I'm in an environment with a serious lack of IPv4 addresses, but a whole lot of IPv6 addresses. I have all sorts of nice services going on on IPv6, among them MySQL replication. Now, I just want the 2 servers to have a single IPv4-address that can be reached by the outside world. I've tried the following config:
Running Keepalived v2.1.5 on Debian 11.
global_defs {
@server01 router_id server01
@server02 router_id server02
}
vrrp_instance vlan0 {
@server02 state MASTER
@server02 priority 110
@server01 state BACKUP
@server01 priority 100
interface eth0
virtual_router_id 123
@server02 unicast_src_ip 2000:4000:6000:8000::102
@server01 unicast_src_ip 2000:4000:6000:8000::101
unicast_peer {
@server01 2000:4000:6000:8000::102
@server02 2000:4000:6000:8000::101
}
authentication {
auth_type PASS
auth_pass secret
}
virtual_ipaddress {
172.1.2.3 dev eth0
}
}
But that gives me the following errors:
(vlan0): address family must match VRRP instance [172.1.2.3] - ignoring
(vlan0) No VIP specified; at least one is required
Is what I'm trying to do achievable? If so, how? Feels like I'm missing just a little detail...
As keepalived told you, you cannot mix address families on one instance. VRRP is too deep in neighbor discovery implementation for it to abstract away address family. Replace the IPv4 VIP with an IPv6 one.
With IPv6 addressing on the high availability, you can provide IPv4 services on top of that.
If the applications can be proxied or relayed, put proxies in front. IPv4 and IPv6 frontends, IPv6 only backend. VRRP remains single stack, which possibly simplifies things.
Or NAT if you must. Create another VRRP instance for IPv4. Probably RFC1918 addressed. NAT service address to VIP. Dual stack plus NAT is not reducing technical debt, but it might be how you want to operate this.