME
28
29 FILENAME can be a fully qualified or relative pathname, and can include
30 wildcards, including csh style brace expressions such as
31 "{foo/{,cat,dog},bar}" if glob() supports them.
32
33 After opening an included file, the current directory is set to the di‐
34 rectory of the file itself, so any relative paths included from a file
35 are relative to the directory of the including file itself.
36
37 The include variants add additional include checks to the current in‐
38 clude_check level (see below) The variants are:
39 includer FILENAME - same as include_check readable
40 includem FILENAME - same as include_check match
41 includew FILENAME - same as include_check wildcard_match
42 includeb FILENAME - same as include_check brace_match
43 includea FILENAME - all include_check checks
44
45 NOTE: If the libc glob() function does not support GLOB_ALTDIRFUNC
46 (e.g. Musl libc as on Alpine Linux etc.), then only includea, includer
47 and includew of the above options will work.
48
49 Why do we want to allow errors? Suppose a configuration has optional
50 files in /etc/keepalived/conf.d, then include_/etc/keepalived/conf.d/*
51 could be specified, but it should not error if there are no files in
52 the directory; in this case includer should be used. Otherwise it is
53 sensible to use includea.
54
55 include handling will not work with if the include line uses condi‐
56 tional configuration or parameter substitution, since the detection of
57 the include keywords is done before the processing on conditional con‐
58 figuration and parameter substitution.
59
60 The basic include keyword is retained for backward compatibility, since
61 it does not produce config errors if files could not be opened etc.
62
64 <BOOL> is one of on|off|true|false|yes|no
65 <TIMER> is a time value in seconds, including fractional seconds, e.g.
66 2.71828 or 3; resolution of timer is micro-seconds.
67
69 There are three classes of scripts can be configured to be executed.
70
71 (a) Notify scripts that are run when a vrrp instance or vrrp group
72 changes state, or a virtual server quorum changes between up and down.
73
74 (b) vrrp tracking scripts that will cause vrrp instances to go down it
75 they exit a non-zero exist status, or if a weight is specified will add
76 or subtract the weight to/from the priority of that vrrp instance.
77
78 (c) LVS checker misc scripts that will cause a real server to be con‐
79 figured down if they exit with a non-zero status.
80
81 By default the scripts will be executed by user keepalived_script if
82 that user exists, or if not by root, but for each script the user/group
83 under which it is to be executed can be specified.
84
85 There are significant security implications if scripts are executed
86 with root privileges, especially if the scripts themselves are modifi‐
87 able or replaceable by a non root user. Consequently, security checks
88 are made at startup to ensure that if a script is executed by root,
89 then it cannot be modified or replaced by a non root user.
90
91 All scripts should be written so that they will terminate on receipt of
92 a SIGTERM signal. Scripts will be sent SIGTERM if their parent termi‐
93 nates, or it is a script the keepalived is awaiting its exit status and
94 it has run for too long.
95
97 Quoted strings are specified between " characters; more specifically a
98 string will only end after a quoted string if there is whitespace af‐
99 terwards. For example:
100 "abcd" efg h jkl "mnop"
101 will be the single string "abcd efg h jkl mnop", i.e. the embedded "
102 characters are removed.
103
104 Quoted strings can also have escaped characters, like the shell. \a,
105 \b, \E, \f, \n, \r, \t, \v, \nnn and \xXX (where nnn is up to 3 octal
106 digits, and XX is any sequence of hex digits) and \cC (which produces
107 the control version of character C) are all supported. \C for any other
108 character C is just treated as an escaped version of character C, so \\
109 is a \ character and \" will be a " character, but it won't start or
110 terminate a quoted string.
111
112 For specifying scripts with parameters, unquoted spaces will separate
113 the parameters. If it is required for a parameter to contain a space,
114 it should be enclosed in single quotes (').
115
116
118 Traditionally the configuration file parser has not been one of the
119 strengths of keepalived. Lot of efforts have been put to correct this
120 even if this is not the primal goal of the project.
121
123 Keepalived configuration file is articulated around a set of configura‐
124 tion blocks. Each block is focusing and targetting a specific daemon
125 family feature. These features are:
126
127 GLOBAL CONFIGURATION
128
129 BFD CONFIGURATION
130
131 VRRPD CONFIGURATION
132
133 LVS CONFIGURATION
134
136 contains subblocks of Global definitions, Linkbeat interfaces, Static
137 track groups, Static addresses, Static routes, and Static rules
138
140 # Following are global daemon facilities for running
141 # keepalived in a separate network namespace:
142 # --
143 # Set the network namespace to run in.
144 # The directory /run/keepalived will be created as an
145 # unshared mount point, for example for pid files.
146 # syslog entries will have _NAME appended to the ident.
147 # Note: the namespace cannot be changed on a configuration reload.
148 net_namespace NAME
149
150 # Add the IPVS configuration in the specified net namespace. It allows to easily
151 # split the VIP traffic on a given namespace and keep the healthchecks traffic
152 # in another namespace. If NAME is not specified, then the default namespace
153 # will be used.
154 net_namespace_ipvs NAME
155
156 # ipsets wasn't network namespace aware until Linux 3.13, and so
157 # if running with # an earlier version of the kernel, by default
158 # use of ipsets is disabled if using a namespace and vrrp_ipsets
159 # has not been specified. This options overrides the default and
160 # allows ipsets to be used with a namespace on kernels prior to 3.13.
161 namespace_with_ipsets
162
163 # If multiple instances of keepalived are run in the same namespace,
164 # this will create pid files with NAME as part of the file names,
165 # in /run/keepalived.
166 # Note: the instance name cannot be changed on a configuration reload
167 instance NAME
168
169 # Create pid files in /run/keepalived
170 use_pid_dir
171
172 # Poll to detect media link failure using ETHTOOL, MII or ioctl interface
173 # otherwise uses netlink interface.
174 linkbeat_use_polling
175
176 # Time for main process to allow for child processes to exit on termination
177 # in seconds. This can be needed for very large configurations.
178 # (default: 5)
179 child_wait_time SECS
180
181 # Global definitions configuration block
182 global_defs {
183 # In order to ensure that all processes read exactly the same configuration,
184 # while the config is first read it is written, by default, to a memory based
185 # file (or to an anonymous file in /tmp/ if memfd_create() is not supported).
186 # If your configuration is very large, you may not want the copy to be
187 # held in memory, in which case specifing the tmp_config_directory causes the
188 # configuration to be written to an anonymous file on the filesystem on which
189 # the specified directory resides, which must be writeable by keepalived.
190 # This setting cannot be changed on a reload, and it should be specified as
191 # early as possible in the configuration.
192 tmp_config_directory DIRECTORY
193
194 # Set the process names of the keepalived processes to the default values:
195 # keepalived, keepalived_vrrp, keepalived_ipvs, keepalived_bfd
196 process_names
197
198 # Specify the individual process names
199 process_name NAME
200 vrrp_process_name NAME
201 checker_process_name NAME
202 bfd_process_name NAME
203
204 # The startup and shutdown scripts are run once, when keepalived starts
205 # before any child processes are run, and when keepalived stops after
206 # all child processes have terminated, respectively.
207 # The original motivation for adding this feature was that although
208 # keepalived can setup IPVS configuration using firewall marks, there
209 # was no mechanism for adding configuration to set the firewall marks
210 # (or for removing it afterwards).
211 # This feature can also be used to setup the iptables framework required
212 # if using iptables (see vrrp_iptables option below), modify interface
213 # settings, or anything else that can be done from a script or program.
214 # Only one startup script and one shutdown script can be specified.
215 # The timeouts (in seconds default 10 seconds) are the time allowed for
216 # scripts to run; if the timeout expires the scripts will be killed (this
217 # is to stop keepalived hanging waiting for the scripts to terminate).
218 startup_script SCRIPT_NAME [username [groupname]]
219 startup_script_timeout SECONDS # range [1,1000]
220 shutdown_script SCRIPT_NAME [username [groupname]]
221 shutdown_script_timeout SECONDS # range [1,1000]
222
223 # Set of email To: notify
224 notification_email {
225 admin@example1.com
226 ...
227 }
228
229 # email from address that will be in the header
230 # (default: keepalived@<local host name>)
231 notification_email_from admin@example.com
232
233 # Remote SMTP server used to send notification email.
234 # IP address or domain name with optional port number.
235 # (default port number: 25)
236 smtp_server 127.0.0.1 [<PORT>]
237
238 # Name to use in HELO messages.
239 # (default: local host name)
240 smtp_helo_name <STRING>
241
242 # SMTP server connection timeout in seconds.
243 smtp_connect_timeout 30
244
245 # Sets default state for all smtp_alerts
246 smtp_alert <BOOL>
247
248 # Sets default state for vrrp smtp_alerts
249 smtp_alert_vrrp <BOOL>
250
251 # Sets default state for checker smtp_alerts
252 smtp_alert_checker <BOOL>
253
254 # Logs every failed real server check in syslog
255 # (nevertheless, SMTP alert is only sent when all retry checks failed
256 # and real server transitions to DOWN state)
257 checker_log_all_failures <BOOL>
258
259 # Don't send smtp alerts for fault conditions
260 no_email_faults
261
262 # String identifying the machine (doesn't have to be hostname).
263 # (default: local host name)
264 router_id <STRING>
265
266 # Multicast Group to use for IPv4 VRRP adverts
267 # Defaults to the RFC5798 IANA assigned VRRP multicast address 224.0.0.18
268 # which You typically do not want to change.
269 vrrp_mcast_group4 224.0.0.18
270
271 # Multicast Group to use for IPv6 VRRP adverts
272 # (default: ff02::12)
273 vrrp_mcast_group6 ff02::12
274
275 # sets the default interface for static addresses.
276 # (default: eth0)
277 default_interface p33p1.3
278
279 # The sync daemon as provided by the IPVS kernel code only supports
280 # one master and one backup daemon instance at a time to synchronize
281 # the IPVS connection table.
282 # See ipvsadm(8) man page for more details of the sync daemon.
283 # Parameters are binding interface, and optional:
284 # inst VRRP_INSTANCE (inst can be omitted for backward compatibility)
285 # syncid (0 to 255) for lvs syncd, default is the VRID of vrrp instance,
286 # or 0 if no vrrp instance
287 # maxlen (1..65507) maximum packet length (limit is mtu - 20 - 8)
288 # port (1..65535) UDP port number to use, default 8848
289 # ttl (1..255)
290 # group - multicast group address(IPv4 or IPv6), default 224.0.0.81
291 # If VRRP_INSTANCE is not specified, both the master and backup sync daemons
292 # will be run as long as keepalived is running, otherwise the sync daemon
293 # master/backup state tracks the state of the specified vrrp instance: if
294 # the vrrp instance is in master state, only the master sync daemon will run,
295 # if the vrrp instance is not master, only the backup sync daemon will run.
296 # NOTE: maxlen, port, ttl and group are only available on Linux 4.3 or later.
297 # See kernel source doc/Documentation/networking/ipvs-sysctl.txt for details of
298 # parameters controlling IPVS and the sync daemon.
299 # /proc/net/ip_vs* provide some details about the state of IPVS.
300 lvs_sync_daemon <INTERFACE> [[inst] <VRRP_INSTANCE>] [id <SYNC_ID>] \
301 [maxlen <LEN>] [port <PORT>] [ttl <TTL>] [group <IP ADDR>]
302
303 # lvs_timeouts specifies the tcp, tcp_fin and udp connection tracking timeouts
304 # in seconds. At least one value must be specified; not setting a value leaves
305 # it unchanged from when keepalived started.
306 lvs_timeouts [tcp SECS] [tcpfin SECS] [udp SECS]
307
308 # flush any existing LVS configuration at startup
309 lvs_flush
310
311 # flush remaining LVS configuration at shutdown (for large configurations
312 # this is much faster than the default approach of deleting each RS and
313 # each VS individually).
314 # If VS is specified, remove each keepalived managed virtual
315 # server without explicitly removing the real servers (the kernel will
316 # remove them).
317 lvs_flush_on_stop [VS]
318
319 # delay for second set of gratuitous ARPs after transition to MASTER.
320 # in seconds, 0 for no second set.
321 # (default: 5)
322 vrrp_garp_master_delay 10
323
324 # number of gratuitous ARP messages to send at a time after
325 # transition to MASTER.
326 # (default: 5)
327 vrrp_garp_master_repeat 1
328
329 # delay for second set of gratuitous ARPs after lower priority
330 # advert received when MASTER.
331 # (default: vrrp_garp_master_delay)
332 vrrp_garp_lower_prio_delay 10
333
334 # number of gratuitous ARP messages to send at a time after
335 # lower priority advert received when MASTER.
336 # (default: vrrp_garp_master_repeat)
337 vrrp_garp_lower_prio_repeat 1
338
339 # minimum time interval for refreshing gratuitous ARPs while MASTER.
340 # in seconds (resolution seconds).
341 # (default: 0 (no refreshing))
342 vrrp_garp_master_refresh 60
343
344 # number of gratuitous ARP messages to send at a time while MASTER
345 # (default: 1)
346 vrrp_garp_master_refresh_repeat 2
347
348 # Delay between gratuitous ARP messages sent on an interface
349 # decimal, seconds (resolution usecs).
350 # (default: 0)
351 vrrp_garp_interval 0.001
352
353 # Delay between unsolicited NA messages sent on an interface
354 # decimal, seconds (resolution usecs).
355 # (default: 0)
356 vrrp_gna_interval 0.000001
357
358 # By default keepalived sends 5 gratuitions ARP/NA messages at a
359 # time, and after transitioning to MASTER sends a second block of
360 # 5 messages 5 seconds later.
361 # With modern switches this is unnecessary, so setting vrrp_min_garp
362 # causes only one ARP/NA message to be sent, with no repeat 5 seconds
363 # later.
364 vrrp_min_garp [<BOOL>]
365
366 # The following option causes periodic GARP/NA messages to be sent on
367 # interfaces of VIPs/eVIPs that are not the interface of the VRRP
368 # instance, in order to ensure that switch MAC caches are maintained
369 # (specified in seconds).
370 # Many switches have a default cache timeout of 300 seconds, and so
371 # a garp repeat rate of 1/3rd of that would be sensible. The maximum
372 # permitted value is 1 day (86400 seconds);
373 # By default, it will only send on VMAC interfaces; specifying all
374 # will cause it to send GARP/NA on each interface used by the VRRP instance.
