A high-availability virtual IP address (HaVip) ensures that a service IP address remains unchanged during a primary/secondary failover for Elastic Compute Service (ECS) instances in the same zone.
How it works
Use one HaVip and two ECS instances to create a highly-available cluster. The process works as follows:
Configure Keepalived: An HaVip is associated with ECS1 and ECS2, both instances having Keepalived installed. In the Keepalived configuration file, set the
virtual_ipaddressto the HaVip address for both instances. Then, enter thepriority. A higher value indicates a higher priority to become a primary server.Elect primary server: Keepalived compares the
priorityvalues of ECS1 and ECS2 using VRRP and elects ECS1, which has a higher priority, as the primary server. The system then automatically updates the mapping between the HaVip and the primary server. All traffic to the HaVip is forwarded to ECS1.Failover: The primary server, ECS1, periodically sends heartbeat messages to the secondary server, ECS2. The interval is set by
advert_intin the config file. If ECS2 stops hearing these heartbeats for a configured amount of time, Keepalived knows the primary server is down and makes ECS2 the new one. Then, the system updates the HaVip to map to ECS2. All traffic to the HaVip is forwarded to ECS2, ensuring service IP is unchanged.
To enable Internet access, associate the HaVip with an elastic IP (EIP).
Use an HaVip
An HaVip can be associated to ECS instances or elastic network interfaces (ENIs) within the same vSwitch. When used with Keepalived, an HaVip ensures the service IP remains unchanged during a primary/secondary failover.
Quota: Before you begin, log on to the Quota Center and get the permission to create an HaVip. A quota value of 1 indicates that HaVip creation is enabled, and a single account can create up to 50 HaVips.
IP version: Only IPv4 is supported.
Associated resources:
An HaVip can be associated with only one type of resource. To change the resource type, disassociate the existing resources.
When associating an HaVip with an ENI, ensure the ENI is attached to an ECS instance.
If an associated ECS instance or ENI is deleted, the system automatically detaches the HaVip from that resource.
If you detach a secondary ENI from an ECS instance, it does not affect ENI's association with the HaVip.
Console
Create an HaVip and associate it with ECS instances
Go to VPC Console - HaVip, select the region where your ECS instances are located at the top of the page, and click Create HaVip.
Select the VPC and vSwitch to which the ECS instances belong. You can either choose to automatically assign a private IP from the vSwitch CIDR block or specify an unassigned IP.
Install Keepalived on the primary and secondary ECS instances and run
systemctl start keepalivedto start Keepalived.Click the ID of the target HaVip. In the Resources section, click Bind next to ECS Instances. Select the ECS instances or ENIs to associate. To associate an ENI, ensure it is bound with an ECS. If not, click Manage ENI to go to the ENI details page, click Bind to instance, select an ECS instance, and click Confirm.
After the association is complete, view the primary/secondary resources in the Associated Resources column for the target HaVip or in the Resources section of its details page.
Verify the result:
Run the following commands on the primary and secondary instances to create a web test service that returns different results.
Run
netstat -an | grep 8000to check port usage. If port 8000 is in use, select another port.Primary instance:
echo "ECS 1" > index.html # The primary instance returns "ECS 1" python3 -m http.server 8000Secondary instance:
echo "ECS 2" > index.html # The secondary instance returns "ECS 2" python3 -m http.server 8000On another ECS instance in the same VPC, run
curl <havip_private_ip>:8000. The command returnsECS 1. When the primary ECS instance is stopped, the command returnsECS 2.Ensure that the security groups of the primary and secondary instances allow HTTP traffic from within the same VPC to access port 8000.
Disassociate an HaVip from resources
Click the ID of the target HaVip. In the Resources section, find the target resource under ECS Instances or ENIs in the Associated section, and click Delete Association.
Delete an HaVip
Ensure that the HaVip is not associated with any ECS instances, ENIs, or EIPs. Click Delete in the Actions column of the target HaVip or go to its details page and click Delete.
API
Call CreateHaVip to create an HaVip.
Call AssociateHaVip to associate an HaVip with an ECS instance or ENI.
Call UnassociateHaVip to dissociate an HaVip from an ECS instance or ENI.
Call DeleteHaVip to delete an HaVip.
Terraform
Resource: alicloud_havip, alicloud_havip_attachment, alicloud_instance, alicloud_security_group, alicloud_security_group_rule
# Specify the region where you want to create the HaVip.
provider "alicloud" {
region = "cn-hangzhou"
}
# Specify the ID of the VPC.
variable "vpc_id" {
default = "vpc-bp1k******" # Replace with the actual ID of your VPC.
}
# Specify the ID of the vSwitch.
variable "vswitch_id" {
default = "vsw-bp1y******" # Replace with the actual ID of your vSwitch.
