SlideShare a Scribd company logo

Neutron high availability open stack architecture openstack israel event 2015

Arthur Berezin
Arthur Berezin

The document discusses high availability (HA) technologies in OpenStack using Neutron, focusing on solutions like Pacemaker and HAProxy to minimize downtime and avoid single points of failure. It details architecture considerations, the use of DB and DHCP agents, and the implementation of redundancy through techniques like VRRP and distributed virtual routing (DVR). The summary emphasizes the importance of leveraging built-in solutions while choosing the appropriate HA strategies based on deployment size and complexity.

Software
1 of 37
Downloaded 333 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
@Livnat_Peer Sr. Engineering Manager, Red Hat @ArthurBerezin Sr. Technical Product Manager, Red Hat Neutron High Availability OpenStack Israel Tel-Aviv June 2015
Agenda HA Enabling Technologies Pacemaker and HAProxy Neutron Built-in Mechanisms DHCP Agent HA L3 Agent with Virtual Router Redundancy Protocol(VRRP) Distributed Virtual Routing(DVR)
cc: Morio2015 Source: https://www.wikiwand.com/en/Scuderia_Ferrari
Losing Your Controller https://www.youtube.com/watch?v=Kb43Nxuwc4I
High Availability ● Minimize Downtime By Avoiding SPOF ● Service redundancy ○ Active-Active When possible ■ Stateless services ■ Built-in HA mechanisms ○ Active-Passive for others ● Scale out Architecture Add nodes as you go
Neutron high availability open stack architecture openstack israel event 2015
HA Enabling Technologies Pacemaker, HAProxy
● Cluster Resource Manager ● Uses Corosync for cluster communication ● Monitor and Control Resources: ○ Floating Virtual IP Address (VIP) ○ SystemD/LSB/OCF Services ○ Cloned Services(Active/Active) ● STONITH - Fencing with Power Management ○ Important for ensuring data consistency Pacemaker
● Virtual IP(VIP) ● SystemD Cloned Resource ● STONITH Fencing Pacemaker OpenStack Service Node 2 - 192.168.1.2Node 1 - 192.168.1.1 pcsd pcsd Cloned STONITH STONITH Service Service Service Virtual IP 10.0.0.1
HAProxy Load Balancer Load Balancing and Proxy for HTTP/TCP ● Mature and popular with web applications ● Health Checking ● Load Distribution
● Load Distribution ○ Round Robin, ○ Stick-Table ● API Isolation ● Failure Detection Node 1 Node 2 Node 3 HAProxy Load Balancer Service Service HAProxy
Avoiding SPOFs A day in a Highly Available Service Life
Neutron-Server Controller Give Me Horizon Web UI NOW!
Neutron-Server Controller Give Me Horizon Web UI NOW! Single Point Of Failure
Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1
Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 Single Point Of Failure Each Could Fail
Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 Single Point Of Failure Pacemaker Cloned Horizon Service
Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 HAProxy Controller 3 HAProxy Controller 2 Pacemaker Cloned Horizon Service Pacemaker Cloned HAProxy Service
Pacemaker Cloned HAProxy Service Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 HAProxy Controller 1 HAProxy Controller 3 HAProxy Controller 2 Give Me Horizon Web UI NOW! Horizon VIP Pacemaker Cloned Horizon Service
Neutron Built-in Mechanisms
● External mechanisms ● Neutron built-in mechanisms ● Reference implementation vs. vendors code My HA Solution
Architecture - Assuming Centralized Network Node Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Neutron server OVS agent OVS OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq Internet External Network API Network Management Network Data Network L3 Agent
DHCP Agent ● IP address allocation is done by the Neutron server ● dnsmasq is used as a distribution mechanism of predefined allocations ● The DHCP protocol allows multiple DHCP servers to co-exist while serving the same pool ● Configuration in Neutron neutron.conf : dhcp_agents_per_network = X OVS Agent Neutron serverOVS DHCP agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent keepalived DHCP Agent
● Dynamic process creation: dnsmasq, keepalived, metadata proxy etc. ● ProcessMonitor check processes liveliness periodically ● Optional actions: – Respawn process – Exit agent – Notify (not available yet) ● Default configuration check_child_processes_action = respawn check_child_processes_period = 0 Process Monitoring OVS Agent Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent keepalived
Metadata Agent OVS What Else? DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
What Else? Metadata Agent OVS DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
What Else? Metadata Agent OVS DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
VRRP (Virtual Router Redundancy Protocol) ● Providing HA of the network’s default gateway ● Configuring default gateway as VIP + Virtual MAC ● Gratuitous ARP after failover Sync Net
L3 HA Implementing VRRP ● Using keepalived which internally implements VRRP ● Creating a per tenant HA network, used for VRRP sync messages ● When HA router is created it is scheduled on multiple network nodes (Configurable) ● New in Kilo – Report which network node is hosting the master instance ● On the work – L3 HA + l2pop – External interface tracking – L3 HA+DVR
Traffic Flow 3-tier Application Host 1 WWW VM Host 2 App VM Host 3 DB VM Network Node Virtual Router
DVR – Distributed Virtual Router ● DVR is moving most of the routing to the compute node – Isolating the failure domain of the network node – Optimizing the network flow ● Traffic types – East – West (Within the tenant, different networks) – North – South with floating IP (VM to/from external network) – North – South without floating IP (Based on SNAT) Direct between compute nodes Through network node
Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Internet External Network API Network Management Network Data Network Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent Neutron server OVS agent OVS
Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Internet External Network API Network Management Network Data Network Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent Neutron server OVS agent OVS
Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Neutron server OVS agent OVS Internet External Network API Network Management Network Data Network Compute Node Neutron server OVS agent Neutron serverOVS L3 agent Neutron serverMetadata agent Metadata Proxy Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent
Summary ● No one stop shop ● Maximize the use of built-in solutions – They are vendor neutral – Highly maintained – Widely documented ● Understand what you need, use the appropriate tools – DVR vs VRRP – What size is your deployment, maybe A/P is good enough... ● The more complicated the solution is the more likely it is to have bugs
Thank You
Resources ● http://assafmuller.com ● http://specs.openstack.org/openstack/neutron-specs/specs/kilo/agent-child-processes-statu s.html ● https://github.com/beekhof/osp-ha-deploy/blob/master/ha-openstack.md ● https://docs.google.com/document/d/1jCmraZGirmXq5V1MtRqhjdZCbUfiwBhRkUjDXGt5QUQ /edit ● https://docs.google.com/document/d/1jCmraZGirmXq5V1MtRqhjdZCbUfiwBhRkUjDXGt5QUQ /edit ● https://www.youtube.com/watch?v=00j1x-T1vhA

