4.1.x Testing the LVS Load Balancer on OpenStack

OpenStack uses an instance MAC (Media Access Control) address to resolve its IP address. Therefore when testing with OpenStack, you need to inform OpenStack about the Virtual IP being used in the Keepalived and the new MAC address being assigned to the respective VIP.

The Havana release has a new extension named a llowed-address-pairs . This allows you to add additional IPS or CIDRS, to a port along with the MAC address and allows traffic that matches the respective values to pass through.

Issue

This is required as the neutron ports allow traffic to pass through, only when the MAC address match the fixed-ips fields on a given port. Therefore there was no way to support protocols such as VRRP, which require the same ip-address to be mapped with multiple ports, as the neutron does not allow this. 

Solution

To overcome this issue, you need to create the port manually using neutron commands. Furthermore, it is required to pair the instances IP addresses, with the port created.

Follow the steps given below, to make a given virtual IP accessible in the network, on OpenStack:

1. Create a port in the VRRP IP range that was left out of the ip-allocation range.

   $neutron port-create --fixed-ip ip_address=<vittual_ip> --security-group <security-group>

2. Allocate a port with the virtual ip-address.

   The PORT_IP should be replaced with the IP of the port created above.

   $neutron floatingip-create --port-id=<PORT_IP> public

3. Update the attached ports to the LVS server instances, to include the ip-address as an allowed-address-pair. This enables them to send out traffic using the allowed-address-pair.

   $ neutron port-update  <port_id_of_lvs_master_server> --allowed_address_pairs list=true type=dict ip_address=<vittual_ip>
   $ neutron port-update   <port_id_of_lvs_backup_server> --allowed_address_pairs list=true type=dict ip_address=<vittual_ip>

References

•  Implementing High Availability Instances with Neutron using VRRP