375 vrrp_garp_extra_if [all] 100
376
377 # If a lower priority advert is received, don't send another advert.
378 # This causes adherence to the RFCs. Defaults to false, unless
379 # strict_mode is set.
380 vrrp_lower_prio_no_advert [<BOOL>]
381
382 # If we are master and receive a higher priority advert, send an advert
383 # (which will be lower priority than the other master), before we
384 # transition to backup. This means that if the other master has
385 # garp_lower_priority_repeat set, it will resend garp messages.
386 # This is to get around the problem of their having been two simultaneous
387 # masters, and the last GARP messages seen were from us.
388 vrrp_higher_prio_send_advert [<BOOL>]
389
390 # Set the default VRRP version to use
391 # (default: 2, but IPv6 instances will use version 3)
392 vrrp_version <2 or 3>
393
394 # keepalived uses a firewall (either nftables or iptables) for two purposes:
395 # i) To implement no_accept mode
396 # ii) To stop IGMP/MLD packets being sent on VMAC interfaces, and to move
397 # them onto the underlying interface.
398 # If both vrrp_iptables and vrrp_nftables are specified, keepalived will use
399 # nftables and not iptables. Similarly, if the iptables command is generating
400 # nftables configuration, or there is no iptables command installed,
401 # keepalived will use nftables rather than iptables.
402 # If neither vrrp_nftables or vrrp_iptables are specified but VMACs are in use
403 # or no_accept is specified, keepalived will use nftables if it is available.
404
405 # Use nftables as the firewall.
406 # TABLENAME must not exist, and must be different for each
407 # instance of keepalived running in the same network namespace.
408 # Default tablename is keepalived, and priority is -1.
409 # keepalived will create base chains in the table.
410 # counters means counters are added to the rules (primarily for
411 # debugging purposes).
412 # ifindex means create IPv6 link local sets using ifindex rather
413 # than ifnames. This is the default unless the vrrp_instance has
414 # set dont_track_primary. The alternative is to use interface names
415 # as part of the set key, but the nft utility prior to v0.8.3 will
416 # then not output interface names properly.
417 nftables [TABLENAME]
418 nftables_priority PRIORITY
419 nftables_counters
420 nftables_ifindex
421
422 # Similarly for IPVS iptables - used for setting fwmarks for virtual
423 # server groups. keepalived will allocate a fwmark for each virtual
424 # server group, so that only one virtual server for each group needs
425 # to be configured in IPVS, by using a fwmark, and nftables will be
426 # used to set the fwmark for each of the virtual server
427 # address/protocol/port combinations specified.
428 # nftables_ipvs_start_fwmark specifies the first fwmark for keepalived
429 # to use (default 1000). This will be incremented for each subsequent
430 # virtual server group.
431 nftables_ipvs [TABLENAME]
432 nftables_ipvs_priority PRIORITY
433 nftables_ipvs_start_fwmark NUMBER
434
435 # Use iptables as the firewall.
436 # Note: it is necessary for the specified chain to exist in
437 # the iptables and/or ip6tables configuration, and for the chain
438 # to be called from an appropriate point in the iptables configuration.
439 # It will probably be necessary to have this filtering after accepting
440 # any ESTABLISHED,RELATED packets, because IPv4 might select the VIP as
441 # the source address for outgoing connections.
442 # (default: INPUT)
443 vrrp_iptables keepalived
444
445 # or for outbound filtering as well
446 # Note, outbound filtering won't work with IPv4, since the VIP can be
447 # selected as the source address for an outgoing connection. With IPv6
448 # this is unlikely since the addresses are deprecated.
449 vrrp_iptables keepalived_in keepalived_out
450
451 # or to to use default chains (INPUT and OUTPUT)
452 vrrp_iptables
453
454 # Keepalived may have the option to use ipsets in conjunction with
455 # iptables. If so, then the ipset names can be specified, defaults
456 # as below. If no names are specified, ipsets will not be used,
457 # otherwise any omitted names will be constructed by adding "_if"
458 # and/or "6" and _igmp/_mld to previously specified names.
459 vrrp_ipsets [keepalived [keepalived6 [keepalived_if6 [keepalived_igmp [keepalived_mld]]]]]
460
461 # An alternative to moving IGMP messages from VMACs to their parent interfaces
462 # is to disable them altogether in the kernel by setting
463 # igmp_link_local_mcast_reports false.
464 # This stops IGMP join etc messages for 224.0.0.0/24, since they should
465 # always be forwarded to all interfaces (see RFC4541).
466 # This is available from Linux 4.3 onwards.
467 disable_local_igmp
468
469 # The following enables checking that when in unicast mode, the
470 # source address of a VRRP packet is one of our unicast peers.
471 vrrp_check_unicast_src
472
473 # Checking all the addresses in a received VRRP advert can be time
474 # consuming. Setting this flag means the check won't be carried out
475 # if the advert is from the same master router as the previous advert
476 # received.
477 # (default: don't skip)
478 vrrp_skip_check_adv_addr
479
480 # Enforce strict VRRP protocol compliance. This currently includes
481 # enforcing the following. Please note that other checks may be
482 # added in the future if they are found to be missing:
483 # 0 VIPs not allowed
484 # unicast peers not allowed
485 # IPv6 addresses not allowed in VRRP version 2
486 # First IPv6 VIP is not link local
487 # State MASTER can be configured if and only if priority is 255
488 # Authentication is not supported
489 # Preempt delay is not supported
490 # Accept mode cannot be set for VRRPv2
491 # If accept/no accept is not specified, accept is set if priority
492 # is 255 aand cleared otherwise
493 # Gratuitous ARP repeats cannot be enabled
494 # Cannot clear lower_prio_no_advert
495 # Cannot set higher_prio_send_advert
496 # Cannot use vmac_xmit_base
497 vrrp_strict
498
499 # Send vrrp instance priority notifications on notify FIFOs.
500 vrrp_notify_priority_changes <BOOL>
501
502 # The following options can be used if vrrp, checker or bfd processes
503 # are timing out. This can be seen by a backup vrrp instance becoming
504 # master even when the master is still running, because the master or
505 # backup system is too busy to process vrrp packets.
506 # --
507 # keepalived can, if it detects that it is not running sufficiently
508 # soon after a timer should expire, increase its priority, first
509 # of all switching to realtime scheduling, and if that is not
510 # sufficient, it will then increase its realtime priority by one each
511 # time it detects a further delay in running. If the event that realtime
512 # scheduling is enabled, RLIMIT_RTTIME will be set, using the values for
513 # {bfd,checker,vrrp}_rlimit_rttime (see below). These values may need
514 # to be increased for slower processors.
515 # --
516 # To limit the maximum increased automatic priority, specify the following
517 # (0 doesn't use automatic priority increases, and is the default. -1 disables
518 # the warning message at startup). Omitting the priority sets the maximum value.
519 max_auto_priority [<-1 to 99>] # 99 is really sched_get_priority_max(SCHED_RR)
520
521 # Minimum delay in microseconds after timer expires before keeplalived is
522 # scheduled after which the process priority will be auto incremented
523 # (default is 1000000 usecs (1 second), maximum is 10000000 (10 seconds))
524 min_auto_priority_delay <delay in usecs>
525
526 # Set the vrrp child process priority (Negative values increase priority)
527 vrrp_priority <-20 to 19>
528
529 # Set the checker child process priority
530 checker_priority <-20 to 19>
531
532 # Set the BFD child process priority
533 bfd_priority <-20 to 19>
534
535 # Set the vrrp child process non swappable
536 vrrp_no_swap
537
538 # Set the checker child process non swappable
539 checker_no_swap
540
541 # Set the BFD child process non swappable
542 bfd_no_swap
543
544 # The following options can be used to force vrrp, checker and bfd
545 # processes to run on a restricted CPU set.
546 # You can either bind processes to a single CPU or define a set of
547 # cpu. In that last case Linux kernel will be restricted to that cpu
548 # set during scheduling. Forcing process binding to single CPU can
549 # increase performances on heavy loaded box.
550 # INTEGER following configuration keyword are representing cpu_id
551 # as shown in /proc/cpuinfo on line "processor:"
552 # --
553 # Set CPU Affinity for the vrrp child process
554 vrrp_cpu_affinity <INTEGER> [<INTERGER>]...[<INTEGER>]
555
556 # Set CPU Affinity for the checker child process
557 checker_cpu_affinity <INTEGER> [<INTERGER>]...[<INTEGER>]
558
559 # Set CPU Affinity for the bfd child process
560 bfd_cpu_affinity <INTEGER> [<INTERGER>]...[<INTEGER>]
561
562 # Set the vrrp child process to use real-time scheduling
563 # at the specified priority
564 vrrp_rt_priority <1..99>
565
566 # Set the checker child process to use real-time scheduling
567 # at the specified priority
568 checker_rt_priority <1..99>
569
570 # Set the BFD child process to use real-time scheduling
571 # at the specified priority
572 bfd_rt_priority <1..99>
573
574 # Set the limit on CPU time between blocking system calls,
575 # in microseconds
576 # (default: 10000)
577 vrrp_rlimit_rttime >=2
578 checker_rlimit_rttime >=2
579 bfd_rlimit_rttime >=2
580
581 # If Keepalived has been build with SNMP support, the following
582 # keywords are available.
583 # Note: Keepalived, checker and RFC support can be individually
584 # enabled/disabled
585 # --
586 # Specify socket to use for connecting to SNMP master agent
587 # (see source module keepalived/vrrp/vrrp_snmp.c for more details)
588 # (default: unix:/var/agentx/master)
589 snmp_socket udp:1.2.3.4:705
590
591 # enable SNMP handling of vrrp element of KEEPALIVED MIB
592 enable_snmp_vrrp
593
594 # enable SNMP handling of checker element of KEEPALIVED MIB
595 enable_snmp_checker
596
597 # enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs
598 enable_snmp_rfc
599
600 # enable SNMP handling of RFC2787 VRRP MIB
601 enable_snmp_rfcv2
602
603 # enable SNMP handling of RFC6527 VRRP MIB
604 enable_snmp_rfcv3
605
606 # enable SNMP traps
607 enable_traps
608
609 # If Keepalived has been build with DBus support, the following
610 # keywords are available.
611 # --
612 # Enable the DBus interface
613 enable_dbus
614
615 # Name of DBus service
616 # Useful if you want to run multiple keepalived processes with DBus enabled
617 # (default: org.keepalived.Vrrp1)
618 dbus_service_name SERVICE_NAME
619
620 # Specify the default username/groupname to run scripts under.
621 # If this option is not specified, the user defaults to keepalived_script
622 # if that user exists, otherwise root.
623 # If groupname is not specified, it defaults to the user's group.
624 script_user username [groupname]
625
626 # Don't run scripts configured to be run as root if any part of the path
627 # is writable by a non-root user.
628 enable_script_security
629
630 # Rather than using notify scripts, specifying a fifo allows more
631 # efficient processing of notify events, and guarantees that they
632 # will be delivered in the correct sequence.
633 # NOTE: the FIFO names must all be different
634 # --
635 # FIFO to write notify events to
636 # See vrrp_notify_fifo and lvs_notify_fifo for format of output
637 # For further details, see the description under vrrp_sync_group.
638 # see doc/samples/sample_notify_fifo.sh for sample usage.
639 notify_fifo FIFO_NAME [username [groupname]]
640
641 # script to be run by keepalived to process notify events
642 # The FIFO name will be passed to the script as the last parameter
643 notify_fifo_script STRING|QUOTED_STRING [username [groupname]]
644
645 # FIFO to write vrrp notify events to.
646 # The string written will be a line of the form: INSTANCE "VI_1" MASTER 100
647 # and will be terminated with a new line character.
648 # For further details of the output, see the description under vrrp_sync_group
649 # and doc/samples/sample_notify_fifo.sh for sample usage.
650 vrrp_notify_fifo FIFO_NAME [username [groupname]]
651
652 # script to be run by keepalived to process vrrp notify events
653 # The FIFO name will be passed to the script as the last parameter
654 vrrp_notify_fifo_script STRING|QUOTED_STRING [username [groupname]]
655
656 # FIFO to write notify healthchecker events to
657 # The string written will be a line of the form:
658 # VS [192.168.201.15]:tcp:80 {UP|DOWN}
659 # RS [1.2.3.4]:tcp:80 [192.168.201.15]:tcp:80 {UP|DOWN}
660 # and will be terminated with a new line character.
661 lvs_notify_fifo FIFO_NAME [username [groupname]]
662
663 # script to be run by keepalived to process healthchecher notify events
664 # The FIFO name will be passed to the script as the last parameter
665 lvs_notify_fifo_script STRING|QUOTED_STRING [username [groupname]]
666
667 # Allow configuration to include interfaces that don't exist at startup.
668 # This allows keepalived to work with interfaces that may be deleted and restored
669 # and also allows virtual and static routes and rules on VMAC interfaces.
670 # allow_if_changes allows an interface to be deleted and recreated with a
671 # different type or underlying interface, eg changing from vlan to macvlan
672 # or changing a macvlan from eth1 to eth2. This is predominantly used for
673 # reporting duplicate VRID errors at startup if allow_if_changes is not set.
674 dynamic_interfaces [allow_if_changes]
675
676 # The following options are only needed for large configurations, where either
677 # keepalived creates a large number of interface, or the system has a large
678 # number of interface. These options only need using if
679 # "Netlink: Receive buffer overrun" messages are seen in the system logs.
680 # If the buffer size needed exceeds the value in /proc/sys/net/core/rmem_max
681 # the corresponding force option will need to be set.
682 # --
683 # Set netlink receive buffer size. This is useful for
684 # very large configurations where a large number of interfaces exist, and
685 # the initial read of the interfaces on the system causes a netlink buffer
686 # overrun.
687 vrrp_netlink_cmd_rcv_bufs BYTES
688 vrrp_netlink_cmd_rcv_bufs_force <BOOL>
689 vrrp_netlink_monitor_rcv_bufs BYTES
690 vrrp_netlink_monitor_rcv_bufs_force <BOOL>
691
692 # The vrrp netlink command and monitor socket the checker command and
693 # and monitor socket and process monitor buffer sizes can be independently set.
694 # The force flag means to use SO_RCVBUFFORCE, so that the buffer size
695 # can exceed /proc/sys/net/core/rmem_max.