More Related Content

What's hot (20)

PPTX
OpenStack HA
Kenneth Hui
 
PPTX
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
PPTX
Open stack HA - Theory to Reality
Sriram Subramanian
 
PPTX
L2 and L3 agent restructure
Rossella Sblendido
 
PDF
OpenStack Neutron Advanced Services by Akanda
Sean Roberts
 
PDF
OpenStack Paris Summit: Bridges and Tunnels: A Drive Through OpenStack Networ...
markmcclain
 
PDF
Open stack networking_101_update_2014
yfauser
 
PDF
Bridges and Tunnels a Drive Through OpenStack Networking
markmcclain
 
PDF
Simplifying the OpenStack and Kubernetes network stack with Romana
Juergen Brendel
 
PPTX
OpenStack Neutron behind the Scenes
Anil Bidari ( CEO , Cloud Enabled)
 
PPTX
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Cloud Native Day Tel Aviv
 
PDF
MidoNet deep dive
Taku Fukushima
 
PPTX
Open stack ha design & deployment kilo
Steven Li
 
PPTX
Quantum (OpenStack Meetup Feb 9th, 2012)
Dan Wendlandt
 
PDF
High Availability for OpenStack
Kamesh Pemmaraju
 
PDF
Introduction to Software Defined Networking and OpenStack Neutron
Sana Khan
 
PPTX
Neutron DVR
Edgar Magana
 
PPTX
Navigating OpenStack Networking
PLUMgrid
 
PDF
OpenStack networking (Neutron)
CREATE-NET
 
PDF
Open daylight and Openstack
Dave Neary
 
OpenStack HA
Kenneth Hui
 
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
Open stack HA - Theory to Reality
Sriram Subramanian
 
L2 and L3 agent restructure
Rossella Sblendido
 
OpenStack Neutron Advanced Services by Akanda
Sean Roberts
 
OpenStack Paris Summit: Bridges and Tunnels: A Drive Through OpenStack Networ...
markmcclain
 
Open stack networking_101_update_2014
yfauser
 
Bridges and Tunnels a Drive Through OpenStack Networking
markmcclain
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Juergen Brendel
 
OpenStack Neutron behind the Scenes
Anil Bidari ( CEO , Cloud Enabled)
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Cloud Native Day Tel Aviv
 
