diff --git a/server/src/com/cloud/network/router/NicProfileHelper.java b/server/src/com/cloud/network/router/NicProfileHelper.java
index db42abf7c4d..580d78beec1 100644
--- a/server/src/com/cloud/network/router/NicProfileHelper.java
+++ b/server/src/com/cloud/network/router/NicProfileHelper.java
@@ -24,8 +24,7 @@ import com.cloud.vm.NicProfile;
 
 public interface NicProfileHelper {
 
-    public abstract NicProfile createPrivateNicProfileForGateway(
-            VpcGateway privateGateway);
+    public abstract NicProfile createPrivateNicProfileForGateway(final VpcGateway privateGateway, final VirtualRouter router);
 
     public abstract NicProfile createGuestNicProfileForVpcRouter(final RouterDeploymentDefinition vpcRouterDeploymentDefinition,
             Network guestNetwork);
diff --git a/server/src/com/cloud/network/router/NicProfileHelperImpl.java b/server/src/com/cloud/network/router/NicProfileHelperImpl.java
index 09e52119dc4..7d8c19ab09b 100644
--- a/server/src/com/cloud/network/router/NicProfileHelperImpl.java
+++ b/server/src/com/cloud/network/router/NicProfileHelperImpl.java
@@ -31,6 +31,7 @@ import com.cloud.network.Networks.AddressFormat;
 import com.cloud.network.Networks.BroadcastDomainType;
 import com.cloud.network.vpc.PrivateIpAddress;
 import com.cloud.network.vpc.PrivateIpVO;
+import com.cloud.network.vpc.Vpc;
 import com.cloud.network.vpc.VpcGateway;
 import com.cloud.network.vpc.VpcManager;
 import com.cloud.network.vpc.dao.PrivateIpDao;
@@ -38,7 +39,6 @@ import com.cloud.utils.db.DB;
 import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.Nic;
 import com.cloud.vm.NicProfile;
-import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.dao.NicDao;
 import com.cloud.vm.dao.VMInstanceDao;
 
@@ -61,19 +61,25 @@ public class NicProfileHelperImpl implements NicProfileHelper {
 
     @Override
     @DB
-    public NicProfile createPrivateNicProfileForGateway(final VpcGateway privateGateway) {
+    public NicProfile createPrivateNicProfileForGateway(final VpcGateway privateGateway, final VirtualRouter router) {
         final Network privateNetwork = _networkModel.getNetwork(privateGateway.getNetworkId());
-        final PrivateIpVO ipVO = _privateIpDao.allocateIpAddress(privateNetwork.getDataCenterId(), privateNetwork.getId(), privateGateway.getIp4Address());
+        PrivateIpVO ipVO = _privateIpDao.allocateIpAddress(privateNetwork.getDataCenterId(), privateNetwork.getId(), privateGateway.getIp4Address());
+
+        final Long vpcId = privateGateway.getVpcId();
+        final Vpc activeVpc = _vpcMgr.getActiveVpc(vpcId);
+        if (activeVpc.isRedundant() && ipVO == null) {
+            ipVO = _privateIpDao.findByIpAndVpcId(vpcId, privateGateway.getIp4Address());
+        }
+
         final Nic privateNic = _nicDao.findByIp4AddressAndNetworkId(ipVO.getIpAddress(), privateNetwork.getId());
 
         NicProfile privateNicProfile = new NicProfile();
 
