VRRP sync group gets unsync when tracked interface is pulled from bridge #2685
Description
The issue
I have two VRRP instances (eth0_1 and eth2_2) in a sync group. The first instance runs on eth0 and tracks interface eth1 (which is a member of bridge test_br). The second instance runs on eth2. First, I shut down the primary VRRP interface (ifdown eth0). Then, while eth0 is down, I remove the tracked interface eth1 from its bridge (brctl delif test_br eth1). Next, I bring the VRRP interface back online (ifup eth0). Finally, when I shut down eth0 the second time (ifdown eth0), the sync group breaks.
To reproduce:
-
ifdown eth0
-
brctl delif test_br eth1
-
ifup eth0
-
ifdown eth0
After step 4, The first instance (eth0_1) goes to FAULT state (which is correct since its interface is down), but the second instance (eth2_2) goes to BACKUP state instead of FAULT.
Expected behavior:
Both VRRP instances in the sync group should be synchronized. When eth0 goes down the second time, eth2_2 should transition to FAULT state along with eth0_1.
Actual behavior:
After the sequence of operations involving bridge interface removal, the VRRP sync group becomes desynchronized. eth2_2 remains in BACKUP state while eth0_1 is in FAULT state.
Keepalived version
Keepalived v2.3.3 (04/17,2025)¶
¶
Copyright(C) 2001-2025 Alexandre Cassen, <acassen@gmail.com>¶
¶
Built with kernel headers for Linux 6.1.55¶
Running on Linux 6.1.0-13st1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1+b1+sterra13 (2025-12-19)¶
Distro: Debian GNU/Linux 12 (bookworm)¶
¶
configure options: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking --enable-snmp --enable-sha1 --enable-snmp-rfcv2 --enable-snmp-rfcv3 --enable-dbus --enable-json --enable-bfd --enable-regex --enable-log-file build_alias=x86_64-linux-gnu CFLAGS=-g -O2 -ffile-prefix-map=/builds/vnovikov/keepalived=. -fstack-protector-strong -Wformat -Werror=format-security LDFLAGS=-Wl,-z,relro CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2¶
¶
Config options: NFTABLES LVS REGEX VRRP VRRP_AUTH VRRP_VMAC JSON BFD OLD_CHKSUM_COMPAT SNMP_V3_FOR_V2 SNMP_VRRP SNMP_CHECKER SNMP_RFCV2 SNMP_RFCV3 DBUS IPROUTE_ETC_DIR=/etc/iproute2 IPROUTE_USR_DIR=/usr/share/iproute2 FILE_LOGGING LOG_FILE_APPEND INIT=systemd SYSTEMD_NOTIFY¶
¶
System options: VSYSLOG MEMFD_CREATE IPV6_FREEBIND IPV6_MULTICAST_ALL IPV4_DEVCONF LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE IFA_FLAGS F_OFD_SETLK IFA_PROTO LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA NET_LINUX_IF_H_COLLISION LIBIPVS_NETLINK IPVS_DEST_ATTR_ADDR_FAMILY IPVS_SYNCD_ATTRIBUTES IPVS_64BIT_STATS IPVS_TUN_TYPE IPVS_TUN_CSUM IPVS_TUN_GRE VRRP_IPVLAN IFLA_LINK_NETNSID GLOB_BRACE GLOB_ALTDIRFUNC INET6_ADDR_GEN_MODE VRF SO_MARK¶
Config
global_defs {
enable_dbus
}
vrrp_sync_group 0 {
notify "/etc/keepalived/scripts/notify_common"
group {
eth0_1
eth2_2
}
}
vrrp_instance eth0_1 {
version 3
interface eth0
virtual_routes {
0.0.0.0/0 via 172.16.100.1 src 172.16.100.100 dev eth0
}
track_interface {
eth1
}
virtual_ipaddress {
172.16.100.100/24 label eth0:900
}
priority 100
advert_int 3
garp_master_refresh 5
virtual_router_id 1
}
vrrp_instance eth2_2 {
version 3
interface eth2
virtual_ipaddress {
192.168.254.100/24 label eth2:900
}
priority 100
advert_int 3
garp_master_refresh 5
virtual_router_id 2
}
System Log entries
root@Hub1-n1:~# brctl show
bridge name bridge id STP enabled interfaces
test_br 8000.0050569e6d23 no eth1
root@Hub1-n1:~# ip a show dev eth1 && ip a show dev test_br
