Fault tolerance virtual IP


I am a newcomer to Docker Swarm but have been reading quite a bit the last days. I have understood the concept of overlay mesh networking and that ports published to a service will be available on all nodes running the service.

What I can’t get my head around is how to do port forwarding with fault tolerance from my firewall. It is totally fine that I have the port on all the nodes but what if the specific node that I portforward to is down? I’ve read suggestions about using a load balancer that detects if a node is down. But that just moves the problem to the load balancer. What if the node running the load balancer is down?

See the first response in this thread,

I would have the same problem if the node, that I port forward to, running docker-flow-proxy is down. Wouldn’t help that I have two replicas of docker-flow-proxy running, I still only port forward to one of the nodes.

Meyay’s response in this thread, Virtual IP in a swarm talks about NET_ADMIN and some functionality that can shift a virtual IP between a master and a slave node. That sounds like what I want. Sadly there is no reference in the thread to how this works and I haven’t been able to find more inormation my self.

Could anyone give some pointers or advise?


What you want is a floating IP. You can use Keepalived to create a setup that shifts a floating ip from one node to another. Check for further details.

Though, it can not be run as a swarm service. You might want to install it straight on your hosts or run it as a plain docker container (from cli or docker-compose).


Thank you, I will try that one!

Thank you, this works like a charm! :+1: