0

I have configured keepalived on two servers, 10.90.11.194 (Server1) and 10.90.11.196(Server2). Server1 is configured as the MASTER while Server2 is the BACKUP. The VIP 10.90.11.219 successfully switches from Server1 to Server2 when keepalived is stopped on Server1. Both the servers have syslog-ng configured in them to receive syslogs from firewalls, proxy etc. These servers also have Splunk Heavy Forwarder application installed on them to forward these incoming syslogs to Splunk indexers 10.90.11.226 (IDX1), 10.90.11.227(IDX2) and 10.90.11.228(IDX3). Server1, Server2, IDX1, IDX2 and IDX 3 are all in the same security group and any-any connection is allowed between them. VIP is also allowed inbound and outbound for this security group.

Problem: No matter which device has VIP assigned, it will not be able to connect to the indexers (IDX1, IDX2 and IDX3) at port 9997. However, this connectivity works absolutely fine from the other device without VIP.

Keepalived Config on Master.

vrrp_instance VI_1 {
            state MASTER
            interface ens3
            virtual_router_id 51
            priority 100
            advert_int 1
            unicast_src_ip 10.90.11.194
            unicast_peer {
                    10.90.11.196
            }
            authentication {
                  auth_type PASS
                  auth_pass 12345
            }
            virtual_ipaddress {
                 10.90.11.219/24
            }
    }

On BACKUP unicast IPs are reversed, priority is 50 and state is BACKUP.

Pinging IDX devices from the server without VIP works fine. Problem is only with the device with VIP where I get "Destination Host Unreachable" response from VIP

[root@SERVER1 ~]# ping 10.90.11.226
PING 10.90.11.226 (10.90.11.226) 56(84) bytes of data.
From 10.90.11.219 icmp_seq=1 Destination Host Unreachable
From 10.90.11.219 icmp_seq=2 Destination Host Unreachable
From 10.90.11.219 icmp_seq=3 Destination Host Unreachable

[root@SERVER1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.90.11.193    0.0.0.0         UG    100    0        0 ens3
10.90.11.0      0.0.0.0         255.255.255.0   U     0      0        0 ens3
10.90.11.192    0.0.0.0         255.255.255.224 U     100    0        0 ens3
169.254.169.254 10.90.11.222    255.255.255.255 UGH   100    0        0 ens3

Could any of you please help fix the issue here?

bluehawk
  • 1
  • 1

0 Answers0