MidoNet deep dive
Taku Fukushima
 
Open stack ha design & deployment kilo
Steven Li
 
Quantum (OpenStack Meetup Feb 9th, 2012)
Dan Wendlandt
 
High Availability for OpenStack
Kamesh Pemmaraju
 
Introduction to Software Defined Networking and OpenStack Neutron
Sana Khan
 
Neutron DVR
Edgar Magana
 
Navigating OpenStack Networking
PLUMgrid
 
OpenStack networking (Neutron)
CREATE-NET
 
Open daylight and Openstack
Dave Neary
 

Similar to Neutron high availability open stack architecture openstack israel event 2015 (20)

PPTX
OpenStack: Virtual Routers On Compute Nodes
clayton_oneill
 
PDF
Deep dive into highly available open stack architecture openstack summit va...
Arthur Berezin
 
PPTX
Multi tier-app-network-topology-neutron-final
Sadique Puthen
 
PDF
Network as a Service, Assaf Muller
Cloud Native Day Tel Aviv
 
PDF
Openstack Networking Internals - first part
lilliput12
 
PDF
neutron_icehouse_update
Akihiro Motoki
 
PPTX
OpenStack HA
tcp cloud
 
PPTX
OpenStack High Availability
Jakub Pavlik
 
PDF
Open stack networking_101_update_2014-os-meetups
yfauser
 
ODP
What's new in Neutron Juno
Jaume Devesa Gomez
 
PDF
Agile OpenStack Networking with Cisco Solutions
Cisco DevNet
 
PDF
Nova net-or-neutron-atlanta2014.pptx
Somik Behera
 
PDF
Open stack networking_101_part-1
yfauser
 
PDF
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
OpenStack Korea Community
 
PPTX
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
Rohit Agarwalla
 
PPTX
OpenStack Neutron Dragonflow l3 SDNmeetup
Eran Gampel
 
PPTX
Dragonflow 01 2016 TLV meetup
Eran Gampel
 
PPTX
Midokura OpenStack Meetup Taipei
Dan Mihai Dumitriu
 
PPTX
Openstack Overview
rajdeep
 
PPTX
Neutron Advanced Services - Akanda - Astara 201 presentation
Eric Lopez
 
OpenStack: Virtual Routers On Compute Nodes
clayton_oneill
 
Deep dive into highly available open stack architecture openstack summit va...
Arthur Berezin
 
Multi tier-app-network-topology-neutron-final
Sadique Puthen
 
Network as a Service, Assaf Muller
Cloud Native Day Tel Aviv
 
Openstack Networking Internals - first part
lilliput12
 
neutron_icehouse_update
Akihiro Motoki
 
OpenStack HA
tcp cloud
 
OpenStack High Availability
Jakub Pavlik
 
Open stack networking_101_update_2014-os-meetups
yfauser
 
What's new in Neutron Juno
Jaume Devesa Gomez
 
Agile OpenStack Networking with Cisco Solutions
Cisco DevNet
 
Nova net-or-neutron-atlanta2014.pptx
Somik Behera
 
Open stack networking_101_part-1
yfauser
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
OpenStack Korea Community
 
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
Rohit Agarwalla
 
OpenStack Neutron Dragonflow l3 SDNmeetup
Eran Gampel
 
Dragonflow 01 2016 TLV meetup
Eran Gampel
 
Midokura OpenStack Meetup Taipei
Dan Mihai Dumitriu
 
Openstack Overview
rajdeep
 
Neutron Advanced Services - Akanda - Astara 201 presentation
Eric Lopez
 
Ad

More from Arthur Berezin (15)

PDF
Uncovering the black magic of an open source community
Arthur Berezin
 
PDF
Uncovering the black magic of an open source community
Arthur Berezin
 
PDF
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...
Arthur Berezin
 
PDF
How cloud native vn fs deployed on open stack will change the telecom industry
Arthur Berezin
 
PDF
Aria 1.0 roadmap
Arthur Berezin
 
PDF
Orchestrating and managing VNFss on openstack - demo- [Cloudify + openstack ...
Arthur Berezin
 
PDF
Introduction into ARIA
Arthur Berezin
 
PDF
Cloudify NFV Orchestrator for Optimal Performance
Arthur Berezin
 
PDF
An approach for migrating enterprise apps into open stack
Arthur Berezin
 
PDF
Orchestrating Cloud Applications With TOSCA
Arthur Berezin
 
PDF
OpenStack Best Practices and Considerations - terasky tech day
Arthur Berezin
 
PDF
Openstack platform -Red Hat Pizza and technology event - Israel
Arthur Berezin
 
PDF
Openstack il2014 staypuft- your friendly foreman openstack installer
Arthur Berezin
 
