When a highly available router is created, Neutron creates a VRRP group composed of at least two router namespaces by default. The namespaces are spread across multiple hosts running the Neutron L3 agent, and each runs the keepalived service with its respective configuration. Traffic between the routers uses a dedicated network interface, which is discussed in the following section.
The routers in the VRRP group communicate among one another over a dedicated HA network and interface prefixed with ha. The default HA network, 169.254.192.0/18, is created automatically by Neutron the first time an HA router is created and utilizes the default tenant network type. Only one network is created per tenant, and it is used by all HA routers created by this tenant. If all HA routers in a tenant are deleted, the HA network will remain and be reused for all other HA routers that get created by the tenant in the future.
VRRP utilizes a
virtual router identifier, or VRID, within a subnet and exchanges VRRP protocol messages with other routers with the same VRID using multicast to determine the master router. The VRID is 8 bits in length, and the valid range is 1 to 255. As each tenant uses a single administrative network for VRRP communication between routers, tenants are limited to only 255 HA virtual routers.
A virtual router has a virtual IP address that can act as the default gateway for hosts in the network. The master router owns the IP address until a failover event occurs, at which time a backup router becomes the new master and takes over the IP and associated routing duties.
Due to limitations with keepalived, Neutron HA routers do not completely follow the VRRP networking conventions described up to this point. Neutron assigns a single virtual IP to an HA router, and this virtual IP is only configured on the master router in the group at any given time. While the address fails over between routers during a failover event, it is not used as a gateway address for any network. As HA routers are created, a new virtual IP address is assigned to the respective group.
Note
Neutron assigns virtual IP addresses from the 169.254.0.0/24 network by default. If an HA router's VRID is 5, then the assigned virtual IP would be 169.254.0.5. Using the VRID in the virtual IP assignment process assures that the address is consistent among HA router instances on different nodes without having to be stored in the database.
Instead of using virtual addresses for each connected subnet, Neutron uses the virtual_ipaddress_excluded configuration section found within the keepalived configuration file to specify routes, addresses, and their respective interfaces that should be configured when a router becomes master for the group. Likewise, the interface configuration is removed once the router becomes a backup router. The following screenshot demonstrates various interfaces and routes that will be modified:
Figure 8.2
The keepalived configuration file for an HA router will be discussed in further detail later in this chapter.
Note
The keepalived service is limited to 20 configured virtual addresses, which could artificially limit the number of subnets attached to a Neutron router. The use of virtual_ipaddress_excluded is a known workaround of this limitation. The resulting behavior remains the same as that of a virtual address.
In the following screenshot, an HA router without any connected gateway or tenant networks is scheduled across three L3 agents. One router acts as the master, while the other two are relegated to backup duties. The ha interfaces are used for communication between the routers:
Figure 8.3
At any given time, only the master router should have the virtual IP address configured on its ha interface.