Failover and High Availability with Keepalived

August 21, 2025

TL;DR

Keepalived provides a robust solution for implementing failover and high availability in Debian 13 environments. By leveraging VRRP (Virtual Router Redundancy Protocol), Keepalived allows multiple servers to work together, ensuring that if one server fails, another can take over seamlessly.

To get started, install Keepalived on your Debian 13 servers:

sudo apt update && sudo apt install keepalived -y  # Install Keepalived

Configure Keepalived by editing the configuration file located at /etc/keepalived/keepalived.conf. Here’s a basic example:

vrrp_instance VI_1 {
    state MASTER  # Set to BACKUP on the secondary server
    interface eth0  # Replace with your network interface
    virtual_router_id 51
    priority 100  # Higher priority for the MASTER
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass your_password  # Use a strong password
    }
    virtual_ipaddress {
        192.168.1.100  # Virtual IP to be shared
    }
}

After configuring, start and enable Keepalived:

sudo systemctl start keepalived  # Start Keepalived service
sudo systemctl enable keepalived  # Enable on boot

Caution: Ensure that the priority value is higher for the primary server than for the backup server to avoid split-brain scenarios. Always use strong passwords for authentication to prevent unauthorized access.

To verify the status of Keepalived, use:

sudo systemctl status keepalived  # Check service status

For monitoring, consider using tools like ip addr to check if the virtual IP is active on the correct server.

By following these steps, you can establish a reliable failover mechanism with Keepalived on your Debian 13 servers, enhancing your system’s availability and resilience.

Introduction to Keepalived

Keepalived is a powerful tool designed to provide high availability and load balancing for Linux servers. It primarily uses the Virtual Router Redundancy Protocol (VRRP) to manage the failover of IP addresses between multiple servers, ensuring that services remain accessible even in the event of a server failure. This makes Keepalived an essential component for maintaining uptime in critical applications.

In a typical setup, Keepalived runs on multiple servers, known as nodes. One node is designated as the master, while the others are configured as backups. If the master node becomes unavailable, Keepalived automatically promotes one of the backup nodes to take over the master role, allowing for seamless failover. This process is transparent to users, who experience no interruption in service.

To install Keepalived on your Debian 13 server, you can use the following command:

sudo apt update && sudo apt install keepalived -y  # Install Keepalived

After installation, you will need to configure Keepalived by editing its configuration file, typically located at /etc/keepalived/keepalived.conf. A basic configuration might look like this:

vrrp_instance VI_1 {
    state MASTER  # Set this node as the master
    interface eth0  # Network interface to monitor
    virtual_router_id 51  # Unique ID for the VRRP instance
    priority 100  # Higher priority for the master
    advert_int 1  # Advertisement interval in seconds
    authentication {
        auth_type PASS  # Authentication type
        auth_pass your_password  # Set a strong password
    }
    virtual_ipaddress {
        192.168.1.100  # Virtual IP to be managed
    }
}

Caution: Ensure that the priority value for backup nodes is lower than that of the master node to prevent split-brain scenarios. Always use strong passwords for authentication to secure your VRRP instances. After configuring, restart Keepalived to apply the changes:

sudo systemctl restart keepalived  # Restart Keepalived service

By leveraging Keepalived, you can significantly enhance the reliability and availability of your services on Debian 13 servers.

Installation of Keepalived on Debian 13

To install Keepalived on your Debian 13 server, follow these steps:

Update the Package Index: Ensure your package index is up to date to avoid issues during installation.
```
sudo apt update  # Update the package index
```
Install Keepalived: Use the package manager to install Keepalived. This will also install any required dependencies.
```
sudo apt install keepalived -y  # Install Keepalived
```
Verify Installation: After installation, check the status of the Keepalived service to ensure it is installed correctly.
```
systemctl status keepalived  # Check the status of Keepalived
```
You should see output indicating that the service is inactive (dead) initially, which is expected.
Configure Keepalived: Before starting the service, you need to configure it. The default configuration file is located at /etc/keepalived/keepalived.conf. It is advisable to back up the original configuration file before making changes.
```
sudo cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak  # Backup original config
```
Edit the Configuration File: Open the configuration file in your preferred text editor. For example, using nano:
```
sudo nano /etc/keepalived/keepalived.conf  # Edit the configuration file
```
Make necessary adjustments according to your high availability setup. Ensure you define the virtual IP addresses and the health checks appropriately.

Start and Enable Keepalived: Once configured, start the Keepalived service and enable it to run on boot.

sudo systemctl start keepalived  # Start Keepalived service
sudo systemctl enable keepalived  # Enable Keepalived to start on boot

Caution: Always test your configuration in a controlled environment before deploying it in production. Misconfigurations can lead to service outages.

Configuration of Keepalived

To configure Keepalived on your Debian 13 server, follow these steps to set up a basic high availability environment using Virtual Router Redundancy Protocol (VRRP).

Install Keepalived: First, ensure that Keepalived is installed on both servers that will participate in the failover setup.
```
sudo apt update && sudo apt install keepalived -y  # Install Keepalived
```

Configure Keepalived: Edit the Keepalived configuration file located at /etc/keepalived/keepalived.conf. Below is a sample configuration for two nodes, where 192.168.1.10 is the virtual IP address.

sudo nano /etc/keepalived/keepalived.conf

Add the following configuration, adjusting the interface, priority, and virtual_ipaddress as needed:

vrrp_instance VI_1 {
    state MASTER                     # Change to BACKUP on the second server
    interface eth0                  # Replace with your network interface
    virtual_router_id 51            # Unique ID for the VRRP instance
    priority 100                    # Higher priority for MASTER
    advert_int 1                    # Advertisement interval in seconds
    authentication {
        auth_type PASS              # Authentication type
        auth_pass your_password     # Set a strong password
    }
    virtual_ipaddress {
        192.168.1.10                # Virtual IP address
    }
}

Caution: Ensure that the auth_pass is strong and kept secret to prevent unauthorized access.

