All Products
Search
Document Center

Virtual Private Cloud:HAVIP

Last Updated:Mar 15, 2024

You can use the high-availability virtual IP address (HAVIP) feature of Virtual Private Cloud (VPC) together with Address Resolution Protocol (ARP) and Keepalived or Heartbeat to deploy high-availability services. This ensures that IP addresses are not changed when failover is performed.

What is an HAVIP?

Definition

An HAVIP is a private IP address that can be created and released as an independent resource. Similar to the primary IP addresses of ECS instances, HAVIPs support network communication. HAVIPs can work with high-availability software, such as Keepalived, to deploy high-availability services.

An HAVIP can be associated with an elastic IP address, multiple ECS instances, or the primary or secondary elastic network interface (ENIs) of multiple ECS instances. Combined with these resources, HAVIPs can be used to implement automatic IP switchover between multiple high-availability servers in the same zone. This ensures that the private IP address used to provide services remains unchanged. In addition, ECS instances associated with HAVIPs can use deployment sets to further improve service reliability. For more information, see Overview.

If Keepalived can be used to implement high availability of virtual IP addresses, why are HAVIPs used?

In traditional data centers, servers can announce their IP addresses over ARP. Then, the servers can provide services through the IP addresses. This capability is required by common applications in many scenarios. For example, Keepalived and Heartbeat can be used to keep IP addresses unchanged in disaster recovery scenarios.

However, most cloud service providers have adopted the software-defined networking (SDN) technology, which does not support free ARP announcements in VPCs. This is because cloud environments are built by using virtualization technologies, and virtual IP addresses are assigned and managed by the underlying virtualization platform. Applications cannot change host IP addresses as in traditional environments. In addition, virtual networks are built on top of Layer 3 tunneling, which prevents hosts from announcing IP addresses because ARP announcements are terminated on the senders. To address this issue, Alibaba Cloud developed HAVIPs.

Scenarios

Scenario 1: Deploy high-availability services accessible over the Internet

As shown in the following figure, ECS1 and ECS2 are deployed in primary/secondary mode by using Keepalived, and are assigned HAVIPs. ECS1 announces its HAVIP over ARP. After the HAVIP is announced, ECS1 serves as the primary instance and uses the EIP associated with the HAVIP to provide services. ECS2 serves as the secondary instance.

If ECS1 is down, ECS2 automatically takes over. This ensures the availability of the services.

image

Scenario 2: Deploy high-availability services accessible only over VPCs

As shown in the following figure, ECS1 and ECS2 are used to deploy a high-availability service in a VPC by using Keepalived. The service is accessible to ECS3 in the VPC. The service address is the IP address of the HAVIP. If ECS1 is down, ECS2 automatically takes over. This ensures the availability of the services.

image

Quotas and billing

The HAVIP feature is in public preview. To use this feature, submit an application in the Alibaba Cloud Quota Center console.

Important

The HAVIP feature is free of charge during the public preview. Alibaba Cloud does not provide service-level agreement (SLA) guarantees during the public preview.

Supported regions

The following table lists the regions that support HAVIPs.

Area

Region

Asia Pacific

China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Nanjing - Local Region), China (Fuzhou - Local Region), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Wuhan - Local Region), China (Hong Kong), Japan (Tokyo), South Korea (Seoul), Singapore, Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), and India (Mumbai)

Europe & Americas

Germany (Frankfurt), UK (London), US (Silicon Valley), and US (Virginia)

Middle East

UAE (Dubai) and Saudi Arabia (Riyadh)

Limits and quotas

Name

Description

Default value

Adjustable

N/A

Network types that support HAVIPs

VPC

No

Number of HAVIPs that can be associated with each ECS instance

5

Maximum number of EIPs that can be associated with each HAVIP

1

Maximum number of ECS instances or ENIs that can be associated with each HAVIP

10

Note
  • You can associate each HAVIP with at most 10 ECS instances or 10 ENIs. However, you cannot associate an HAVIP with an ECS instance and an ENI at the same time.

  • HAVIPs can be associated with ECS instances or ENIs that belong to the same vSwitch.

Whether HAVIPs support broadcasting or multicasting

Not supported

Note

HAVIPs support only unicast. If you use third-party software such as Keepalived to implement high availability, you must change the communication mode in the configuration file to unicast.

Maximum number of HAVIPs that can be created with each Alibaba Cloud account

50

Number of HAVIPs that can be created in each VPC

50

vpc_quota_havip_custom_route_entry

Number of route entries that point to an HAVIP in each VPC

5

You can request a quota increase by using one of the following methods:

HAVIP use cases

You can use Terraform automation scripts to simplify the deployment, or manually deploy two ECS instances in primary/secondary mode by using HAVIPs and Keepalived. For more information, see Scenario 1: Deploy high-availability services accessible over the Internet.

