This topic introduces high-availability virtual IP address (HAVIPs) and describes the billing rules and use scenarios of HAVIPs, and how to manage HAVIPs in the Virtual Private Cloud (VPC) console. In the following examples, Terraform automation scripts are used to show how to quickly deploy primary/secondary Elastic Compute Service (ECS) instances that are assigned HAVIPs and have Keepalived enabled.
What is an HAVIP?
Definition
An HAVIP is a private IP address that can be created and released as an independent resource. Similar to the primary IP addresses of ECS instances, HAVIPs support network communication. HAVIPs can work with high-availability software, such as Keepalived, to deploy high-availability services.
An HAVIP can be associated with an elastic IP address, multiple ECS instances, or the primary or secondary elastic network interface (ENIs) of multiple ECS instances. Combined with these resources, HAVIPs can be used to implement automatic IP switchover between multiple high-availability servers in the same zone. This ensures that the private IP address used to provide services remains unchanged. In addition, ECS instances associated with HAVIPs can use deployment sets to further improve service reliability. For more information, see Overview.
Scenarios
Scenario 1: Deploy high-availability services accessible over the Internet
As shown in the following figure, two ECS instances are deployed in primary/secondary mode by using Keepalived, and are assigned HAVIPs. ECS1 announces its HAVIP over ARP. After the HAVIP is announced, ECS1 functions as the primary instance and uses the EIP associated with the HAVIP to provide services. ECS2 functions as the secondary instance.
If the primary ECS instance is down, the secondary ECS instance takes over. This ensures the availability of the services.
Scenario 2: Deploy high-availability services accessible only over VPCs
As shown in the following figure, two ECS instances are used to deploy a high-availability service in a VPC by using Keepalived. The service is accessible to other instances in the VPC. The HAVIP functions as the service address. If the primary ECS instance is down, the secondary ECS instance takes over. This improves the availability of the service.
Quotas and billing
The HAVIP feature is in public preview. To use this feature, submit an application in the Alibaba Cloud Quota Center console.
The HAVIP feature is free of charge during the public preview. Alibaba Cloud does not provide service-level agreement (SLA) guarantees during the public preview.
Supported regions
The following table lists the regions that support HAVIPs.
Area | Region |
Asia Pacific | China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Nanjing - Local Region), China (Fuzhou - Local Region), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Japan (Tokyo), South Korea (Seoul), Singapore, Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), and India (Mumbai) |
Europe & Americas | Germany (Frankfurt), UK (London), US (Silicon Valley), and US (Virginia) |
Middle East | UAE (Dubai) |
Limits
Item | Limit | Adjustable |
Network types that support HAVIPs | VPC | N/A |
Maximum number of HAVIPs that can be associated with each ECS instance | 5 | |
Maximum number of EIPs that can be associated with each HAVIP | 1 | |
Maximum number of ECS instances or ENIs that can be associated with each HAVIP | 10 Note
| |
Whether HAVIPs support broadcasting or multicasting | Snapshot backup files cannot be downloaded. Note HAVIPs support only unicast. If you use third-party software such as Keepalived to implement high availability, you must change the communication mode in the configuration file to unicast. | |
Maximum number of HAVIPs that can be created with each Alibaba Cloud account | 50 | |
Maximum number of HAVIPs that can be created in each VPC | 50 | |
Maximum number of route entries that point to an HAVIP in each VPC | 5 | You can request a quota increase by using one of the following methods:
|
HAVIP use cases
You can use Terraform automation scripts to simplify the deployment, or manually deploy two ECS instances in primary/secondary mode by using HAVIPs and Keepalived. For more information, see Scenario 1: Deploy high-availability services accessible over the Internet.
Procedure
Prerequisites
Privilege: The privilege to create HAVIPs is obtained by submitting an application in the Quota Center console.
Permissions: Resource Access Management (RAM) users are granted minimum permissions on the VPC and ECS instances by the Alibaba Cloud account.
For more information, see Grant permissions to a RAM user and Control access to resources by using RAM users.
If you choose manual deployment in the console, prepare the following resources:
An EIP.
Two ECS instances with NGINX installed. For more information, see Create an instance by using the wizard.