PDF
Oracle week Israel - OpenStack Platform - 2013
Arthur Berezin
 
PDF
Building The Modern IT
Arthur Berezin
 
Uncovering the black magic of an open source community
Arthur Berezin
 
Uncovering the black magic of an open source community
Arthur Berezin
 
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...
Arthur Berezin
 
How cloud native vn fs deployed on open stack will change the telecom industry
Arthur Berezin
 
Aria 1.0 roadmap
Arthur Berezin
 
Orchestrating and managing VNFss on openstack - demo- [Cloudify + openstack ...
Arthur Berezin
 
Introduction into ARIA
Arthur Berezin
 
Cloudify NFV Orchestrator for Optimal Performance
Arthur Berezin
 
An approach for migrating enterprise apps into open stack
Arthur Berezin
 
Orchestrating Cloud Applications With TOSCA
Arthur Berezin
 
OpenStack Best Practices and Considerations - terasky tech day
Arthur Berezin
 
Openstack platform -Red Hat Pizza and technology event - Israel
Arthur Berezin
 
Openstack il2014 staypuft- your friendly foreman openstack installer
Arthur Berezin
 
Oracle week Israel - OpenStack Platform - 2013
Arthur Berezin
 
Building The Modern IT
Arthur Berezin
 
Ad

Recently uploaded (20)

PDF
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
PDF
SciPy 2025 - Packaging a Scientific Python Project
Henry Schreiner
 
PPTX
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PDF
TheFutureIsDynamic-BoxLang witch Luis Majano.pdf
Ortus Solutions, Corp
 
PDF
Top Agile Project Management Tools for Teams in 2025
Orangescrum
 
PDF
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
PDF
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
PPTX
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
PDF
Technical-Careers-Roadmap-in-Software-Market.pdf
Hussein Ali
 
PPTX
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
PPTX
Coefficient of Variance in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PPTX
AEM User Group: India Chapter Kickoff Meeting
jennaf3
 
PDF
AOMEI Partition Assistant Crack 10.8.2 + WinPE Free Downlaod New Version 2025
bashirkhan333g
 
PDF
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
PPTX
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
PDF
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
PDF
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
PDF
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
PDF
MiniTool Partition Wizard Free Crack + Full Free Download 2025
bashirkhan333g
 
PPTX
Home Care Tools: Benefits, features and more
Third Rock Techkno
 
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
SciPy 2025 - Packaging a Scientific Python Project
Henry Schreiner
 
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
TheFutureIsDynamic-BoxLang witch Luis Majano.pdf
Ortus Solutions, Corp
 
Top Agile Project Management Tools for Teams in 2025
Orangescrum
 
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
Technical-Careers-Roadmap-in-Software-Market.pdf
Hussein Ali
 
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
Coefficient of Variance in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
AEM User Group: India Chapter Kickoff Meeting
jennaf3
 
AOMEI Partition Assistant Crack 10.8.2 + WinPE Free Downlaod New Version 2025
bashirkhan333g
 
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
MiniTool Partition Wizard Free Crack + Full Free Download 2025
bashirkhan333g
 
