diff --git a/filter_plugins/net_utils.py b/filter_plugins/net_utils.py
index 082f34d..5eecace 100644
--- a/filter_plugins/net_utils.py
+++ b/filter_plugins/net_utils.py
@@ -1,3 +1,6 @@
+import ipaddress
+from operator import attrgetter
+
 import dns.name
 
 
@@ -5,9 +8,33 @@ class FilterModule:
     def filters(self):
         return {
             "remove_domain_suffix": remove_domain_suffix,
+            "ipaddr_sort": ipaddr_sort,
         }
 
 
 def remove_domain_suffix(name):
     parent = dns.name.from_text(name).parent()
     return parent.to_text()
+
+
+def ipaddr_sort(addrs, types, unknown_after=True):
+    check_types = {
+        "global": attrgetter("is_global"),
+        "link-local": attrgetter("is_link_local"),
+        "loopback": attrgetter("is_loopback"),
+        "multicast": attrgetter("is_multicast"),
+        "private": attrgetter("is_private"),
+        "reserved": attrgetter("is_reserved"),
+        "site_local": attrgetter("is_site_local"),
+        "unspecified": attrgetter("is_unspecified"),
+    }
+
+    def addr_weight(addr):
+        if isinstance(addr, str):
+            addr = ipaddress.ip_address(addr.split("/")[0])
+        for index, ty in enumerate(types):
+            if check_types[ty](ipaddress.ip_address(addr)):
+                return index
+        return len(types) if unknown_after else -1
+
+    return sorted(addrs, key=addr_weight)
diff --git a/roles/keepalived/defaults/main.yml b/roles/keepalived/defaults/main.yml
index 6bbee8b..ee034f3 100644
--- a/roles/keepalived/defaults/main.yml
+++ b/roles/keepalived/defaults/main.yml
@@ -3,4 +3,5 @@ keepalived__virtual_addresses: {}
 keepalived__notify_master: []
 keepalived__notify_backup: []
 keepalived__notify_fault: []
+keepalived__max_auto_priority: -1
 ...
diff --git a/roles/keepalived/templates/keepalived.conf.j2 b/roles/keepalived/templates/keepalived.conf.j2
index 257e44c..c99ae10 100644
--- a/roles/keepalived/templates/keepalived.conf.j2
+++ b/roles/keepalived/templates/keepalived.conf.j2
@@ -5,6 +5,9 @@ global_defs {
     script_user root
     enable_script_security
     vrrp_version 3
+{% if keepalived__max_auto_priority is defined %}
+    max_auto_priority {{ keepalived__max_auto_priority | int }}
+{% endif %}
 }
 
 {%
@@ -38,7 +41,7 @@ vrrp_sync_group group {
 
 {% if ipv4_enabled %}
 vrrp_instance instance_v4 {
-    virtual_router_id {{ keepalived__virtual_router_id }}
+    virtual_router_id {{ keepalived__virtual_router_id | int }}
     interface {{ keepalived__interface }}
     state BACKUP
     priority 250
@@ -64,7 +67,7 @@ vrrp_instance instance_v4 {
 
 {% if ipv6_enabled %}
 vrrp_instance instance_v6 {
-    virtual_router_id {{ keepalived__virtual_router_id }}
+    virtual_router_id {{ keepalived__virtual_router_id | int }}
     interface {{ keepalived__interface }}
     state BACKUP
     priority 250
@@ -73,7 +76,7 @@ vrrp_instance instance_v6 {
     accept
     virtual_ipaddress {
 {% for dev, addresses in keepalived__virtual_addresses.items() %}
-{% for address in addresses %}
+{% for address in addresses | ipaddr_sort(["link-local"]) %}
 {% if address | ansible.utils.ipv6 %}
         {{ address }} dev {{ dev }}
 {% endif %}