696 lvs_netlink_cmd_rcv_bufs BYTES
697 lvs_netlink_cmd_rcv_bufs_force <BOOL>
698 lvs_netlink_monitor_rcv_bufs BYTES
699 lvs_netlink_monitor_rcv_bufs_force <BOOL>
700
701 # As a guide for process_monitor_rcv_bufs for 1400 processes terminating
702 # simultaneously, 212992 (the default on some systems) is insufficient, whereas
703 # 500000 is sufficient.
704 process_monitor_rcv_bufs BYTES
705 process_monitor_rcv_bufs_force <BOOL>
706
707 # When a socket is opened, the kernel configures the max rx buffer size for
708 # the socket to /proc/sys/net/core/rmem_default. On some systems this can be
709 # very large, and even generally this can be much larger than necessary.
710 # This isn't a problem so long as keepalived is reading all queued data from
711 # it's sockets, but if rmem_default was set sufficiently large, and if for
712 # some reason keepalived stopped reading, it could consume all system memory.
713 # The vrrp_rx_bufs_policy allows configuring of the rx bufs size when the
714 # sockets are opened. If the policy is MTU, the rx buf size is configured
715 # to the total of interface's MTU * vrrp_rx_bufs_multiplier for each vrrp
716 # instance using the socket. Likewise, if the policy is ADVERT, then it is
717 # the total of each vrrp instances advert packet size * multiplier.
718 # (default: use system default)
719 vrrp_rx_bufs_policy [MTU|ADVERT|NUMBER]
720
721 # (default: 3)
722 vrrp_rx_bufs_multiplier NUMBER
723
724 # Send notifies at startup for real servers that are starting up
725 rs_init_notifies
726
727 # Don't send an email every time a real server checker changes state;
728 # only send email when a real server is added or removed
729 no_checker_emails
730
731 # The umask to use for creating files. The number can be specified in hex, octal
732 # or decimal. BITS are I{R|W|X}{USR|GRP|OTH}, e.g. IRGRP, separated by '|'s.
733 # The default umask is IWGRP | IWOTH. This option cannot override the
734 # command-line option.
735 umask [NUMBER|BITS]
736
737 # On some systems when bond interfaces are created, they can start passing traffic
738 # and then have a several second gap when they stop passing traffic inbound. This
739 # can mean that if keepalived is started at boot time, i.e. at the same time as
740 # bond interfaces are being created, keepalived doesn't receive adverts and hence
741 # can become master despite an instance with higher priority sending adverts.
742 # This option specifies a delay in seconds before vrrp instances start up after
743 # keepalived starts,
744 vrrp_startup_delay 5.5
745
746 # The following will cause logging of receipt of VRRP adverts for VRIDs not configured
747 # on the interface on which they are received.
748 log_unknown_vrids
749
750 # Specify the prefix for generated VMAC names (default "vrrp")
751 vmac_prefix STRING
752
753 # Specify the prefix for generated VMAC names for VIPs which use a VMAC but are not
754 # on the VRRP instance's interface (default vmac_prefix value)
755 vmac_addr_prefix STRING
756
757 # Specify random seed for ${_RANDOM}, to make configurations repeatable (default
758 # is to use a seed based on the time, so that each time a different configuration
759 # will be generated).
760 random_seed UNSIGNED_INT
761
762 # If a configuration reload is attempted with an updated configuration file that has
763 # errors, keepalived may terminate, and possibly enter a loop indefinitely restarting
764 # and terminating. If reload_check_config is set, then keepalived will attempt to
765 # validate the configuration before initiating a reload, and only initiate the reload
766 # if the configuration is valid.
767 reload_check_config [LOG_FILE]
768
769 # Treat any missing include file as an error. The OPTIONS can be any combination of
770 # readable - error if a match is not a readable file
771 # match - error if no file matches (unless wildcard specified)
772 # wildcard_match - error if no file matches (even if wildcard specified)
773 # brace_match - error if a brace expansion does not match a file
774 # Note: match, wildcard_match and brace_match include the readable check.
775 # The setting of include_check is saved when a new include file is opened, and restored
776 # when the file is closed. This means that the include_check setting when reading a
777 # file cannot be changed by a subsequently included file. To change the setting for all
778 # included files, include_check should be set at the beginning of the configuration file
779 # specified in the command line (default /etc/keepalived/keepalived.conf).
780 # Note2: If the libc glob() function does not support GLOB_ALTDIRFUNC (e.g. Musl libc as
781 # on Alpine Linux etc.), then only readable and wildcard_match of the above options will work.
782 # It is possible to add or remove individual settings; '+' means add the following
783 # checks, '-' means remove the following checks. For example
784 # include_check +match -wildcard_match
785 # adds the requirement that there is a matching file, and removes the requirement for
786 # wildcard matches.
787 # If no option is specified, it is the same as specifying all options.
788 include_check [OPTIONS]
789
790 # reload_time_file allows a reload of keepalived to be scheduled in the future. This is
791 # particularly useful if there is a master keepalived and one or more backup keepalived
792 # instances and the new configuration is incompatible with the previous configuration,
793 # e.g. adding or removing VIPs which would cause adverts to be rejected.
794 # All the instances can be scheduled to reload at the same time, thereby ensuring that
795 # no mismatching adverts are received by the backup instances.
796 # The configuration specifies a file which keepalived will monitor. The first line of
797 # the file must contain a valid time or date/time exactly in the formats specified below.
798 # When keepalived starts up, it reads the file if it exists, and schedules a reload at
799 # the specified time. If the file does not exist, then when it is subsequently created
800 # a reload will be scheduled. If the file is updated, the reload time will be modified
801 # accordingly. If the file is deleted, the reload is cancelled.
802 # Normally when the reload occurs the specified file is deleted, since the reload has
803 # been done; if the file included a date then the reload will be in the past and so
804 # ignored. However, if there is no date, then if the file were reread following the
805 # reload, a reload would be scheduled for 24 hours time. In order to stop this, the
806 # file is deleted (unlinked) by default. If reload_repeat is specified, then the
807 # file is not deleted, and if the file contains a time only with no date, then
808 # keepalived will keep reloading at that time every day until the file is removed or
809 # modified.
810 # If the directory containing the file does not exist at startup/reload, or if the
811 # directory is removed or renamed, then no future scheduled reloads will occur until
812 # a manual (SIGHUP) reload is done or keepalived restarts.
813 # The permitted formats of the entry in the timer file are precisely:
814 # HH:MM:SS
815 # YY-MM-DD HH:MM:SS
816 # YYYY-MM-DD HH:MM:SS
817 # each with an optional 'Z' at the end.
818 # There must be no leading or trailing whitespace, and only one space between the date
819 # and the time.
820 # If there is a 'Z' at the end of the time, the time is parsed as UTC, otherwise the
821 # time is the localtime for the environment in which keepalived is running. If the
822 # systems which are being reloaded are in different timezones, it is probably safer to
823 # use UTC.
824 # If using local time with daylight savings, beware that some times don't exist and
825 # some times are duplicated and hence ambiguous.
826 reload_time_file ABSOLUTE-PATHNAME-OF-FILE
827 reload_repeat
828
829 # Some users frequently update their configurations and reload keepalived. reload_file
830 # provides a mechanism that allows the configuration update processes not to update the
831 # configuration files while keepalived is reading them.
832 # The reload file will be created by keepalived before it starts reading configuration
833 # files, unless the file exists. If the file already exists, it will be truncated. Once
834 # keepalived has completed reading the files it will remove the reload file.
835 # If reload_file with no file name is specified, the default filename keepalived.reload
836 # in the PID directory will be used.
837 # The best way to use the reload file is for the configuration update process to touch
838 # the reload file before it signals keepalived to reload, and then wait for the file
839 # to be deleted, which indicates that keepalived has finished reading the config files.
840 # When keepalived starts reading the configuration files, since it truncates the reload
841 # file, if update process creates the reload_file with non-zero size, it can detect
842 # the reloading starting by the reload_file becoming zero length.
843 reload_file [ABSOLUTE-PATHNAME-OF-FILE]
844 }
845
847 The linkbeat_interfaces block allows specifying which interfaces should
848 use polling via MII, Ethtool or ioctl status rather than rely on
849 netlink status updates. This allows more granular control of global
850 definition linkbeat_use_polling.
851
852 This option is preferred over the deprecated use of
853 linkbeat_use_polling in a vrrp_instance block, since the latter only
854 allows using linkbeat on the interface of the vrrp_instance itself,
855 whereas track_interface and virtual_ipaddresses and virtual_iproutes
856 may require monitoring other interfaces, which may need to use linkbeat
857 polling.
858
859 The default polling type to use is MII, unless that isn't supported in
860 which case ETHTOOL is used, and if that isn't supported then ioctl
861 polling. The preferred type of polling to use can be specified with MII
862 or ETHTOOL or IOCTL after the interface name, but if that type isn't
863 supported, a supported type will be used.
864
865 The syntax for linkbeat_interfaces is:
866 linkbeat_interfaces {
867 eth2
868 enp2s0 ETHTOOL
869 }
870
872 Static track groups are used to allow vrrp instances to track static
873 addresses, routes and rules. If a static address/route/rule specifies a
874 track group, then if the address/route/rule is deleted and cannot be
875 restored, the vrrp instance will transition to fault state.
876
877 The syntax for a track group is:
878 track_group GROUP1 {
879 group {
880 VI_1
881 VI_2
882 }
883 }
884
886 Keepalived can configure static addresses, routes, and rules. These ad‐
887 dresses are NOT moved by vrrpd, they stay on the machine. If you al‐
888 ready have IPs and routes on your machines and your machines can ping
889 each other, you don't need this section. The syntax for rules and
890 routes is that same as for ip rule add/ip route add (except shortened
891 option names are not supported due to ambiguities). The track_group
892 specification refers to a named track_group which lists the vrrp in‐
893 stances which will track the address, i.e. if the address is deleted
894 the vrrp instances will transition to backup.
895
896 NOTE: since rules without preferences can be added in different orders
897 due to vrrp instances transitioning from master to backup etc, rules
898 need to have a preference. If a preference is not specified, keepalived
899 will assign one, but it will probably not be what you want.
900
901 The syntax is the same for virtual addresses and virtual routes. If no
902 dev element is specified, it defaults to default_interface (default
903 eth0). Note: the broadcast address may be specified as '-' or '+' to
904 clear or set the host bits of the address.
905
906 If a route or rule could apply to either IPv4 or IPv6 it will default
907 to IPv4. To force a route/rule to be IPv6, add the keyword "inet6".
908
909 static_ipaddress {
910 <IPADDR>[/<MASK>] [brd <IPADDR>] [dev <STRING>] [scope <SCOPE>]
911 [label <LABEL>] [peer <IPADDR>] [home]
912 [-nodad] [mngtmpaddr] [noprefixroute]
913 [autojoin] [track_group GROUP] [preferred_lft nn|forever]
914 192.168.1.1/24 dev eth0 scope global
915 ...
916 }
917
918 static_routes {
919 192.168.2.0/24 via 192.168.1.100 dev eth0 track_group GROUP1
920
921 192.168.100.0/24 table 6909 nexthop via 192.168.101.1 dev wlan0
922 onlink weight 1 nexthop via 192.168.101.2
923 dev wlan0 onlink weight 2
924
925 192.168.200.0/24 dev p33p1.2 table 6909 tos 0x04 protocol bird
926 scope link priority 12 mtu 1000 hoplimit 100
927 advmss 101 rtt 102 rttvar 103 reordering 104
928 window 105 cwnd 106 ssthresh lock 107 realms
929 PQA/0x14 rto_min 108 initcwnd 109 initrwnd 110
930 features ecn
931
932 2001:470:69e9:1:2::4 dev p33p1.2 table 6909 tos 0x04 protocol
933 bird scope link priority 12 mtu 1000
934 hoplimit 100 advmss 101 rtt 102 rttvar 103
935 reordering 104 window 105 cwnd 106 ssthresh
936 lock 107 rto_min 108 initcwnd 109
937 initrwnd 110 features ecn fastopen_no_cookie 1
938 ...
939 }
940
941 static_rules {
942 from 192.168.2.0/24 table 1 track_group GROUP1
943
944 to 192.168.2.0/24 table 1
945
946 from 192.168.28.0/24 to 192.168.29.0/26 table small iif p33p1
947 oif wlan0 tos 22 fwmark 24/12
948 preference 39 realms 30/20 goto 40
949
950 to 1:2:3:4:5:6:7:0/112 from 7:6:5:4:3:2::/96 table 6908
951 uidrange 10000-19999
952
953 to 1:2:3:4:6:6:7:0/112 from 8:6:5:4:3:2::/96 l3mdev protocol 12
954 ip_proto UDP sport 10-20 dport 20-30
955 ...
956 }
957
959 Adds a file to be monitored. The file will be read whenever it is modi‐
960 fied. The value in the file will be recorded for all VRRP instances,
961 sync groups and real servers which monitor it. Note that the file will
962 only be read if at least one VRRP instance, sync group or real server
963 monitors it.
964
965 A value will be read as a number in text from the file. If the weight
966 configured against the track_file is 0, a non-zero value in the file
967 will be treated as a failure status, and a zero value will be treated
968 as an OK status, otherwise the value will be multiplied by the weight
969 configured in the track_file statement.
970
971 For VRRP instances, if the result is less than -253 anything monitoring
972 the script will transition to the fault state (the weight can be 254 to
973 allow for a negative value being read from the file).
974
975 If the vrrp instance or sync group is not the address owner and the re‐
976 sult is between -253 and 253, the result will be added to the initial
977 priority of the VRRP instance (a negative value will reduce the prior‐
978 ity), although the effective priority will be limited to the range
979 [1,254]. Likewise for real servers.
980
981 If a vrrp instance using a track_file is a member of a sync group, un‐
982 less sync_group_tracking_weight is set on the group weight 0 must be
983 set. Likewise, if the vrrp instance is the address owner, weight 0
984 must also be set.
985
986 For real servers monitoring the file, the limits of values read from
987 the track file are 2147483648 to -2147483648. The value, once multi‐
988 plied by the weight, will be added to the real server's IPVS weight. If
989 the result is <= than 2147483648 then the checker will be in the FAULT
990 state.
991
992 NOTE: weights for track_file for real servers are not fully implemented
993 yet. In particular allowing weight 0, handling negative calculated val‐
994 ues and reloading.