Procedure

image

Prerequisites

  • Privilege: The privilege to create HAVIPs is obtained by submitting an application in the Quota Center console.

  • Permissions: Resource Access Management (RAM) users are granted minimum permissions on the VPC and ECS instances by the Alibaba Cloud account.

    RAM policy actions

    vpc:CreateVpc
    vpc:DeleteVpc
    vpc:DescribeVpcs
    vpc:AllocateEipAddress
    vpc:AssociateEipAddress
    vpc:DescribeEipAddresses
    vpc:UnassociateEipAddress
    vpc:ReleaseEipAddress
    vpc:CreateVSwitch
    vpc:DeleteVSwitch
    vpc:DescribeVSwitches
    vpc:CreateHaVip
    vpc:DeleteHaVip
    vpc:AssociateHaVip
    vpc:UnassociateHaVip
    vpc:DescribeHaVips
    ecs:RunInstances
    ecs:StartInstances
    ecs:StopInstances
    ecs:DescribeInstances
    ecs:DeleteInstances

    For more information, see Grant permissions to a RAM user and Control access to resources by using RAM users.

  • If you choose manual deployment in the console, prepare the following resources:

Billing

  • Quick deployment: After you run Terraform automation scripts, two preemptible ECS instances with one vCPU and 2 GiB of memory, one VPC, one vSwitch, one EIP, and one HAVIP are created. If you release all the resources within 10 minutes, you will be charged a fee of about USD 0.5. For more information about billing, see Preemptible instances and Billing overview.

  • Manual deployment: The fees that you are charged depend on the specifications of the ECS instances and EIP that you create.

Procedure

Quick deployment by using Terraform

  1. Download the project file iac-example-havip.zip.

  2. Log on to Alibaba Cloud Cloud Shell and upload the file.image

  3. Run the following commands in sequence to decompress the package, enter the project root directory, initialize the script, and then create resources:

    unzip iac-example-havip.zip
    cd iac-example-havip
    terraform init
    terraform apply -auto-approve

    Result:

    image.png

  4. Test network connectivity.

    1. Run the curl web_url command to view the information returned by ECS1 (primary).

      image.png

    2. Run the following command to stop ECS1:

      aliyun ecs StopInstance --InstanceId <$instance_id_ecs1> --ForceStop false --StoppedMode KeepCharging -- Dryrun false
    3. Run the curl web_url command again to view the information returned by ECS2.

      image.png

In this example, when ECS1 is down, ECS2 automatically takes over. The IP address that is used to provide services remains unchanged because the EIP is associated with an HAVIP.

  1. Run the following command to release all the resources so that billing can stop:

    terraform destroy -auto-approve

Manual deployment by using the console

Step 1: Create an HAVIP

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click HaVip.

  3. In the top navigation bar, select the region where you want to create the HAVIP.

  4. On the HaVip page, click Create HaVip.

  5. In the Create HaVip dialog box, set the following parameters and click OK.

    • Resource Group: Select the resource group to which the HAVIP belongs.

    • Tag key: Enter or select a tag key for the HAVIP. It can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://. You can specify at most 20 tag keys at a time.

    • Tag value: Enter or select a tag value for the HAVIP. It can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://. You can specify at most 20 tag values at a time.

    • Region: displays the region where you want to create the HAVIP.

    • VPC: specifies the VPC to which the HAVIP belongs.

    • vSwitch: specifies the vSwitch to which the HAVIP belongs.

    • vSwitch CIDR Block: displays the CIDR block of the vSwitch.

    • Whether to automatically assign private IP addresses: Select whether to automatically assign a private IP address.

      • Yes: The system automatically allocates an idle private IP address from the vSwitch CIDR block.

      • No: You must manually enter an idle private IP address from the vSwitch CIDR block.

After the HAVIP is created, you can view the HAVIP on the HaVip page. 创建HaVip

Step 2: Install Keepalived on the primary and secondary ECS instances

In this example, the ECS instances use the CentOS.

