Created
January 2, 2014 14:56
-
-
Save tkurbad/8220395 to your computer and use it in GitHub Desktop.
VRRP backup config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############### Backup keepalived configuration | |
# | |
# Zentrale VRRP-Konfigurationsdatei fuer Backup-Firewall des IWM | |
# | |
# ChangeLog: | |
# | |
# 23.11.2012 - Torsten Kurbad <t.kurbad@iwm-kmrc.de> | |
# * Initiale Version | |
# | |
### | |
### Globale Optionen ### | |
global_defs { | |
# Benachrichtigungseinstellungen: | |
# - sende Mail an sysadmin@iwm-kmrc.de | |
# - nutze MX1 als SMTP-Server | |
notification_email { | |
sysadmin@iwm-kmrc.de | |
} | |
notification_email_from sysadmin@iwm-kmrc.de | |
smtp_server 192.168.1.250 | |
smtp_connect_timeout 30 | |
# Router ID (z.B. fuer Benachrichtigungen) | |
router_id gate | |
} | |
### VRRP ### | |
## Synchronisation der Interfaces | |
vrrp_sync_group IWM_Inet { | |
# Sorgt dafuer, dass interne und externe IPs gleichzeitig uebertragen werden und es nicht zu | |
# 'toten' Routen kommt | |
group { | |
VRRP_Intern | |
VRRP_Extern | |
} | |
# Sobald dieser Router zum MASTER wird, ntpd neu starten, damit | |
# dieser anschliessend auf der internen virtuellen IP lauscht. | |
# (Hierfuer wird der notify-Mechanismus "zweckentfremdet".) | |
notify /etc/keepalived/restart_ntpd.sh | |
} | |
## Interne Instanz | |
vrrp_instance VRRP_Intern { | |
# Starte als Backup (= sekundaere Firewall) | |
state BACKUP | |
# Ueberwache / konfiguriere internen Trunk | |
interface fibre_intern_0 | |
# ID dieser VRRP-Instanz | |
virtual_router_id 51 | |
# Prioritaet (Master sollte >= Backup +50 sein) | |
priority 50 | |
# Intervall der Verfuegbarkeitspruefung (1 Sekunde) | |
advert_int 1 | |
# Sende Multicast an Backup(s) von dieser IP aus | |
mcast_src_ip 10.168.110.254 | |
# Warte 10 Sekunden vor dem Versenden der ARP-Requests | |
garp_master_delay 10 | |
# Erstelle ein Interface mit einer virtuellen MAC-Adresse lt. RFC - 00:00:5e:00:01:33 | |
# (00:00:5e:00:01:<virtual_router_id in Hex>) | |
use_vmac vrrp_intern_0 | |
# Sende Benachrichtigungen gemaess Einstellung in global_defs | |
smtp_alert | |
# Ueberwache zusaetzlich folgende Interfaces | |
track_interface { | |
fw_intern_0 | |
fibre_extern_0 | |
} | |
# Passwort-Authentifikation mit Master (und anderen Backups) | |
authentication { | |
auth_type PASS | |
auth_pass 08154711 | |
} | |
# Interne IP-Adresse | |
virtual_ipaddress { | |
192.168.254.254/16 dev vrrp_intern_0 | |
} | |
# Interne Route in VLANs != SERVER-VLAN | |
virtual_routes { | |
10.168.0.0/16 via 192.168.0.1 dev vrrp_intern_0 | |
} | |
} | |
## Externe Instanz | |
vrrp_instance VRRP_Extern { | |
# Starte als Backup (= sekundaere Firewall) | |
state BACKUP | |
# Ueberwache / konfiguriere externe Glasfaser | |
interface fibre_extern_0 | |
# ID dieser VRRP-Instanz | |
virtual_router_id 52 | |
# Prioritaet (Master sollte >= Backup +50 sein) | |
priority 50 | |
# Intervall der Verfuegbarkeitspruefung (1 Sekunde) | |
advert_int 1 | |
# Sende Multicast an Backup(s) von dieser IP aus | |
mcast_src_ip 10.168.110.254 | |
# Warte 10 Sekunden vor dem Versenden der ARP-Requests | |
garp_master_delay 10 | |