}
# Specify the instance type.
variable "instance_type" {
default = "ecs.e-c1m1.large"
}
# Specify the image ID.
variable "image_id" {
default = "aliyun_3_x64_20G_alibase_20221102.vhd"
}
# Create an HaVip.
resource "alicloud_havip" "test_havip" {
ha_vip_name = "test_havip_name"
vswitch_id = var.vswitch_id
ip_address = "192.168.0.24" # Specify an IP address for the HaVip from the vSwitch CIDR block. If not specified, the system assigns one.
}
# Create a security group.
resource "alicloud_security_group" "test_security_group" {
security_group_name = "test_security_group_name"
vpc_id = var.vpc_id
}
# Create a security group rule.
resource "alicloud_security_group_rule" "allow_vpc_tcp" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "1/65535"
priority = 1
security_group_id = alicloud_security_group.test_security_group.id
cidr_ip = "0.0.0.0/0"
}
# Create the primary server.
resource "alicloud_instance" "test_master_instance" {
instance_name = "test_master_instance_name"
vswitch_id = var.vswitch_id
instance_type = var.instance_type
image_id = var.image_id
system_disk_category = "cloud_essd"
security_groups = [alicloud_security_group.test_security_group.id]
user_data = base64encode(<<-EOT
#!/bin/sh
yum install keepalived -y
printf '! Configuration File for keepalived
vrrp_instance VI_1 {
state MASTER # Set as the primary instance.
interface eth0 # The network interface card to which the VIP is bound. This example uses eth0.
virtual_router_id 51 # The virtual_router_id of the primary/secondary cluster. Different clusters in the same VPC need different virtual_router_id values.
nopreempt # Set to non-preemptive mode.
priority 100 # The priority. A higher value indicates a higher priority. This example sets the priority to 100 to make this instance the primary instance.
advert_int 1 # The interval at which heartbeat messages are sent, in seconds. If this value is too small, the configuration is susceptible to network jitter, which can cause frequent failovers and temporary split-brain scenarios. If this value is too large, the primary/secondary failover may take a long time after the primary instance fails.
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.0.25 # The private IP address of this instance. This example uses 192.168.0.25.
unicast_peer {
192.168.0.26 # The private IP address of the peer instance. This example uses 192.168.0.26. If you have multiple secondary ECS instances, declare the IP addresses of all peer instances. Each address must be on a separate line without a comma or other separator.
}
virtual_ipaddress {
192.168.0.24 # The virtual IP address. Set this to the HaVip's IP address. This example uses 192.168.0.24.
}
garp_master_delay 1 # The delay in seconds before updating the ARP cache after switching to the primary instance.
garp_master_refresh 5 # The interval at which ARP messages are sent, in seconds.
track_interface {
eth0 # The network interface card to which the VIP is bound. This example uses eth0.
}
}' > /etc/keepalived/keepalived.conf
systemctl start keepalived
EOT
) # Specify the initialization script for the primary server to install Keepalived.
private_ip = "192.168.0.25" # Specify the private IP address of the primary server.
instance_charge_type = "PostPaid" # Set the billing method to pay-as-you-go.
spot_strategy = "SpotWithPriceLimit" # Set as a spot instance with a price limit.
}
# Create the secondary server.
resource "alicloud_instance" "test_backup_instance" {
instance_name = "test_backup_instance_name"
vswitch_id = var.vswitch_id
instance_type = var.instance_type
image_id = var.image_id
system_disk_category = "cloud_essd"
security_groups = [alicloud_security_group.test_security_group.id]
user_data = base64encode(<<-EOT
#!/bin/sh
yum install keepalived -y
printf '! Configuration File for keepalived
vrrp_instance VI_1 {
state BACKUP # Set as the secondary instance.
interface eth0 # The network interface card to which the VIP is bound. This example uses eth0.
virtual_router_id 51 # The virtual_router_id of the primary/secondary cluster. Different clusters in the same VPC need different virtual_router_id values.
nopreempt # Set to non-preemptive mode.
priority 10 # The priority. A higher value indicates a higher priority. This example sets the priority to 10 to make this instance the secondary instance.
advert_int 1 # The interval at which heartbeat messages are sent, in seconds. If this value is too small, the configuration is susceptible to network jitter, which can cause frequent failovers and temporary split-brain scenarios. If this value is too large, the primary/secondary failover may take a long time after the primary instance fails.
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.0.26 # The private IP address of this instance. This example uses 192.168.0.26.
unicast_peer {
192.168.0.25 # The private IP address of the peer instance. This example uses 192.168.0.25. Declare the IP addresses of all peer instances. Each address must be on a separate line without a comma or other separator.
}
virtual_ipaddress {
192.168.0.24 # The virtual IP address. Set this to the HaVip's IP address. This example uses 192.168.0.24.