Home Care Tools: Benefits, features and more
Third Rock Techkno
 

Neutron high availability open stack architecture openstack israel event 2015

  • 1. @Livnat_Peer Sr. Engineering Manager, Red Hat @ArthurBerezin Sr. Technical Product Manager, Red Hat Neutron High Availability OpenStack Israel Tel-Aviv June 2015
  • 2. Agenda HA Enabling Technologies Pacemaker and HAProxy Neutron Built-in Mechanisms DHCP Agent HA L3 Agent with Virtual Router Redundancy Protocol(VRRP) Distributed Virtual Routing(DVR)
  • 3. cc: Morio2015 Source: https://www.wikiwand.com/en/Scuderia_Ferrari
  • 5. High Availability ● Minimize Downtime By Avoiding SPOF ● Service redundancy ○ Active-Active When possible ■ Stateless services ■ Built-in HA mechanisms ○ Active-Passive for others ● Scale out Architecture Add nodes as you go
  • 8. ● Cluster Resource Manager ● Uses Corosync for cluster communication ● Monitor and Control Resources: ○ Floating Virtual IP Address (VIP) ○ SystemD/LSB/OCF Services ○ Cloned Services(Active/Active) ● STONITH - Fencing with Power Management ○ Important for ensuring data consistency Pacemaker
  • 9. ● Virtual IP(VIP) ● SystemD Cloned Resource ● STONITH Fencing Pacemaker OpenStack Service Node 2 - 192.168.1.2Node 1 - 192.168.1.1 pcsd pcsd Cloned STONITH STONITH Service Service Service Virtual IP 10.0.0.1
  • 10. HAProxy Load Balancer Load Balancing and Proxy for HTTP/TCP ● Mature and popular with web applications ● Health Checking ● Load Distribution
  • 11. ● Load Distribution ○ Round Robin, ○ Stick-Table ● API Isolation ● Failure Detection Node 1 Node 2 Node 3 HAProxy Load Balancer Service Service HAProxy
  • 12. Avoiding SPOFs A day in a Highly Available Service Life
  • 14. Neutron-Server Controller Give Me Horizon Web UI NOW! Single Point Of Failure
  • 15. Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1
  • 16. Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 Single Point Of Failure Each Could Fail
  • 17. Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 Single Point Of Failure Pacemaker Cloned Horizon Service
  • 18. Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 HAProxy Controller 3 HAProxy Controller 2 Pacemaker Cloned Horizon Service Pacemaker Cloned HAProxy Service
  • 19. Pacemaker Cloned HAProxy Service Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 HAProxy Controller 1 HAProxy Controller 3 HAProxy Controller 2 Give Me Horizon Web UI NOW! Horizon VIP Pacemaker Cloned Horizon Service
  • 21. ● External mechanisms ● Neutron built-in mechanisms ● Reference implementation vs. vendors code My HA Solution
  • 22. Architecture - Assuming Centralized Network Node Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Neutron server OVS agent OVS OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq Internet External Network API Network Management Network Data Network L3 Agent
  • 23. DHCP Agent ● IP address allocation is done by the Neutron server ● dnsmasq is used as a distribution mechanism of predefined allocations ● The DHCP protocol allows multiple DHCP servers to co-exist while serving the same pool ● Configuration in Neutron neutron.conf : dhcp_agents_per_network = X OVS Agent Neutron serverOVS DHCP agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent keepalived DHCP Agent
  • 24. ● Dynamic process creation: dnsmasq, keepalived, metadata proxy etc. ● ProcessMonitor check processes liveliness periodically ● Optional actions: – Respawn process – Exit agent – Notify (not available yet) ● Default configuration check_child_processes_action = respawn check_child_processes_period = 0 Process Monitoring OVS Agent Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent keepalived
  • 25. Metadata Agent OVS What Else? DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
  • 26. What Else? Metadata Agent OVS DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
  • 27. What Else? Metadata Agent OVS DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
  • 28. VRRP (Virtual Router Redundancy Protocol) ● Providing HA of the network’s default gateway ● Configuring default gateway as VIP + Virtual MAC ● Gratuitous ARP after failover Sync Net
  • 29. L3 HA Implementing VRRP ● Using keepalived which internally implements VRRP ● Creating a per tenant HA network, used for VRRP sync messages ● When HA router is created it is scheduled on multiple network nodes (Configurable) ● New in Kilo – Report which network node is hosting the master instance ● On the work – L3 HA + l2pop – External interface tracking – L3 HA+DVR
  • 30. Traffic Flow 3-tier Application Host 1 WWW VM Host 2 App VM Host 3 DB VM Network Node Virtual Router
  • 31. DVR – Distributed Virtual Router ● DVR is moving most of the routing to the compute node – Isolating the failure domain of the network node – Optimizing the network flow ● Traffic types – East – West (Within the tenant, different networks) – North – South with floating IP (VM to/from external network) – North – South without floating IP (Based on SNAT) Direct between compute nodes Through network node
  • 32. Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Internet External Network API Network Management Network Data Network Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent Neutron server OVS agent OVS
  • 33. Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Internet External Network API Network Management Network Data Network Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent Neutron server OVS agent OVS
  • 34. Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Neutron server OVS agent OVS Internet External Network API Network Management Network Data Network Compute Node Neutron server OVS agent Neutron serverOVS L3 agent Neutron serverMetadata agent Metadata Proxy Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent
  • 35. Summary ● No one stop shop ● Maximize the use of built-in solutions – They are vendor neutral – Highly maintained – Widely documented ● Understand what you need, use the appropriate tools – DVR vs VRRP – What size is your deployment, maybe A/P is good enough... ● The more complicated the solution is the more likely it is to have bugs
  • 37. Resources ● http://assafmuller.com ● http://specs.openstack.org/openstack/neutron-specs/specs/kilo/agent-child-processes-statu s.html ● https://github.com/beekhof/osp-ha-deploy/blob/master/ha-openstack.md ● https://docs.google.com/document/d/1jCmraZGirmXq5V1MtRqhjdZCbUfiwBhRkUjDXGt5QUQ /edit ● https://docs.google.com/document/d/1jCmraZGirmXq5V1MtRqhjdZCbUfiwBhRkUjDXGt5QUQ /edit ● https://www.youtube.com/watch?v=00j1x-T1vhA