Preamble
A failover cluster is a group of independent computers that work together to increase the availability of applications and services. The clustered servers (called nodes) are connected . If one of the cluster nodes fails, another node begins to provide service (a process known as failover). Users experience a minimum of disruptions in service.
Allowed Address Pairs
Using Neutron’s allowed-address-pairs feature to allow multiple IP addresses per interface for Bluvalt instance. Allowed Address Pairs is a Neutron Extension that extends the port attribute to enable you to specify arbitrary ip_address(cidr) pairs that are allowed to pass through a port.
Issue
Alternate or secondary interface IP addresses do not function properly on Openstack instances. Virtual IP addresses do not function properly on Openstack instances. Pacemaker or Keepalived, VRRP (which floats an IP address between two instances to enable fast data plane failover) and MS SQL Availability Group Virtual IP addresses do not function properly on Openstack instances.
Solution
Basic allowed-address-pairs operations:
Create a port and allow one address pair
Bluvalt supports rich abstractions to handle virtual networking needs in a cloud. As a user the most visible entities are the Network, Subnets, Routers,etc. But if we consider ingress and egress points for data traffic, the most critical entity is the Port. Bluvalt Neutron Ports are usually created automatically as part of other user operations. However the CLI allows users to create Ports independently as well. Ports in Bluva lt networking are realized using interfaces (mostly virtual) on the underlying hypervisor (KVM). IP addresses used for virtual machines, routers etc are actually stored with the Port entities. Given that Ports represent entry and exit points for data traffic and also the associated configurations such as interface and IP address, they play an important role in Bluvalt networking.
Prerequisites
Openstack CLI Click here
Create network and VM Click here
Disable RPF feature for the network:
To deactivate the Reverse Path Forwarding (RPF) feature at the network level, you have to initiate a support request with our cloud support team. This step is necessary to mitigate potential compatibility conflicts faced by VMs operating in cluster mode, such as Load Balancers (LBs), Firewalls (FWs), and similar components.
The RPF feature is initially enabled by default as a security measure. However, it’s important to note that due to potential incompatibilities with certain VM configurations, it’s advised to disable this feature. Our cloud support team will assist in the process of disabling RPF from their end, ensuring a seamless experience for your network infrastructure.
Create the Port
- First we need to know the network ID, and we can obtain this information by the following command:
openstack network list
The output look like this:
+--------------------------------------+----------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------------+--------------------------------------+
| cc79838d-19eb-4230-a642-eaec3f4be55d | VIP_network | a722e698-b082-4eb5-baa3-2bcb4e21bb95 |
| c975f064-d2b8-413c-9493-981f68bf887a | Public_Network | f661f581-3ec6-44ad-92cb-704ef76ab45d |
+--------------------------------------+----------------+--------------------------------------+
- Now we can create the port:
openstack port create --network cc79838d-19eb-4230-a642-eaec3f4be55d --fixed-ip ip-address=192.168.0.22 vip-port-22
You can reserve any IP address as a VIP, in this article we pick this IP 192.168.0.22 from and within the CIDR range.
The output look like this:
+-------------------------+-----------------------------------------------------------------------------+
| Field | Value |
+-------------------------+-----------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | None |
| binding_profile | None |
| binding_vif_details | None |
| binding_vif_type | None |
| binding_vnic_type | normal |
| created_at | 2022-10-27T12:19:12.341937 |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| device_profile | None |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | None |
| fixed_ips | ip_address='192.168.0.22', subnet_id='a722e698-b082-4eb5-baa3-2bcb4e21bb95' |
| id | b9dfc023-f453-4d29-9819-2eaeea84489c |
| ip_allocation | None |
| mac_address | 02:b9:df:c0:23:f4 |
| name | vip-port-22 |
| network_id | cc79838d-19eb-4230-a642-eaec3f4be55d |
| numa_affinity_policy | None |
| port_security_enabled | True |
| project_id | 6ad04a695b1c4faa841d10e0e0227aa2 |
| propagate_uplink_status | None |
| qos_network_policy_id | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | None |
| security_group_ids | c2d81ebc-a9f5-4fe6-8a32-52967f2a546f |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2022-10-27T12:19:12.369414 |
+-------------------------+-----------------------------------------------------------------------------+
- Now allow address pairs to VM port:
Getting the instance port ID.