         if (privateNic != null) {
-            final VirtualMachine vm = _vmDao.findById(privateNic.getInstanceId());
             privateNicProfile =
                     new NicProfile(privateNic, privateNetwork, privateNic.getBroadcastUri(), privateNic.getIsolationUri(), _networkModel.getNetworkRate(
-                            privateNetwork.getId(), vm.getId()), _networkModel.isSecurityGroupSupportedInNetwork(privateNetwork), _networkModel.getNetworkTag(
-                                    vm.getHypervisorType(), privateNetwork));
+                            privateNetwork.getId(), router.getId()), _networkModel.isSecurityGroupSupportedInNetwork(privateNetwork), _networkModel.getNetworkTag(
+                                    router.getHypervisorType(), privateNetwork));
         } else {
             final String netmask = NetUtils.getCidrNetmask(privateNetwork.getCidr());
             final PrivateIpAddress ip =
diff --git a/server/src/com/cloud/network/router/VpcNetworkHelperImpl.java b/server/src/com/cloud/network/router/VpcNetworkHelperImpl.java
index 2b008bd28aa..8b1d9fe9852 100644
--- a/server/src/com/cloud/network/router/VpcNetworkHelperImpl.java
+++ b/server/src/com/cloud/network/router/VpcNetworkHelperImpl.java
@@ -93,7 +93,7 @@ public class VpcNetworkHelperImpl extends NetworkHelperImpl {
         final List<PrivateGateway> privateGateways = vpcMgr.getVpcPrivateGateways(vpcId);
         if (privateGateways != null && !privateGateways.isEmpty()) {
             for (final PrivateGateway privateGateway : privateGateways) {
-                final NicProfile privateNic = nicProfileHelper.createPrivateNicProfileForGateway(privateGateway);
+                final NicProfile privateNic = nicProfileHelper.createPrivateNicProfileForGateway(privateGateway, router);
                 final Network privateNetwork = _networkModel.getNetwork(privateGateway.getNetworkId());
                 networks.put(privateNetwork, new ArrayList<NicProfile>(Arrays.asList(privateNic)));
             }
diff --git a/server/src/com/cloud/network/rules/PrivateGatewayRules.java b/server/src/com/cloud/network/rules/PrivateGatewayRules.java
index 17d90ead9e5..91f629cebdc 100644
--- a/server/src/com/cloud/network/rules/PrivateGatewayRules.java
+++ b/server/src/com/cloud/network/rules/PrivateGatewayRules.java
@@ -54,18 +54,18 @@ public class PrivateGatewayRules extends RuleApplier {
 
         boolean result = false;
         try {
-            NetworkModel networkModel = visitor.getVirtualNetworkApplianceFactory().getNetworkModel();
+            final NetworkModel networkModel = visitor.getVirtualNetworkApplianceFactory().getNetworkModel();
             _network = networkModel.getNetwork(_privateGateway.getNetworkId());
 
-            NicProfileHelper nicProfileHelper = visitor.getVirtualNetworkApplianceFactory().getNicProfileHelper();
-            NicProfile requested = nicProfileHelper.createPrivateNicProfileForGateway(_privateGateway);
+            final NicProfileHelper nicProfileHelper = visitor.getVirtualNetworkApplianceFactory().getNicProfileHelper();
+            final NicProfile requested = nicProfileHelper.createPrivateNicProfileForGateway(_privateGateway, _router);
 
-            NetworkHelper networkHelper = visitor.getVirtualNetworkApplianceFactory().getNetworkHelper();
+            final NetworkHelper networkHelper = visitor.getVirtualNetworkApplianceFactory().getNetworkHelper();
             if (!networkHelper.checkRouterVersion(_router)) {
                 s_logger.warn("Router requires upgrade. Unable to send command to router: " + _router.getId());
                 return false;
             }
-            VirtualMachineManager itMgr = visitor.getVirtualNetworkApplianceFactory().getItMgr();
+            final VirtualMachineManager itMgr = visitor.getVirtualNetworkApplianceFactory().getItMgr();
             _nicProfile = itMgr.addVmToNetwork(_router, _network, requested);
 
             // setup source nat
@@ -74,13 +74,13 @@ public class PrivateGatewayRules extends RuleApplier {
                 // result = setupVpcPrivateNetwork(router, true, guestNic);
                 result = visitor.visit(this);
             }
-        } catch (Exception ex) {
+        } catch (final Exception ex) {
             s_logger.warn("Failed to create private gateway " + _privateGateway + " on router " + _router + " due to ", ex);
         } finally {
             if (!result) {
                 s_logger.debug("Failed to setup gateway " + _privateGateway + " on router " + _router + " with the source nat. Will now remove the gateway.");
                 _isAddOperation = false;
-                boolean isRemoved = destroyPrivateGateway(visitor);
+                final boolean isRemoved = destroyPrivateGateway(visitor);
 
                 if (isRemoved) {
                     s_logger.debug("Removed the gateway " + _privateGateway + " from router " + _router + " as a part of cleanup");
@@ -101,7 +101,7 @@ public class PrivateGatewayRules extends RuleApplier {
     }
 
     public PrivateIpVO retrivePrivateIP(final NetworkTopologyVisitor visitor) {
-        PrivateIpVO ipVO = visitor.getVirtualNetworkApplianceFactory().getPrivateIpDao().findByIpAndSourceNetworkId(_nicProfile.getNetworkId(), _nicProfile.getIPv4Address());
+        final PrivateIpVO ipVO = visitor.getVirtualNetworkApplianceFactory().getPrivateIpDao().findByIpAndSourceNetworkId(_nicProfile.getNetworkId(), _nicProfile.getIPv4Address());
         return ipVO;
     }
 
