Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
systemd-networkd prunes floating virtual IPs for high-availability environments #12050
Is your feature request related to a problem? Please describe.
When maintaining virtual floating IPs (VIPs) on high-available systems, I'm seeing them pruned when restarting
This problem is especially severe when DHCP is used, as it is also triggered when the DHCP lease gets renewed (some cloud providers use DHCP by default to configure network interfaces). But also on static IP configurations, systemd-networkd might get restarted from time to time (automatic security patches, etc.).
I'm aware that this is a feature (which I agree is useful for desktops, etc.). In high-available environments with VIPs this backfires when using Linux distributions that rely on
Describe the solution you'd like
I'm suggesting a flag that disables this behaviour, or would allow whitelisting certain VIPs to prevent them from purging. I've tried
Describe alternatives you've considered
This was referenced
Mar 20, 2019
I figure instead of removing them right away we could just mark them with some short remaining lifetime.
In general though: either networkd manages an interface or it doesn't. Just leaving old configuraion on the interface will become a problem sooner or later. I mean, somebody needs to clean that up, and simply ignoring everything is not just going to be a major source of headaches.
I was wondering what's the best practise regarding floating IPs then? As far as I'm aware this is a quite common solution for implementing high-availability - especially with protocols like VRRP and CARP available. Mixing systemd-network and ifupdown (or reverting to the latter) increases the likelyhood of headaches imho...
I've tried that, but
After further discussion in acassen/keepalived#1170, there is an option to make it work using macvlans, but only when using multicast.
Currently, there seems to be no option to run systemd-networkd alongside a high availability service that doesn't create a custom interface (e.g. via macvlan) but uses existing interfaces. I suppose this doesn't only affect VRRP but also things like CARP.
I'm not sure how this would be best solved, I can't think of anything better than a flag that prevents address pruning altogether or some flag that allows whitelisting certain IPs that won't be pruned upon reload.
A implified version can be reproduced by just adding an address to an interface and then restarting
ip a a 22.214.171.124/24 dev eth0 systemctl restart systemd-networkd
This becomes a problem in cases where the additional address is used as a virtual or floating IP in higih-available environments (where a master IP is swapped to a different service upon failovers, e.g. by services like Pacemaker, keepalived and alike, usually using protocols like Corosync, VRRP or CARP). Those addresses are not handled by