995
996 The syntax for track file is:
997
998 track_file <STRING> { # vrrp_track_file is a deprecated synonym
999 # file to track (weight defaults to 1)
1000 file <QUOTED_STRING>
1001
1002 # optional default weight
1003 weight <-2147483647..2147483647> [reverse]
1004
1005 # create the file and/or initialise the value
1006 # This causes VALUE (default 0) to be written to
1007 # the specified file at startup if the file doesn't
1008 # exist, unless overwrite is specified in which case
1009 # any existing file contents will be overwritten with
1010 # the specified value.
1011 init_file [VALUE] [overwrite]
1012 }
1013
1015 The configuration block looks like:
1016
1017 vrrp_track_process <STRING> {
1018 # process to monitor (with optional parameters)
1019 # A quoted string is treated as a single element, so if the first item
1020 # after the process keyword is quoted, that will be the command name.
1021 # For example:
1022 # process "/tmp/a b" param1 "param 2"
1023 # would mean a process named '/tmp/a b' (quotes removed) with 2 parameters
1024 # 'param1' and 'param 2'.
1025 process <STRING>|<QUOTED_STRING> [<STRING>|<QUOTED_STRING> ...]
1026
1027 # If matching parameters, this specifies a partial match (i.e. the first
1028 # n parameters match exactly), or an initial match, i.e. the last
1029 # parameter may be longer that the parameter configured.
1030 # To specify that a command must have no parameters, don't specify
1031 # any parameters, but specify param_match.
1032 param_match {initial|partial}
1033
1034 # default weight (default is 1). For description of reverse, see track_process.
1035 # 'weight 0 reverse' will cause the vrrp instance to be down when the
1036 # quorum is up, and vice versa.
1037 weight <-254..254> [reverse]
1038
1039 # minimum number of processes for success
1040 quorum NUM
1041
1042 # maximum number of processes for success. For example, setting
1043 # this to 1 would cause a failure if two instances of the process
1044 # were running (but beware forks - see fork_delay below).
1045 # Setting this to 0 would mean failure if the matching process were
1046 # running at all.
1047 quorum_max NUM
1048
1049 # time to delay after process quorum gained after fork before
1050 # consider process up (in fractions of second)
1051 # This is to avoid up/down bounce for fork/exec
1052 fork_delay SECS
1053
1054 # time to delay after process quorum lost before
1055 # consider process down (in fractions of second)
1056 # This is to avoid down/up bounce after terminate/parent refork.
1057 terminate_delay SECS
1058
1059 # this sets fork_delay and terminate_delay
1060 delay SECS
1061
1062 # Normally process string is matched against the process name,
1063 # as shown on the Name: line in /proc/PID/status, unless
1064 # parameters are specified.
1065 # This option forces matching the full command line
1066 full_command
1067 }
1068
1069 To avoid having to frequently run a track_script to monitor the exis‐
1070 tance of processes (often haproxy or nginx), vrrp_track_process can
1071 monitor whether other processes are running.
1072
1073 One difference from pgrep is track_process doesn't do a regular expres‐
1074 sion match of the command string, but does an exact match. 'pgrep ssh'
1075 will match an sshd process, this track_process will not (it is equiva‐
1076 lent to pgrep "^ssh$").
1077
1078 If full_command is used (equivalent to pgrep -f), /proc/PID/cmdline is
1079 used, but any updates to cmdline will not be detected (a process
1080 shouldn't normally change it, although it is possible with great care,
1081 for example systemd).
1082
1083 Prior to Linux v3.2 track_process will not support detection of changes
1084 to a process name, since the kernel did not notify changes of process
1085 name prior to 3.2. Most processes do not change their process name,
1086 but, for example, firefox forks processes that change their process
1087 name to "Web Content". The process name referred to here is the con‐
1088 tents of /proc/PID/comm.
1089
1090 Quorum is the number of matching processes that must be run for an OK
1091 status.
1092
1093 Delay might be useful if it anticipated that a process may be reloaded
1094 (stopped and restarted), and it isn't desired to down and up a vrrp in‐
1095 stance.
1096
1097 A positive weight means that an OK status will add <weight> to the pri‐
1098 ority of all VRRP instances which monitor it. On the opposite, a nega‐
1099 tive weight will be subtracted from the initial priority in case of in‐
1100 sufficient processes.
1101
1102 If the vrrp instance or sync group is not the address owner and the re‐
1103 sult is between -253 and 253, the result will be added to the initial
1104 priority of the VRRP instance (a negative value will reduce the prior‐
1105 ity), although the effective priority will be limited to the range
1106 [1,254].
1107
1108 If a vrrp instance using a track_process is a member of a sync group,
1109 unless sync_group_tracking_weight is set on the group weight 0 must be
1110 set. Likewise, if the vrrp instance is the address owner, weight 0
1111 must also be set.
1112
1113 Rational for not using pgrep/pidof/killall and the likes:
1114
1115 Every time pgrep or its equivalent is run, it iterates though the
1116 /proc/[1-9][0-9]* directories, and opens the status and cmdline pseudo
1117 files in each directory. The cmdline pseudo file is mapped to the
1118 process's address space, and so if that part of the process is swapped
1119 out, it will have to be fetched from the swap space. pgrep etc also
1120 include zombie processes whereas keepalived does not, since they aren't
1121 running.
1122
1123 This implementation only iterates though /proc/[1-9][0-9]*/ directories
1124 at start up, and it won't even read the cmdline pseudo files if
1125 'full_command' is not specified for any of the vrrp_track_process en‐
1126 tries. After startup, it uses the process_events kernel <-> userspace
1127 connector to receive notification of process changes. If full_command
1128 is specified for any track_process instance, the cmdline pseudo file
1129 will have to be read upon notification of the creation of the new
1130 process, but at that time it is very unlikely that it will have already
1131 been swapped out.
1132
1133 On a busy system with a high number of process creations/terminations,
1134 using a track_script with pgrep/pidof/killall may be more efficient,
1135 although those processes are inefficient compared to the minimum that
1136 keepalived needs.
1137
1138 Using pgrep etc on a system that is swapping can have a significant
1139 detrimental impact on the performance of the system, due to having to
1140 fetch swapped memory from the swap space, thereby causing additional
1141 swapping.
1142
1144 This is an implementation of RFC5880 (Bidirectional forwarding detec‐
1145 tion), and this can be configured to work between 2 keepalived in‐
1146 stances, but using unweighted track_bfds between a master/backup pair
1147 of VRRP instances means that the VRRP instance will only be able to
1148 come up if both VRRP instance are running, which somewhat defeats the
1149 purpose of VRRP.
1150
1151 This implementation has been tested with OpenBFDD (available at
1152 https://github.com/dyninc/OpenBFDD).
1153
1154 The syntax for bfd instance is :
1155
1156 bfd_instance <STRING> {
1157 # BFD Neighbor IP (synonym neighbour_ip)
1158 neighbor_ip <IP ADDRESS>
1159
1160 # Source IP to use (optional, except in order to ensure that the
1161 # local port is valid, it is required)
1162 source_ip <IP ADDRESS>
1163
1164 # Required min RX interval, in ms (resolution is micro-seconds e.g. 3.312)
1165 # (default is 10 ms)
1166 min_rx <DECIMAL>
1167
1168 # Desired min TX interval, in ms (resolution is micro-seconds)
1169 # (default is 10 ms)
1170 min_tx <DECIMAL>
1171
1172 # Desired idle TX interval, in ms (resolution is micro-seconds)
1173 # (default is 1000 ms)
1174 idle_tx <DECIMAL>
1175
1176 # Number of missed packets after
1177 # which the session is declared down
1178 # (default is 5)
1179 multiplier <INTEGER>
1180
1181 # Operate in passive mode (default is active)
1182 passive
1183
1184 # outgoing IPv4 ttl to use (default 255)
1185 ttl <INTEGER>
1186
1187 # outgoing IPv6 hoplimit to use (default 64)
1188 hoplimit <INTEGER>
1189
1190 # maximum reduction of ttl/hoplimit
1191 # in received packet (default 0)
1192 # (255 disables hop count checking)
1193 max_hops <INTEGER>
1194
1195 # Default tracking weight
1196 # Normally, positive weights are added to the vrrp instance priority when
1197 # the bfd instance is up, negative weights reduce the priority when it is down.
1198 # However, if reverse is specified, the priority is decreased when up and
1199 # increased when down. 'weight 0 reverse' will cause the vrrp instance to be down
1200 # when the bfd instance is up, and vice versa.
1201 weight <-253:253> [reverse]
1202
1203 # Normally bfd event notifications are sent to both the VRRP and checker processes.
1204 # Specifying vrrp or checker will cause event notifications for this bfd_instance
1205 # only to be sent to the specified process
1206 vrrp
1207 checker
1208 }
1209
1211 contains subblocks of VRRP script(s), VRRP synchronization group(s),
1212 VRRP gratuitous ARP and unsolicited neighbour advert delay group(s) and
1213 VRRP instance(s)
1214
1216 The script will be executed periodically, every <interval> seconds. Its
1217 exit code will be recorded for all VRRP instances which monitor it.
1218 Note that the script will only be executed if at least one VRRP in‐
1219 stance monitors it.
1220
1221 The default weight equals 0, which means that any VRRP instance moni‐
1222 toring the script will transition to the fault state after <fall> con‐
1223 secutive failures of the script. After that, <rise> consecutive suc‐
1224 cesses will cause VRRP instances to leave the fault state, unless they
1225 are also in the fault state due to other scripts or interfaces that
1226 they are tracking.
1227
1228 A positive weight means that <rise> successes will add <weight> to the
1229 priority of all VRRP instances which monitor it. On the opposite, a
1230 negative weight will be subtracted from the initial priority in case of
1231 <fall> failures.
1232
1233 The syntax for the vrrp script is:
1234
1235 # Adds a script to be executed periodically. Its exit code will be
1236 # recorded for all VRRP instances and sync groups which are monitoring it.
1237 vrrp_script <SCRIPT_NAME> {
1238 # path of the script to execute
1239 script <STRING>|<QUOTED-STRING>
1240
1241 # seconds between script invocations, (default: 1 second)
1242 interval <INTEGER>
1243
1244 # seconds after which script is considered to have failed
1245 timeout <INTEGER>
1246
1247 # adjust priority by this weight, (default: 0)
1248 # For description of reverse, see track_script.
1249 # 'weight 0 reverse' will cause the vrrp instance to be down when the
1250 # script is up, and vice versa.
1251 weight <INTEGER:-253..253> [reverse]
1252
1253 # required number of successes for OK transition
1254 rise <INTEGER>
1255
1256 # required number of successes for KO transition
1257 fall <INTEGER>
1258
1259 # user/group names to run script under.
1260 # group default to group of user
1261 user USERNAME [GROUPNAME]
1262
1263 # assume script initially is in failed state
1264 init_fail
1265 }
1266
1268 VRRP Sync Group is an extension to VRRP protocol. The main goal is to
1269 define a bundle of VRRP instance to get synchronized together so that
1270 transition of one instance will be reflected to others group members.
1271
1272 In addition there is an enhanced notify feature for fine state transi‐
1273 tion catching.
1274
1275 You can also define multiple track policy in order to force state tran‐
1276 sition according to a third party event such as interface, scripts,
1277 file, BFD.
1278
1279 Important: for a SYNC group to run reliably, it is vital that all in‐
1280 stances in the group are MASTER or that they are all either BACKUP or
1281 FAULT. A situation with half instances having higher priority on ma‐
1282 chine A half others with higher priority on machine B will lead to con‐
1283 stant re-elections. For this reason, when instances are grouped, any
1284 track scripts/files configured against member VRRP instances will have
1285 their tracking weights automatically set to zero, in order to avoid in‐
1286 consistent priorities across instances.
1287
1288 The syntax for vrrp_sync_group is :
1289
1290 vrrp_sync_group <STRING> {
1291 group {
1292 # name of the vrrp_instance (see below)
1293 # Set of VRRP_Instance string
1294 <STRING>
1295 <STRING>
1296 ...
1297 }
1298
1299 # Synchronization group tracking interface, script, file & bfd will
1300 # update the status/priority of all VRRP instances which are members
1301 # of the sync group.
1302 # 'weight 0 reverse' will cause the vrrp instance to be down when the
1303 # interface is up, and vice versa.
1304 track_interface {
1305 eth0
1306 eth1
1307 eth2 weight <-253..253> [reverse]
1308 ...
1309 }
1310
1311 # add a tracking script to the sync group (<SCRIPT_NAME> is the name
1312 # of the vrrp_script entry) go to FAULT state if any of these go down
1313 # if unweighted.
1314 # reverse causes the direction of the adjustment of the priority to be reversed.
1315 track_script {
1316 <SCRIPT_NAME>
1317 <SCRIPT_NAME> weight <-253..253> [reverse|no_reverse]
1318 }
1319
1320 # Files whose state we monitor, value is added to effective priority.
1321 # <STRING> is the name of a track_file
1322 # weight defaults to weight configured in track_file
1323 track_file {
1324 <STRING>
1325 <STRING> weight <-254..254> [reverse|noreverse]
1326 ...
1327 }
1328
1329 # Process to monitor, weight is added to effective priority.
1330 # <STRING> is the name of a vrrp_track_process
1331 # weight defaults to weight configured in vrrp_track_process.
1332 # See vrrp_instance track_process for description of weight.
1333 track_process {
1334 <STRING>
1335 <STRING> weight <-254..254> [reverse|noreverse]
1336 ...
1337 }
1338
1339 # BFD instances we monitor, value is added to effective priority.
1340 # <STRING> is the name of a BFD instance
1341 track_bfd {
1342 <STRING>
1343 <STRING>
1344 <STRING> weight <INTEGER: -253..253> [reverse|noreverse]
1345 ...
1346 }
1347
1348 # notify scripts and alerts are optional
1349 #
1350 # filenames of scripts to run on transitions can be unquoted (if
1351 # just filename) or quoted (if it has parameters)
1352 # The username and groupname specify the user and group
1353 # under which the scripts should be run. If username is
1354 # specified, the group defaults to the group of the user.
1355 # If username is not specified, they default to the
1356 # global script_user and script_group
1357
1358 # to MASTER transition
1359 notify_master /path/to_master.sh [username [groupname]]
1360
1361 # to BACKUP transition
1362 notify_backup /path/to_backup.sh [username [groupname]]
1363
1364 # FAULT transition
1365 notify_fault "/path/fault.sh VG_1" [username [groupname]]
1366
1367 # executed when stopping vrrp
1368 notify_stop <STRING>|<QUOTED-STRING> [username [groupname]]
1369
1370 # notify_deleted causes DELETED to be sent to notifies rather
1371 # than the default FAULT after a vrrp instance is deleted during a
1372 # reload. If a script is specified, that script will be executed
1373 # as well.
