 b09b44608b
			
		
	
	b09b44608b
	
	
	
		
			
			This option is deprecated and marked to be deleted in Ocata. So as we are now in Stein development cycle I think that it's good time to remove it. Change-Id: I07474713206c218710544ad98c08caaa37dbf53a
		
			
				
	
	
		
			183 lines
		
	
	
		
			6.5 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			183 lines
		
	
	
		
			6.5 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| .. _deploy-lb-ha-vrrp:
 | |
| 
 | |
| ==========================================
 | |
| Linux bridge: High availability using VRRP
 | |
| ==========================================
 | |
| 
 | |
| .. include:: shared/deploy-ha-vrrp.txt
 | |
| 
 | |
| .. warning::
 | |
| 
 | |
|    This high-availability mechanism is not compatible with the layer-2
 | |
|    population mechanism. You must disable layer-2 population in the
 | |
|    ``linuxbridge_agent.ini`` file and restart the Linux bridge agent
 | |
|    on all existing network and compute nodes prior to deploying the example
 | |
|    configuration.
 | |
| 
 | |
| Prerequisites
 | |
| ~~~~~~~~~~~~~
 | |
| 
 | |
| Add one network node with the following components:
 | |
| 
 | |
| * Three network interfaces: management, provider, and overlay.
 | |
| * OpenStack Networking layer-2 agent, layer-3 agent, and any
 | |
|   dependencies.
 | |
| 
 | |
| .. note::
 | |
| 
 | |
|    You can keep the DHCP and metadata agents on each compute node or
 | |
|    move them to the network nodes.
 | |
| 
 | |
| Architecture
 | |
| ~~~~~~~~~~~~
 | |
| 
 | |
| .. image:: figures/deploy-lb-ha-vrrp-overview.png
 | |
|    :alt: High-availability using Linux bridge with VRRP - overview
 | |
| 
 | |
| The following figure shows components and connectivity for one self-service
 | |
| network and one untagged (flat) network. The master router resides on network
 | |
| node 1. In this particular case, the instance resides on the same compute
 | |
| node as the DHCP agent for the network. If the DHCP agent resides on another
 | |
| compute node, the latter only contains a DHCP namespace and Linux bridge
 | |
| with a port on the overlay physical network interface.
 | |
| 
 | |
| .. image:: figures/deploy-lb-ha-vrrp-compconn1.png
 | |
|    :alt: High-availability using Linux bridge with VRRP - components and connectivity - one network
 | |
| 
 | |
| Example configuration
 | |
| ~~~~~~~~~~~~~~~~~~~~~
 | |
| 
 | |
| Use the following example configuration as a template to add support for
 | |
| high-availability using VRRP to an existing operational environment that
 | |
| supports self-service networks.
 | |
| 
 | |
| Controller node
 | |
| ---------------
 | |
| 
 | |
| #. In the ``neutron.conf`` file:
 | |
| 
 | |
|    * Enable VRRP.
 | |
| 
 | |
|      .. code-block:: ini
 | |
| 
 | |
|         [DEFAULT]
 | |
|         l3_ha = True
 | |
| 
 | |
| #. Restart the following services:
 | |
| 
 | |
|    * Server
 | |
| 
 | |
| Network node 1
 | |
| --------------
 | |
| 
 | |
| No changes.
 | |
| 
 | |
| Network node 2
 | |
| --------------
 | |
| 
 | |
| #. Install the Networking service Linux bridge layer-2 agent and layer-3
 | |
|    agent.
 | |
| 
 | |
| #. In the ``neutron.conf`` file, configure common options:
 | |
| 
 | |
|    .. include:: shared/deploy-config-neutron-common.txt
 | |
| 
 | |
| #. In the ``linuxbridge_agent.ini`` file, configure the layer-2 agent.
 | |
| 
 | |
|    .. code-block:: ini
 | |
| 
 | |
|       [linux_bridge]
 | |
|       physical_interface_mappings = provider:PROVIDER_INTERFACE
 | |
| 
 | |
|       [vxlan]
 | |
|       enable_vxlan = True
 | |
|       local_ip = OVERLAY_INTERFACE_IP_ADDRESS
 | |
| 
 | |
|       [securitygroup]
 | |
|       firewall_driver = iptables
 | |
| 
 | |
|    .. warning::
 | |
| 
 | |
|       By default, Linux uses UDP port ``8472`` for VXLAN tunnel traffic. This
 | |
|       default value  doesn't follow the IANA standard, which assigned UDP port
 | |
|       ``4789`` for VXLAN communication. As a consequence, if this node is part
 | |
|       of a mixed deployment, where nodes with both OVS and Linux bridge must
 | |
|       communicate over VXLAN tunnels, it is recommended that a line containing
 | |