}
garp_master_delay 1 # The delay in seconds before updating the ARP cache after switching to the primary instance.
garp_master_refresh 5 # The interval at which ARP messages are sent, in seconds.
track_interface {
eth0 # The network interface card to which the VIP is bound. This example uses eth0.
}
}' > /etc/keepalived/keepalived.conf
systemctl start keepalived
EOT
) # Specify the initialization script for the secondary server to install Keepalived.
private_ip = "192.168.0.26" # Specify the private IP address of the secondary server.
instance_charge_type = "PostPaid" # Set the billing method to pay-as-you-go.
spot_strategy = "SpotWithPriceLimit" # Set as a spot instance with a price limit.
}
# Associate with the primary server.
resource "alicloud_havip_attachment" "test_havip_attachment" {
ha_vip_id = alicloud_havip.test_havip.id
instance_id = alicloud_instance.test_master_instance.id # Specify the ID of the instance to associate with the HaVip.
}
# Associate with the secondary server.
resource "alicloud_havip_attachment" "test_havip_attachment_new" {
ha_vip_id = alicloud_havip.test_havip.id
instance_id = alicloud_instance.test_backup_instance.id # Specify the ID of the instance to associate with the HaVip.
}Associate with an EIP for Internet access
An HaVip is a private IP resource in a vSwitch. To get Internet access, you can associate an EIP with an HaVip. Using EIPs incurs charges.
1. The EIP must be in the same region as the HaVip and must be in the Available state.
2. When an ECS instance accesses the Internet through an EIP associated with an HaVip, the ECS instance sends data packets with the source IP set to HaVip IP instead of its own IP.
Console
Bind or unbind an EIP
Before you begin, ensure that you have an available EIP. Create one in the EIP console or click Create EIP on the association page.
In the Actions column for the target HaVip, click Associate EIP or Disassociate EIP.
API
Before you associate an EIP, ensure that you have called AllocateEipAddress to create an EIP.
Call AssociateEipAddress to associate an EIP with an HaVip.
Call UnassociateEipAddress to dissociate an EIP from an HaVip.
Terraform
Resource: alicloud_eip_address, alicloud_eip_association
# Specify the region of the HaVip.
provider "alicloud" {
region = "cn-hangzhou"
}
# Specify the ID of the HaVip.
variable "havip_id" {
default = "havip-8vb0******" # Replace with the actual ID of your HaVip.
}
# Create an EIP.
resource "alicloud_eip_address" "test_eip" {
address_name = "test_eip_name"
isp = "BGP"
netmode = "public"
bandwidth = "1"
payment_type = "PayAsYouGo"
}
# Associate the EIP.
resource "alicloud_eip_association" "test_eip_havip_association" {
allocation_id = alicloud_eip_address.test_eip.id
instance_type = "HAVIP"
instance_id = var.havip_id # Specify the ID of the HaVip.
}More information
Billing
The HaVip feature is free in beta testing. No service-level agreement (SLA) is guaranteed.
Supported regions
Area | Regions |
Asia Pacific - China | China (Hangzhou), China (Shanghai), China (Nanjing - Local Region, Closing Down), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), China (Wuhan - Local Region), and China (Fuzhou - Local Region, Closing Down) |
Asia Pacific - Others | Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), and Thailand (Bangkok) |
Europe & Americas | Germany (Frankfurt), UK (London), US (Silicon Valley), US (Virginia), and Mexico |
Middle East | UAE (Dubai) and SAU (Riyadh - Partner Region) |
Quotas
The HaVip feature is in public preview. To adjust quota, log on to Quota Center console and apply for an increase.
Quota name | Description | Default limit | Increase quota |
None | The network type that supports high-availability virtual IP addresses (HaVips). | VPC | Cannot be increased. |
The number of HaVips that can be associated with an ECS instance at the same time. | 5 | ||
The number of EIPs that can be associated with an HaVip at the same time. | 1 | ||
The number of ECS instances or ENIs that can be associated with an HaVip at the same time. | 10 1. An HaVip can be associated with 10 ECS instances or 10 ENIs at the same time. However, an HaVip cannot be associated with ECS instances and ENIs at the same time. 2. An HaVip has the subnet property. It can be associated only with ECS instances or ENIs that are in the same vSwitch. | ||
Whether HaVips support broadcast and multicast communication. | No HaVips support only unicast communication. If you use third-party software such as Keepalived to implement high availability, you must change the communication mode to unicast in the configuration file. | ||
The number of HaVips that can be created by an account. | 50 | ||
The number of HaVips that can be created in a VPC. | 50 | ||
vpc_quota_havip_custom_route_entry | The number of route entries whose destination is an HaVip in a route table. | 5 | Go to the Quota Management page or Quota Center to request a quota increase. |