1374 notify_deleted [<STRING>|<QUOTED-STRING> [username [groupname]]]
1375
1376 # for ANY state transition.
1377 # "notify" script is called AFTER the notify_* script(s) and
1378 # is executed with 4 additional arguments after the configured
1379 # arguments provided by Keepalived:
1380 # $(n-3) = "GROUP"|"INSTANCE"
1381 # $(n-2) = name of the group or instance
1382 # $(n-1) = target state of transition (stop only applies to instances)
1383 # ("MASTER"|"BACKUP"|"FAULT"|"STOP"|"DELETED")
1384 # $(n) = priority value
1385 # $(n-3) and $(n-1) are ALWAYS sent in uppercase, and the possible
1386 # strings sent are the same ones listed above
1387 # ("GROUP"/"INSTANCE", "MASTER"/"BACKUP"/"FAULT"/"STOP"/"DELETED")
1388 # (note: STOP and DELETED are only applicable to instances)
1389 notify <STRING>|<QUOTED-STRING> [username [groupname]]
1390
1391 # The notify fifo output is the same as the last 4 parameters for the "notify"
1392 # script, with the addition of "MASTER_RX_LOWER_PRI" instead of state for an
1393 # instance, and also "MASTER_PRIORITY" and "BACKUP_PRIORITY" if the priority
1394 # changes and notify_priority_changes is configured.
1395 # MASTER_RX_LOWER_PRI is used if a master needs to set some external state, such
1396 # as setting a secondary IP address when using Amazon AWS; if another keepalived
1397 # has transitioned to master due to a communications break, the lower priority
1398 # instance will have taken over the secondary IP address, and the proper master
1399 # needs to be able to restore it.
1400
1401 # Send FIFO notifies for vrrp priority changes
1402 notify_priority_changes <BOOL>
1403
1404 # Send email notification during state transition,
1405 # using addresses in global_defs above (default no,
1406 # unless global smtp_alert/smtp_alert_vrrp set)
1407 smtp_alert <BOOL>
1408
1409 # DEPRECATED. Use track_interface, track_script and
1410 # track_file on vrrp_sync_groups instead.
1411 global_tracking
1412
1413 # allow sync groups to use differing weights.
1414 # This probably WON'T WORK, but is a replacement for
1415 # global_tracking in case different weights were used
1416 # across different vrrp instances in the same sync group.
1417 sync_group_tracking_weight
1418 }
1419
1421 specifies the setting of delays between sending gratuitous ARPs and un‐
1422 solicited neighbour advertisements. This is intended for when an up‐
1423 stream switch is unable to handle being flooded with ARPs/NAs.
1424
1425 Use interface when the limits apply on the single physical interface.
1426 Use interfaces when a group of interfaces are linked to the same switch
1427 and the limits apply to the switch as a whole.
1428
1429 Note: Only one of interface or interfaces should be used per block.
1430
1431 If the global vrrp_garp_interval and/or vrrp_gna_interval are set, any
1432 interfaces that aren't specified in a garp_group will inherit the
1433 global settings.
1434
1435 The syntax for garp_group is :
1436
1437 garp_group {
1438 # Sets the interval between Gratuitous ARP (in seconds, resolution microseconds)
1439 garp_interval <DECIMAL>
1440
1441 # Sets the default interval between unsolicited NA (in seconds, resolution microseconds)
1442 gna_interval <DECIMAL>
1443
1444 # The physical interface to which the intervals apply
1445 interface <STRING>
1446
1447 # A list of interfaces across which the delays are aggregated.
1448 interfaces {
1449 <STRING>
1450 <STRING>
1451 ...
1452 }
1453 }
1454
1456 A VRRP Instance is the VRRP protocol key feature. It defines and con‐
1457 figures VRRP behaviour to run on a specific interface. Each VRRP In‐
1458 stance is related to a unique interface.
1459
1460 The syntax for vrrp_instance is :
1461
1462 vrrp_instance <STRING> {
1463 # Initial state, MASTER|BACKUP
1464 # If the priority is 255, then the instance will transition immediately
1465 # to MASTER if state MASTER is specified; otherwise the instance will
1466 # wait between 3 and 4 advert intervals before it can transition,
1467 # depending on the priority.
1468 state MASTER
1469
1470 # interface for inside_network, bound by vrrp.
1471 # Note: if using unicasting, the interface can be omitted as long
1472 # as the unicast addresses are not IPv6 link local addresses (this is
1473 # necessary, for example, if using asymmetric routing).
1474 # If the interface is omitted, then all VIPs and eVIPs should specify
1475 # the interface they are to be configured on, otherwise they will be
1476 # added to the default interface.
1477 interface eth0
1478
1479 # Use VRRP Virtual MAC (macvlan).
1480 # The macvlan will be created on the configured interface for
1481 # the VRRP instance, and the VIPs, and eVIPs of the matching address
1482 # family, which do not specify a different interface will be configured
1483 # on the macvlan.
1484 # The VRRP adverts will also be sent and received on the macvlan
1485 # interface, unless vmac_xmit_base is configured.
1486 # NOTE: If sysctl net.ipv4.conf.all.rp_filter is set,
1487 # and this vrrp_instance is an IPv4 instance, using
1488 # this option will cause the individual interfaces to be
1489 # updated to the greater of their current setting, and
1490 # all.rp_filter, as will default.rp_filter, and all.rp_filter
1491 # will be set to 0.
1492 # The original settings are restored on termination.
1493 # NOTE 2: If using use_vmac with unicast peers,
1494 # vmac_xmit_base must be set.
1495 use_vmac [<VMAC_INTERFACE>]
1496
1497 # use_vmac_addr is used to create VMAC (macvlan) interfaces for
1498 # each interface that is used by a VIP or eVIP where the interface
1499 # is not the same as the interface on which the VRRP instance is
1500 # configured or the eVIP's address family does not match the VRRP
1501 # instance's. Alternatively, use_vmac can be specified against each
1502 # VIP/eVIP that specifies an interface (dev).
1503 # NOTE: if use_vmac is specfied and an eVIP is not the same address
1504 # family as the vrrp instance, unless use_vmac_addr is specified, or
1505 # use_vmac is specified for the eVIP, the eVIP will be configured on
1506 # the vrrp instance's VMAC, which will have the wrong MAC address for
1507 # the address family of the eVIP.
1508 use_vmac_addr
1509
1510 # Send/Recv VRRP messages from base interface instead of
1511 # VMAC interface
1512 vmac_xmit_base
1513
1514 # Use IPVLAN interface. keepalived will create a mode L2
1515 # ipvlan interface on top of the specified interface.
1516 # For IPv4 instances, an IP address is required, for IPv6
1517 # the address is optional, in which case the link local
1518 # address will be used.
1519 # The mode flags default to bridge. NOTE: the mode flags must be the
1520 # same for all ipvlans on the same underlying interface.
1521 # It is safer to configure an interface name, in case keepalived crashes
1522 # and restarts, in which case it can more reliably find a previously
1523 # created interface.
1524 use_ipvlan [<INTERFACE_NAME>] [IP_ADDRESS] [bridge|private|vepa]
1525
1526 # force instance to use IPv6 (this option is deprecated since
1527 # the virtual ip addresses determine whether IPv4 or IPv6 is used).
1528 native_ipv6
1529
1530 # Ignore VRRP interface faults (default unset)
1531 dont_track_primary
1532
1533 # optional, monitor these as well.
1534 # go to FAULT state if any of these go down if unweighted.
1535 # When a weight is specified in track_interface, instead of setting the vrrp
1536 # instance to the FAULT state in case of failure, its priority will be
1537 # increased by the weight when the interface is up (for positive weights),
1538 # or decreased by the weight's absolute value when the interface is down
1539 # (for negative weights), unless reverse is specified, in which case the
1540 # direction of adjustment of the priority is reversed.
1541 # The weight must be comprised between -253 and +253 inclusive.
1542 # 0 is the default behaviour which means that a failure implies a
1543 # FAULT state. The common practice is to use positive weights to count a
1544 # limited number of good services so that the server with the highest count
1545 # becomes master. Negative weights are better to count unexpected failures
1546 # among a high number of interfaces, as it will not saturate even with high
1547 # number of interfaces. Use reverse to increase priority if an interfaces is down
1548 track_interface {
1549 eth0
1550 eth1
1551 eth2 weight <-253..253> [reverse]
1552 ...
1553 }
1554
1555 # add a tracking script to the interface
1556 # (<SCRIPT_NAME> is the name of the vrrp_track_script entry)
1557 # The same principle as track_interface can be applied to track_script entries,
1558 # except that an unspecified weight means that the default weight declared in
1559 # the script will be used (which itself defaults to 0).
1560 # reverse causes the direction of the adjustment of the priority to be reversed.
1561 track_script {
1562 <SCRIPT_NAME>
1563 <SCRIPT_NAME> weight <-253..253> [reverse|no_reverse]
1564 }
1565
1566 # Files whose state we monitor, value is added to effective priority.
1567 # <STRING> is the name of a track_file
1568 track_file {
1569 <STRING>
1570 <STRING>
1571 <STRING> weight <-254..254> [reverse|noreverse]
1572 ...
1573 }
1574
1575 # Positive weights are added/subtracted when the process is running,
1576 # negative weights are subtracted/added when the not running.
1577 # If reverse is specified, the addition/subtraction is reversed.
1578 # <STRING> is the name of a vrrp_track_process
1579 # weight defaults to weight configured in vrrp_track_process
1580 track_process {
1581 <STRING>
1582 <STRING> weight <-254..254> [reverse|noreverse]
1583 ...
1584 }
1585
1586 # BFD instances we monitor, value is added to effective priority,
1587 # unless reverse is specified, when the value is subtracted.
1588 # Positive weights are add/subtracted when the bfd instance is up,
1589 # negative weights are subtracted/added when the bfd instance is down.
1590 # <STRING> is the name of a BFD instance
1591 track_bfd {
1592 <STRING>
1593 <STRING>
1594 <STRING> weight <INTEGER: -253..253> [reverse|noreverse]
1595 ...
1596 }
1597
1598 # default IP for binding vrrpd is the primary IP
1599 # on interface. If you want to hide the location of vrrpd,
1600 # use this IP as src_addr for multicast or unicast vrrp
1601 # packets. (since it's multicast, vrrpd will get the reply
1602 # packet no matter what src_addr is used).
1603 # optional
1604 mcast_src_ip <IPADDR>
1605 unicast_src_ip <IPADDR>
1606
1607 # if the configured src_ip doesn't exist or is removed put the
1608 # instance into fault state
1609 track_src_ip
1610
1611 # VRRP version to run on interface
1612 # default is global parameter vrrp_version, but IPv6 instances will
1613 # always use version 3.
1614 version <2 or 3>
1615
1616 # The following enables checking that when in unicast mode, the
1617 # source address of a VRRP packet is one of our unicast peers.
1618 check_unicast_src
1619
1620 # Do not send VRRP adverts over a VRRP multicast group.
1621 # Instead it sends adverts to the following list of
1622 # ip addresses using unicast. It can be cool to use
1623 # the VRRP FSM and features in a networking
1624 # environment where multicast is not supported!
1625 # IP addresses specified can be IPv4 as well as IPv6.
1626 # If min_ttl and/or max_ttl are specified, the TTL/hop limit
1627 # of any received packet is checked against the specified
1628 # TTL range, and is discarded if it is outside the range.
1629 # Specifying min_ttl or max_ttl turns on check_unicast_src.
1630 unicast_peer {
1631 <IPADDR> [min_ttl {0..255}] [max_ttl {0..255}]
1632 ...
1633 }
1634
1635 # Specify the unicast TTL/HLIM for sending unicast adverts
1636 unicast_ttl {0..255}
1637
1638 # The checksum calculation when using VRRPv3 changed after v1.3.6.
1639 # Setting this flag forces the old checksum algorithm to be used
1640 # to maintain backward compatibility, although keepalived will
1641 # attempt to maintain compatibility anyway if it sees an old
1642 # version checksum. Specifying never will turn off auto detection
1643 # of old checksums. [This option may not be enabled - check output
1644 # of `keepalived -v` for OLD_CHKSUM_COMPAT.]
1645 old_unicast_checksum [never]
1646
1647 # interface specific settings, same as global parameters.
1648 # default to global parameters
1649 garp_master_delay 10
1650 garp_master_repeat 1
1651 garp_lower_prio_delay 10
1652 garp_lower_prio_repeat 1
1653 garp_master_refresh 60
1654 garp_master_refresh_repeat 2
1655 garp_extra_if [all] 100 # specifiying 0 disable feature
1656
1657 # If a lower priority advert is received, don't send another advert.
1658 # This causes adherence to the RFCs (defaults to global
1659 # vrrp_lower_priority_dont_send_advert).
1660 lower_prio_no_advert [<BOOL>]
1661
1662 # If we are master and receive a higher priority advert, send an advert
1663 # (which will be lower priority than the other master), before we transition
1664 # to backup. This means that if the other master has garp_lower_prio_repeat
1665 # set, it will resend garp messages. This is to get around the problem of
1666 # their having been two simultaneous masters, and the last GARP
1667 # messages seen were from us.
1668 higher_prio_send_advert [<BOOL>]
1669
1670 # arbitrary unique number from 1 to 255
1671 # used to differentiate multiple instances of vrrpd
1672 # running on the same network interface and address
1673 # family (and hence same socket).
1674 # Note: using the same virtual_router_id with the same
1675 # address family on different interfaces has been known
1676 # to cause problems with some network switches; if you
1677 # are experiencing problems with using the same
1678 # virtual_router_id on different interfaces, but the problems
1679 # are resolved by not duplicating virtual_router_ids, the
1680 # your network switches are probably not functioning correctly.
1681 virtual_router_id 51
1682
1683 # for electing MASTER, highest priority wins.
1684 # to be MASTER, make this 50 more than on other machines.
1685 priority 100
1686
1687 # VRRP Advert interval in seconds (e.g. 0.92) (use default)
1688 advert_int 1
1689
1690 # Note: authentication was removed from the VRRPv2 specification by
1691 # RFC3768 in 2004.