Start and Enable Keepalived: After editing the configuration, start the Keepalived service and enable it to run on boot.

sudo systemctl start keepalived          # Start Keepalived service
sudo systemctl enable keepalived         # Enable Keepalived on boot

Check Status: Verify that Keepalived is running correctly on both servers.

sudo systemctl status keepalived         # Check Keepalived status

Testing Failover: To test the failover, you can stop the Keepalived service on the MASTER node and observe if the BACKUP node takes over the virtual IP.
```
sudo systemctl stop keepalived           # Stop Keepalived on MASTER
```

By following these steps, you will have a basic Keepalived configuration for high availability on your Debian 13 servers. Always ensure to monitor the logs for any issues during operation.

Setting Up Virtual IP Addresses

To set up virtual IP addresses with Keepalived on your Debian 13 servers, follow these steps:

Install Keepalived: Ensure Keepalived is installed on both servers.

sudo apt update && sudo apt install keepalived -y  # Install Keepalived

Configure Keepalived: Edit the Keepalived configuration file on both servers. The primary server will be configured as the MASTER, while the secondary will be the BACKUP.

On the MASTER server, open the configuration file:

sudo nano /etc/keepalived/keepalived.conf

Add the following configuration, replacing 192.168.1.100 with your desired virtual IP address:

vrrp_instance VI_1 {
    state MASTER
    interface eth0  # Replace with your network interface
    virtual_router_id 51
    priority 100  # Higher priority for MASTER
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass your_secure_password  # Use a strong password
    }
    virtual_ipaddress {
        192.168.1.100  # Virtual IP address
    }
}

On the BACKUP server, use a similar configuration but change the state and priority:

vrrp_instance VI_1 {
    state BACKUP
    interface eth0  # Replace with your network interface
    virtual_router_id 51
    priority 90  # Lower priority for BACKUP
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass your_secure_password  # Must match MASTER
    }
    virtual_ipaddress {
        192.168.1.100  # Same virtual IP address
    }
}

Start Keepalived: Enable and start the Keepalived service on both servers.

sudo systemctl enable keepalived  # Enable on boot
sudo systemctl start keepalived  # Start the service

Verify Configuration: Check the status of Keepalived to ensure it is running correctly.
```
sudo systemctl status keepalived  # Verify service status
```

Caution: Ensure that the virtual IP address is not in use by any other device on the network to avoid conflicts. Always use strong passwords for authentication to secure your setup.

Testing Failover Scenarios

To ensure that your Keepalived setup is functioning correctly, it’s essential to test failover scenarios. This section will guide you through simulating failures and verifying that your high availability configuration responds as expected.

Simulating a Primary Node Failure: Start by shutting down the primary node to observe if the secondary node takes over the virtual IP (VIP).
On the primary node, execute:
```
sudo systemctl stop keepalived  # Stop Keepalived service
```
After a few moments, check the status of the VIP on the secondary node:
```
ip addr show  # Verify if VIP is assigned to the secondary node
```
If the VIP is successfully moved, you should see it listed under the secondary node’s network interfaces.
Restoring the Primary Node: Once you confirm the secondary node has taken over, restart the Keepalived service on the primary node.
On the primary node, run:
```
sudo systemctl start keepalived  # Restart Keepalived service
```
Check again on the primary node to see if it has regained the VIP:
```
ip addr show  # Confirm VIP is back on the primary node
```
Simulating a Network Partition: To test how your setup handles network issues, you can block traffic between the nodes. Use iptables to drop packets temporarily.
On the primary node, execute:
```
sudo iptables -A INPUT -s <secondary_node_ip> -j DROP  # Block traffic from secondary
```
Wait a few moments, then check the VIP status on the secondary node. It should take over if the primary node is unreachable.
To restore connectivity, run:
```
sudo iptables -D INPUT -s <secondary_node_ip> -j DROP  # Unblock traffic
```

Caution: Always ensure you have console access to your nodes when testing failover scenarios. Misconfigurations or network issues can lead to loss of access. It’s advisable to conduct these tests during maintenance windows to minimize impact on production services.

Verification

To verify that Keepalived is functioning correctly, you can perform several checks to ensure that the virtual IP (VIP) is properly assigned and that failover occurs as expected.

First, check the status of the Keepalived service on both nodes:

sudo systemctl status keepalived  # Check if Keepalived is running

Ensure that the service is active and running without errors. If there are issues, review the logs for any error messages:

sudo journalctl -u keepalived  # View Keepalived logs for troubleshooting

Next, verify that the VIP is assigned to the active node. Use the following command to check the IP addresses on each node:

ip addr show  # List all IP addresses assigned to interfaces

Look for the VIP in the output. It should only appear on the active node. If it appears on both nodes, there may be a configuration issue.

To test failover, you can manually stop the Keepalived service on the active node:

sudo systemctl stop keepalived  # Stop Keepalived on the active node

After a few moments, check the VIP assignment again using the ip addr show command. The VIP should now be assigned to the backup node. If it does not switch, investigate the logs for any errors.

Finally, to ensure that the VIP is reachable, you can ping it from a third machine:

ping <VIP_ADDRESS>  # Replace <VIP_ADDRESS> with your actual VIP

If the ping is successful, it confirms that the VIP is active. Always remember to restart the Keepalived service on the original active node after testing:

sudo systemctl start keepalived  # Restart Keepalived on the original active node

Caution: Ensure that you conduct these tests during a maintenance window to avoid disrupting services.

Buy me a coffee ☕