Virtual Router Redundancy Protocol (VRRP) is the backbone of high-availability infrastructure on Linux. When a critical load balancer or gateway fails, VRRP ensures a standby node seamlessly takes over the virtual IP address — typically in under a second. Self-hosted VRRP management tools range from the industry-standard Keepalived to lightweight alternatives like UCarp and Kubernetes-native operators.

Understanding VRRP and Why Self-Host It

VRRP (RFC 5798) provides automatic failover for router gateways by electing a master router from a pool of candidates. The master owns a shared virtual IP (VIP) that clients use as their default gateway. If the master fails, backup routers detect the absence of VRRP advertisements and elect a new master.

Self-hosting VRRP management gives you full control over failover behavior, eliminates vendor lock-in from proprietary HA solutions, and integrates cleanly with existing infrastructure. Whether you run bare-metal servers, virtual machines, or Kubernetes clusters, there is an open-source VRRP tool that fits your architecture.

Keepalived: The Industry Standard

Keepalived is the most widely deployed VRRP implementation for Linux, with over 4,500 GitHub stars. Originally designed for LVS (Linux Virtual Server) load balancing, it has evolved into a comprehensive HA framework supporting VRRPv2, VRRPv3, health checking, and more.

Key Features:

  • VRRPv2 (IPv4) and VRRPv3 (IPv4 + IPv6) support
  • Built-in health checks via vrrp_script blocks — check HTTP, TCP, script-based, and file-based conditions
  • Track interfaces, files, and scripts to dynamically adjust VRRP priority
  • LVS integration for automatic load balancer failover
  • IPv6 support in VRRPv3 mode
  • SMTP notifications on state transitions
  • NET SNMP agent for monitoring

Docker Deployment

Keepalived runs well in Docker containers when configured with NET_ADMIN and NET_RAW capabilities:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

version: "3.8"
services:
  keepalived:
    image: osixia/keepalived:latest
    container_name: keepalived
    cap_add:
      - NET_ADMIN
      - NET_RAW
    environment:
      - KEEPALIVED_INTERFACE=eth0
      - KEEPALIVED_VIRTUAL_IPS=192.168.1.100
      - KEEPALIVED_PRIORITY=100
      - KEEPALIVED_STATE=MASTER
    network_mode: host
    restart: unless-stopped
    volumes:
      - /etc/keepalived/keepalived.conf:/usr/local/etc/keepalived/keepalived.conf:ro

Configuration Example

A production Keepalived configuration for a two-node HA pair:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

global_defs {
   router_id HA_PAIR
   notification_email {
       admin@example.com
   }
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
}

vrrp_script chk_haproxy {
    script "/usr/bin/killall -0 haproxy"
    interval 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass secretpassword
    }
    virtual_ipaddress {
        192.168.1.100/24 dev eth0
    }
    track_script {
        chk_haproxy
    }
}

UCarp: Lightweight Patent-Free Alternative

UCarp is a portable, BSD-licensed implementation of CARP (Common Address Redundancy Protocol) — OpenBSD’s patent-free alternative to VRRP. With 170+ stars, it is a smaller project but offers a simpler, more focused tool for virtual IP failover.

Key Features:

  • CARP protocol (patent-free VRRP alternative)
  • Single binary, no dependencies
  • Preemptive and non-preemptive modes
  • Scriptable on state changes via -P and -B flags
  • Lightweight — ideal for resource-constrained environments
  • Cross-platform: runs on Linux, BSD, and macOS

Installation and Setup

UCarp is available in most package repositories:

1
2
3
4
5

# Debian/Ubuntu
apt-get install ucarp

# RHEL/CentOS (EPEL)
yum install ucarp

A basic two-node CARP setup:

1
2
3
4
5

# Node 1 (Master)
ucarp -i eth0 -v 1 -p secretpassword   -a 192.168.1.100 -s 192.168.1.10   -P /etc/ucarp/master.sh -B /etc/ucarp/backup.sh

# Node 2 (Backup)
ucarp -i eth0 -v 1 -p secretpassword   -a 192.168.1.100 -s 192.168.1.11   -B /etc/ucarp/backup.sh -P /etc/ucarp/master.sh

Docker Compose Setup

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

version: "3.8"
services:
  ucarp:
    image: alpine:latest
    container_name: ucarp
    cap_add:
      - NET_ADMIN
      - NET_RAW
    command: >
      sh -c "apk add ucarp &&
      ucarp -i eth0 -v 1 -p secret -a 192.168.1.100
      -s $$HOST_IP -P /up.sh -B /down.sh"
    environment:
      - HOST_IP=192.168.1.10
    network_mode: host
    restart: unless-stopped

Keepalived Exporter + Prometheus: Monitoring VRRP State

Keepalived Exporter provides Prometheus-compatible metrics for VRRP instances, enabling automated alerting and dashboard visualization of HA state transitions. With 170+ stars, it is the go-to tool for monitoring Keepalived deployments at scale.

