"Fossies" - the Fresh Open Source Software Archive

Member "neutron-14.0.3/doc/source/admin/deploy-lb-ha-vrrp.rst" (22 Oct 2019, 6680 Bytes) of package /linux/misc/openstack/neutron-14.0.3.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

Linux bridge: High availability using VRRP

Warning

This high-availability mechanism is not compatible with the layer-2 population mechanism. You must disable layer-2 population in the linuxbridge_agent.ini file and restart the Linux bridge agent on all existing network and compute nodes prior to deploying the example configuration.

Prerequisites

Add one network node with the following components:

Note

You can keep the DHCP and metadata agents on each compute node or move them to the network nodes.

Architecture

High-availability using Linux bridge with VRRP - overview

The following figure shows components and connectivity for one self-service network and one untagged (flat) network. The master router resides on network node 1. In this particular case, the instance resides on the same compute node as the DHCP agent for the network. If the DHCP agent resides on another compute node, the latter only contains a DHCP namespace and Linux bridge with a port on the overlay physical network interface.

High-availability using Linux bridge with VRRP - components and connectivity - one network

Example configuration

Use the following example configuration as a template to add support for high-availability using VRRP to an existing operational environment that supports self-service networks.

Controller node

  1. In the neutron.conf file:
  2. Restart the following services:

Network node 1

No changes.

Network node 2

  1. Install the Networking service Linux bridge layer-2 agent and layer-3 agent.

  2. In the neutron.conf file, configure common options:

  3. In the linuxbridge_agent.ini file, configure the layer-2 agent.

    [linux_bridge]
    physical_interface_mappings = provider:PROVIDER_INTERFACE
    
    [vxlan]
    enable_vxlan = True
    local_ip = OVERLAY_INTERFACE_IP_ADDRESS
    
    [securitygroup]
    firewall_driver = iptables

    Warning

    By default, Linux uses UDP port 8472 for VXLAN tunnel traffic. This default value doesn't follow the IANA standard, which assigned UDP port 4789 for VXLAN communication. As a consequence, if this node is part of a mixed deployment, where nodes with both OVS and Linux bridge must communicate over VXLAN tunnels, it is recommended that a line containing udp_dstport = 4789 be added to the [vxlan] section of all the Linux bridge agents. OVS follows the IANA standard.

    Replace PROVIDER_INTERFACE with the name of the underlying interface that handles provider networks. For example, eth1.

    Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the interface that handles VXLAN overlays for self-service networks.

  4. In the l3_agent.ini file, configure the layer-3 agent.

    [DEFAULT]
    interface_driver = linuxbridge
  5. Start the following services:

Compute nodes

No changes.

Verify service operation

  1. Source the administrative project credentials.

  2. Verify presence and operation of the agents.

    $ openstack network agent list
    +--------------------------------------+--------------------+----------+-------------------+-------+-------+---------------------------+
    | ID                                   | Agent Type         | Host     | Availability Zone | Alive | State | Binary                    |
    +--------------------------------------+--------------------+----------+-------------------+-------+-------+---------------------------+
    | 09de6af6-c5f1-4548-8b09-18801f068c57 | Linux bridge agent | compute2 | None              | True  | UP    | neutron-linuxbridge-agent |
    | 188945d1-9e70-4803-a276-df924e0788a4 | Linux bridge agent | compute1 | None              | True  | UP    | neutron-linuxbridge-agent |
    | e76c440d-d5f6-4316-a674-d689630b629e | DHCP agent         | compute1 | nova              | True  | UP    | neutron-dhcp-agent        |
    | e67367de-6657-11e6-86a4-931cd04404bb | DHCP agent         | compute2 | nova              | True  | UP    | neutron-dhcp-agent        |
    | e8174cae-6657-11e6-89f0-534ac6d0cb5c | Metadata agent     | compute1 | None              | True  | UP    | neutron-metadata-agent    |
    | ece49ec6-6657-11e6-bafb-c7560f19197d | Metadata agent     | compute2 | None              | True  | UP    | neutron-metadata-agent    |
    | 598f6357-4331-4da5-a420-0f5be000bec9 | L3 agent           | network1 | nova              | True  | UP    | neutron-l3-agent          |
    | f4734e0f-bcd5-4922-a19d-e31d56b0a7ae | Linux bridge agent | network1 | None              | True  | UP    | neutron-linuxbridge-agent |
    | 670e5805-340b-4182-9825-fa8319c99f23 | Linux bridge agent | network2 | None              | True  | UP    | neutron-linuxbridge-agent |
    | 96224e89-7c15-42e9-89c4-8caac7abdd54 | L3 agent           | network2 | nova              | True  | UP    | neutron-l3-agent          |
    +--------------------------------------+--------------------+----------+-------------------+-------+-------+---------------------------+

Create initial networks

Verify network operation

Verify failover operation

Keepalived VRRP health check

Network traffic flow

This high-availability mechanism simply augments deploy-lb-selfservice with failover of layer-3 services to another router if the master router fails. Thus, you can reference Self-service network traffic flow <deploy-lb-selfservice-networktrafficflow> for normal operation.