KEEPALIVED(8)                System Manager's Manual               KEEPALIVED(8)

       keepalived - load-balancing and high-availability service

       keepalived [-f|--use-file=FILE] [-P|--vrrp] [-C|--check] [-B|--no_bfd]
       [--all] [-l|--log-console] [-D|--log-detail] [-S|--log-facility={0-7}]
       [-g|--log-file=FILE] [--flush-log-file] [-G|--no-syslog]
       [-X|--release-vips] [-V|--dont-release-vrrp] [-I|--dont-release-ipvs]
       [-R|--dont-respawn] [-n|--dont-fork] [-d|--dump-conf] [-p|--pid=FILE]
       [-r|--vrrp_pid=FILE] [-c|--checkers_pid=FILE] [-a|--address-monitoring]
       [-b|--bfd_pid=FILE] [-s|--namespace=NAME] [-i|--config-id id] [-x|--snmp]
       [-A|--snmp-agent-socket=FILE] [-u|--umask=NUMBER] [-m|--core-dump]
       [-M|--core-dump-pattern[=PATTERN]] [--signum=SIGFUNC]
       [-t|--config-test[=FILE]] [--perf[={all|run|end}]] [--debug[=debug-
       options]] [-v|--version] [-h|--help]

       Keepalived provides simple and robust facilities for load-balancing and
       high-availability. The load-balancing framework relies on the well-known
       and widely used Linux Virtual Server (IPVS) kernel module providing
       Layer4 load-balancing. Keepalived implements a set of checkers to
       dynamically and adaptively maintain and manage a load-balanced server
       pool according to their health. Keepalived also implements the VRRPv2 and
       VRRPv3 protocols to achieve high-availability with director failover.

        -f, --use-file=FILE
              Use the specified configuration file. The default configuration
              file is "/etc/keepalived/keepalived.conf".

        -P, --vrrp
              Only run the VRRP subsystem. This is useful for configurations
              that do not use the IPVS load balancer.

        -C, --check
              Only run the healthcheck subsystem. This is useful for
              configurations that use the IPVS load balancer with a single
              director with no failover.

        -B, --no_bfd
              Don't run the BFD subsystem.

        --all Run all subsystems, even if they have no configuration.

        -l, --log-console
              Log messages to the local console. The default behavior is to log
              messages to syslog.

        -D, --log-detail
              Detailed log messages.

        -S, --log-facility=[0-7]
              Set syslog facility to LOG_LOCAL[0-7]. The default syslog facility
              is LOG_DAEMON.

        -g, --log-file=FILE
              Write log entries to FILE. FILE will have _vrrp, _healthcheckers,
              and _bfd inserted before the last '.' in FILE for the log output
              for those processes.

              If using the -g option, the log file stream will be flushed after
              each write.

        -G, --no-syslog
              Do not write log entries to syslog. This can be useful if the rate
              of writing log entries is sufficiently high that syslog will rate
              limit them, and the -g option is used instead.

        -X, --release-vips
              Drop VIP on transition from signal.

        -V, --dont-release-vrrp
              Don't remove VRRP VIPs and VROUTEs on daemon stop. The default
              behavior is to remove all VIPs and VROUTEs when keepalived exits.

        -I, --dont-release-ipvs
              Don't remove IPVS topology on daemon stop. The default behavior it
              to remove all entries from the IPVS virtual server table when
              keepalived exits.

        -R, --dont-respawn
              Don't respawn child processes. The default behavior is to restart
              the VRRP and checker processes if either process exits.

        -n, --dont-fork
              Don't fork the daemon process. This option will cause keepalived
              to run in the foreground.

        -d, --dump-conf
              Dump the configuration data.

        -p, --pid=FILE
              Use the specified pidfile for the parent keepalived process. The
              default pidfile for keepalived is "/var/run/",
              unless a network namespace is being used. See NAMESPACES below for
              more details.

        -r, --vrrp_pid=FILE
              Use the specified pidfile for the VRRP child process. The default
              pidfile for the VRRP child process is
              "/var/run/", unless a network namespace is
              being used.

        -c, --checkers_pid=FILE
              Use the specified pidfile for checkers child process. The default
              pidfile for the checker child process is
              "/var/run/" unless a network namespace is
              being used.

        -a, --address-monitoring
              Log all address additions/deletions reported by netlink.

        -b, --bfd_pid=FILE
              Use the specified pidfile for the BFD child process. The default
              pidfile for the BFD child process is "/var/run/"
              unless a network namespace is being used.

        -s, --namespace=NAME
              Run keepalived in network namespace NAME. See NAMESPACES below for
              more details.

        -i, --config-id ID
              Use configuration id ID, for conditional configuration (defaults
              to hostname without the domain name).

        -x, --snmp
              Enable the SNMP subsystem.

        -A, --snmp-agent-socket=FILE
              Use the specified socket for connection to SNMP master agent.

        -u, --umask=NUMBER
              The umask specified in the usual numeric way - see man umask(2)

        -m, --core-dump
              Override the RLIMIT_CORE hard and soft limits to enable keepalived
              to produce a coredump in the event of a segfault or other failure.
              This is most useful if keepalived has been built with 'make
              debug'.  Core dumps will be created in /, unless keepalived is run
              with the --dont-fork option, in which case they will be created in
              the directory from which keepalived was run, or they will be
              created in the directory of a configuraton file if the fault
              occurs while reading the file.

        -M, --core-dump-pattern[=PATTERN]
              Sets option --core-dump, and also updates
              /proc/sys/kernel/core_pattern to the pattern specified, or 'core'
              if none specified.  Provided the parent process doesn't terminate
              abnormally, it will restore /proc/sys/kernel/core_pattern to its
              original value on exit.

              Note: This will also affect any other process producing a core
              dump while keepalived is running.

              Returns the signal number to use for STOP, RELOAD, DATA, STATS and
              JSON.  For example, to stop keepalived running, execute:

              kill -s $(keepalived --signum=STOP) $(cat /var/run/

        -t, --config-test[=FILE]
              Keepalived will check the configuration file and exit with non-
              zero exit status if there are errors in the configuration,
              otherwise it exits with exit status 0 (see Exit status below for

              Rather that writing to syslog, it will write diagnostic messages
              to stderr unless file is specified, in which case it will write to
              the file.

              Record perf data for vrrp process. Data will be written to
              /  The data recorded is for use with the perf tool.

              Enables debug options if they have been compiled into keepalived.
              debug-options is made up of a sequence of strings of the form
              The upper case letter specifies the debug option, and the lower
              case letters specify for which processes the option is to be
              If a debug option is not followed by any lower case letters, the
              debug option is enabled for all processes.

              The characters to identify the processes are:

              Chr   Process
               p    Parent process

               b    BFD process
               c    Checker process
               v    VRRP process

              The characters used to identify the debug options are:

              Chr   Debug option
               D    Epoll thread dump
               E    Epoll debug
               F    VRRP fd debug
               N    Netlink timers
               P    Network timestamp
               X    Regex timers
               M    Email alert debug
               T    Timer debug
               S    TSM debug
               R    Regex debug

              Example: --debug=DvEcvNR

        -v, --version
              Display the version and exit.

        -h, --help
              Display this help message and exit.

   Exit status:
       0      if OK

       1      if unable to malloc memory

       2      if cannot initialise subsystems

       3      if running with --config-test and configuration cannot be run

       4      if running with --config-test and there are configuration errors
              but keepalived will run after modifying the configuration

       5      if running with --config-test and script security hasn't been
              enabled but scripts are configured.

       keepalived can be run in a network namespace (see keepalived.conf(5) for
       configuration details). When run in a network namespace, a local mount
       namespace is also created, and
       /var/run/keepalived/keepalived_NamespaceName is mounted on
       /var/run/keepalived. By default, pid files with the usual default names
       are then created in /var/run/keepalived from the perspective of a process
       in the mount namespace, and they will be visible in
       /var/run/keepalived/keepalived_NamespaceName for a process running in the
       default mount namespace.

       keepalived reacts to a set of signals.  You can send a signal to the
       parent keepalived process using the following:

              kill -SIGNAL $(cat /var/run/

       or better:

              kill -s $(keepalived --signum=SIGFUNC) $(cat /var/run/

       Note that if the first option is used, -SIGNAL must be replaced with the
       actual signal you are trying to send, e.g. with HUP. So it then becomes:

              kill -HUP $(cat /var/run/

       Signals other than for STOP, RELOAD, DATA and STATS may change depending
       on the kernel, and also what functionality is included in the version of
       the keepalived depending on the build options used.

              This causes keepalived to close down all interfaces, reload its
              configuration, and start up with the new configuration.

              keepalived will shut down.

              Write configuration data to /tmp/

              Write statistics info to /tmp/keepalived.stats

              Write configuration data in JSON format to /tmp/keepalived.json

       If you are running a firewall (see firewalld(8)) you must allow VRRP
       protocol traffic through the firewall. For example if this instance of
       keepalived(8) has a peer node on IPv4 address

              # firewall-cmd \
                  --add-rich-rule="rule family='ipv4' \
                                   source address='' \
                                   protocol value='vrrp' accept" --permanent
              # firewall-cmd --reload

       keepalived.conf(5), ipvsadm(8)

       This man page was written by Ryan O'Hara <>

                                    July 2018                      KEEPALIVED(8)