Billing
Quick deployment: After you run Terraform automation scripts, two preemptible ECS instances with one vCPU and 2 GiB of memory, one VPC, one vSwitch, one EIP, and one HAVIP are created. If you release all the resources within 10 minutes, you will be charged a fee of about USD 0.5. For more information about billing, see Preemptible instances and Billing overview.
Manual deployment: The fees that you are charged depend on the specifications of the ECS instances and EIP that you create.
Procedure
Quick deployment by using Terraform
Log on to Alibaba Cloud Cloud Shell and run the following command to obtain the compressed project package:
wget https://help-static-aliyun-doc.aliyuncs.com/file-manage-files/zh-CN/20230824/wcll/iac-example-havip.zipRun the following commands in sequence to decompress the package, enter the project root directory, initialize the script, and then create resources:
unzip iac-example-havip.zip cd iac-example-havip terraform init terraform applyCommand output:
Test network connectivity.
Run the
curlcommand to access the IP address of ECS 1. A message is returned from ECS 1, as shown in the following figure.
Stop ECS 1, and run the
curlcommand to access the IP address of ECS 2. A message is returned from ECS2, as shown in the following figure.
In this example, when ECS 1 is down, ECS 2 automatically takes over. The IP address that is used to provide services remains unchanged because the EIP is associated with an HAVIP.
Run the following command to release all the resources so that billing can stop:
terraform destroy
Manual deployment by using the console
Step 1: Create an HAVIP
- Log on to the VPC console.
In the left-side navigation pane, click HaVip.
In the top navigation bar, select the region where you want to create the HAVIP.
On the HaVip page, click Create HaVip.
In the Create HaVip dialog box, set the following parameters and click OK.
Region: displays the region where you want to create the HAVIP.
VPC: specifies the VPC to which the HAVIP belongs.
vSwitch: specifies the vSwitch to which the HAVIP belongs.
vSwitch CIDR Block: displays the CIDR block of the vSwitch.
Whether to automatically assign private IP addresses: Select whether to automatically assign a private IP address.
Yes: The system automatically allocates an idle private IP address from the vSwitch CIDR block.
No: You must manually enter an idle private IP address from the vSwitch CIDR block.
After the HAVIP is created, you can view the HAVIP on the HaVip page. 
Step 2: Install Keepalived on the primary and secondary ECS instances
In this example, the ECS instances use the CentOS.
Log on to ECS 1. For more information, see Connection methods.
Run the following command to install keepalived:
yum install keepalivedModify the keepalived.conf file.
Run the following command to modify the keepalived.conf file:
vim /etc/keepalived/keepalived.confRun the following command to enter the input mode:
iModify the keepalived.conf file based on the following instructions:
! Configuration File for keepalived vrrp_instance VI_1 { state MASTER #Specify ECS 1 as the primary ECS instance. interface eth0 #Specify the name of the ENI. eth0 is used in this example. virtual_router_id 51 nopreempt priority 100 #Specify a priority for the ECS instance. A larger value indicates a higher priority. A priority of 100 is specified for the ECS instance in this example. advert_int 1 authentication { auth_type PASS auth_pass 1111 } unicast_src_ip 192.168.0.209 #Specify the private IP address of the ECS instance. 192.168.0.209 is used in this example. unicast_peer { 192.168.0.210 #Specify the private IP address of the peer ECS instance. 192.168.0.210 is used in this example. } virtual_ipaddress { 192.168.0.88 #Specify the IP address of the HAVIP. 192.168.0.88 is used in this example. } garp_master_delay 1 garp_master_refresh 5 track_interface { eth0 #Specify the name of the ENI of the ECS instance. eth0 is used in this example. } }Press the Esc key to exit the edit mode. Enter
:wqand press the Enter key to save and close the configuration file.
Run the following command to start keepalived on ECS 1:
systemctl start keepalivedLog on to ECS 2.
Run the following command to install keepalived:
yum install keepalivedModify the keepalived.conf file.