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master test_br state UP group default qlen 10000
link/ether 00:50:56:9e:6d:23 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
altname GigabitEthernet0_1
inet6 fe80::47b:f260:db6f:2d6/64 scope link stable-privacy
valid_lft forever preferred_lft forever
14: test_br: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:50:56:9e:6d:23 brd ff:ff:ff:ff:ff:ff
root@Hub1-n1:~# ifdown eth0
root@Hub1-n1:~# brctl delif test_br eth1
2026-01-16T14:27:44.056354+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth2_2) Entering BACKUP STATE
2026-01-16T14:27:44.056371+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth0_1) Entering FAULT STATE
2026-01-16T14:27:44.056389+03:00 Hub1-n1 Keepalived_vrrp[6197]: VRRP_Group(0) Syncing instances to FAULT state
2026-01-16T14:27:44.127903+03:00 Hub1-n1 Keepalived_vrrp[6197]: Netlink reports eth0 down
2026-01-16T14:27:49.815546+03:00 Hub1-n1 Keepalived_vrrp[6197]: Interface eth1 deleted
2026-01-16T14:27:49.831926+03:00 Hub1-n1 Keepalived_vrrp[6197]: Netlink reports eth1 up
root@Hub1-n1:~# ifup eth0
2026-01-16T14:28:34.006854+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth0_1) Entering BACKUP STATE
2026-01-16T14:28:34.007041+03:00 Hub1-n1 Keepalived_vrrp[6197]: VRRP_Group(0) Syncing instances to BACKUP state
2026-01-16T14:28:34.007080+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth2_2) Entering BACKUP STATE
2026-01-16T14:28:34.088579+03:00 Hub1-n1 Keepalived_vrrp[6197]: Netlink reports eth0 up
2026-01-16T14:28:34.475635+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth0_1) received lower priority (50) advert from 172.16.100.20 - discarding
<...>
2026-01-16T14:28:43.476212+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth0_1) received lower priority (50) advert from 172.16.100.20 - discarding
2026-01-16T14:28:44.834659+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth2_2) Entering MASTER STATE
2026-01-16T14:28:44.834777+03:00 Hub1-n1 Keepalived_vrrp[6197]: VRRP_Group(0) Syncing instances to MASTER state
2026-01-16T14:28:44.834806+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth0_1) Entering MASTER STATE
root@Hub1-n1:~# ifdown eth0
2026-01-16T14:28:54.849259+03:00 Hub1-n1 Keepalived_vrrp[6197]: Netlink reflector reports IP 172.16.100.100 removed from eth0
2026-01-16T14:28:54.849349+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth0_1) Entering BACKUP STATE <<<---
2026-01-16T14:28:54.849384+03:00 Hub1-n1 Keepalived_vrrp[6197]: Netlink: error: No such process(3), type=RTM_DELROUTE(25), seq=1768562722, pid=0
2026-01-16T14:28:54.849415+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth2_2) Entering BACKUP STATE
2026-01-16T14:28:54.849443+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth0_1) Entering FAULT STATE
2026-01-16T14:28:54.919797+03:00 Hub1-n1 Keepalived_vrrp[6197]: Netlink reports eth0 down
2026-01-16T14:28:57.264840+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth2_2) received lower priority (50) advert from 192.168.254.2 - discarding
2026-01-16T14:29:00.265842+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth2_2) received lower priority (50) advert from 192.168.254.2 - discarding
2026-01-16T14:29:03.265838+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth2_2) received lower priority (50) advert from 192.168.254.2 - discarding
2026-01-16T14:29:06.266017+03:00 Hub1-n1 Keepalived_vrrp[6197]: (eth2_2) received lower priority (50) advert from 192.168.254.2 - discardin