Key Features:

  • Exposes VRRP instance state as Prometheus metrics
  • Tracks priority, state transitions, and advertisement intervals
  • Integrates with Grafana for real-time HA dashboards
  • SNMP data collection from Keepalived’s SNMP agent
  • Lightweight Go binary, minimal resource usage

Metrics Exposed

The exporter provides metrics including:

1
2
3
4
5
6
7

# HELP keepalived_vrrp_state Current VRRP state (1=init, 2=backup, 3=master)
# TYPE keepalived_vrrp_state gauge
keepalived_vrrp_state{instance="VI_1",iname="eth0"} 3

# HELP keepalived_vrrp_priority Current VRRP priority
# TYPE keepalived_vrrp_priority gauge
keepalived_vrrp_priority{instance="VI_1"} 100

Docker Compose Setup

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

version: "3.8"
services:
  keepalived-exporter:
    image: ghcr.io/mehdy/keepalived-exporter:latest
    container_name: keepalived-exporter
    ports:
      - "9165:9165"
    volumes:
      - /var/run/keepalived.sock:/var/run/keepalived.sock:ro
    restart: unless-stopped

  prometheus:
    image: prom/prometheus:latest
    ports:
      - "9090:9090"
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro

Comparison Table

FeatureKeepalivedUCarpKeepalived Exporter
ProtocolVRRPv2/v3CARPN/A (monitoring)
GitHub Stars4,565171172
Health ChecksBuilt-in (HTTP, TCP, script)Script-basedN/A
IPv6 SupportYes (VRRPv3)LimitedN/A
Kubernetes NativeNo (operator available)NoYes (Prometheus)
Docker Supportosixia/keepalivedManual buildghcr.io/mehdy
SNMP IntegrationYesNoYes
Config ComplexityModerateLowLow
Failover Speed<1 second<1 secondN/A
LicenseGPLv2BSD 3-clauseApache 2.0
Best ForProduction HALightweight setupsMonitoring/Alerting

Why Self-Host VRRP Management?

Self-hosted VRRP management is critical for any infrastructure that requires high availability without relying on cloud provider load balancers or proprietary appliances. Here is why organizations choose open-source VRRP tools:

Eliminate Single Points of Failure. VRRP ensures that your gateway, load balancer, or database VIP automatically fails over to a standby node. Without it, a single hardware failure can take down your entire service. Self-hosted VRRP removes the dependency on expensive hardware load balancers (F5, Citrix) and their licensing costs.

Full Control Over Failover Logic. Unlike managed cloud load balancers, self-hosted VRRP lets you define custom health checks, preemption behavior, and notification scripts. You can trigger custom remediation actions on state transitions — restart services, drain connections, or send PagerDuty alerts.

Cost Savings at Scale. Cloud provider load balancers charge per hour plus data processing fees. At scale, running Keepalived on commodity hardware costs a fraction of managed alternatives. A two-node Keepalived pair on $50/month VMs handles the same failover as a $25/month managed load balancer — but without per-GB data charges.

Network Sovereignty. In private data centers, edge deployments, or air-gapped environments, cloud load balancers are not an option. VRRP provides the same HA guarantees on bare metal that cloud providers offer natively.

Kubernetes Integration. Keepalived operators like the Red Hat COP Keepalived Operator bring VRRP-based VIP management to Kubernetes clusters, enabling bare-metal Kubernetes services with LoadBalancer-type external IPs without requiring MetalLB or cloud providers.

For container management dashboards, see our Portainer vs Dockge comparison. If you need Kubernetes backup solutions, our Velero vs Stash guide covers the options. For general Kubernetes security, check our K8s security auditing article.

FAQ

What is VRRP and why is it important?

VRRP (Virtual Router Redundancy Protocol) is a networking protocol that provides automatic failover for router gateways. It allows multiple routers to share a virtual IP address, ensuring that if the primary router fails, a backup takes over transparently. This is critical for maintaining network availability without manual intervention.

How fast does Keepalived failover occur?

Keepalived typically achieves failover in under one second. The advert_int parameter controls how frequently VRRP advertisements are sent (default: 1 second). With advert_int 1 and default fall/rise settings, failover occurs within 2-3 seconds. Tuning advert_int to sub-second values can achieve faster failover at the cost of increased network traffic.

Can Keepalived run in Docker containers?

Yes, Keepalived runs in Docker containers with NET_ADMIN and NET_RAW capabilities. The osixia/keepalived image provides a pre-configured container that accepts environment variables for virtual IPs, priority, and interface configuration. Note that network_mode: host is typically required for VRRP to function correctly.

What is the difference between VRRP and CARP?

VRRP (RFC 5798) and CARP (Common Address Redundancy Protocol) serve the same purpose — virtual IP failover. VRRP is an IETF standard with broader vendor support, while CARP was developed by OpenBSD as a patent-free alternative. Keepalived implements VRRP, while UCarp implements CARP.

How do I monitor VRRP state transitions?

The Keepalived Exporter exposes VRRP instance state as Prometheus metrics. You can set up Grafana dashboards to visualize state changes and configure alerts for unexpected failovers. Additionally, Keepalived supports SMTP notifications and custom notify scripts that can trigger PagerDuty, Slack, or email alerts.

Is Keepalived suitable for production use?

Yes, Keepalived is used extensively in production environments worldwide. It is the default HA solution for many Linux distributions and cloud platforms. Its mature codebase, active maintenance (last update: May 2025+), and extensive feature set make it the recommended choice for production VRRP deployments.

Can UCarp replace Keepalived for simple failover setups?

For simple two-node failover with a single virtual IP, UCarp is a viable alternative. It is lighter, has fewer dependencies, and uses the patent-free CARP protocol. However, it lacks built-in health checks, SNMP integration, and the advanced configuration options that Keepalived provides.