NGINX Plus trial and HA with keepalived in active-active mode

Sergey A. Osokin osa at freebsd.org.ru
Wed Jan 12 20:46:34 UTC 2022 

Hi Fabiano,

hope you're doing well these days.

This mailing list is focused on NGINX OSS distribution.

For commercial support I'd recommend to raise a support ticket on MyF5 portal,
https://my.f5.com/

Thank you.

--
Sergey A. Osokin

On Wed, Jan 12, 2022 at 05:00:35PM -0300, Fabiano Furtado Pessoa Coelho wrote:
> Hi...
> 
> I'm trying to configure keepalived in active-active mode, using 2
> nodes, based on the official documentation
> https://docs.nginx.com/nginx/admin-guide/high-availability/ha-keepalived-nodes/,
> but the environment became unstable. The TCP connection is closing all
> the time and I don't know what's wrong with my keeepalived config.
> 
> I'm using RHEL 8.5 with SELinux enabled and enforcing.
> 
> The configuration of my first NGINX Plus node:
> 
> global_defs {
>         vrrp_version 3
>         router_id nginx_prod1
> }
> 
> vrrp_script chk_manual_failover {
>         script "/usr/libexec/keepalived/nginx-ha-manual-failover"
>         interval 10
>         weight 50
> }
> 
> vrrp_script chk_nginx_service {
>         script "/usr/libexec/keepalived/nginx-ha-check"
>         interval 3
>         weight 50
> }
> 
> vrrp_instance VI_1 {
>         state MASTER
>         interface eth0
>         priority 99
>         virtual_router_id 31
>         advert_int 1
>         accept
>         garp_master_refresh 5
>         garp_master_refresh_repeat 1
>         unicast_src_ip x.y.z.48/26
>         unicast_peer {
>                 x.y.z.50
>         }
>         virtual_ipaddress {
>                 x.y.z.49/26 brd x.y.z.63 dev eth0
>         }
>         track_script {
>                 chk_nginx_service
>                 chk_manual_failover
>         }
>         notify "/usr/libexec/keepalived/nginx-ha-notify"
> }
> 
> vrrp_instance VI_2 {
>         state BACKUP
>         interface eth0
>         priority 98
>         virtual_router_id 41
>         advert_int 1
>         accept
>         garp_master_refresh 5
>         garp_master_refresh_repeat 1
>         unicast_src_ip x.y.z.48/26
>         unicast_peer {
>                 x.y.z.50
>         }
>         virtual_ipaddress {
>                 x.y.z.51/26 brd x.y.z.63 dev eth0
>         }
>         track_script {
>                 chk_nginx_service
>                 chk_manual_failover
>         }
>         notify "/usr/libexec/keepalived/nginx-ha-notify"
> }
> 
> And the "ip a" config:
>   eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
> state UP group default qlen 1000
>     link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
>     inet x.y.z.48/26 brd x.y.z.63 scope global noprefixroute eth0
>        valid_lft forever preferred_lft forever
>     inet x.y.z.49/26 brd x.y.z.63 scope global secondary eth0
>        valid_lft forever preferred_lft forever
>     inet x.y.z.51/26 brd x.y.z.63 scope global secondary eth0
>        valid_lft forever preferred_lft forever
> 
> 
> 
> The configuration of my second NGINX Plus node:
> 
> global_defs {
>         vrrp_version 3
>         router_id nginx_prod2
> }
> 
> vrrp_script chk_manual_failover {
>         script "/usr/libexec/keepalived/nginx-ha-manual-failover"
>         interval 10
>         weight 50
> }
> 
> vrrp_script chk_nginx_service {
>         script "/usr/libexec/keepalived/nginx-ha-check"
>         interval 3
>         weight 50
> }
> 
> vrrp_instance VI_1 {
>         state MASTER
>         interface eth0
>         priority 101
>         virtual_router_id 51
>         advert_int 1
>         accept
>         garp_master_refresh 5
>         garp_master_refresh_repeat 1
>         unicast_src_ip x.y.z.50/26
>         unicast_peer {
>                 x.y.z.48
>         }
>         virtual_ipaddress {
>                 x.y.z.51/26 brd x.y.z.63 dev eth0
>         }
>         track_script {
>                 chk_nginx_service
>                 chk_manual_failover
>         }
>         notify "/usr/libexec/keepalived/nginx-ha-notify"
> }
> 
> vrrp_instance VI_2 {
>         state BACKUP
>         interface eth0
>         priority 100
>         virtual_router_id 61
>         advert_int 1
>         accept
>         garp_master_refresh 5
>         garp_master_refresh_repeat 1
>         unicast_src_ip x.y.z.50/26
>         unicast_peer {
>                 x.y.z.48
>         }
>         virtual_ipaddress {
>                 x.y.z.49/26 brd x.y.z.63 dev eth0
>         }
>         track_script {
>                 chk_nginx_service
>                 chk_manual_failover
>         }
>         notify "/usr/libexec/keepalived/nginx-ha-notify"
> }
> 
> And the "ip a" config:
>   eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
> state UP group default qlen 1000
>     link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
>     inet x.y.z.50/26 brd x.y.z.63 scope global noprefixroute eth0
>        valid_lft forever preferred_lft forever
>     inet x.y.z.51/26 brd x.y.z.63 scope global secondary eth0
>        valid_lft forever preferred_lft forever
>     inet x.y.z.49/26 brd x.y.z.63 scope global secondary eth0
>        valid_lft forever preferred_lft forever
> 
> What am I doing wrong?
> Thanks in advance!
> 
> Fabiano
> _______________________________________________
> nginx mailing list -- nginx at nginx.org
> To unsubscribe send an email to nginx-leave at nginx.org

More information about the nginx mailing list