Keepalived VIP Loss Due to systemd-networkd Restart

In a test environment using Ubuntu 18.04 with Keepalived v1.3.9 (installed via apt-get) in a Master-Backup configuration alongside Nginx, an unexpected loss of the Virtual IP (VIP) on the Master node was observed. The service became unreachable, yet no failover occurred—both nodes showed no Keepalived transition logs.

Restarting Keepalived on the Master (systemctl restart keepalived) or stopping it entirely triggered proper failover, indicating the issue was isolated to VIP management rather than network or Nginx failures.

Root Cause Investigation

System logs (/var/log/syslog) revealed a restart of networking components around the time of the VIP loss:

May  9 06:51:39 ... systemd[1]: Stopping Network Service...
May  9 06:51:40 ... systemd-networkd[4993]: ens160: Configured
May  9 06:51:40 ... systemd[1]: Started Network Service.

This pointed to a transient network reconfiguration event. Testing confirmed that manually restarting systemd-networkd reproduced the VIP disappearance without triggering failover.

The underlying issue is a known bug in certain versions of Keepalived when used with systemd-networkd: when the network daemon restarts, Keepalived fails to retain or re-add the VIP, and the Backup node does not detect the failure because VRRP advertisements may still appear valid or are missed during the brief interface reset.

Further investigation showed that Ubuntu’s unattended-upgrades mechanism can trigger such a restart. Configuration files like /etc/apt/apt.conf.d/20auto-upgrades enable automatic package updates, and if a package udpate affects systemd-networkd or related componants, the service may be restarted silently.

Mitigation Strategies

Option 1: Disable Automatic Updates
Prevent unintended service restarts by disabling unattended upgrades:

# /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";

Note: This reduces risk but doesn’t eliminate it—if systemd-networkd is restarted manually or by other means, the issue persists.

Option 2: Implement VIP Monitoring Script
Deploy a watchdog script that checks for the presence of the VIP on the Master and restarts Keepalived if missing:

#!/bin/bash
VIP="192.168.1.100"
INTERFACE="ens160"

if ! ip addr show dev $INTERFACE | grep -q "$VIP"; then
    systemctl restart keepalived
fi

Schedule this via cron every 10–30 seconds for rapid recovery.

Option 3: Migrate to a Different OS
Switching to CentOS 7 (or RHEL-based systems using NetworkManager or traditional network scripts instead of systemd-networkd) avoids this specific interaction, as the bug is tied to the combination of Keepalived and systemd-networkd on Debian-based systems.

Tags: Keepalived systemd-networkd Ubuntu vip failover

Posted on Sun, 21 Jun 2026 17:06:19 +0000 by mlla2

Hot Tags

©2026 Freaks City