Open Stack

I found other posts which deal with the HA topic in general, but I did not
find one that strictly discussed the specifics or guidance on guest
instance network failover mechanisms.

I'm currently developing against neutron Grizzly using the OVS plugin with
VLANs and GRE tunnelling.   Flooding is working on both.  Tell us to move
to Havana is not a show stopper, but will require work.

I have guest instances which want to use their own L2 failover mechanism.
They are clustered VMs which migrate L3 fixed_ip addresses based on a
triggered failover, which can happen for many different reasons.  On
typical dynamic learning Ethernet, the VMs send out GARPs which takes care
of the network update.

In neutron I can make port updates to move the fixed_ips from one port to
another, but that takes time to let everything catch up and delays the
failover process significantly.  I know what ports should be allowed
traffic for specific fixed_ips on a failover event, so it would be great if
I could allow everything I need before a failover is triggered.  Currently
the ip_spoofing_rule in the iptables firewall is getting in the way as it
will only let traffic originate from fixed_ips associated with a port. I
would love to be able to associate a specific fixed_ip with multiple ports
which would adjust the iptables rule, but that's a pretty fundamental
change seeing that IPAllocation is a foreign key to port in the data model.
For that matter on the engress rule, I would also like to allow multiple
MAC addresses in the destination filter, but that not a requirement to make
this work quickly.

Anyone have a convenient way to augment the iptable ip_spoofing_rule to
allow for my failover  without waiting on port updates to the controller to
migrate fixed_ips between ports? I have a mechanism to allow each fixed_ip
address to have its own port (MAC address) if that helps, but it
complicates the orchestration of both the guest instance setup and failover.

Has there been any discussion around secondary_fixed_ips or
clustered_fixed_ips which can be associated with more than one port at a
time that I've missed on the mailing list?

Thanks for your help everyone.

John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131111/c7f13f5f/attachment.html>