[Solved] Keepalived Configurate Error: Unicast peers are not supported in strict mode

Unicast peers are not supported in strict mode

Error reporting information, reasons for error reporting, and exclusion of error digressions

Error message

Oct 14 19:18:45 ka1 Keepalived_vrrp[1306]: (Web_1) Strict mode does not support authentication. Ignoring.
Oct 14 19:18:45 ka1 Keepalived_vrrp[1306]: (Web_1) Unicast peers are not supported in strict mode
Oct 14 19:18:45 ka1 Keepalived_vrrp[1306]: Stopped - used 0.000000 user time, 0.001451 system time
Oct 14 19:18:45 ka1 Keepalived[1305]: Startup complete
Oct 14 19:18:45 ka1 Keepalived[1305]: pid 1306 exited with permanent error CONFIG. Terminating
Oct 14 19:18:45 ka1 Keepalived[1305]: CPU usage (self/children) user: 0.000000/0.000000 system: 0.001419/0.001747
Oct 14 19:18:45 ka1 Keepalived[1305]: Stopped Keepalived v2.2.4 (08/21,2021)

Error reporting reason

vrrp_Strict mode and unicast_src_IP conflicts cause keepalived startup failure
in addition, VRRP_Strict also conflicts with nopreempt and other configurations. It is recommended to delete or comment directly

Troubleshooting errors

vi /etc/keepalived/keepalived.conf

Comment or delete the following lines


Restart keepalived after saving

systemctl restart keepalived


See other students’ keepalived help posts during troubleshooting
https://ask.csdn.net/questions/771124?Wechatoa =
although we don’t know the final reason, we also analyze the problem

The problem is divided into two steps
first, the automatic switching of VIP caused by preemption is mainly
1.43. When 43 is started, the virtual IP is switched to 43, which is caused by preemption mode.
solution: set keepalived to non gunfight mode, so that you stop 43, switch to 47, and start 43 again without forcing the VIP to switch back to 43.
VRRP_ Nopreempt
II. VIP is inaccessible on 43.
VIP is inaccessible. The specific phenomenon of “inaccessibility” described here is not well understood. It is speculated that there are three possibilities.
1vip cannot Ping through
look at the firewall configuration
systemctl stop firewalld & amp& amp; Iptables – f (please confirm the firewall configuration again and again to avoid losing some required configurations)
for the configuration of keepalived, theoretically you do not configure VRRP_ Strict is VRRP that does not need to be configured separately_ Iptables, but you didn’t mention the specific keepalived version. It doesn’t rule out some special bugs in the small version
Global_ Adding VRRP to defs_ Iptables
3. A service such as nginx or Apache cannot be accessed
3.1. Check the listen configuration item of the corresponding configuration file. The most brutal way is to set it to 0.0.0
3.2. SS – ntlp to check the listening of the corresponding port
3.3. Use tools such as curl to test successively, server IP and VIP to see whether they return normally.
3.4. If the database is used, check the authorization of relevant accounts

Read More: