summaryrefslogtreecommitdiff
path: root/docs/configuration/highavailability
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration/highavailability')
-rw-r--r--docs/configuration/highavailability/index.rst123
1 files changed, 123 insertions, 0 deletions
diff --git a/docs/configuration/highavailability/index.rst b/docs/configuration/highavailability/index.rst
index 29bb97be..bc8aad99 100644
--- a/docs/configuration/highavailability/index.rst
+++ b/docs/configuration/highavailability/index.rst
@@ -220,6 +220,70 @@ Verification
inet 172.25.0.247/16 scope global eth0v10
valid_lft forever preferred_lft forever
+Global options
+--------------
+
+On most scenarios, there's no need to change specific parameters, and using
+default configuration is enough. But there are cases were extra configuration
+is needed.
+
+.. cfgcmd:: set high-availability vrrp global-parameters startup_delay <1-600>
+
+This option specifies a delay in seconds before vrrp instances start up after
+keepalived starts.
+
+Gratuitous ARP
+--------------
+
+These configuration is not mandatory and in most cases there's no
+need to configure it. But if necessary, Gratuitous ARP can be configured in
+``global-parameters`` and/or in ``group`` section.
+
+.. cfgcmd:: set high-availability vrrp global-parameters garp interval
+ <0.000-1000>
+
+.. cfgcmd:: set high-availability vrrp group <name> garp interval
+ <0.000-1000>
+
+Set delay between gratuitous ARP messages sent on an interface. 0 if not
+defined.
+
+.. cfgcmd:: set high-availability vrrp global-parameters garp master-delay
+ <1-255>
+
+.. cfgcmd:: set high-availability vrrp group <name> garp master-delay
+ <1-255>
+
+Set delay for second set of gratuitous ARPs after transition to MASTER. 5 if
+not defined.
+
+.. cfgcmd:: set high-availability vrrp global-parameters garp master-refresh
+ <1-600>
+
+.. cfgcmd:: set high-availability vrrp group <name> garp master-refresh
+ <1-600>
+
+Set minimum time interval for refreshing gratuitous ARPs while MASTER. 0 if
+not defined, which means no refreshing.
+
+.. cfgcmd:: set high-availability vrrp global-parameters garp
+ master-refresh-repeat <1-600>
+
+.. cfgcmd:: set high-availability vrrp group <name> garp
+ master-refresh-repeat <1-600>
+
+Set number of gratuitous ARP messages to send at a time while MASTER. 1 if not
+defined.
+
+.. cfgcmd:: set high-availability vrrp global-parameters garp master-repeat
+ <1-600>
+
+.. cfgcmd:: set high-availability vrrp group <name> garp master-repeat
+ <1-600>
+
+Set number of gratuitous ARP messages to send at a time after transition to
+MASTER. 5 if not defined.
+
Scripting
---------
@@ -293,6 +357,21 @@ Forward method
set high-availability virtual-server 203.0.113.1 forward-method 'nat'
+Health-check
+^^^^^^^^^^^^
+Custom health-check script allows checking real-server availability
+
+.. code-block:: none
+
+ set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script <path-to-script>
+
+Fwmark
+^^^^^^
+Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value
+
+.. code-block:: none
+
+ set high-availability virtual-server 203.0.113.1 fwmark '111'
Real server
^^^^^^^^^^^
@@ -331,3 +410,47 @@ Real server is auto-excluded if port check with this server fail.
set high-availability virtual-server 203.0.113.1 protocol 'tcp'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '80'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.12 port '80'
+
+
+A firewall mark ``fwmark`` allows using multiple ports for high-availability
+virtual-server.
+It uses fwmark value.
+
+In this example all traffic destined to ports "80, 2222, 8888" protocol TCP
+marks to fwmark "111" and balanced between 2 real servers.
+Port "0" is required if multiple ports are used.
+
+.. code-block:: none
+
+ set interfaces ethernet eth0 address 'dhcp'
+ set interfaces ethernet eth0 description 'WAN'
+ set interfaces ethernet eth1 address '192.0.2.1/24'
+ set interfaces ethernet eth1 description 'LAN'
+
+ set policy route PR interface 'eth0'
+ set policy route PR rule 10 destination port '80,2222,8888'
+ set policy route PR rule 10 protocol 'tcp'
+ set policy route PR rule 10 set mark '111'
+
+ set high-availability virtual-server vyos fwmark '111'
+ set high-availability virtual-server vyos protocol 'tcp'
+ set high-availability virtual-server vyos real-server 192.0.2.11 health-check script '/config/scripts/check-real-server-first.sh'
+ set high-availability virtual-server vyos real-server 192.0.2.11 port '0'
+ set high-availability virtual-server vyos real-server 192.0.2.12 health-check script '/config/scripts/check-real-server-second.sh'
+ set high-availability virtual-server vyos real-server 192.0.2.12 port '0'
+
+ set nat source rule 100 outbound-interface 'eth0'
+ set nat source rule 100 source address '192.0.2.0/24'
+ set nat source rule 100 translation address 'masquerade'
+
+Op-mode check virtual-server status
+
+.. code-block:: none
+
+ vyos@r14:~$ run show virtual-server
+ IP Virtual Server version 1.2.1 (size=4096)
+ Prot LocalAddress:Port Scheduler Flags
+ -> RemoteAddress:Port Forward Weight ActiveConn InActConn
+ FWM 111 lc persistent 300
+ -> 192.0.2.11:0 Masq 1 0 0
+ -> 192.0.2.12:0 Masq 1 1 0
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 07:20:28 +0000