What is an Addresspair and How it configure in Openstack HA Instances

Address Pair

Allowed-address-pairs allow you to specify mac_address/ip_address (CIDR) pairs that pass through a port regardless of subnet. This enables the use of protocols such as VRRP, which floats an IP address between two instances to enable fast data plane failover.

Use Case.

Consider, you are building a HA cluster for your App / DB servers. You need a Virtual IP Address on top of your cluster to handle the request. In case of one of the cluster member not responding, Cluster service will command the VIP to pass the request to another member.  But at the moment, Openstack Neutron wont allow another IP Address to bind on its instance NIC. There is a Blueprint on this.  Now, we need to add the VIP address to each servers virtual NIC.

Diagram

Implementation

Port Details of the Virtual NIC of first server (member-01)

root@ctl01:~# neutron port-show 78794a2e-9148-4a78-a5f4-4ab94c9af472
+———————–+————————————————————————————+
| Field | Value |
+———————–+————————————————————————————+
| admin_state_up | True |
| binding:host_id | node-386.stcs.production |
| binding:vif_details | {“port_filter”: true} |
| binding:vif_type | vrouter |
| binding:vnic_type | normal |
| device_id | fd496145-12f9-4206-b034-22dccf75b2c2 |
| device_owner | compute:zone-2 |
| fixed_ips | {“subnet_id”: “80eaafb4-0df3-465f-97ad-72517260088a”, “ip_address”: “192.168.1.9”} |
| id | 78794a2e-9148-4a78-a5f4-4ab94c9af472 |
| mac_address | 02:78:79:4a:2e:91 |
| name | 78794a2e-9148-4a78-a5f4-4ab94c9af472 |
| network_id | 3dd660b6-e919-516-95d6-a7aac469b3a9 |
| port_security_enabled | True |
| security_groups | 46b0d4d2-c78e-4d11-9120-0cc6fa753b85 |
| status | ACTIVE |
| tenant_id | 025ebbd332224eee82fc1344ff5ac74e |
+———————–+————————————————————————————+

Port Details of the Virtual NIC of first server (member-02)

root@ctl01:~# neutron port-show b99aea1f-0d61-4e45-ad23-a1db52e41a2e
+———————–+————————————————————————————+
| Field | Value |
+———————–+————————————————————————————+
| admin_state_up | True |
| binding:host_id | node-387.stcs.production |
| binding:vif_details | {“port_filter”: true} |
| binding:vif_type | vrouter |
| binding:vnic_type | normal |
| device_id | 3e5b333e-f060-4a70-8b1f-00e8b7c1dd3e |
| device_owner | compute:zone-2 |
| fixed_ips | {“subnet_id”: “80eaafb4-0df3-465f-97ad-72517260088a”, “ip_address”: “192.168.1.8”} |
| id | b99aea1f-0d61-4e45-ad23-a1db52e41a2e |
| mac_address | 02:b9:9a:ea:1f:0d |
| name | b99aea1f-0d61-4e45-ad23-a1db52e41a2e |
| network_id | 3dd660b6-e919-44a7-95d6-a7aac469b3a9 |
| port_security_enabled | True |
| security_groups | 46b0d4d2-c78e-4d11-9120-0cc6fa753b85 |
| status | ACTIVE |
| tenant_id | 025ebbd332224eee82fc1344ff5ac74e |
+———————–+————————————————————————————+

In our Example, Linux Cluster Service is using the VIP is 192.168.1.10. 

Solution

We are going to add this VIP (192.168.1.10) to each servers port as address pair.

neutron port-update 78794a2e-9148-4a78-a5f4-4ab94c9af472 –allowed_address_pairs list=true type=dict ip_address=192.168.1.10

neutron port-updateb99aea1f-0d61-4e45-ad23-a1db52e41a2e –allowed_address_pairs list=true type=dict ip_address=192.168.1.10

Lets check the Ports now.

+———————–+————————————————————————————+
| Field | Value |
+———————–+————————————————————————————+
| admin_state_up | True |
| allowed_address_pairs | {“ip_address”: “192.168.1.10”, “mac_address”: “”} |
| | |
| binding:host_id | node-386.stcs.production |
| binding:vif_details | {“port_filter”: true} |
| binding:vif_type | vrouter |
| binding:vnic_type | normal |
| device_id | fd496145-12f9-4206-b034-22dccf75b2c2 |
| device_owner | compute:zone-2 |
| fixed_ips | {“subnet_id”: “80eaafb4-0df3-465f-97ad-72517260088a”, “ip_address”: “192.168.1.9”} |
| id | 78794a2e-9148-4a78-a5f4-4ab94c9af472 |
| mac_address | 02:78:79:4a:2e:91 |
| name | 78794a2e-9148-4a78-a5f4-4ab94c9af472 |
| network_id | 3dd660b6-e919-44a7-95d6-a7aac469b3a9 |
| port_security_enabled | True |
| security_groups | 46b0d4d2-c78e-4d11-9120-0cc6fa753b85 |
| status | ACTIVE |
| tenant_id | 025ebbd332224eee82fc1344ff5ac74e |
+———————–+————————————————————————————+

+———————–+————————————————————————————+
| Field | Value |
+———————–+————————————————————————————+
| admin_state_up | True |
| allowed_address_pairs | {“ip_address”: “192.168.1.10”, “mac_address”: “”} |
| | |
| binding:host_id | node-387.stcs.production |
| binding:vif_details | {“port_filter”: true} |
| binding:vif_type | vrouter |
| binding:vnic_type | normal |
| device_id | 3e5b333e-f060-4a70-8b1f-00e8b7c1dd3e |
| device_owner | compute:zone-2 |
| fixed_ips | {“subnet_id”: “80eaafb4-0df3-465f-97ad-72517260088a”, “ip_address”: “192.168.1.8”} |
| id | b99aea1f-0d61-4e45-ad23-a1db52e41a2e |
| mac_address | 02:b9:9a:ea:1f:0d |
| name | b99aea1f-0d61-4e45-ad23-a1db52e41a2e |
| network_id | 3dd660b6-e919-44a7-95d6-a7aac469b3a9 |
| port_security_enabled | True |
| security_groups | 46b0d4d2-c78e-4d11-9120-0cc6fa753b85 |
| status | ACTIVE |
| tenant_id | 025ebbd332224eee82fc1344ff5ac74e |
+———————–+————————————————————————————+

As you can see that allowed_address_pairs information listed in both ports. Now onwards whenever a member failed to responds, cluster service can easily migrate the traffic to next available member.

If you have multiple VIP, you can add these like following.

neutron port-update 78794a2e-9148-4a78-a5f4-4ab94c9af472 –allowed_address_pairs list=true type=dict ip_address=192.168.1.10 ip_address=192.168.1.11 ip_address=192.168.1.12

stacker has written 20 articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Humans Only. * Time limit is exhausted. Please reload the CAPTCHA.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>