# Erstelle ein Interface mit einer virtuellen MAC-Adresse lt. RFC - 00:00:5e:00:01:34 | |
# (00:00:5e:00:01:<virtual_router_id in Hex>) | |
use_vmac vrrp_extern_0 | |
# Sende Benachrichtigungen gemaess Einstellung in global_defs | |
smtp_alert | |
# Ueberwache zusaetzlich folgende Interfaces | |
track_interface { | |
fibre_intern_0 | |
fw_intern_0 | |
} | |
# Passwort-Authentifikation mit Master (und anderen Backups) | |
authentication { | |
auth_type PASS | |
auth_pass 47110815 | |
} | |
# Primaere externe IP | |
virtual_ipaddress { | |
134.2.234.65/26 dev vrrp_extern_0 | |
} | |
# Sekundaere externe IPs - (max. 20 pro Block) | |
# (_excluded sorgt dafuer, dass diese IPs nicht mit ueberwacht werden, da unnoetiger Overhead) | |
virtual_ipaddress_excluded { | |
134.2.234.66/26 dev vrrp_extern_0 | |
134.2.234.67/26 dev vrrp_extern_0 | |
134.2.234.68/26 dev vrrp_extern_0 | |
134.2.234.69/26 dev vrrp_extern_0 | |
134.2.234.70/26 dev vrrp_extern_0 | |
134.2.234.71/26 dev vrrp_extern_0 | |
134.2.234.72/26 dev vrrp_extern_0 | |
134.2.234.73/26 dev vrrp_extern_0 | |
134.2.234.74/26 dev vrrp_extern_0 | |
134.2.234.75/26 dev vrrp_extern_0 | |
134.2.234.76/26 dev vrrp_extern_0 | |
134.2.234.77/26 dev vrrp_extern_0 | |
134.2.234.78/26 dev vrrp_extern_0 | |
134.2.234.79/26 dev vrrp_extern_0 | |
134.2.234.80/26 dev vrrp_extern_0 | |
134.2.234.81/26 dev vrrp_extern_0 | |
134.2.234.82/26 dev vrrp_extern_0 | |
134.2.234.83/26 dev vrrp_extern_0 | |
134.2.234.84/26 dev vrrp_extern_0 | |
134.2.234.85/26 dev vrrp_extern_0 | |
} | |
virtual_ipaddress_excluded { | |
134.2.234.86/26 dev vrrp_extern_0 | |
134.2.234.87/26 dev vrrp_extern_0 | |
134.2.234.88/26 dev vrrp_extern_0 | |
134.2.234.89/26 dev vrrp_extern_0 | |
134.2.234.90/26 dev vrrp_extern_0 | |
134.2.234.91/26 dev vrrp_extern_0 | |
134.2.234.92/26 dev vrrp_extern_0 | |
134.2.234.93/26 dev vrrp_extern_0 | |
134.2.234.94/26 dev vrrp_extern_0 | |
134.2.234.95/26 dev vrrp_extern_0 | |
134.2.234.96/26 dev vrrp_extern_0 | |
134.2.234.97/26 dev vrrp_extern_0 | |
134.2.234.98/26 dev vrrp_extern_0 | |
134.2.234.99/26 dev vrrp_extern_0 | |
134.2.234.100/26 dev vrrp_extern_0 | |
134.2.234.101/26 dev vrrp_extern_0 | |
134.2.234.102/26 dev vrrp_extern_0 | |
134.2.234.103/26 dev vrrp_extern_0 | |
134.2.234.104/26 dev vrrp_extern_0 | |
134.2.234.105/26 dev vrrp_extern_0 | |
} | |
virtual_ipaddress_excluded { | |
134.2.234.106/26 dev vrrp_extern_0 | |
134.2.234.107/26 dev vrrp_extern_0 | |
134.2.234.108/26 dev vrrp_extern_0 | |
134.2.234.109/26 dev vrrp_extern_0 | |
134.2.234.110/26 dev vrrp_extern_0 | |
134.2.234.111/26 dev vrrp_extern_0 | |
134.2.234.112/26 dev vrrp_extern_0 | |
134.2.234.113/26 dev vrrp_extern_0 | |
134.2.234.114/26 dev vrrp_extern_0 | |
134.2.234.115/26 dev vrrp_extern_0 | |
134.2.234.116/26 dev vrrp_extern_0 | |
134.2.234.117/26 dev vrrp_extern_0 | |
134.2.234.118/26 dev vrrp_extern_0 | |
134.2.234.119/26 dev vrrp_extern_0 | |
134.2.234.120/26 dev vrrp_extern_0 | |
134.2.234.121/26 dev vrrp_extern_0 | |
134.2.234.122/26 dev vrrp_extern_0 | |
134.2.234.123/26 dev vrrp_extern_0 | |
134.2.234.124/26 dev vrrp_extern_0 | |
134.2.234.125/26 dev vrrp_extern_0 | |
} | |
# Externe Default-Route -> Internet | |
virtual_routes { | |
default via 134.2.234.126 dev vrrp_extern_0 | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment