Hi team,
I am running 1.2.4 and encountered two weird VRRP issues.
The setup is pretty simple that two VyOS box, vpn1a and vpn1b, that vpn1a interfaces has higher VRRP priority 110 and vpn1b has 100. Config shows below,
set high-availability vrrp group CLIENT4-1000 interface 'bond1.1000'
set high-availability vrrp group CLIENT4-1000 no-preempt
set high-availability vrrp group CLIENT4-1000 priority '110' *(## vpn1b has 100 ##)*
set high-availability vrrp group CLIENT4-1000 virtual-address '172.30.104.1/24'
set high-availability vrrp group CLIENT4-1000 vrid '1'
set high-availability vrrp group UPLINK4-200 interface 'bond1.200'
set high-availability vrrp group UPLINK4-200 no-preempt
set high-availability vrrp group UPLINK4-200 priority '110' *(## vpn1b has 100 ##)*
set high-availability vrrp group UPLINK4-200 transition-script backup '/config/scripts/vyos-restart-vpn.script dummy'
set high-availability vrrp group UPLINK4-200 transition-script fault '/config/scripts/vyos-restart-vpn.script dummy'
set high-availability vrrp group UPLINK4-200 transition-script master '/config/scripts/vyos-restart-vpn.script dummy'
set high-availability vrrp group UPLINK4-200 virtual-address '192.168.4.132/26'
set high-availability vrrp group UPLINK4-200 virtual-address '192.168.4.150/26'
set high-availability vrrp group UPLINK4-200 vrid '1'
set high-availability vrrp sync-group infravpn1 member 'CLIENT4-1000'
set high-availability vrrp sync-group infravpn1 member 'UPLINK4-200'
Issue-1. VRRP does not stay in BACKUP state after reboot.
Initially, vpn1a is the vrrp MASTER and vpn1b is the BACKUP. When I reboot vpn1a (use reboot command), the vpn1b takes over MASTER (and sends GARP to update ARP for other computers); this is correct.
However, when vpn1a boot up, it immediately grabs MASTER back despite I have “no-preempt” config. Is this an expected behavior?
Issue-2. VRRP VIP does not send out Gratuitous ARP (GARP) after bootup.
This is a follow up issue after the Issue-1. When vpn1a booted up and grabbed MASTER, I found it did not send out GARP hence the ARP information in other computers / uplink routers did not get updates. They are still pointing to old MAC address which is vpn1b. The result is all no one can access to the VIPs and got blackholed.
As a work around, I manually add “arping …” commands to /config/scripts/vyos-postconfig-bootup.script However, this does not sounds a correct VRRP behavior.