In the Juno release of OpenStack, the Neutron community introduced two methods of attaining high availability in routing in a reference implementation. This chapter focuses on a method that uses Virtual Routing Redundancy Protocol, also known as VRRP, to implement redundancy between two or more Neutron routers. High availability using distributed virtual routers, otherwise known as DVR, will be discussed in Chapter 9, Distributed Virtual Routers.
In the previous chapter, we explored the concept of standalone routers and how they allow users to route traffic between tenant networks and external networks as well as provide network address translation for instances managed by the user. In this chapter, we will cover the following:
- High availability of routing using keepalived and VRRP
- Installing and configuring additional L3 agents
- Demonstrating the creation and management of a highly available router
Keepalived is a software package for Linux that provides load balancing and high-availability to Linux-based software and infrastructures.
The Virtual Router Redundancy Protocol, or VRRP, is a first-hop redundancy protocol that aims to provide high availability of a network's default gateway by allowing two or more routers to provide backup for this address. If the active router fails, a backup router takes over the address within a brief period of time. VRRP is an open standard and is based on the proprietary protocol known as Hot Standby Router Protocol (HSRP) developed by Cisco.
Neutron uses keepalived, which utilizes VRRP, to provide failover between multiple sets of router namespaces.
With VRRP, a group of routers can be configured to act as a single virtual router. Routers in the VRRP group elect a master to act as the gateway device, and hosts in the network only need to configure the virtual router to act as their default network gateway. When a failover occurs, another router in the group takes over the routing duties while the configuration of hosts in the network never changes.
In the following diagram, Router A, Router B, and Router C form a single virtual router. In standard configurations, the virtual router has its own IP address, and hosts in the network use the virtual router as their default gateway:
Figure 8.1
As the master router, Router B in the preceding figure is responsible for the virtual address, 192.168.1.1, and routes traffic for hosts using this address as their gateway. The master router sends VRRP advertisements to the group that includes the priority and state of the master router using the multicast address 224.0.0.18. The backup routers use a variety of timers and configuration options to determine when a master router has failed and change their state accordingly.
Routers in the VRRP group elect a master router according to their priorities. The router with the highest priority is elected master, while the other routers in the group act as backups. When a master router fails to send its VRRP advertisements to the group, the backup routers in the VRRP group elect a new master to replace the failed master.
VRRP priorities range from 0 to 255, with 255 being the highest priority. Neutron configures each router in a group with the same priority of 50. Because the priority is the same between routers, in the event of a failover, the election process falls back to the highest IP address.
A router in a VRRP group works in one of two modes: preemptive and non-preemptive.
In the preemptive mode, when a master router fails, it becomes the master router again when it returns to the group if it has a higher priority than the newly elected master.
In the non-preemptive mode, when a router in a VRRP group becomes the master, it continues to operate as the master under normal working conditions. If a backup router is assigned a higher priority later, the active master router will continue to operate as master until it fails.
As of the Kilo release of OpenStack, Neutron configures each router to act in the non-preemptive mode, although this may change in the future. In the event of a failure of the HA network, the failed master router may not detect that it has failed and continue to operate as the master router even though another router has been elected master. The lack of connectivity between the routers means that all routers may not receive VRRP advertisements. When connectivity is reestablished, the routers may engage in an election to determine a single master router.
Timers that are used within VRRP include an advertisement interval timer and a preemption delay timer.
The master router in a VRRP group periodically sends advertisements on an interval established by the advertisement interval timer to inform other routers in the group that it is operating properly. If a backup router does not receive advertisements in a period of three times the interval, the backup regards itself as the master and sends VRRP advertisements to start a new master election process. Neutron routers in a master state are configured to send advertisements every two seconds.
After a backup router receives an advertisement with a priority lower than itself, it waits for a period of time established by the preemption delay timer before sending out VRRP advertisements to start a new master election. This delay helps the routers avoid frequent state changes among members of the VRRP group in cases of network flapping. Because preemption is not enabled within Neutron routers, this timer is not configured.