Keepalived Virtual IP not responding to ARP requests Ubuntu 20.04 Server

Question

I am not able to ping the virtual IP of keepalived. I checked and found that keepalived is not sending ARP requests or reply.

In my configuration, I have 2 servers, running on Ubuntu 20.04 with keepalived(2.0.19) :

controller1 : 192.168.2.14/24 and controller2 : 192.168.2.15/24. The IP is configured on both servers on eno2 interface. The goal is to configure Virtual IP 192.168.2.100/24 on the same physical interface.

This is my keepalived configuration on controller1 ( master)

vrrp_script chk_haproxy {      
  script "killall -0 haproxy"  # check if haproxy service is running
  interval 2                   # check every 2 seconds
  weight 15                    # add 15 points of priority if OK
}
vrrp_instance OS {
  interface eno2
  state MASTER
  virtual_router_id 1
  priority 100 # 100 on master, 90 on slave
  advert_int 1
minimum time interval for refreshing gratuitous ARPs while MASTER
vrrp_garp_master_refresh 2
  vrrp_garp_master_refresh_repeat 2
  strict_mode off
  vrrp_garp_interval 0
  vrrp_gna_interval 0

  vrrp_skip_check_adv_addr
use_vmac
vmac_xmit_base # Transmit VRRP adverts over physical interface
unicast_src_ip 192.168.2.14 # ip of the instance
  unicast_peer {
   192.168.2.15 # ip of other instances, add more ip as necessary
  }
authentication {
    auth_type PASS
    auth_pass keepaliveOS
  }
virtual_ipaddress {
    198.168.2.100/24 dev eno2
  }
track_script {
    chk_haproxy
  }
}

This is my configuration on controller2

vrrp_script chk_haproxy {      
  script "killall -0 haproxy"  # check if haproxy service is running
  interval 2                   # check every 2 seconds
  weight 15                     # add 15 points of priority if OK
}
vrrp_instance OS {
  interface eno2
  state BACKUP
  virtual_router_id 1
  priority 90 # 100 on master, 90 on slave
  advert_int 1
minimum time interval for refreshing gratuitous ARPs while MASTER
vrrp_garp_master_refresh 2
  vrrp_garp_master_refresh_repeat 2
  strict_mode off
  vrrp_garp_interval 0
  vrrp_gna_interval 0
  vrrp_skip_check_adv_addr
unicast_src_ip 192.168.2.15 # ip of the instance
  unicast_peer {
   192.168.2.14 # ip of other instances, add more ip as necessary
  }
authentication {
    auth_type PASS
    auth_pass keepaliveOS
  }
virtual_ipaddress {
    198.168.2.100/24
  }
track_script {
    chk_haproxy
  }
}

1. Both servers are able to exchange VRRP advert packets and become master and slave.
2. If VIP address is configured manually on eno2, we are able to ping it.
3. sysctl net.ipv4.ip_nonlocal_bind=1 and sysctl net.ipv4.ip_forward=1 settings have been done.
4. But when Virtual IP is configured through keepalive, it cannot be pinged from any server in the network including the MASTER. Running tcpdump -i eno2 arp does not show any ARP replies from the MASTER or SLAVE nodes.

What can be the issue

Answer 1

Have you allowed traffic specifically for the VRRP protocol?

Physical routers within the virtual router must communicate within themselves using packets with multicast IP address 224.0.0.18 and IP protocol number 112.

(From WikiPedia: https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol)

We had a similar issue that resolved when we allowed VRRP (protocol number 112) traffic between the nodes with KeepaLiveD services.