Hi guys,
Seems there is a bug in VRRP, both nodes entered MASTER state rendering the VRRP address unavailable.
In the log there are two main lines that popout
Dec 09 02:07:27 Keepalived_vrrp[3090]: (IPv4_VLAN99) IPSEC-AH : invalid IPSEC HMAC-MD5 value. Due to fields mutation or bad password ! Dec 09 07:28:19 Keepalived_vrrp[3090]: (IPv4_VLAN10) Entering MASTER STATE Dec 09 07:28:19 Keepalived_vrrp[3090]: (IPv4_VLAN10) IPSEC-AH : sequence number 7626336 already processed. Packet dropped. Local(7626336)
As soon as I reboot the first node everything started working again on node 2 as expected and the master was able to take over again.
vyos@EU-GW03:~$ show version Version: VyOS 1.3.0-epa3 Release train: equuleus Built by: Sentrium S.L. Built on: Sun 31 Oct 2021 17:38 UTC Build UUID: 383e45ad-b32a-4359-8183-9baacc8e69d9 Build commit ID: bb511522cc3bb2-dirty Architecture: x86_64 Boot via: installed image System type: VMware guest Hardware vendor: VMware, Inc. Hardware model: VMware Virtual Platform Hardware S/N: VMware-42 39 f0 01 50 fb b9 8f-6d 44 a4 9d be a0 66 17 Hardware UUID: 4239f001-50fb-b98f-6d44-a49dbea06617 Copyright: VyOS maintainers and contributors
VRRP config
vyos@EU-GW03:~$ show configuration commands | strip-private | match vrrp set high-availability vrrp group IPv4_VLAN10 authentication password xxxxxx set high-availability vrrp group IPv4_VLAN10 authentication type 'ah' set high-availability vrrp group IPv4_VLAN10 interface 'eth1.10' set high-availability vrrp group IPv4_VLAN10 preempt-delay '180' set high-availability vrrp group IPv4_VLAN10 priority '200' set high-availability vrrp group IPv4_VLAN10 virtual-address 'xxx.xxx.10.1/24' set high-availability vrrp group IPv4_VLAN10 vrid '10' set high-availability vrrp group IPv4_VLAN75 authentication password xxxxxx set high-availability vrrp group IPv4_VLAN75 authentication type 'ah' set high-availability vrrp group IPv4_VLAN75 interface 'eth1.75' set high-availability vrrp group IPv4_VLAN75 preempt-delay '180' set high-availability vrrp group IPv4_VLAN75 priority '200' set high-availability vrrp group IPv4_VLAN75 virtual-address 'xxx.xxx.75.1/24' set high-availability vrrp group IPv4_VLAN75 vrid '75' set high-availability vrrp group IPv4_VLAN98 authentication password xxxxxx set high-availability vrrp group IPv4_VLAN98 authentication type 'ah' set high-availability vrrp group IPv4_VLAN98 interface 'eth1.98' set high-availability vrrp group IPv4_VLAN98 preempt-delay '180' set high-availability vrrp group IPv4_VLAN98 priority '200' set high-availability vrrp group IPv4_VLAN98 virtual-address 'xxx.xxx.98.1/24' set high-availability vrrp group IPv4_VLAN98 vrid '98' set high-availability vrrp group IPv4_VLAN99 authentication password xxxxxx set high-availability vrrp group IPv4_VLAN99 authentication type 'ah' set high-availability vrrp group IPv4_VLAN99 interface 'eth1.99' set high-availability vrrp group IPv4_VLAN99 preempt-delay '180' set high-availability vrrp group IPv4_VLAN99 priority '200' set high-availability vrrp group IPv4_VLAN99 virtual-address 'xxx.xxx.99.1/24' set high-availability vrrp group IPv4_VLAN99 vrid '99' set high-availability vrrp group IPv4_WAN authentication password xxxxxx set high-availability vrrp group IPv4_WAN authentication type 'ah' set high-availability vrrp group IPv4_WAN interface 'eth0' set high-availability vrrp group IPv4_WAN preempt-delay '180' set high-availability vrrp group IPv4_WAN priority '200' set high-availability vrrp group IPv4_WAN virtual-address 'xxx.xxx.84.192/25' set high-availability vrrp group IPv4_WAN vrid '1' set high-availability vrrp sync-group VLAN member 'IPv4_VLAN10' set high-availability vrrp sync-group VLAN member 'IPv4_VLAN75' set high-availability vrrp sync-group VLAN member 'IPv4_VLAN98' set high-availability vrrp sync-group VLAN member 'IPv4_VLAN99' set high-availability vrrp sync-group VLAN member 'IPv4_WAN'{F2220989}
Greetings,