@@ -110,20 +110,20 @@ public class PrivateGatewayRules extends RuleApplier {
         // RuleApplier super class.
         // Just doing this here, but will double check is remove if it's not
         // needed.
-        NetworkDao networkDao = visitor.getVirtualNetworkApplianceFactory().getNetworkDao();
-        Network network = networkDao.findById(_nicProfile.getNetworkId());
+        final NetworkDao networkDao = visitor.getVirtualNetworkApplianceFactory().getNetworkDao();
+        final Network network = networkDao.findById(_nicProfile.getNetworkId());
         return network;
     }
 
     protected boolean destroyPrivateGateway(final NetworkTopologyVisitor visitor) throws ConcurrentOperationException, ResourceUnavailableException {
 
-        NetworkModel networkModel = visitor.getVirtualNetworkApplianceFactory().getNetworkModel();
+        final NetworkModel networkModel = visitor.getVirtualNetworkApplianceFactory().getNetworkModel();
         if (!networkModel.isVmPartOfNetwork(_router.getId(), _privateGateway.getNetworkId())) {
             s_logger.debug("Router doesn't have nic for gateway " + _privateGateway + " so no need to removed it");
             return true;
         }
 
-        Network privateNetwork = networkModel.getNetwork(_privateGateway.getNetworkId());
+        final Network privateNetwork = networkModel.getNetwork(_privateGateway.getNetworkId());
 
         s_logger.debug("Releasing private ip for gateway " + _privateGateway + " from " + _router);
 
@@ -135,14 +135,14 @@ public class PrivateGatewayRules extends RuleApplier {
         }
 
         // revoke network acl on the private gateway.
-        NetworkACLManager networkACLMgr = visitor.getVirtualNetworkApplianceFactory().getNetworkACLMgr();
+        final NetworkACLManager networkACLMgr = visitor.getVirtualNetworkApplianceFactory().getNetworkACLMgr();
         if (!networkACLMgr.revokeACLItemsForPrivateGw(_privateGateway)) {
             s_logger.debug("Failed to delete network acl items on " + _privateGateway + " from router " + _router);
             return false;
         }
 
         s_logger.debug("Removing router " + _router + " from private network " + privateNetwork + " as a part of delete private gateway");
-        VirtualMachineManager itMgr = visitor.getVirtualNetworkApplianceFactory().getItMgr();
+        final VirtualMachineManager itMgr = visitor.getVirtualNetworkApplianceFactory().getItMgr();
         result = result && itMgr.removeVmFromNetwork(_router, privateNetwork, null);
         s_logger.debug("Private gateawy " + _privateGateway + " is removed from router " + _router);
         return result;
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index e1c01eb4e1a..24d75e55e85 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -28,7 +28,7 @@ from CsRoute import CsRoute
 from CsRule import CsRule
 
 VRRP_TYPES = ['guest']
-
+PUBLIC_INTERFACE = ['eth1']
 
 class CsAddress(CsDataBag):
 
@@ -314,9 +314,10 @@ class CsIP:
         for i in CsHelper.execute(cmd):
             if " DOWN " in i:
                 cmd2 = "ip link set %s up" % self.getDevice()
-                # If redundant do not bring up public interfaces
-                # master.py and keepalived will deal with them
-                if self.cl.is_redundant() and not self.is_public():
+                # If redundant only bring up public interfaces that are not eth1.
+                # Reason: private gateways are public interfaces.
+                # master.py and keepalived will deal with eth1 public interface.
+                if self.cl.is_redundant() and (not self.is_public() or self.getDevice() not in PUBLIC_INTERFACE):
                     CsHelper.execute(cmd2)
                 # if not redundant bring everything up
                 if not self.cl.is_redundant():