|       ``udp_dstport = 4789`` be added to the [vxlan] section of all the Linux
 | |
|       bridge agents. OVS follows the IANA standard.
 | |
| 
 | |
|    Replace ``PROVIDER_INTERFACE`` with the name of the underlying interface
 | |
|    that handles provider networks. For example, ``eth1``.
 | |
| 
 | |
|    Replace ``OVERLAY_INTERFACE_IP_ADDRESS`` with the IP address of the
 | |
|    interface that handles VXLAN overlays for self-service networks.
 | |
| 
 | |
| #. In the ``l3_agent.ini`` file, configure the layer-3 agent.
 | |
| 
 | |
|    .. code-block:: ini
 | |
| 
 | |
|       [DEFAULT]
 | |
|       interface_driver = linuxbridge
 | |
| 
 | |
| #. Start the following services:
 | |
| 
 | |
|    * Linux bridge agent
 | |
|    * Layer-3 agent
 | |
| 
 | |
| Compute nodes
 | |
| -------------
 | |
| 
 | |
| No changes.
 | |
| 
 | |
| Verify service operation
 | |
| ------------------------
 | |
| 
 | |
| #. Source the administrative project credentials.
 | |
| #. Verify presence and operation of the agents.
 | |
| 
 | |
|    .. code-block:: console
 | |
| 
 | |
|       $ openstack network agent list
 | |
|       +--------------------------------------+--------------------+----------+-------------------+-------+-------+---------------------------+
 | |
|       | ID                                   | Agent Type         | Host     | Availability Zone | Alive | State | Binary                    |
 | |
|       +--------------------------------------+--------------------+----------+-------------------+-------+-------+---------------------------+
 | |
|       | 09de6af6-c5f1-4548-8b09-18801f068c57 | Linux bridge agent | compute2 | None              | True  | UP    | neutron-linuxbridge-agent |
 | |
|       | 188945d1-9e70-4803-a276-df924e0788a4 | Linux bridge agent | compute1 | None              | True  | UP    | neutron-linuxbridge-agent |
 | |
|       | e76c440d-d5f6-4316-a674-d689630b629e | DHCP agent         | compute1 | nova              | True  | UP    | neutron-dhcp-agent        |
 | |
|       | e67367de-6657-11e6-86a4-931cd04404bb | DHCP agent         | compute2 | nova              | True  | UP    | neutron-dhcp-agent        |
 | |
|       | e8174cae-6657-11e6-89f0-534ac6d0cb5c | Metadata agent     | compute1 | None              | True  | UP    | neutron-metadata-agent    |
 | |
|       | ece49ec6-6657-11e6-bafb-c7560f19197d | Metadata agent     | compute2 | None              | True  | UP    | neutron-metadata-agent    |
 | |
|       | 598f6357-4331-4da5-a420-0f5be000bec9 | L3 agent           | network1 | nova              | True  | UP    | neutron-l3-agent          |
 | |
|       | f4734e0f-bcd5-4922-a19d-e31d56b0a7ae | Linux bridge agent | network1 | None              | True  | UP    | neutron-linuxbridge-agent |
 | |
|       | 670e5805-340b-4182-9825-fa8319c99f23 | Linux bridge agent | network2 | None              | True  | UP    | neutron-linuxbridge-agent |
 | |
|       | 96224e89-7c15-42e9-89c4-8caac7abdd54 | L3 agent           | network2 | nova              | True  | UP    | neutron-l3-agent          |
 | |
|       +--------------------------------------+--------------------+----------+-------------------+-------+-------+---------------------------+
 | |
| 
 | |
| Create initial networks
 | |
| -----------------------
 | |
| 
 | |
| .. include:: shared/deploy-ha-vrrp-initialnetworks.txt
 | |
| 
 | |
| Verify network operation
 | |
| ------------------------
 | |
| 
 | |
| .. include:: shared/deploy-ha-vrrp-verifynetworkoperation.txt
 | |
| 
 | |
| Verify failover operation
 | |
| -------------------------
 | |
| 
 | |
| .. include:: shared/deploy-ha-vrrp-verifyfailoveroperation.txt
 | |
| 
 | |
| Keepalived VRRP health check
 | |
| ----------------------------
 | |
| 
 | |
| .. include:: shared/keepalived-vrrp-healthcheck.txt
 | |
| 
 | |
| Network traffic flow
 | |
| ~~~~~~~~~~~~~~~~~~~~
 | |
| 
 | |
| This high-availability mechanism simply augments :ref:`deploy-lb-selfservice`
 | |
| with failover of layer-3 services to another router if the master router
 | |
| fails. Thus, you can reference :ref:`Self-service network traffic flow
 | |
| <deploy-lb-selfservice-networktrafficflow>` for normal operation.
 |