Attach secondary IP to nebula interface

Hello

We are configuring keepalived which needs a shared VIP between the two hosts. As we want to have it inside nebula network we tried to attach the VIP address to the nebula interface but there is not connectivity from outside that VM:

3: nebula1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1300 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 10.0.0.1/24 scope global nebula1
       valid_lft forever preferred_lft forever
    inet 10.0.0.10/24 scope global secondary nebula1
       valid_lft forever preferred_lft forever

Is any valid configuration to make it works?

regards

As you may have already seen in #389 this is currently not possible.

Even if sharing IPs was supported, you'll quickly find out that it still won't work because VRRP announcements (which keepalived uses) are done over L2 which nebula doesn't handle.

You are however free to run another tunnel (presumably an L2 one) on top of nebula, but that seems kind of pointless since by doing so you're essentially negating the benefits you get from using nebula in the first place (e.g. built-in firewall).

What end goal are you trying to accomplish? Perhaps there's a better way to do this within the constraints of nebula.

What end goal are you trying to accomplish? Perhaps there's a better way to do this within the constraints of nebula.

Hello @benyanke

The end goal is having a failover IP or virtual IP shared between two or three machines, which will be assigned be keepalived inside nebula network. What is the better way of doing this? :)

thanks

Are the primary consumers of the service clients within nebula or outside? Perhaps a pair of load balancers with DNS round robin could provide some of the tooling you need.

Closing this out per discussion above.