[openstack-dev] [neutron][IPv6] Neighbor Discovery for HA

Xu Han Peng pengxuhan at gmail.com
Thu Aug 28 09:03:27 UTC 2014

Anthony and Robert,

Thanks for your reply. I don't know if the arping is there for NAT, but 
I am pretty sure it's for HA setup to broadcast the router's own change 
since the arping is controlled by "send_arp_for_ha" config. By checking 
the man page of arping, you can find the "arping -A" we use in code is 
sending out ARP REPLY instead of ARP REQUEST. This is like saying "I am 
here" instead of "where are you". I didn't realized this either until 
Brain pointed this out at my code review below.




Xu Han

On 08/27/2014 10:01 PM, Veiga, Anthony wrote:
>     Hi Xuhan,
>     What I saw is that GARP is sent to the gateway port and also to
>     the router ports, from a neutron router. I'm not sure why it's
>     sent to the router ports (internal network). My understanding for
>     arping to the gateway port is that it is needed for proper NAT
>     operation. Since we are not planning to support ipv6 NAT, so this
>     is not required/needed for ipv6 any more?
> I agree that this is no longer necessary.
>     There is an abandoned patch that disabled the arping for ipv6
>     gateway port:
>     https://review.openstack.org/#/c/77471/3/neutron/agent/l3_agent.py
>     thanks,
>     Robert
>     On 8/27/14, 1:03 AM, "Xuhan Peng" <pengxuhan at gmail.com
>     <mailto:pengxuhan at gmail.com>> wrote:
>         As a follow-up action of yesterday's IPv6 sub-team meeting, I
>         would like to start a discussion about how to support l3 agent
>         HA when IP version is IPv6.
>         This problem is triggered by bug [1] where sending gratuitous
>         arp packet for HA doesn't work for IPv6 subnet gateways. This
>         is because neighbor discovery instead of ARP should be used
>         for IPv6.
>         My thought to solve this problem turns into how to send
>         out neighbor advertisement for IPv6 routers just like sending
>         ARP reply for IPv4 routers after reading the comments on code
>         review [2].
>         I searched for utilities which can do this and only find a
>         utility called ndsend [3] as part of vzctl on ubuntu. I could
>         not find similar tools on other linux distributions.
>         There are comments in yesterday's meeting that it's the new
>         router's job to send out RA and there is no need for neighbor
>         discovery. But we didn't get enough time to finish the
>         discussion.
> Because OpenStack runs the l3 agent, it is the router.  Instead of 
> needing to do gratuitous ARP to alert all clients of the new MAC, a 
> simple RA from the new router for the same prefix would accomplish the 
> same, without having to resort to a special package to generate 
> unsolicited NA packets.  RAs must be generated from the l3 agent 
> anyway if it's the gateway, and we're doing that via radvd now.  The 
> HA failover simply needs to start the proper radvd process on the 
> secondary gateway and resume normal operation.
>         Can you comment your thoughts about how to solve this problem
>         in this thread, please?
>         [1] https://bugs.launchpad.net/neutron/+bug/1357068
>         [2] https://review.openstack.org/#/c/114437/
>         [3] http://manpages.ubuntu.com/manpages/oneiric/man8/ndsend.8.html
>         Thanks,
>         Xu Han
> -Anthony
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140828/ea9bf0bb/attachment.html>

More information about the OpenStack-dev mailing list