Hi guys,
Seems there is a bug in VRRP, both nodes entered MASTER state rendering the VRRP address unavailable.
In the log there are two main lines that popout
Dec 09 02:07:27 Keepalived_vrrp[3090]: (IPv4_VLAN99) IPSEC-AH : invalid IPSEC HMAC-MD5 value. Due to fields mutation or bad password ! Dec 09 07:28:19 Keepalived_vrrp[3090]: (IPv4_VLAN10) Entering MASTER STATE Dec 09 07:28:19 Keepalived_vrrp[3090]: (IPv4_VLAN10) IPSEC-AH : sequence number 7626336 already processed. Packet dropped. Local(7626336)
As soon as I reboot the first node everything started working again on node 2 as expected and the master was able to take over again.
vyos@EU-GW03:~$ show version Version: VyOS 1.3.0-epa3 Release train: equuleus Built by: Sentrium S.L. Built on: Sun 31 Oct 2021 17:38 UTC Build UUID: 383e45ad-b32a-4359-8183-9baacc8e69d9 Build commit ID: bb511522cc3bb2-dirty Architecture: x86_64 Boot via: installed image System type: VMware guest Hardware vendor: VMware, Inc. Hardware model: VMware Virtual Platform Hardware S/N: VMware-42 39 f0 01 50 fb b9 8f-6d 44 a4 9d be a0 66 17 Hardware UUID: 4239f001-50fb-b98f-6d44-a49dbea06617 Copyright: VyOS maintainers and contributors
VRRP config
vyos@EU-GW03:~$ show configuration commands | strip-private | match vrrp
set high-availability vrrp group IPv4_VLAN10 authentication password xxxxxx
set high-availability vrrp group IPv4_VLAN10 authentication type 'ah'
set high-availability vrrp group IPv4_VLAN10 interface 'eth1.10'
set high-availability vrrp group IPv4_VLAN10 preempt-delay '180'
set high-availability vrrp group IPv4_VLAN10 priority '200'
set high-availability vrrp group IPv4_VLAN10 virtual-address 'xxx.xxx.10.1/24'
set high-availability vrrp group IPv4_VLAN10 vrid '10'
set high-availability vrrp group IPv4_VLAN75 authentication password xxxxxx
set high-availability vrrp group IPv4_VLAN75 authentication type 'ah'
set high-availability vrrp group IPv4_VLAN75 interface 'eth1.75'
set high-availability vrrp group IPv4_VLAN75 preempt-delay '180'
set high-availability vrrp group IPv4_VLAN75 priority '200'
set high-availability vrrp group IPv4_VLAN75 virtual-address 'xxx.xxx.75.1/24'
set high-availability vrrp group IPv4_VLAN75 vrid '75'
set high-availability vrrp group IPv4_VLAN98 authentication password xxxxxx
set high-availability vrrp group IPv4_VLAN98 authentication type 'ah'
set high-availability vrrp group IPv4_VLAN98 interface 'eth1.98'
set high-availability vrrp group IPv4_VLAN98 preempt-delay '180'
set high-availability vrrp group IPv4_VLAN98 priority '200'
set high-availability vrrp group IPv4_VLAN98 virtual-address 'xxx.xxx.98.1/24'
set high-availability vrrp group IPv4_VLAN98 vrid '98'
set high-availability vrrp group IPv4_VLAN99 authentication password xxxxxx
set high-availability vrrp group IPv4_VLAN99 authentication type 'ah'
set high-availability vrrp group IPv4_VLAN99 interface 'eth1.99'
set high-availability vrrp group IPv4_VLAN99 preempt-delay '180'
set high-availability vrrp group IPv4_VLAN99 priority '200'
set high-availability vrrp group IPv4_VLAN99 virtual-address 'xxx.xxx.99.1/24'
set high-availability vrrp group IPv4_VLAN99 vrid '99'
set high-availability vrrp group IPv4_WAN authentication password xxxxxx
set high-availability vrrp group IPv4_WAN authentication type 'ah'
set high-availability vrrp group IPv4_WAN interface 'eth0'
set high-availability vrrp group IPv4_WAN preempt-delay '180'
set high-availability vrrp group IPv4_WAN priority '200'
set high-availability vrrp group IPv4_WAN virtual-address 'xxx.xxx.84.192/25'
set high-availability vrrp group IPv4_WAN vrid '1'
set high-availability vrrp sync-group VLAN member 'IPv4_VLAN10'
set high-availability vrrp sync-group VLAN member 'IPv4_VLAN75'
set high-availability vrrp sync-group VLAN member 'IPv4_VLAN98'
set high-availability vrrp sync-group VLAN member 'IPv4_VLAN99'
set high-availability vrrp sync-group VLAN member 'IPv4_WAN'{F2220989}Greetings,