1692 # Use of this option is non-compliant and can cause problems; avoid
1693 # using if possible, except when using unicast, where it can be helpful.
1694 authentication {
1695 # PASS|AH
1696 # PASS - Simple password (suggested)
1697 # AH - IPSEC (not recommended))
1698 auth_type PASS
1699
1700 # Password for accessing vrrpd.
1701 # should be the same on all machines.
1702 # Only the first eight (8) characters are used.
1703 auth_pass 1234
1704 }
1705
1706 # addresses add|del on change to MASTER, to BACKUP.
1707 # With the same entries on other machines,
1708 # the opposite transition will be occurring.
1709 # For virtual_ipaddress, virtual_ipaddress_excluded,
1710 # virtual_routes and virtual_rules most of the options
1711 # match the options of the command ip address/route/rule add.
1712 # The track_group option only applies to static addresses/routes/rules.
1713 # no_track is specific to keepalived and means that the
1714 # vrrp_instance will not transition out of master state
1715 # if the address/route/rule is deleted and the address/route/rule
1716 # will not be reinstated until the vrrp instance next transitions
1717 # to master.
1718 # <LABEL>: is optional and creates a name for the alias.
1719 For compatibility with "ifconfig", it should
1720 be of the form <realdev>:<anytext>, for example
1721 eth0:1 for an alias on eth0.
1722 # <SCOPE>: ("site"|"link"|"host"|"nowhere"|"global")
1723 # preferred_lft is set to 0 to deprecate IPv6 addresses (this is the
1724 # default if the address mask is /128). Use "preferred_lft forever"
1725 # to specify that a /128 address should not be deprecated.
1726 # NOTE: care needs to be taken if dev is specified for an address and
1727 # your network uses MAC learning switches. The VRRP protocol ensures
1728 # that the source MAC address of the interface sending adverts is
1729 # maintained in the MAC cache of switches; however by default this
1730 # will not work for the MACs of any VIPs/eVIPs that are configured on
1731 # different interfaces from the interface on which the VRRP instance is
1732 # configured, since the interface, especially if it is a VMAC interface,
1733 # will only send using the MAC address of the interface in response to
1734 # ARP requests. This may mean that the interface MAC addresses may
1735 # time out in the MAC caches of switches. In order to avoid this, use
1736 # the garp_extra_if or garp_extra_if_vmac options to send periodic
1737 # GARP/ND messages on those interfaces.
1738 virtual_ipaddress {
1739 <IPADDR>[/<MASK>] [brd <IPADDR>] [dev <STRING>] [use_vmac] [scope <SCOPE>]
1740 [label <LABEL>] [peer <IPADDR>] [home]
1741 [-nodad] [mngtmpaddr] [noprefixroute]
1742 [autojoin] [no_track] [preferred_lft nn|forever]
1743 192.168.200.17/24 dev eth1
1744 192.168.200.18/24 dev eth2 label eth2:1
1745 }
1746
1747 # VRRP IP excluded from VRRP optional.
1748 # For cases with large numbers (eg 200) of IPs
1749 # on the same interface. To decrease the number
1750 # of addresses sent in adverts, you can exclude
1751 # most IPs from adverts.
1752 # The IPs are add|del as for virtual_ipaddress.
1753 # Can also be used if you want to be able to add
1754 # a mixture of IPv4 and IPv6 addresses, since all
1755 # addresses in virtual_ipaddress must be of the
1756 # same family.
1757 virtual_ipaddress_excluded {
1758 <IPADDR>[/<MASK>] [brd <IPADDR>] [dev <STRING>] [scope <SCOPE>]
1759 [label <LABEL>] [peer <IPADDR>] [home]
1760 [-nodad] [mngtmpaddr] [noprefixroute]
1761 [autojoin] [no_track]
1762 <IPADDR>[/<MASK>] ...
1763 ...
1764 }
1765
1766 # Set the promote_secondaries flag on the interface to stop other
1767 # addresses in the same CIDR being removed when 1 of them is removed
1768 # For example if 10.1.1.2/24 and 10.1.1.3/24 are both configured on an
1769 # interface, and one is removed, unless promote_secondaries is set on
1770 # the interface the other address will also be removed.
1771 promote_secondaries
1772
1773 # routes add|del when changing to MASTER, to BACKUP.
1774 # See static_routes for more details
1775 virtual_routes {
1776 # src <IPADDR> [to] <IPADDR>/<MASK> via|gw <IPADDR>
1777 # [or <IPADDR>] dev <STRING> scope <SCOPE> table <TABLE>
1778 src 192.168.100.1 to 192.168.109.0/24 via 192.168.200.254 dev eth1
1779 192.168.110.0/24 via 192.168.200.254 dev eth1
1780 192.168.111.0/24 dev eth2 no_track
1781 192.168.112.0/24 via 192.168.100.254
1782 192.168.113.0/24 via 192.168.200.254 or 192.168.100.254 dev eth1
1783 blackhole 192.168.114.0/24
1784 0.0.0.0/0 gw 192.168.0.1 table 100 # To set a default gateway into table 100.
1785 }
1786
1787 # rules add|del when changing to MASTER, to BACKUP
1788 # See static_rules for more details
1789 virtual_rules {
1790 from 192.168.2.0/24 table 1
1791 to 192.168.2.0/24 table 1 no_track
1792 }
1793
1794 # VRRPv3 has an Accept Mode to allow the virtual router when not the
1795 # address owner to receive packets addressed to a VIP. This is the default
1796 # setting unless strict mode is set. As an extension, this also works for
1797 # VRRPv2 (RFC 3768 doesn't define an accept mode).
1798 # --
1799 # Accept packets to non address-owner
1800 accept
1801
1802 # Drop packets to non address-owner.
1803 no_accept
1804
1805 # A higher priority VRRP instance will normally preempt a lower priority instance
1806 # when it comes online. "nopreempt" stops the higher priority machine taking
1807 # over the master role, and allows the lower priority machine to remain as
1808 # master.
1809 # NOTE: For this to work, the initial state must not be MASTER.
1810 # --
1811 nopreempt
1812
1813 # for backwards compatibility
1814 preempt
1815
1816 # Seconds after startup or seeing a lower priority master until preemption
1817 # (if not disabled by "nopreempt").
1818 # Range: 0 (default) to 1000 (e.g. 4.12)
1819 # NOTE: For this to work, the initial state must not be MASTER.
1820 preempt_delay 300 # waits 5 minutes
1821
1822 # See description of global vrrp_skip_check_adv_addr, which
1823 # sets the default value. Defaults to vrrp_skip_check_adv_addr
1824 skip_check_adv_addr [on|off|true|false|yes|no]
1825
1826 # See description of global vrrp_strict
1827 # If strict_mode is not specified, it takes the value of vrrp_strict.
1828 # If strict_mode without a parameter is specified, it defaults to on.
1829 strict_mode [on|off|true|false|yes|no]
1830
1831 # Debug level, not implemented yet.
1832 # LEVEL is a number in the range 0 to 4
1833 debug <LEVEL>
1834
1835 # notify scripts, alert as above
1836 notify_master <STRING>|<QUOTED-STRING> [username [groupname]]
1837 notify_backup <STRING>|<QUOTED-STRING> [username [groupname]]
1838 notify_fault <STRING>|<QUOTED-STRING> [username [groupname]]
1839 # executed when stopping vrrp
1840 notify_stop <STRING>|<QUOTED-STRING> [username [groupname]]
1841 notify <STRING>|<QUOTED-STRING> [username [groupname]]
1842
1843 # The notify_master_rx_lower_pri script is executed if a master
1844 # receives an advert with priority lower than the master's priority.
1845 notify_master_rx_lower_pri <STRING>|<QUOTED-STRING> [username [groupname]]
1846
1847 # Send vrrp instance priority notifications on notify FIFOs.
1848 notify_priority_changes <BOOL>
1849
1850 # Send SMTP alerts
1851 smtp_alert <BOOL>
1852
1853 # Set socket receive buffer size (see global_defs
1854 # vrrp_rx_bufs_policy for explanation)
1855 kernel_rx_buf_size
1856
1857 # Set use of linkbeat for the interface of this VRRP instance. This option is
1858 # deprecated - use linkbeat_interfaces block instead.
1859 linkbeat_use_polling
1860 }
1861
1863 contains subblocks of Virtual server group(s) and Virtual server(s)
1864
1865 The subblocks contain arguments for configuring Linux IPVS (LVS) fea‐
1866 ture. Knowledge of ipvsadm(8) will be helpful here. Configuring LVS is
1867 achieved by defining virtual server groups, virtual servers and option‐
1868 ally SSL configuration. Every virtual server defines a set of real
1869 servers, you can attach healthcheckers to each real server. Keepalived
1870 will then lead LVS operation by dynamically maintaining topology.
1871
1872 For details of what configuration combinations are valid, see the
1873 ipvsadm(8) man page.
1874
1875 Note: Where an option can be configured for a virtual server, real
1876 server, and possibly checker, the virtual server setting is the default
1877 for real servers, and the real server setting is the default for check‐
1878 ers.
1879
1880 Note: Tunnelled real/sorry servers can differ from the address family
1881 of the virtual server and non tunnelled real/sorry servers, which all
1882 have to be the same. If a virtual server uses a fwmark, and all the
1883 real/sorry servers are tunnelled, the address family of the virtual
1884 server will be the same as the address family of the real/sorry servers
1885 if they are all the same, otherwise it will default to IPv4 (use
1886 ip_family inet6 to override this).
1887
1888 Note: The port for the virtual server can only be omitted if the vir‐
1889 tual service is persistent.
1890
1892 This feature offers a way to simplify your configuration by factorizing
1893 virtual server definitions. If you need to define a bunch of virtual
1894 servers with exactly the same real server topology then this feature
1895 will make your configuration much more readable, optimize the duplica‐
1896 tion of IPVS virtual servers if nftables_ipvs is used, and will opti‐
1897 mize healthchecking task by only spawning one healthchecker where mul‐
1898 tiple virtual servers declaration would spawn a dedicated healthchecker
1899 for every real server which will waste system resources.
1900
1901 Any combination of IP addresses, IP address ranges and firewall marks
1902 can be used, provided that the family of the IP addresses of the vir‐
1903 tual server group match the IP address family of all the real servers
1904 of any virtual server using the virtual server group. The one exception
1905 to this is that the virtual server group can be configured with both
1906 IPv4 and IPv6 addresses and fwmarks provided that all the real servers
1907 (and sorry servers) of all virtual servers using the virtual server
1908 group use tunnel forwarding; if fwmarks are specified in this case, the
1909 address family must be specified (the one exception to this is if the
1910 virtual server group has no IP addresses (i.e. fwmarks only) and all
1911 the real/sorry servers are tunnelled, it will default to IPv4; it is
1912 not good practice to rely on this and the address families of the fw‐
1913 marks should be configured). Use of this option is intended for very
1914 large LVSs, but note, this can create a huge number of virtual servers
1915 unless nftables_ipvs is used. The use of nftables_ipvs is stringly rec‐
1916 ommended due to the very significant optimisations and efficiencies it
1917 provides.
1918
1919 NOTE: do not configure more than one TCP, one UDP and one SCTP virtual
1920 server with the same IP address family using the same virtual server
1921 group (or to put it another way do not have two virtual servers with
1922 the same protocol and address family using the same virtual server
1923 group); if all the real servers are tunnelled, then you must not have
1924 both IPv4 and IPv6 virtual servers with the same protocol.
1925
1926 The syntax for virtual_server_group is :
1927
1928 virtual_server_group <STRING> {
1929 # Virtual IP Address and Port
1930 <IPADDR> [<PORT>]
1931 <IPADDR> [<PORT>]
1932 ...
1933 # <IPADDR RANGE> is any of the following forms (or their IPv6 equivalents)
1934 # XXX.YYY.ZZZ.WWW-VVV eg 192.168.200.1-10 (includes both .1 and .10)
1935 # AAA.BBB.CCC.DDD-EEE.FFF.GGG.HHH eg 192.168.200.250-192.168.201.10
1936 # III.JJJ.KKK.LLL/nn eg 192.168.202.8/29
1937 <IPADDR RANGE> [<PORT>] # VIP range [VPORT]
1938 <IPADDR RANGE> [<PORT>]
1939 ...
1940 # Firewall Mark (fwmark)
1941 # inet/inet6 should only be specified for virtual server groups
1942 # where all real servers of the virtual servers are tunnelled.
1943 fwmark <INTEGER>
1944 fwmark <INTEGER> [inet|inet6]
1945 ...
1946 }
1947
1949 A virtual_server can be a declaration of one of <IPADDR> [<PORT>] , fw‐
1950 mark <INTEGER> or group <STRING>
1951
1952 The syntax for virtual_server is :
1953
1954 virtual_server <IPADDR> [<PORT>] |
1955 virtual_server fwmark <INTEGER> |
1956 virtual_server group <STRING> {
1957 # LVS scheduler
1958 lvs_sched rr|wrr|lc|wlc|lblc|sh|mh|dh|fo|ovf|lblcr|sed|nq
1959
1960 # Enable flag-1 for scheduler (-b flag-1 in ipvsadm)
1961 flag-1
1962 # Enable flag-2 for scheduler (-b flag-2 in ipvsadm)
1963 flag-2
1964 # Enable flag-3 for scheduler (-b flag-3 in ipvsadm)
1965 flag-3
1966 # Enable sh-port for sh scheduler (-b sh-port in ipvsadm)
1967 sh-port
1968 # Enable sh-fallback for sh scheduler (-b sh-fallback in ipvsadm)
1969 sh-fallback
1970 # Enable mh-port for mh scheduler (-b mh-port in ipvsadm)
1971 mh-port
1972 # Enable mh-fallback for mh scheduler (-b mh-fallback in ipvsadm)
1973 mh-fallback
1974 # Enable One-Packet-Scheduling for UDP (-o in ipvsadm)
1975 ops
1976
1977 # Override default LVS forwarding method (default is NAT).
1978 # Default tunnel type is ipip. Since Linux 5.2 the GUE tunnel type can
1979 # be specified. If using GUE, a port number is required. Since Linux 5.3
1980 # if the tunnel type is GUE, the checksum option can also be specified.
1981 # Since Linux 5.3, GRE tunnel type is also supported, but without the
1982 # remcsum option.
