[Openstack-operators] Neutron HA With VRRP (2 Master Nodes, Bogus VRRP packet)

Eren Türkay erent at skyatlas.com
Tue May 26 08:15:06 UTC 2015


Hello folks,

I'm trying to use HA with VRRP using keepalived under Juno release. This is a
VLAN setup using ML2 plugin and openvswitch.

I've setup second neutron node and added ha_* configuration parameters. When I
create a new router, I see that it's created on both network nodes. However, it
seems that keepalived cannot select master nodes as both nodes are seen as
"master".

I debugged the problem a bit and came to conclusion that VRRP messages are
correctly sent (with tcpdump). The first node announces that it has the
floating and internal tenant network ip (router ip). Second node also announces
its virtual ip written in keepalived.conf (169.254.0.1). But in the second
node, I see the following message:

May 26 10:54:15 neutron-ha-2 Keepalived_vrrp[20144]: ip address associated with
VRID not present in received packet : 169.254.0.1
May 26 10:54:15 neutron-ha-2 Keepalived_vrrp[20144]: one or more VIP associated
with VRID mismatch actual MASTER advert
May 26 10:54:15 neutron-ha-2 Keepalived_vrrp[20144]: bogus VRRP packet received
on ha-38ff51c5-f0 !!!
May 26 10:54:15 neutron-ha-2 Keepalived_vrrp[20144]: VRRP_Instance(VR_1)
Dropping received VRRP packet...

Indeed, 169.254.0.1 which is present in the second node as virtual ip, is not
announced (or present) in the VRRP message sent from the first node. The
message from the first node only contains router ip address for the tenant
network.

It seems that there is a known bug for neutron with HA setup *if* l2population
is enabled. However, I do not have l2population enabled (it's explicitly
disabled on plugin.ini): https://bugs.launchpad.net/neutron/+bug/1365476

There is a patch [0] for this but it's against master. Accordingly to LP bug
report, it isn't going to be backported to Juno release. Is this LP bug and
patch related to this issue?

I am attaching keepalived.conf files from both of the nodes. The current state
is that those two node states are "master" and I see the "bogus vrrp packet"
error in the second node. There is no backup node and the cluster isn't
functioning.

Has anyone successfully installed HA setup with VRRP? I gladly appreciate any
help regarding to this issue.

Note: keepalived v1.2.16 (05/25,2015) is used in both nodes.

[0] https://review.openstack.org/#/c/141114/


---- BEGIN: keepalived.conf on NODE-1 ----
vrrp_sync_group VG_1 {
    group {
        VR_1
    }
    notify_master
"/var/lib/neutron/ha_confs/93b94981-01ac-4e59-8718-5103b867f3dd/notify_master.sh"
    notify_backup
"/var/lib/neutron/ha_confs/93b94981-01ac-4e59-8718-5103b867f3dd/notify_backup.sh"
    notify_fault
"/var/lib/neutron/ha_confs/93b94981-01ac-4e59-8718-5103b867f3dd/notify_fault.sh"
}
vrrp_instance VR_1 {
    state BACKUP
    interface ha-b9db8385-67
    virtual_router_id 1
    priority 50
    nopreempt
    advert_int 2
    track_interface {
        ha-b9db8385-67
    }
    virtual_ipaddress {
        10.30.0.1/24 dev qr-a867fbab-dd
    }
    virtual_ipaddress_excluded {
	192.168.92.23/32 dev qg-690ab8d9-81
        192.168.92.33/16 dev qg-690ab8d9-81
    }
    virtual_routes {
        0.0.0.0/0 via 192.168.88.1 dev qg-690ab8d9-81
    }

---- END: keepalived.conf on NODE-1 ----

---- BEGIN: keepalived.conf on NODE-2 ----
vrrp_sync_group VG_1 {
    group {
        VR_1
    }
    notify_master
"/var/lib/neutron/ha_confs/93b94981-01ac-4e59-8718-5103b867f3dd/notify_master.sh"
    notify_backup
"/var/lib/neutron/ha_confs/93b94981-01ac-4e59-8718-5103b867f3dd/notify_backup.sh"
    notify_fault
"/var/lib/neutron/ha_confs/93b94981-01ac-4e59-8718-5103b867f3dd/notify_fault.sh"
}
vrrp_instance VR_1 {
    state BACKUP
    interface ha-38ff51c5-f0
    virtual_router_id 1
    priority 50
    nopreempt
    advert_int 2
    track_interface {
        ha-38ff51c5-f0
    }
    virtual_ipaddress {
        169.254.0.1/24 dev ha-38ff51c5-f0
    }
    virtual_ipaddress_excluded {
        10.30.0.1/24 dev qr-a867fbab-dd
        192.168.92.23/32 dev qg-690ab8d9-81
        192.168.92.33/16 dev qg-690ab8d9-81
        fe80::f816:33ff:fe45:26ed/64 dev qr-a867fbab-dd scope link
        fe80::f816:33ff:fee8:fd4b/64 dev qg-690ab8d9-81 scope link
    }
    virtual_routes {
        0.0.0.0/0 via 192.168.88.1 dev qg-690ab8d9-81
    }

---- END: keepalived.conf on NODE-2 ----

-- 
Eren Türkay, System Administrator
https://skyatlas.com/ | +90 850 885 0357

Yildiz Teknik Universitesi Davutpasa Kampusu
Teknopark Bolgesi, D2 Blok No:107
Esenler, Istanbul Pk.34220

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150526/47878c89/attachment.pgp>


More information about the OpenStack-operators mailing list