[openstack-dev] [Neutron] L3 HA VRRP concerns

Sylvain Afchain sylvain.afchain at enovance.com
Mon Mar 3 09:13:04 UTC 2014

Hi everyone,

Sorry for the late reply, I was on vacation :)

See, inline comments


----- Original Message -----
> From: "Assaf Muller" <amuller at redhat.com>

> 1) Is there a way through the API to know, for a given router, what agent is
> hosting
> the active instance? This might be very important for admins to know.

Do you mean keepalived active instance or where the active instance was scheduled ?

Currently only the vrid is returned by the router-show command. I agree with you it's a important thing, I'll try to address it.

> 2) The current approach is to create an administrative network and subnet for
> VRRP traffic per router group /
> per router. Is this network counted in the quota for the tenant? (Clearly it
> shouldn't). Same
> question for the HA ports created for each router instance.

The current approach is to create a admin network/subnet per tenant not per router and this admin network/subnet is not set to any tenant.
> 3) The administrative network is created per router and takes away from the
> VLAN ranges if using
> VLAN tenant networks (For a tunneling based deployment this is a non-issue).
> Maybe we could
> consider a change that creates an administrative network per tenant (Which
> would then limit
> the solution to up to 255 routers because of VRRP'd group limit), or an admin
> network per 255
> routers?

see 2)

> 4) Maybe the VRRP hello and dead times should be configurable? I can see
> admins that would love to
> up or down these numbers.

Sure, I started to introduce it.

> 5) The administrative / VRRP networks, subnets and ports that are created -
> Will they be marked in any way
> as an 'internal' network or some equivalent tag? Otherwise they'd show up
> when running neutron net-list,
> in the Horizon networks listing as well as the graphical topology drawing
> (Which, personally, is what
> bothers me most about this). I'd love them tagged and hidden from the normal
> net-list output,
> and something like a 'neutron net-list --all' introduced.

I agree, will be a nice improvement, maybe addressed in another BP ?

> 6) The IP subnet chosen for VRRP traffic is specified in neutron.conf. If a
> tenant creates a subnet
> with the same range, and attaches a HA router to that subnet, the operation
> will fail as the router
> cannot have different interfaces belonging to the same subnet. Nir suggested
> to look into using
> the range as the default because we know it will (hopefully)
> not be allocated by tenants

Yes we could change the default value in the neutron.conf file.

More information about the OpenStack-dev mailing list