1983 lvs_method NAT|DR
1984 or
1985 lvs_method TUN [type {ipip|gue port NUM|gre} [nocsum|csum|remcsum]]
1986 # LVS persistence engine name (currently only sip supported)
1987 persistence_engine <STRING>
1988 # LVS persistence timeout in seconds, default 6 minutes
1989 persistence_timeout [<INTEGER>]
1990 # LVS granularity mask (-M in ipvsadm)
1991 persistence_granularity <NETMASK>
1992 # L4 protocol
1993 protocol TCP|UDP|SCTP
1994 # If VS IP address is not set,
1995 # suspend healthchecker's activity
1996 ha_suspend
1997
1998 # Send email notification during quorum up/down transition,
1999 # using addresses in global_defs above (default no,
2000 # unless global smtp_alert/smtp_alert_checker set)
2001 smtp_alert <BOOL>
2002
2003 # Default VirtualHost string for HTTP_GET or SSL_GET
2004 # eg virtualhost www.firewall.loc
2005 # Overridden by virtualhost config of real server or checker
2006 virtualhost <STRING>
2007
2008 # On daemon startup assume that all RSs are down
2009 # and healthchecks failed. This helps to prevent
2010 # false positives on startup. Alpha mode is
2011 # disabled by default.
2012 alpha
2013
2014 # On daemon shutdown consider quorum and RS
2015 # down notifiers for execution, where appropriate.
2016 # Omega mode is disabled by default.
2017 omega
2018
2019 # Minimum total weight of all live servers in
2020 # the pool necessary to operate VS with no
2021 # quality regression. Defaults to 1.
2022 quorum <INTEGER>
2023
2024 # Tolerate this much weight units compared to the
2025 # nominal quorum, when considering quorum gain
2026 # or loss. A flap dampener. Defaults to 0.
2027 hysteresis <INTEGER>
2028
2029 # Script to execute when quorum is gained.
2030 quorum_up <STRING>|<QUOTED-STRING> [username [groupname]]
2031
2032 # Script to execute when quorum is lost.
2033 quorum_down <STRING>|<QUOTED-STRING> [username [groupname]]
2034
2035 # IP family for a fwmark service (only needed if all real servers are tunnelled
2036 # and persistence_granularity is not specified). Defaults to inet if not specified.
2037 ip_family inet|inet6
2038
2039 # setup realserver(s)
2040
2041 # RS to add to LVS topology when the quorum isn't achieved.
2042 # If a sorry server is configured, all real servers will
2043 # be brought down when the quorum is not achieved and be
2044 # replaced with the sorry server.
2045 sorry_server <IPADDR> [<PORT>]
2046 # applies inhibit_on_failure behaviour to the sorry_server
2047 sorry_server_inhibit
2048 # Sorry server LVS forwarding method. Default is the virtual
2049 # server's default.
2050 # For details of tunnel type, see virtual_server details.
2051 sorry_server_lvs_method NAT|DR
2052 or
2053 sorry_server_lvs_method TUN [type {ipip|gue port NUM|gre} [nocsum|csum|remcsum]]
2054
2055 # Optional connection timeout in seconds.
2056 # The default is 5 seconds
2057 connect_timeout <TIMER>
2058
2059 # Retry count to make additional checks if check
2060 # of an alive server fails. Default: 1 unless specified below
2061 retry <INTEGER>
2062
2063 # delay before retry after failure. Defaults to delay_loop for DNS_CHECK,
2064 # 3 seconds for HTTP_GET and SSL_GET, and 1 second otherwise.
2065 delay_before_retry <TIMER>
2066
2067 # Optional random delay to start the initial check
2068 # for maximum N seconds.
2069 # Useful to scatter multiple simultaneous
2070 # checks to the same RS. Enabled by default, with
2071 # the maximum at delay_loop. Specify 0 to disable
2072 warmup <TIMER>
2073
2074 # delay timer for checker polling (60 seconds if not specified)
2075 delay_loop <TIMER>
2076
2077 # Set weight to 0 when healthchecker detects failure
2078 inhibit_on_failure
2079
2080 # one entry for each realserver
2081 real_server <IPADDR> [<PORT>] {
2082 # relative weight to use, default: 1
2083 weight <INTEGER>
2084 # LVS forwarding method
2085 # For details of tunnel type, see virtual_server details. The default
2086 # setting is taken from the virtual_server's setting.
2087 lvs_method NAT|DR
2088 or
2089 lvs_method TUN [type {ipip|gue port NUM|gre} [nocsum|csum|remcsum]]
2090
2091 # Script to execute when healthchecker
2092 # considers service as up.
2093 notify_up <STRING>|<QUOTED-STRING> [username [groupname]]
2094 # Script to execute when healthchecker
2095 # considers service as down.
2096 notify_down <STRING>|<QUOTED-STRING> [username [groupname]]
2097
2098 # maximum number of connections to server
2099 uthreshold <INTEGER>
2100 # minimum number of connections to server
2101 lthreshold <INTEGER>
2102
2103 # Send email notification during state transition,
2104 # using addresses in global_defs above (default yes,
2105 # unless global smtp_alert/smtp_alert_checker set)
2106 smtp_alert <BOOL>
2107
2108 # Default VirtualHost string for HTTP_GET or SSL_GET
2109 # eg virtualhost www.firewall.loc
2110 # Overridden by virtualhost config of a checker
2111 virtualhost <STRING>
2112
2113 alpha <BOOL> # see above
2114 connect_timeout <TIMER> # see above
2115 retry <INTEGER> # see above
2116 delay_before_retry <TIMER> # see above
2117 warmup <TIMER> # see above
2118 delay_loop <TIMER> # see above
2119 inhibit_on_failure <BOOL> # see above
2120
2121 # healthcheckers. Can be multiple of each type
2122 # HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|DNS_CHECK|MISC_CHECK|BFD_CHECK|UDP_CHECK|PING_CHECK|FILE_CHECK
2123
2124 # All checkers have the following options, except MISC_CHECK which only
2125 # has options alpha onwards, and BFD_CHECK and FILE_CHECK which have none
2126 # of the standard options:
2127 CHECKER_TYPE {
2128 # ======== generic connection options
2129 # Optional IP address to connect to.
2130 # The default is the realserver IP
2131 connect_ip <IPADDR>
2132
2133 # Optional port to connect to
2134 # The default is the realserver port
2135 connect_port <PORT>
2136
2137 # Optional address to use to
2138 # originate the connection
2139 bindto <IPADDR>
2140
2141 # Optional interface to use; needed if
2142 # the bindto address is IPv6 link local
2143 bind_if <IFNAME>
2144
2145 # Optional source port to
2146 # originate the connection from
2147 bind_port <PORT>
2148
2149 # Optional fwmark to mark all outgoing
2150 # checker packets with
2151 fwmark <INTEGER>
2152
2153 alpha <BOOL> # see above
2154 connect_timeout <TIMER> # see above
2155 retry <INTEGER> # see above
2156 delay_before_retry <TIMER> # see above
2157 warmup <TIMER> # see above
2158 delay_loop <TIMER> # see above
2159 log_all_failures <BOOL> # log all failures when checker up
2160 }
2161
2162 # The following options are additional checker specific
2163
2164 # HTTP and SSL healthcheckers
2165 HTTP_GET|SSL_GET {
2166 # HTTP protocol version, one of 1.0, 1.0C, 1.1
2167 # Protocol version 1.0C means version 1.0 with the addition
2168 # of a "Connection: close" line, which is included in
2169 # version 1.1 by default.
2170 http_protocol <PROTOCOL>
2171 # When alpha mode is set, or when recovering from a failure,
2172 # each URL is checked, with a delay of <delay_loop> between
2173 # each check. if there were 20 URLs, and the <delay_loop> were
2174 # 3 seconds, it would take 1 minute before the RS would come up
2175 # following startup, or recovery from a failure. Setting
2176 # fast_recovery removes the delay, both at start up and after
2177 # recovery from a failure, meaning that the RS will come up
2178 # once all the URLs have been checked, with no delay between
2179 # checking each URL.
2180 fast_recovery [<BOOL>]
2181 # An url to test
2182 # can have multiple entries here
2183 url {
2184 #eg path / , or path /mrtg2/
2185 path <STRING>
2186 # healthcheck needs digest
2187 # or status_code and digest
2188 # Digest computed with genhash
2189 # eg digest 9b3a0c85a887a256d6939da88aabd8cd
2190 digest <STRING>
2191 # status code returned in the HTTP header
2192 # eg status_code 200 or status_code 200-299 400-499 503 505
2193 # Default is 200-299
2194 status_code <INTEGER|RANGE> [<INTEGER|RANGE>] ...
2195 # VirtualHost string. eg virtualhost www.firewall.loc
2196 # If not set, uses virtualhost from real or virtual server
2197 virtualhost <STRING>
2198 # Regular expression to search returned data against.
2199 # A failure to match causes the check to fail.
2200 regex <STRING>
2201 # Reverse the sense of the match, so a match of the
2202 # returned text causes the check to fail.
2203 regex_no_match
2204 # Space separated list of options for regex.
2205 # See man pcre2api for a description of the options.
2206 # The following option are supported:
2207 # allow_empty_class alt_bsux auto_callout caseless
2208 # dollar_endonly dotall dupnames extended firstline
2209 # match_unset_backref multiline never_ucp never_utf
2210 # no_auto_capture no_auto_possess no_dotstar_anchor
2211 # no_start_optimize ucp ungreedy utf never_backslash_c
2212 # alt_circumflex alt_verbnames use_offset_limit
2213 regex_options <OPTIONS>
2214 # For complicated regular expressions a larger stack
2215 # may be needed, and this allows the start and maximum
2216 # sizes in bytes to be specified. For more details see
2217 # the documentation for pcre2_jit_stack_create()
2218 regex_stack <START> <MAX>
2219 # The minimum offset into the returned data to start
2220 # checking for the regex pattern match. This can save
2221 # processing time if the returned data is large.
2222 regex_min_offset <OFFSET>
2223 # The maximum offset into the returned data for the
2224 # start of the subject match.
2225 regex_max_offset <OFFSET>
2226 }
2227 }
2228
2229 SSL_GET {
2230 # when provided, send Server Name Indicator during SSL handshake
2231 enable_sni
2232 }
2233
2234 # TCP healthchecker
2235 TCP_CHECK {
2236 # No additional options
2237 }
2238
2239 # SMTP healthchecker
2240 SMTP_CHECK {
2241 # Optional string to use for the SMTP HELO request
2242 helo_name <STRING>|<QUOTED-STRING>
2243 }
2244
2245 # DNS healthchecker. Uses UDP protocol.
2246 DNS_CHECK {
2247 # The retry default is 3.
2248
2249 # DNS query type
2250 # A|NS|CNAME|SOA|MX|TXT|AAAA
2251 # The default is SOA
2252 type <STRING>
2253
2254 # Domain name to use for the DNS query
2255 # The default is . (dot)
2256 name <STRING>
2257 }
2258
2259 # MISC healthchecker, run a program
2260 MISC_CHECK {
2261 # The retry default is 0.
2262
2263 # External script or program
2264 misc_path <STRING>|<QUOTED-STRING>
2265 # Script execution timeout
2266 misc_timeout <INTEGER>
2267
2268 # If misc_dynamic is set, the exit code from healthchecker
2269 # is used to dynamically adjust the weight as follows:
2270 # exit status 0: svc check success, weight
2271 # unchanged.
2272 # exit status 1: svc check failed.
2273 # exit status 2-255: svc check success,
2274 # then the RS weight is increased by
2275 # (exit status - 2 - rs configured weight).
2276 # An exit status of 10 will set the RS weight to 10. If
2277 # the exit status subsequently changes to 20, the RS
2278 # weight will become 20.
2279 # If there is only one MISC_CHECK and no FILE_CHECKers
2280 # the effect is to set the RS weight to two less than
2281 # the exit status.
2282 # (for example: an exit status of 255 would set
2283 # weight to 253 if no other MISC_CHECKers or
2284 # FILE_CHECKers where configured on the RS)
2285 misc_dynamic
2286
2287 # Specify the username/groupname that the script should
2288 # be run under.
2289 # If GROUPNAME is not specified, the group of the user
2290 # is used
2291 user USERNAME [GROUPNAME]
2292 }
2293
2294 # BFD instance name to check
2295 BFD_CHECK {
2296 name <STRING>
2297 }
2298
2299 # PING healthchecker
2300 # Note: using this checker may cause /proc/sys/net/ipv4/ping_group_range to be
2301 # updated to allow root to use an IPPROTO_ICMP socket.
2302 PING_CHECK {
2303 # No additional options
2304 }
2305
2306 # UDP healthchecker
2307 # Note: for this checker to work properly, it relies on ICMP error messages such as
2308 # HOST_UNREACH, NET_UNREACH, PORT_UNREACH. HOST_UNREACH relies on ARP requests
2309 # timing out, and so connect_timeout should be long enough to allow for this (e.g.
2310 # at least 4 seconds).
2311 # If payload is specified, the HEX_STR will be sent as the UDP data, otherwise a
2312 # random payload will be sent.
2313 # If require_reply is specified, the received data length is checked to ensure that it
2314 # lies between min_reply_length and max_reply_length.
2315 # If require_reply without a hex string is specified, udp reply data must be received
2316 # but the data content is not checked.
2317 # If a require_reply HEX_STR is specified, the reply data will be checked against the
2318 # HEX_STR, which must match up to the minimum of the received data length and the length
2319 # of the require_reply HEX_STR.
2320 # The format of HEX_STR is quite free format, for example:
2321 # Ab12f 3 456 546443123
2322 # would be interpreted as:
2323 # AB 12 0F 03 45 06 54 64 43 12 03
2324 # For the require_reply HEX_STR, a character can be specified as X or x, in which case
2325 # the value of those 4 bits in the reply is ignored. This allows, for example, for
2326 # some form of counter or otherwise.
2327 # It may be that you will want to use PING_CHECK to the same server as well.
2328 UDP_CHECK {
2329 payload <HEX_STR>
2330 require_reply [<HEX_STR>] # Require a reply packet for check to be successful
2331 min_reply_length <INT> # default 0
2332 max_reply_length <INT> # default is 255
2333 }
2334
2335 # File checker
2336 # This reads and monitors the contents of a file, where STRING is the name specified
2337 # in the track_file configuration block (see above).
