<?xml version="1.0"?> <interfaceDefinition> <node name="high-availability" owner="${vyos_conf_scripts_dir}/high-availability.py"> <properties> <priority>800</priority> <!-- after all interfaces and conntrack-sync --> <help>High availability settings</help> </properties> <children> #include <include/generic-disable-node.xml.i> <node name="vrrp"> <properties> <help>Virtual Router Redundancy Protocol settings</help> </properties> <children> <node name="global-parameters"> <properties> <help>VRRP global parameters</help> </properties> <children> #include <include/vrrp/garp.xml.i> <leafNode name="startup-delay"> <properties> <help>Time VRRP startup process (in seconds)</help> <valueHelp> <format>u32:1-600</format> <description>Interval in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-600"/> </constraint> </properties> </leafNode> </children> </node> <tagNode name="group"> <properties> <help>VRRP group</help> </properties> <children> #include <include/generic-interface-broadcast.xml.i> #include <include/vrrp/garp.xml.i> <leafNode name="advertise-interval"> <properties> <help>Advertise interval</help> <valueHelp> <format>u32:1-255</format> <description>Advertise interval in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> </properties> <defaultValue>1</defaultValue> </leafNode> <node name="authentication"> <properties> <help>VRRP authentication</help> </properties> <children> <leafNode name="password"> <properties> <help>VRRP password</help> <valueHelp> <format>txt</format> <description>Password string (up to 8 characters)</description> </valueHelp> <constraint> <regex>.{1,8}</regex> </constraint> <constraintErrorMessage>Password must not be longer than 8 characters</constraintErrorMessage> </properties> </leafNode> <leafNode name="type"> <properties> <help>Authentication type</help> <completionHelp> <list>plaintext-password ah</list> </completionHelp> <valueHelp> <format>plaintext-password</format> <description>Simple password string</description> </valueHelp> <valueHelp> <format>ah</format> <description>AH - IPSEC (not recommended)</description> </valueHelp> <constraint> <regex>(plaintext-password|ah)</regex> </constraint> <constraintErrorMessage>Authentication type must be plaintext-password or ah</constraintErrorMessage> </properties> </leafNode> </children> </node> #include <include/generic-description.xml.i> #include <include/generic-disable-node.xml.i> <node name="health-check"> <properties> <help>Health check</help> </properties> <children> <leafNode name="failure-count"> <properties> <help>Health check failure count required for transition to fault</help> <constraint> <validator name="numeric" argument="--positive" /> </constraint> </properties> <defaultValue>3</defaultValue> </leafNode> <leafNode name="interval"> <properties> <help>Health check execution interval in seconds</help> <constraint> <validator name="numeric" argument="--positive"/> </constraint> </properties> <defaultValue>60</defaultValue> </leafNode> <leafNode name="ping"> <properties> <help>ICMP ping health check</help> <valueHelp> <format>ipv4</format> <description>IPv4 ping target address</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>IPv6 ping target address</description> </valueHelp> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> </properties> </leafNode> <leafNode name="script"> <properties> <help>Health check script file</help> <constraint> <validator name="script"/> </constraint> </properties> </leafNode> </children> </node> <leafNode name="hello-source-address"> <properties> <help>VRRP hello source address</help> <valueHelp> <format>ipv4</format> <description>IPv4 hello source address</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>IPv6 hello source address</description> </valueHelp> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> </properties> </leafNode> <leafNode name="peer-address"> <properties> <help>Unicast VRRP peer address</help> <valueHelp> <format>ipv4</format> <description>IPv4 unicast peer address</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>IPv6 unicast peer address</description> </valueHelp> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> </properties> </leafNode> <leafNode name="no-preempt"> <properties> <valueless/> <help>Disable master preemption</help> </properties> </leafNode> <leafNode name="preempt-delay"> <properties> <help>Preempt delay (in seconds)</help> <valueHelp> <format>u32:0-1000</format> <description>preempt delay</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-1000"/> </constraint> </properties> <defaultValue>0</defaultValue> </leafNode> <leafNode name="priority"> <properties> <help>Router priority</help> <valueHelp> <format>u32:1-255</format> <description>Router priority</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> </properties> <defaultValue>100</defaultValue> </leafNode> <leafNode name="rfc3768-compatibility"> <properties> <help>Use VRRP virtual MAC address as per RFC3768</help> <valueless/> </properties> </leafNode> <node name="track"> <properties> <help>Track settings</help> </properties> <children> <leafNode name="exclude-vrrp-interface"> <properties> <valueless/> <help>Disable track state of main interface</help> </properties> </leafNode> <leafNode name="interface"> <properties> <help>Interface name state check</help> <completionHelp> <script>${vyos_completion_dir}/list_interfaces --broadcast</script> </completionHelp> <valueHelp> <format>txt</format> <description>Interface name</description> </valueHelp> <constraint> #include <include/constraint/interface-name.xml.i> </constraint> <multi/> </properties> </leafNode> </children> </node> #include <include/vrrp-transition-script.xml.i> <tagNode name="address"> <properties> <help>Virtual IP address</help> <valueHelp> <format>ipv4net</format> <description>IPv4 address and prefix length</description> </valueHelp> <valueHelp> <format>ipv6net</format> <description>IPv6 address and prefix length</description> </valueHelp> <constraint> <validator name="ip-host"/> </constraint> </properties> <children> #include <include/generic-interface-broadcast.xml.i> </children> </tagNode> <leafNode name="excluded-address"> <properties> <help>Virtual address (If you need additional IPv4 and IPv6 in same group)</help> <valueHelp> <format>ipv4</format> <description>IP address</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>IPv6 address</description> </valueHelp> <multi/> <constraint> <validator name="ipv4-host"/> <validator name="ipv6-host"/> </constraint> <constraintErrorMessage>Virtual address must be a valid IPv4 or IPv6 address with prefix length (e.g. 192.0.2.3/24 or 2001:db8:ff::10/64)</constraintErrorMessage> </properties> </leafNode> <leafNode name="vrid"> <properties> <help>Virtual router identifier</help> <valueHelp> <format>u32:1-255</format> <description>Virtual router identifier</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> </properties> </leafNode> </children> </tagNode> <tagNode name="sync-group"> <properties> <help>VRRP sync group</help> </properties> <children> <leafNode name="member"> <properties> <multi/> <help>Sync group member</help> <valueHelp> <format>txt</format> <description>VRRP group name</description> </valueHelp> <completionHelp> <path>high-availability vrrp group</path> </completionHelp> </properties> </leafNode> #include <include/vrrp-transition-script.xml.i> </children> </tagNode> </children> </node> <tagNode name="virtual-server"> <properties> <help>Load-balancing virtual server address</help> </properties> <children> <leafNode name="algorithm"> <properties> <help>Schedule algorithm (default - least-connection)</help> <completionHelp> <list>round-robin weighted-round-robin least-connection weighted-least-connection source-hashing destination-hashing locality-based-least-connection</list> </completionHelp> <valueHelp> <format>round-robin</format> <description>Round robin</description> </valueHelp> <valueHelp> <format>weighted-round-robin</format> <description>Weighted round robin</description> </valueHelp> <valueHelp> <format>least-connection</format> <description>Least connection</description> </valueHelp> <valueHelp> <format>weighted-least-connection</format> <description>Weighted least connection</description> </valueHelp> <valueHelp> <format>source-hashing</format> <description>Source hashing</description> </valueHelp> <valueHelp> <format>destination-hashing</format> <description>Destination hashing</description> </valueHelp> <valueHelp> <format>locality-based-least-connection</format> <description>Locality-Based least connection</description> </valueHelp> <constraint> <regex>(round-robin|weighted-round-robin|least-connection|weighted-least-connection|source-hashing|destination-hashing|locality-based-least-connection)</regex> </constraint> </properties> <defaultValue>least-connection</defaultValue> </leafNode> <leafNode name="delay-loop"> <properties> <help>Interval between health-checks (in seconds)</help> <valueHelp> <format>u32:1-600</format> <description>Interval in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-3600"/> </constraint> </properties> <defaultValue>10</defaultValue> </leafNode> <leafNode name="forward-method"> <properties> <help>Forwarding method</help> <completionHelp> <list>direct nat tunnel</list> </completionHelp> <valueHelp> <format>direct</format> <description>Direct routing</description> </valueHelp> <valueHelp> <format>nat</format> <description>NAT</description> </valueHelp> <valueHelp> <format>tunnel</format> <description>Tunneling</description> </valueHelp> <constraint> <regex>(direct|nat|tunnel)</regex> </constraint> </properties> <defaultValue>nat</defaultValue> </leafNode> #include <include/firewall/fwmark.xml.i> #include <include/port-number-start-zero.xml.i> <leafNode name="persistence-timeout"> <properties> <help>Timeout for persistent connections</help> <valueHelp> <format>u32:1-86400</format> <description>Timeout for persistent connections</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-86400"/> </constraint> </properties> <defaultValue>300</defaultValue> </leafNode> <leafNode name="protocol"> <properties> <help>Protocol for port checks</help> <completionHelp> <list>tcp udp</list> </completionHelp> <valueHelp> <format>tcp</format> <description>TCP</description> </valueHelp> <valueHelp> <format>udp</format> <description>UDP</description> </valueHelp> <constraint> <regex>(tcp|udp)</regex> </constraint> </properties> <defaultValue>tcp</defaultValue> </leafNode> <tagNode name="real-server"> <properties> <help>Real server address</help> </properties> <children> #include <include/port-number-start-zero.xml.i> <leafNode name="connection-timeout"> <properties> <help>Server connection timeout</help> <valueHelp> <format>u32:1-86400</format> <description>Connection timeout to remote server</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-86400"/> </constraint> </properties> </leafNode> <node name="health-check"> <properties> <help>Health check script</help> </properties> <children> <leafNode name="script"> <properties> <help>Health check script file</help> <constraint> <validator name="script"/> </constraint> </properties> </leafNode> </children> </node> </children> </tagNode> </children> </tagNode> </children> </node> </interfaceDefinition>