openstack port list --server vip-1
The output look like this:
+--------------------------------------+--------------------------------------+-------------------+-----------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+--------------------------------------+-------------------+-----------------------------------------------------------------------------+--------+
| 88f1e837-a8ff-4508-9383-0e4dc7ac6e38 | 88f1e837-a8ff-4508-9383-0e4dc7ac6e38 | 02:88:f1:e8:37:a8 | ip_address='192.168.0.16', subnet_id='a722e698-b082-4eb5-baa3-2bcb4e21bb95' | ACTIVE |
+--------------------------------------+--------------------------------------+-------------------+-----------------------------------------------------------------------------+--------+
Now lets allow address pairs to VM port by this command:
openstack port set 88f1e837-a8ff-4508-9383-0e4dc7ac6e38 --allowed-address ip-address=192.168.0.22
You can view port output by this command:
openstack port show 88f1e837-a8ff-4508-9383-0e4dc7ac6e38
The output look like this:
+-------------------------+-----------------------------------------------------------------------------+
| Field | Value |
+-------------------------+-----------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | ip_address='192.168.0.22', mac_address='' |
| binding_host_id | None |
| binding_profile | None |
| binding_vif_details | None |
| binding_vif_type | None |
| binding_vnic_type | normal |
| created_at | 2022-10-27T12:12:26.383468 |
| data_plane_status | None |
| description | |
| device_id | c318fe6d-6712-4cc0-84e6-62f533fd3194 |
| device_owner | compute:zone-2 |
| device_profile | None |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | None |
| fixed_ips | ip_address='192.168.0.16', subnet_id='a722e698-b082-4eb5-baa3-2bcb4e21bb95' |
| id | 88f1e837-a8ff-4508-9383-0e4dc7ac6e38 |
| ip_allocation | None |
| mac_address | 02:88:f1:e8:37:a8 |
| name | 88f1e837-a8ff-4508-9383-0e4dc7ac6e38 |
| network_id | cc79838d-19eb-4230-a642-eaec3f4be55d |
| numa_affinity_policy | None |
| port_security_enabled | True |
| project_id | 6ad04a695b1c4faa841d10e0e0227aa2 |
| propagate_uplink_status | None |
| qos_network_policy_id | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | None |
| security_group_ids | c2d81ebc-a9f5-4fe6-8a32-52967f2a546f, d94650f9-2cb5-48f3-a6b3-32bbabe8875f |
| status | ACTIVE |
| tags | |
| trunk_details | None |
| updated_at | 2022-10-29T14:43:32.434262 |
+-------------------------+-----------------------------------------------------------------------------+
From above output, This IP 192.168.0.22 is attached as allowed_address_pairs and it will be utilized as VIP for the H.A clustering.
The same steps above has to be applied to the second Node.
Assigning floating IP to the VIP
1. If this VIP is configured on only single instance please follow below steps
- Create Floating IP in the Public_Network
Jed1-FLOATING Network ID: 80e37cda-1762-4d98-8e55-df3e33710295
Ruh2 Floating network ID: c975f064-d2b8-413c-9493-981f68bf887a
Our Public_Network in Ruh2, so we are going to create floating ip with Ruh2 ID:
openstack floating ip create c975f064-d2b8-413c-9493-981f68bf887a
The output look like this:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2022-10-27T12:22:02.496966 |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 95.177.179.222 |
| floating_network_id | c975f064-d2b8-413c-9493-981f68bf887a |
| id | 461ebba4-c739-41dc-9758-5cf1429c6e31 |
| name | 95.177.179.222 |
| port_details | None |
| port_id | None |
| project_id | 6ad04a695b1c4faa841d10e0e0227aa2 |
| qos_policy_id | None |
| revision_number | None |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2022-10-27T12:22:02.496966 |
+---------------------+--------------------------------------+
- Getting the instance port ID.
openstack port list --server vip-1
The output look like this:
+--------------------------------------+--------------------------------------+-------------------+-----------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+--------------------------------------+-------------------+-----------------------------------------------------------------------------+--------+
| 88f1e837-a8ff-4508-9383-0e4dc7ac6e38 | 88f1e837-a8ff-4508-9383-0e4dc7ac6e38 | 02:88:f1:e8:37:a8 | ip_address='192.168.0.16', subnet_id='a722e698-b082-4eb5-baa3-2bcb4e21bb95' | ACTIVE |
+--------------------------------------+--------------------------------------+-------------------+-----------------------------------------------------------------------------+--------+
- Associate FIP to VIP.
openstack floating ip set --port 88f1e837-a8ff-4508-9383-0e4dc7ac6e38 --fixed-ip-address 192.168.0.22 95.177.179.222
The above command takes the following argument:
openstack floating ip set --port <VM-PORT-ID> --fixed-ip-address <VIP> <FLOATINGIP_ID>
To show the floating IP details:
openstack floating ip show 95.177.179.222
The output look like this:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2022-10-27T12:22:02.496966 |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | 192.168.0.22 |
| floating_ip_address | 95.177.179.222 |
| floating_network_id | c975f064-d2b8-413c-9493-981f68bf887a |
| id | 461ebba4-c739-41dc-9758-5cf1429c6e31 |
| name | 95.177.179.222 |
| port_details | None |
| port_id | 88f1e837-a8ff-4508-9383-0e4dc7ac6e38 |
| project_id | 6ad04a695b1c4faa841d10e0e0227aa2 |
| qos_policy_id | None |
| revision_number | None |
| router_id | 4ff5a898-2b3a-484c-bec7-c1ef4a402506 |
| status | ACTIVE |
| subnet_id | None |
| tags | [] |
| updated_at | 2022-10-27T12:24:44.263470 |
+---------------------+--------------------------------------+
2. If the VIP is configured on multiple instances please open a support ticket with these information and we will configure it from our end.
- Project name.
- VIP.
- Instances ID.
- instances ports ID.
- The floating IP.