2338 FILE_CHECK {
2339 track_file <STRING>
2340
2341 # If dynamic is set, the value from the file is used
2342 # to dynamically adjust the weight by adding the weight
2343 # to the quorum and the LVS weight
2344 dynamic
2345
2346 # The weight multiplier to apply to the value read from the file
2347 weight <-2147483647..2147483647> [reverse]
2348 }
2349 }
2350 }
2351
2352 # Parameters used for SSL_GET check.
2353 # If none of the parameters are specified, the SSL context
2354 # will be auto generated.
2355 SSL {
2356 # Password
2357 password <STRING>
2358 # CA file
2359 ca <STRING>
2360 # Certificate file
2361 certificate <STRING>
2362 # Key file
2363 key <STRING>
2364 }
2365
2367 Configuration parser has been extended to support advanced features
2368 such as conditional configuration and parameter substitution. These
2369 features are very useful for any scripted environment where configura‐
2370 tion templates are generated (datacenters).
2371
2373 The config-id defaults to the first part of the node name as returned
2374 by uname, and can be overridden with the -i or --config-id command line
2375 option.
2376
2377 Any configuration line starting with '@' is a conditional configuration
2378 line. The word immediately following (i.e. without any space) the '@'
2379 character is compared against the config-id, and if they don't match,
2380 the configuration line is ignored.
2381
2382 Alternatively, '@^' is a negative comparison, so if the word immedi‐
2383 ately following does NOT match the config-id, the configuration line IS
2384 included.
2385
2386 The purpose of this is to allow a single configuration file to be used
2387 for multiple systems, where the only differences are likely to be the
2388 router_id, vrrp instance priorities, and possibly interface names and
2389 unicast addresses.
2390
2391 For example:
2392
2393 global_defs {
2394 @main router_id main_router
2395 @backup router_id backup_router
2396 }
2397 ...
2398 vrrp_instance VRRP {
2399 ...
2400 @main unicast_src_ip 1.2.3.4
2401 @backup unicast_src_ip 1.2.3.5
2402 @backup2 unicast_src_ip 1.2.3.6
2403 unicast_peer {
2404 @^main 1.2.3.4
2405 @^backup 1.2.3.5
2406 @^backup2 1.2.3.6
2407 }
2408 ...
2409 }
2410
2411 If keepalived is invoked with -i main, then the router_id will be set
2412 to main_router, if invoked with -i backup, then backup_router, if not
2413 invoked with -i, or with -i anything else, then the router_id will not
2414 be set. The unicast peers for main will be 1.2.3.5 and 1.2.3.6.
2415
2417 Substitutable parameters can be specified. The format for defining a
2418 parameter is:
2419
2420 $PARAMETER=VALUE
2421
2422 where there must be no space before the '=' and only whitespace may
2423 preceed to '$'. Empty values are allowed.
2424
2425 Parameter names can be made up of any combination of A-Za-z0-9 and _,
2426 but cannot start with a digit. Parameter names starting with an under‐
2427 score should be considered reserved names that keepalived will define
2428 for various pre-defined options.
2429
2430 After a parameter is defined, any occurrence of $PARAMETER followed by
2431 whitespace, or any occurrence of ${PARAMETER} (which need not be fol‐
2432 lowed by whitespace) will be replaced by VALUE.
2433
2434 Replacement is recursive, so that if a parameter value itself includes
2435 a replaceable parameter, then after the first substitution, the parame‐
2436 ter in the value will then be replaced; the substitution is done at re‐
2437 placement time and not at definition time, so for example:
2438
2439 $ADDRESS_BASE=10.2.${ADDRESS_BASE_SUB}
2440 $ADDRESS_BASE_SUB=0
2441 ${ADDRESS_BASE}.100/32
2442 $ADDRESS_BASE_SUB=10
2443 ${ADDRESS_BASE}.100/32
2444
2445 will produce:
2446 10.2.0.100/32
2447 10.2.10.100/32
2448
2449 Note in the above examples the use of both ADDRESS_BASE and AD‐
2450 DRESS_BASE_SUB required braces ({}) since the parameters were not fol‐
2451 lowed by whitespace (after the first substitution which produced
2452 10.2.${ADDRESS_BASE_SUB}.100/32 the parameter is still not followed by
2453 whitespace).
2454
2455 If a parameter is not defined, it will not be replaced at all, so for
2456 example ${UNDEF_PARAMETER} will remain in the configuration if it is
2457 undefined; this means that existing configuration that contains a '$'
2458 character (for example in a script definition) will not be changed so
2459 long as no new parameter definitions are added to the configuration.
2460
2461 Parameter substitution works in conjunction with conditional configura‐
2462 tion. For example:
2463
2464 @main $PRIORITY=240
2465 @backup $PRIORITY=200
2466 ...
2467 vrrp_instance VI_0 {
2468 priority $PRIORITY
2469 }
2470
2471 will produce:
2472 ...
2473 vrrp_instance VI_0 {
2474 priority 240
2475 }
2476 if the config_id is main.
2477
2478 $IF_MAIN=@main
2479 $IF_MAIN priority 240
2480
2481 will produce:
2482 priority 240
2483 if the config_id is main and nothing if the config_id is not main,
2484 although why anyone would want to use this rather than simply the
2485 following is not known (but still possible):
2486 @main priority 240
2487
2488 Multiline definitions are also supported, but when used there must be
2489 nothing on the line after the parameter name. A multiline definition is
2490 specified by ending each line except the last with a '\' character.
2491
2492 Example:
2493 $INSTANCE= \
2494 vrrp_instance VI_${NUM} { \
2495 interface eth0.${NUM} \
2496 use_vmac vrrp${NUM}.1 \
2497 virtual_router_id 1 \
2498 @high priority 130 \
2499 @low priority 120 \
2500 advert_int 1 \
2501 virtual_ipaddress { \
2502 10.0.${NUM}.254/24 \
2503 } \
2504 track_script { \
2505 offset_instance_${NUM} \
2506 } \
2507 }
2508
2509 $NUM=0
2510 $INSTANCE
2511
2512 $NUM=1
2513 $INSTANCE
2514
2515 The use of multiline definitions can be nested.
2516
2517 Example:
2518 $RS= \
2519 real_server 192.168.${VS_NUM}.${RS_NUM} 80 { \
2520 weight 1 \
2521 inhibit_on_failure \
2522 smtp_alert \
2523 MISC_CHECK { \
2524 misc_path "${_PWD}/scripts/vs.sh RS_misc.${INST}.${VS_NUM}.${RS_NUM}.0 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \
2525 } \
2526
2527 MISC_CHECK { \
2528 misc_path "${_PWD}/scripts/vs.sh RS_misc.${INST}.${VS_NUM}.${RS_NUM}.1 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \
2529 } \
2530
2531 notify_up "${_PWD}/scripts/notify.sh RS_notify.${INST}.${VS_NUM}.${RS_NUM} UP 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \
2532
2533 notify_down "${_PWD}/scripts/notify.sh RS_notify.${INST}.${VS_NUM}.${RS_NUM} DOWN 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \
2534
2535 }
2536
2537 $VS= \
2538 virtual_server 10.0.${VS_NUM}.4 80 { \
2539 quorum 2 \
2540 quorum_up "${_PWD}/scripts/notify.sh VS_notify.${INST} UP 10.0.${VS_NUM}.4:80" \
2541 quorum_down "${_PWD}/scripts/notify.sh VS_notify.${INST} DOWN 10.0.${VS_NUM}.4:80" \
2542 $RS_NUM=1 \
2543 $RS \
2544 $RS_NUM=2 \
2545 $RS \
2546 $RS_NUM=3 \
2547 $RS \
2548 }
2549
2550 $VS_NUM=0
2551 $ALPHA=alpha
2552 $VS
2553
2554 $VS_NUM=1
2555 $ALPHA=
2556 $VS
2557
2558 The above will create 2 virtual servers, each with 3 real servers
2559
2561 The following pre-defined definitions are defined:
2562
2563 ${_PWD} : The directory of the current configuration file (this can be
2564 changed if using the include directive).
2565 ${_INSTANCE} : The instance name (as defined by the -i option, defaults
2566 to hostname).
2567 ${_RANDOM [MIN [MAX]]} : This is replaced by a random integer in the
2568 range [MIN, MAX], where MIN and MAX are optional non-negative integers.
2569 Defaults are MIN=0 and MAX=32767.
2570 ${_HASH} : This is replaced by a '#' character, which would otherwise
2571 start a comment
2572 ${_BANG} : This is replaced by a '!' character, which would otherwise
2573 start a comment
2574
2575 Additional pre-defined definitions will be added as their need is iden‐
2576 tified. It will normally be quite straightforward to add additional
2577 pre-defined definitions, so if you need one, or have a good idea for
2578 one, then raise an issue at https://github.com/acassen/keepalived/is‐
2579 sues requesting it.
2580
2582 A line starting ~SEQ(var, start, step, end) will cause the remainder of
2583 the line to be processed multiple times, with the variable $var set
2584 initially to start, and then $var will be incremented by step repeat‐
2585 edly, terminating when it is greater than end. step may be omitted, in
2586 which case it defaults to 1 or -1, depending on whether end is greater
2587 or less than start. start may also be omitted, in which case it de‐
2588 faults to 1 if end > 0 or -1 if end < 0. ~SEQx(...) is the same as
2589 ~SEQ(...), except the variable $var will for formatted in hexadecimal,
2590 which would be useful for IPv6 addresses.
2591
2592 Note: At the moment it is necessary to use different variables for the
2593 ~SEQ block from any previously defined variable, including one used as
2594 the variable in a previous ~SEQ block. This may change in the future,
2595 so do not rely on a ~SEQ block variable being defined after the end of
2596 the block.
2597
2598 Examples:
2599
2600 ~SEQ(SUBNET, 0, 3) ip_address 10.0.${SUBNET}.1
2601
2602 would produce:
2603 ip_address 10.0.0.1
2604 ip_address 10.0.1.1
2605 ip_address 10.0.2.1
2606 ip_address 10.0.3.1
2607
2608 and
2609 ~SEQx(SUBNET, 144, 16, 192) ip_address fe80::20:${SUBNET}:1
2610 or better
2611 ~SEQx(SUBNET, 0x90, 0x10, 0xc0) ip_address fe80::20:${SUBNET}:1
2612
2613 would produce:
2614 ip_address fe80::20:90:1
2615 ip_address fe80::20:a0:1
2616 ip_address fe80::20:b0:1
2617 ip_address fe80::20:c0:1
2618
2619 Another example:
2620
2621 virtual_ipaddress {
2622 ~SEQx(AD2, 0x90, 0x10, 0xc0) ~SEQx(AD1, 0x12, -1, 0x0c) fe81::10:${AD2}:${AD1}
2623 }
2624
2625 There can be multiple ~SEQ elements on a line, so for example:
2626
2627 $VI4= \
2628 track_file offset_instance_4.${IF}.${NUM}.${ID} { \
2629 file "${_PWD}/679/track_files/4.${IF}.${NUM}.${ID}" \
2630 weight -100 \
2631 } \
2632 vrrp_instance vrrp4.${IF}.${NUM}.${ID} { \
2633 interface bond${IF}.${NUM} \
2634 use_vmac vrrp4.${IF}.${NUM}.${ID} \
2635 virtual_router_id ${ID} \
2636 priority 130 \
2637 virtual_ipaddress { \
2638 10.${IF}.${NUM}.${ID}/24 \
2639 } \
2640 track_file { \
2641 offset_instance_4.${IF}.${NUM}.${ID} \
2642 } \
2643 }
2644
2645 ~SEQ(IF,0,7) ~SEQ(NUM,0,31) ~SEQ(ID,1,254) $VI4
2646
2647 will produce 65024 vrrp instances with names from vrrp4.0.0.1 through to
2648 vrrp4.7.31.254.
2649
2651 List blocks are similar to sequence blocks, except that the values to
2652 substitute into the variable are listed in the ~LST specification.
2653
2654 A line starting ~LST(var, val1, val2, val3) will cause the remainder of
2655 the line to be processed multiple times, with the variable $var set
2656 initially to val1, and then val2, and finally val3. Any number of val‐
2657 ues can be specified, as long as at least one value is (although only
2658 one value would be pointless).
2659
2660 If it is desired to substitute more than one variable at a time, the
2661 variables and values need to be enclosed in {...} blocks. For example:
2662
2663 ~LST({IP, IP1}, {10,1},{20,4},{5,6},{12,8}) 192.168.${IP}.${IP1}
2664
2665 would first set IP=10 and IP1=1, then IP=20 and IP1=4, etc, and pro‐
2666 duces:
2667
2668 192.168.10.1
2669 192.168.20.4
2670 192.168.5.6
2671 192.168.12.8
2672
2673 List blocks can be nested, so:
2674
2675 ~LST(IP, 1, 2, 3, 4) ~LST(IP1, 5,6,7) 192.169.${IP}.${IP1}
2676
2677 produces:
2678 192.169.1.5
2679 192.169.1.6
2680 192.169.1.7
2681 192.169.2.5
2682 192.169.2.6
2683 192.169.2.7
2684 192.169.3.5
2685 192.169.3.6
2686 192.169.3.7
2687 192.169.4.5
2688 192.169.4.6
2689 192.169.4.7
2690
2691 Finally, list blocks and sequence blocks can be combined, so:
2692
2693 ~LST({IP, IP1}, {10,1},{20,4},{5,6},{12,8}) ~SEQ(IP2,168,2,172)
2694 192.${IP2}.${IP}.${IP1}
2695
2696 produces:
2697
2698 192.168.10.1
2699 192.170.10.1
2700 192.172.10.1
2701 192.168.20.4
2702 192.170.20.4
2703 192.172.20.4
2704 192.168.5.6
2705 192.170.5.6
2706 192.172.5.6
2707 192.168.12.8
2708 192.170.12.8
2709 192.172.12.8
2710
2712 It has been identified that if proxy_arp and proxy_arp_pvlan are en‐
2713 abled on an interface that has VIPs or eVIPs configured on it, it can
2714 cause incorrect replies to ARP requests due to the proxy replying to
2715 the ARP request as well as the keepalived host. Both need to be set to
2716 0 to function properly.
2717
2719 Initial by Joseph Mack. Extensive updates by Alexandre Cassen & Quentin
2720 Armitage.
2721
2723 ipvsadm(8), ip --help.
2724
2725
2726
2727Keepalived 2021-02-07 keepalived.conf(5)