  1. Log on to ECS1. For more information, see Connection methods.

  2. Run the following command to install keepalived:

    yum install keepalived

  3. Modify the keepalived.conf file.

    1. Run the following command to modify the keepalived.conf file:

      vim /etc/keepalived/keepalived.conf

    2. Run the following command to enter the input mode:

      i

    3. Modify the keepalived.conf file based on the following instructions:

      ! Configuration File for keepalived
      vrrp_instance VI_1 {
      state MASTER           #Specify ECS1 as the primary ECS instance.
          interface eth0          #Specify the name of the ENI. eth0 is used in this example.  
          virtual_router_id 51
          nopreempt              
          priority 100             #Specify a priority for the ECS instance. A larger value indicates a higher priority. A priority of 100 is specified for the ECS instance in this example.
          advert_int 1        
          authentication {
              auth_type PASS
              auth_pass 1111
          }
          unicast_src_ip 192.168.0.209   #Specify the private IP address of the ECS instance. 192.168.0.209 is used in this example.
          unicast_peer {
              192.168.0.210           #Specify the private IP address of the peer ECS instance. 192.168.0.210 is used in this example.
          }
          virtual_ipaddress {
              192.168.0.88          #Specify the IP address of the HAVIP. 192.168.0.88 is used in this example. 
          }   
          garp_master_delay 1
          garp_master_refresh 5
      
          track_interface {
              eth0                #Specify the name of the ENI of the ECS instance. eth0 is used in this example.
          }
      }
      Note

      This example shows only the parts that need to be modified. Modify the keepalived.conf file based on the example. Do not directly copy the content in this example to the keepalived.conf file.

    4. Press the Esc key to exit the edit mode. Enter :wq and press the Enter key to save and close the configuration file.

  4. Run the following command to start keepalived on ECS1:

    systemctl start keepalived

  5. Log on to ECS2.

  6. Run the following command to install keepalived:

    yum install keepalived

  7. Modify the keepalived.conf file.

    1. Run the following command to modify the keepalived.conf file:

      vim /etc/keepalived/keepalived.conf

    2. Run the following command to enter the input mode:

      i

    3. Modify the keepalived.conf file based on the following instructions:

      ! Configuration File for keepalived
      vrrp_instance VI_1 {
      state BACKUP           #Specify ECS2 as the secondary ECS instance.
          interface eth0          #Specify the name of the ENI. eth0 is used in this example.  
          virtual_router_id 51
          nopreempt              
          priority 10             #Specify a priority for the secondary ECS instance. A larger value indicates a higher priority. A priority of 10 is specified for the ECS instance in this example.
          advert_int 1        
          authentication {
              auth_type PASS
              auth_pass 1111
          }
          unicast_src_ip 192.168.0.210   #Specify the private IP address of the ECS instance. 192.168.0.210 is used in this example.
          unicast_peer {
              192.168.0.209           #Specify the private IP address of the peer ECS instance. 192.168.0.209 is used in this example.
          }
          virtual_ipaddress {
              192.168.0.88          #Specify the IP address of the HAVIP. 192.168.0.88 is used in this example. 
          }    
          garp_master_delay 1
          garp_master_refresh 5
      
          track_interface {
              eth0                #Specify the name of the ENI of the ECS instance. eth0 is used in this example.
          }
      }
      Note

      This example shows only the parts that need to be modified. Modify the keepalived.conf file based on the example. Do not directly copy the content in this example to the keepalived.conf file.

    4. Press the Esc key to exit the edit mode. Enter :wq and press the Enter key to save and close the configuration file.

  8. Run the following command to start keepalived on ECS2:

    systemctl start keepalived

Step 3: Associate the HAVIP with the primary and secondary ECS instances

You can associate the HAVIP with both the primary and secondary ECS instances. Then, the ECS instances can announce the HAVIP by sending ARP messages.

Note

An HAVIP can be associated only with ECS instances in the same vSwitch. Each HAVIP can be associated with at most 10 ECS instances.

Perform the following steps to associate the HAVIP with both the primary and secondary ECS instances:

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click HaVip.

  3. In the top navigation bar, select the region where the HAVIP is created.

  4. Find the HAVIP created in Step 1: Create an HAVIP and click its ID.

  5. Click Bind next to ECS Instances in the Resources section.

    绑定ECS

  6. In the dialog box that appears, select ECS1 and click OK.

  7. Repeat the preceding steps to associate the HAVIP with ECS2.

After the HAVIP is associated with ECS1 and ECS2, you can view the ECS instances in the Resources section.

Step 4: Associate the HAVIP with an EIP

You can associate the HAVIP with an EIP. Then, the HAVIP can use the EIP to provide services over the Internet.

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click HaVip.

  3. In the top navigation bar, select the region where the HAVIP is created.

  4. Find the HAVIP created in Step 1: Create an HAVIP and click its ID.

  5. Click Bind next to Elastic IP Addresses in the Resources section.

    绑定EIP

  6. In the dialog box that appears, select the EIP and click OK.

Then, you can view the EIP that is associated with the HAVIP.

Step 5: Test network connectivity

Perform the following steps to test the network connectivity.

