SlideShare a Scribd company logo

Neutron high availability open stack architecture openstack israel event 2015

Arthur Berezin, profile picture
Arthur Berezin

The document discusses high availability (HA) technologies in OpenStack using Neutron, focusing on solutions like Pacemaker and HAProxy to minimize downtime and avoid single points of failure. It details architecture considerations, the use of DB and DHCP agents, and the implementation of redundancy through techniques like VRRP and distributed virtual routing (DVR). The summary emphasizes the importance of leveraging built-in solutions while choosing the appropriate HA strategies based on deployment size and complexity.

Software
1 of 37
Downloaded 333 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
@Livnat_Peer Sr. Engineering Manager, Red Hat @ArthurBerezin Sr. Technical Product Manager, Red Hat Neutron High Availability OpenStack Israel Tel-Aviv June 2015
Agenda HA Enabling Technologies Pacemaker and HAProxy Neutron Built-in Mechanisms DHCP Agent HA L3 Agent with Virtual Router Redundancy Protocol(VRRP) Distributed Virtual Routing(DVR)
cc: Morio2015 Source: https://www.wikiwand.com/en/Scuderia_Ferrari
Losing Your Controller https://www.youtube.com/watch?v=Kb43Nxuwc4I
High Availability ● Minimize Downtime By Avoiding SPOF ● Service redundancy ○ Active-Active When possible ■ Stateless services ■ Built-in HA mechanisms ○ Active-Passive for others ● Scale out Architecture Add nodes as you go
Neutron high availability open stack architecture openstack israel event 2015
HA Enabling Technologies Pacemaker, HAProxy
● Cluster Resource Manager ● Uses Corosync for cluster communication ● Monitor and Control Resources: ○ Floating Virtual IP Address (VIP) ○ SystemD/LSB/OCF Services ○ Cloned Services(Active/Active) ● STONITH - Fencing with Power Management ○ Important for ensuring data consistency Pacemaker
● Virtual IP(VIP) ● SystemD Cloned Resource ● STONITH Fencing Pacemaker OpenStack Service Node 2 - 192.168.1.2Node 1 - 192.168.1.1 pcsd pcsd Cloned STONITH STONITH Service Service Service Virtual IP 10.0.0.1
HAProxy Load Balancer Load Balancing and Proxy for HTTP/TCP ● Mature and popular with web applications ● Health Checking ● Load Distribution
● Load Distribution ○ Round Robin, ○ Stick-Table ● API Isolation ● Failure Detection Node 1 Node 2 Node 3 HAProxy Load Balancer Service Service HAProxy
Avoiding SPOFs A day in a Highly Available Service Life
Neutron-Server Controller Give Me Horizon Web UI NOW!
Neutron-Server Controller Give Me Horizon Web UI NOW! Single Point Of Failure
Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1
Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 Single Point Of Failure Each Could Fail
Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 Single Point Of Failure Pacemaker Cloned Horizon Service
Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 HAProxy Controller 3 HAProxy Controller 2 Pacemaker Cloned Horizon Service Pacemaker Cloned HAProxy Service
Pacemaker Cloned HAProxy Service Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 HAProxy Controller 1 HAProxy Controller 3 HAProxy Controller 2 Give Me Horizon Web UI NOW! Horizon VIP Pacemaker Cloned Horizon Service
Neutron Built-in Mechanisms
● External mechanisms ● Neutron built-in mechanisms ● Reference implementation vs. vendors code My HA Solution
Architecture - Assuming Centralized Network Node Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Neutron server OVS agent OVS OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq Internet External Network API Network Management Network Data Network L3 Agent
DHCP Agent ● IP address allocation is done by the Neutron server ● dnsmasq is used as a distribution mechanism of predefined allocations ● The DHCP protocol allows multiple DHCP servers to co-exist while serving the same pool ● Configuration in Neutron neutron.conf : dhcp_agents_per_network = X OVS Agent Neutron serverOVS DHCP agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent keepalived DHCP Agent
● Dynamic process creation: dnsmasq, keepalived, metadata proxy etc. ● ProcessMonitor check processes liveliness periodically ● Optional actions: – Respawn process – Exit agent – Notify (not available yet) ● Default configuration check_child_processes_action = respawn check_child_processes_period = 0 Process Monitoring OVS Agent Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent keepalived
Metadata Agent OVS What Else? DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
What Else? Metadata Agent OVS DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
What Else? Metadata Agent OVS DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
VRRP (Virtual Router Redundancy Protocol) ● Providing HA of the network’s default gateway ● Configuring default gateway as VIP + Virtual MAC ● Gratuitous ARP after failover Sync Net
L3 HA Implementing VRRP ● Using keepalived which internally implements VRRP ● Creating a per tenant HA network, used for VRRP sync messages ● When HA router is created it is scheduled on multiple network nodes (Configurable) ● New in Kilo – Report which network node is hosting the master instance ● On the work – L3 HA + l2pop – External interface tracking – L3 HA+DVR
Traffic Flow 3-tier Application Host 1 WWW VM Host 2 App VM Host 3 DB VM Network Node Virtual Router
DVR – Distributed Virtual Router ● DVR is moving most of the routing to the compute node – Isolating the failure domain of the network node – Optimizing the network flow ● Traffic types – East – West (Within the tenant, different networks) – North – South with floating IP (VM to/from external network) – North – South without floating IP (Based on SNAT) Direct between compute nodes Through network node
Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Internet External Network API Network Management Network Data Network Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent Neutron server OVS agent OVS
Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Internet External Network API Network Management Network Data Network Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent Neutron server OVS agent OVS
Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Neutron server OVS agent OVS Internet External Network API Network Management Network Data Network Compute Node Neutron server OVS agent Neutron serverOVS L3 agent Neutron serverMetadata agent Metadata Proxy Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent
Summary ● No one stop shop ● Maximize the use of built-in solutions – They are vendor neutral – Highly maintained – Widely documented ● Understand what you need, use the appropriate tools – DVR vs VRRP – What size is your deployment, maybe A/P is good enough... ● The more complicated the solution is the more likely it is to have bugs
Thank You
Resources ● http://assafmuller.com ● http://specs.openstack.org/openstack/neutron-specs/specs/kilo/agent-child-processes-statu s.html ● https://github.com/beekhof/osp-ha-deploy/blob/master/ha-openstack.md ● https://docs.google.com/document/d/1jCmraZGirmXq5V1MtRqhjdZCbUfiwBhRkUjDXGt5QUQ /edit ● https://docs.google.com/document/d/1jCmraZGirmXq5V1MtRqhjdZCbUfiwBhRkUjDXGt5QUQ /edit ● https://www.youtube.com/watch?v=00j1x-T1vhA

