KeepAlived on different subnets
Solution 1:
There is an alternative way.
2 keepalived in differents network can communicate using unicast_peer (it will works as the same as if you have a VIP but you don't)
Then you can use the notify_script to move a IP Failover (provided by your host for example) and make an API call to your provider to tell to move your IP Failover to another service when the keepalived transitioned to MASTER (there is a notify_master rule).
Example of my keepalived config:
global_defs {
vrrp_version 2
vrrp_garp_master_delay 1
vrrp_garp_master_refresh 60
script_user root
enable_script_security
}
vrrp_script chk_haproxy {
script "/etc/keepalived/scripts/check_haproxy.sh"
timeout 1
interval 5 # check every 5 second
fall 2 # require 2 failures for KO
rise 2 # require 2 successes for OK
}
vrrp_instance lb-vips {
state {{KEEPALIVED_STATE}}
interface {{KEEPALIVED_INTERFACE}}
virtual_router_id {{KEEPALIVED_VIRTUAL_ROUTER_ID}}
priority {{KEEPALIVED_PRIORITY}}
advert_int 1
unicast_src_ip {{KEEPALIVED_UNICAST_SRC}}
unicast_peer {
X.X.X.X # here you have all ip of other keepalived
X.X.X.X
}
authentication {
auth_type PASS
auth_pass {{KEEPALIVED_AUTH_PASSWORD}}
}
track_script {
chk_haproxy
}
notify "/etc/keepalived/scripts/notify_script.sh"
}
Associated variables:
# Keepalived Config
KEEPALIVED_STATE=MASTER
KEEPALIVED_INTERFACE=eth0
KEEPALIVED_VIRTUAL_ROUTER_ID=77
# For electing MASTER, highest priority wins.
# MASTER=101, SLAVES=100
KEEPALIVED_PRIORITY=101
# password: Only the first eight (8) characters are used.
KEEPALIVED_AUTH_PASSWORD=password
# Should be the public ip of the server
KEEPALIVED_UNICAST_SRC=X.X.X.X
# Keepalived Notify Script Config
OVH_ENDPOINT=ovh-eu
OVH_APP_KEY=X.X.X.X
OVH_APP_SECRET=X.X.X.X
OVH_CONSUMER_KEY=X.X.X.X
FAILOVER_IP=X.X.X.X
FAILOVER_SERVICE=X.X.X.X
Solution 2:
Unfortunately keepalived is using VRRP which works only within a single subnet.