Run the following command to modify the keepalived.conf file:
vim /etc/keepalived/keepalived.confRun the following command to enter the input mode:
iModify the keepalived.conf file based on the following instructions:
! Configuration File for keepalived vrrp_instance VI_1 { state BACKUP #Specify ECS 2 as the secondary ECS instance. interface eth0 #Specify the name of the ENI. eth0 is used in this example. virtual_router_id 51 nopreempt priority 10 #Specify a priority for the secondary ECS instance. A larger value indicates a higher priority. A priority of 10 is specified for the ECS instance in this example. advert_int 1 authentication { auth_type PASS auth_pass 1111 } unicast_src_ip 192.168.0.210 #Specify the private IP address of the ECS instance. 192.168.0.210 is used in this example. unicast_peer { 192.168.0.209 #Specify the private IP address of the peer ECS instance. 192.168.0.209 is used in this example. } virtual_ipaddress { 192.168.0.88 #Specify the IP address of the HAVIP. 192.168.0.88 is used in this example. } garp_master_delay 1 garp_master_refresh 5 track_interface { eth0 #Specify the name of the ENI of the ECS instance. eth0 is used in this example. } }Press the Esc key to exit the edit mode. Enter
:wqand press the Enter key to save and close the configuration file.
Run the following command to start keepalived on ECS 2:
systemctl start keepalived
Step 3: Associate the HAVIP with the primary and secondary ECS instances
You can associate the HAVIP with both the primary and secondary ECS instances. Then, the ECS instances can announce the HAVIP by sending ARP messages.
An HAVIP can be associated only with ECS instances in the same vSwitch. Each HAVIP can be associated with at most 10 ECS instances.
Perform the following steps to associate the HAVIP with both the primary and secondary ECS instances:
- Log on to the VPC console.
In the left-side navigation pane, click HaVip.
In the top navigation bar, select the region where the HAVIP is created.
Find the HAVIP created in Step 1: Create an HAVIP and click its ID.
Click Bind next to ECS Instances in the Resources section.
In the dialog box that appears, select ECS 1 and click OK.
Repeat the preceding steps to associate the HAVIP with ECS 2.
After the HAVIP is associated with ECS 1 and ECS 2, you can view the ECS instances in the Resources section.
Step 4: Associate the HAVIP with an EIP
You can associate the HAVIP with an EIP. Then, the HAVIP can use the EIP to provide services over the Internet.
- Log on to the VPC console.
In the left-side navigation pane, click HaVip.
In the top navigation bar, select the region where the HAVIP is created.
Find the HAVIP created in Step 1: Create an HAVIP and click its ID.
Click Bind next to Elastic IP Address in the Resources section.
In the dialog box that appears, select the EIP and click OK.
Then, you can view the EIP that is associated with the HAVIP.
Step 5: Test network connectivity
Perform the following steps to test the network connectivity.
Open a browser on an on-premises computer.
Enter the IP address of the EIP to access NGINX that is deployed on the ECS instance.
Test results:
If ECS 1 works as expected, ECS 1 is accessible.
If ECS 1 is down, ECS 2 takes over the virtual IP address and workloads of ECS 1. This ensures service high availability.
Manage HAVIPs
Manage HAVIPs in the console
Procedure
- Log on to the VPC console.
In the left-side navigation pane, click HaVip.
In the top navigation bar, select the region where you want to create the HAVIP.
Perform the following operations as needed.
Create an HAVIP
Associate with and disassociate from an ECS instance or an ENI
Associate with and disassociate from an EIP
API reference
You can manage HAVIPs by calling SDK operations, running Terraform scripts, or calling the following API operations:
FAQ
Which version of Keepalived is recommended?
We recommend that you use version 1.2.15 and later.
What can I do if I encounter problems when I use Keepalived?
We recommend that you seek solutions on Keepalived GitHub.
If I use third-party software such as Keepalived to implement high availability, how do I configure the source IP address for heartbeat detection?
If you use third-party software such as Keepalived to implement high availability, you need to change the source IP address of heartbeat detection to the private IP address of the ECS instance, instead of the private IP address of the HAVIP.
Can I use HAVIPs to implement high availability for user-created Linux virtual servers (LVS)?
No, you cannot use HAVIPs to implement high availability for user-created LVS.
When an ECS instance that is associated with an HAVIP accesses the Internet, what is the source IP address of the data packets?
In this case, the HAVIP is associated with the ECS instance and an EIP. The EIP is mapped to the private IP address of the HAVIP instead of the private IP address of the ECS instance. Therefore, the source IP address of the data packets is the private IP address of the HAVIP instead of the private IP address of the ECS instance.