Page MenuHomeVyOS Platform
Create Task
Maniphest T616

Migrate to keepalived 2.x (including IPv6 VRRP)
Closed, ResolvedPublic
Actions

Description

A supertask for all issues with VRRP and IPv6.

The situation is the following: keepalived 1.3.x made an incompatible change and no longer supports mixing IPv4 and IPv6 virtual addresses in the same VRRP instance. This is arguably a good thing, but it's still an incompatible change, and we cannot do anything about it. If we want to move forward with IPv6 VRRP in particular, or VRRP in general, we have to support it.

Besides, keepalived from Debian Jessie has some bugs that are holding us back, and that are fixed in the latest version.

The only question is how to handle it.

Option one:
Make the VRRP config script separate IPv4 and IPv6 VIPs and generate two instances. The advantage is that we can keep our CLI compatible despite the incompatible change in keepalived. The disadvantage is that it implementing IPv6-specific options such as hello source address and peer address will be awkward (remember, you can no longer advertise IPv6 VIPs over IPv4, so we'll need separate options for IPv4 and IPv6 hello source).

Option two:
Make a new vrrp6 subtree (or similar) specially for IPv6 and disallow IPv6 VIPs in the vrrp subtree. This is incompatible and nearly impossible to migrate automatically, but far cleaner.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Related Objects
Search...

Event Timeline

dmbaturin created this task.May 3 2018, 11:16 AM
dmbaturin created this object with visibility "Public (No Login Required)".
dmbaturin mentioned this in T614: Add support for unicast VRRP.May 3 2018, 11:24 AM
dmbaturin mentioned this in T630: Package ipaddrcheck for VyOS 1.2.0.May 11 2018, 1:44 AM
mjbear added a subscriber: mjbear.May 14 2018, 12:43 AM

My opinion is option#2 for a separate "cleaner" sub-tree for vrrp6 is best.

aopdal added a subscriber: aopdal.May 14 2018, 8:04 AM

I think option 2 is the best, but keep in mind the VRRP version is 3, and it support both IPv4 and IPv6.

In the VRRP configuration I think a "vrrp version 2..3" should be implemented. If VRRP version 3 is configured, it may be used both for IPv4 and IPv6.

pasik added a subscriber: pasik.May 15 2018, 9:55 PM
dmbaturin added a comment.May 21 2018, 12:18 PM

@aopdal I agree VRRPv3 supports both IPv4 and IPv6 at the protocols level, but keepalived wants groups to use either IPv4 or IPv6 addresses, but not both at the same time, so you need different groups for them in the config.

syncer added subscribers: csalcedo, aibanez, Active contributors, syncer.May 21 2018, 1:02 PM

@aibanez @csalcedo will be great to hear your input here

syncer triaged this task as High priority.May 21 2018, 6:30 PM
syncer moved this task from Need Triage to Backlog on the VyOS 1.2 Crux board.
aibanez added a comment.May 25 2018, 9:47 AM

Hi, I agree too in that option 2 makes more sense IMHO. It will require more effort regarding migrations, but in the long term it seems better to me.

dmbaturin merged a task: T105: VRRPv3 support (VRRP for IPv6).May 31 2018, 12:38 AM
dmbaturin added subscribers: Unknown Object (User), hackydd, wornet-mwo and 6 others.
dmbaturin moved this task from Backlog to In Progress on the VyOS 1.2 Crux board.May 31 2018, 3:50 AM
csalcedo added a comment.Jun 1 2018, 5:29 AM

I also agree that option 2 seems cleaner. We'll have to deal with migrations, but the result is worthwhile.

Merijn added a subscriber: Merijn.Jun 30 2018, 8:22 AM

Option 2 seems best. VRRP version does not need a setting, use VRRP V2 when no vrrp6 block is present for backward compatibility. Use VRRP v3 when it is.

dmbaturin renamed this task from Migrate to keepalived 1.3.x (including IPv6 VRRP) to Migrate to keepalived 2.x (including IPv6 VRRP).Aug 4 2018, 8:08 PM
dmbaturin closed this task as Resolved.
dmbaturin closed subtask T666: Define new VRRP syntax as Resolved.
dmbaturin edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
syncer added a project: VyOS-1.2.0-GA.Oct 15 2018, 10:42 PM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.Oct 15 2018, 10:42 PM