Upgrading Keepalived in Debian Squeeze

16 June 2012 — 9 Comments

I’m running Keepalived on our loadbalancers for many years and I’m really happy with it. Today I run into an issue that took me some time to solve. I thought I’d share it 🙂

In my current setup I have a pair of Debian Squeeze boxes running version 1.1.20. Since I’m rolling out ipv6 at the moment, I need to upgrade to 1.2.2. Fortunately, Debian provides this version in Squeeze-Backports.

So, I decided to upgrade the Backup loadbalancer first (lb-1). It was a simple ‘apt-get’ procedure to get it installed. But soon these errors popped up in my syslog:

Jun 16 21:12:25 lb-1 Keepalived_vrrp: bogus VRRP packet received on bond1 !!!
Jun 16 21:12:25 lb-1 Keepalived_vrrp: VRRP_Instance(CLOUD_MGT_GW) ignoring received advertisment...
Jun 16 21:12:25 lb-1 Keepalived_vrrp: receive an invalid passwd!

No messages were to be found in the primary loadbalancer, lb-0. The two loadbalancers weren’t talking to each other any more. I did’t try a failover, as this apparently wouldn’t work. To be sure, I stopped keepalived on the lb-1.

Using tcpdump I found the problem: version 1.1.20 uses a password in its broadcast advertisement that was truncated to the first 7 characters, while the version 1.2.2 uses the full length password, as configured in /etc/keepalived/keepalived.conf. This of course did not match, and so they refused to talk to each other.

The solution was simple: I changed the password in the version 1.2.2 loadbalancer, to be 7 characters long. Then restarted keepalived, and all was working again. After upgrading both loadbalancers, I changed back the password to the longer version and since the versions are now both 1.2.2 it still worked 🙂

9 responses to Upgrading Keepalived in Debian Squeeze

  1. 
    Juan David DIAZ 10 July 2012 at 15:38

    Hello, I work in a French company and our servers are all Debian Squeze we want to implement Keepalived for Load Balancing can you please send me your e-mail for ask you some questions of your configuration. My email is juan.diaz[ at ]insa-lyon[ . ]fr. Thank you very much!

    • 

      Why not posting your question in the comments? I might be able to help you then. Otherwise, a great mailinglist with a lot of people that can help with keepalived is at: http://www.keepalived.org/listes.html

      • 
        Juan David DIAZ 11 July 2012 at 10:34

        We want to utilize keepalived for load balancing in our enterprise. Our architecture has 3 servers one load balancer and 2 real servers (Postfix). We use Direct Routing and Round Robin.
        We have tried for the interfaces’ configuration:
        To activate ip_forwarding at the load balancer and deactivate it at the real servers. After that we deactivated the ARP answers from the 2 real servers. After that we tried to give to each real server one loopback interface with the load balancer’s ip address (lo:0 /32)
        Our problem is that the request that comes to the load balancer don’t get out from him, but the load balancer sends and receives the healthcheckes with the 2 real servers.
        We use Linux Debian Squeeze v6.0.4 and Keepalived v1.1.20 (03/24,2012).
        We would like to know which you think the problem is.
        This are the tables ipvsadm from the load balancer:
        root@postfix1:# ipvsadm
        IP Virtual Server version 1.2.1 (size=4096)
        Prot LocalAddress:Port Scheduler Flags
        -> RemoteAddress:Port Forward Weight ActiveConn InActConn
        TCP 10.60.211.50:smtp rr
        -> 10.60.211.7:smtp Local 1 0 0
        -> 10.60.211.23:smtp Route 1 0 0
        root@debian:~# ipvsadm –list –stats –numeric
        IP Virtual Server version 1.2.1 (size=4096)
        Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
        -> RemoteAddress:Port
        TCP 10.60.211 50:25 56 2326 0 117680 0
        -> 10.60.211.7:25 28 2242 0 113424 0
        -> 10.60.211.23:25 28 84 0 4256 0

        Thank you very much

      • 

        Sorry I haven’t been able to get back to you any sooner. Now that I finished our cloud migration project I’ve some more spare time 🙂

        Did you already find a solution for your problem?

  2. 

    This very helpful.

  3. 

    Thank you for sharing this! Fixed the same issue in minutes thanks to your article.

  4. 
    Anaximandro D.V. 29 January 2016 at 20:58

    Thanks a lot buddy! Problem solved!
    Greetings from Brazil / RS.

  5. 

    This post just saved me a day of pain. Thanks!

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s