# Basic HA Setup (VRRP)

Documentation on how to set up an active passive VRRP Cluster
All the needed Commands use the STACKIT Cli.

Overview core components:

VRRP Sync between two Virtual Machines including Security Groups and Port Security setup (additional adresses)
![](docs/ha.svg)

![](docs/vip.svg)

## Basic Network Config
Creation of a STACKIT Network where the VMs and NIC adapters will be placed.
```bash
NETWORKID=$(stackit network create --name demo --ipv4-dns-name-servers "1.1.1.1,8.8.8.8,9.9.9.9" --ipv4-prefix "10.1.2.0/24" -y -o json | jq -r .networkId) 
```

## Security Groups

Basic Security Group to allow VRRP & ICMP Traffic for failover

**Create the Security Group**:
```bash
SECGROUPID=$(stackit security-group create --name VRRP -y -o json | jq -r .id)
```

**Create the Security Rules**:
Allow VRRP & ICMP for testing only
```bash
stackit security-group rule create --security-group-id $SECGROUPID --direction ingress --protocol-name icmp 
stackit security-group rule create --security-group-id $SECGROUPID --direction ingress --protocol-name vrrp 
```

## Network Adapters

We need three network interfaces.
One for each server an the third for registering the internal vip address.

**Network Interface for the VIP**:
```bash
VIPNICID=$(stackit network-interface create --network-id $NETWORKID --name vipPort -y -o json | jq -r .id)
```

**Get the (v)IP of the NIC**:
```bash
VIPIP=$(stackit network-interface describe $VIPNICID --network-id $NETWORKID -o json | jq -r .ipv4)
```

**Network Interface for the VMs**:
```bash
NICID=$(stackit network-interface create --network-id $NETWORKID --allowed-addresses $VIPIP --name <nicName> --security-groups $SECGROUPID,<defaultSecGroupId> -y -o json | jq -r .id)
```

## Set up the virtual Machines

Create two VMs with a Debian 12 as OS.

```bash
stackit server create --boot-volume-performance-class storage_premium_perf4 --boot-volume-size 32 --boot-volume-source-type image --boot-volume-source-id 03e19c6a-d73a-4ba9-96af-4bd03cf905d3 --keypair-name <sshKeyPair> --availability-zone eu01-1 --machine-type c1.2 --name <serverName> --network-interface-ids $NICID
```

## External floating Addresses (HA)
To access the HA cluster from the Internet bind a Public IP to our vIP NIC adapter so the WAN ip is always pointed to the active replica.
```bash
stackit public-ip create --associated-resource-id $VIPNICID
```