  1. Open a browser on an on-premises computer.

  2. Enter the IP address of the EIP to access NGINX that is deployed on the ECS instance.

    Test results:

    • If ECS1 works as expected, ECS1 is accessible.

      image.png

    • If ECS1 is down, ECS2 takes over the virtual IP address and workloads of ECS1. This ensures service high availability.

      image.png

Manage HAVIPs

Manage HAVIPs in the console

Operation platform

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click HaVip.

  3. In the top navigation bar, select the region where you want to create the HAVIP.

Perform the following operations as needed.

Create an HAVIP

  1. On the HaVip page, click Create HaVip.

  2. In the Create HaVip dialog box, set the following parameters and click OK.

    • Resource Group: Select the resource group to which the HAVIP belongs.

    • Tag key: Enter or select a tag key for the HAVIP. It can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://. You can specify at most 20 tag keys at a time.

    • Tag value: Enter or select a tag value for the HAVIP. It can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://. You can specify at most 20 tag values at a time.

    • Region: displays the region where you want to create the HAVIP.

    • VPC: specifies the VPC to which the HAVIP belongs.

    • vSwitch: specifies the vSwitch to which the HAVIP belongs.

    • vSwitch CIDR Block: displays the CIDR block of the vSwitch.

    • Whether to automatically assign private IP addresses: Select whether to automatically assign a private IP address.

      • Yes: The system automatically allocates an idle private IP address from the vSwitch CIDR block.

      • No: You must manually enter an idle private IP address from the vSwitch CIDR block.

Note

If you no longer use an HAVIP, you can find the HAVIP on the HaVip page and click Delete in the Actions column. Before you delete an HAVIP, make sure that it is disassociated from all ECS instances, ENIs, and EIPs.

Associate with and disassociate from an ECS instance or an ENI

  1. On the HaVip page, click the ID of the HAVIP that you want to manage.

  2. Click Bind next to ECS Instances in the Resources section.

  3. In the dialog box that appears, select the ECS instance or ENI that you associate with the HAVIP, and click OK.

    Parameter

    Description

    Resource Type

    Select the type of resource with which you want to associate the HAVIP. Supported resource types:

    • ECS Instance

    • ENI

    Bind Resource

    Select the ECS instance or ENI that you want to associate with the HAVIP.

    The ECS instance or ENI must meet the following requirements:

    • The ECS instance is deployed in a VPC.

    • The ECS instance or ENI is in the same vSwitch as the HAVIP.

To disassociate an HAVIP from an ECS instance or an ENI, find the ECS instance or ENI below ECS Instances in the Resources section. In the message that appears, click Disassociate.

Note
  • If you delete an ECS instance that is associated with an HAVIP, the system automatically disassociates the HAVIP from the ECS instance.

  • If you disassociate a secondary ENI that is associated with an HAVIP from an ECS instance, the secondary ENI is still associated with the HAVIP.

  • If you delete an ENI that is associated with an HAVIP, the system automatically disassociates the HAVIP from the ENI.

Associate with and disassociate from an EIP

You can associate an HAVIP with an EIP. After the HAVIP is associated with the EIP, the HAVIP can use the EIP to provide services over the Internet. Before you get started, apply for an EIP. The EIP must meet the following requirements:

  • The EIP and the HAVIP are in the same region.

  • The EIP is in the Available state.

  1. On the HaVip page, find the HAVIP that you want to manage and click Bind EIP Address in the Actions column.

  2. In the Bind Elastic IP Address dialog box, select the EIP that you want to associate with the HAVIP and click OK.

API references

You can manage HAVIPs by calling SDK operations, running Terraform scripts, or calling the following API operations:

FAQ

Which version of Keepalived is recommended?

We recommend that you use the version 1.2.15 or later.

What can I do if I encounter problems when I use Keepalived?

We recommend that you seek solutions on Keepalived GitHub.

If I use third-party software such as Keepalived to implement high availability, how do I configure the source IP address for heartbeat detection?

If you use third-party software such as Keepalived to implement high availability, you need to change the source IP address of heartbeat detection to the private IP address of the ECS instance, instead of the private IP address of the HAVIP.

Can I use HAVIPs to implement high availability for user-created Linux virtual servers (LVS)?

No, you cannot use HAVIPs to implement high availability for user-created LVS.

When an ECS instance that is associated with an HAVIP accesses the Internet, what is the source IP address of the data packets?

In this case, the HAVIP is associated with the ECS instance and an EIP. The EIP is mapped to the private IP address of the HAVIP instead of the private IP address of the ECS instance. Therefore, the source IP address of the data packets is the private IP address of the HAVIP instead of the private IP address of the ECS instance.