More Related Content

PPTX
Openstack Basic with Neutron
KwonSun Bae
 
PDF
Inside Architecture of Neutron
markmcclain
 
PPTX
Neutron behind the scenes
inbroker
 
PDF
Openstack Neutron and SDN
inakipascual
 
ODP
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Dave Neary
 
PPTX
High Availability in Neutron
Rossella Sblendido
 
PDF
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
markmcclain
 
PPTX
OpenStack Networking and Automation
Adam Johnson
 
Openstack Basic with Neutron
KwonSun Bae
 
Inside Architecture of Neutron
markmcclain
 
Neutron behind the scenes
inbroker
 
Openstack Neutron and SDN
inakipascual
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Dave Neary
 
High Availability in Neutron
Rossella Sblendido
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
markmcclain
 
OpenStack Networking and Automation
Adam Johnson
 

What's hot (20)

PPTX
OpenStack HA
Kenneth Hui
 
PPTX
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
PPTX
Open stack HA - Theory to Reality
Sriram Subramanian
 
PPTX
L2 and L3 agent restructure
Rossella Sblendido
 
PDF
OpenStack Neutron Advanced Services by Akanda
Sean Roberts
 
PDF
OpenStack Paris Summit: Bridges and Tunnels: A Drive Through OpenStack Networ...
markmcclain
 
PDF
Open stack networking_101_update_2014
yfauser
 
PDF
Bridges and Tunnels a Drive Through OpenStack Networking
markmcclain
 
PDF
Simplifying the OpenStack and Kubernetes network stack with Romana
Juergen Brendel
 
PPTX
OpenStack Neutron behind the Scenes
Anil Bidari ( CEO , Cloud Enabled)
 
PPTX
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Cloud Native Day Tel Aviv
 
PDF
MidoNet deep dive
Taku Fukushima
 
PPTX
Open stack ha design & deployment kilo
Steven Li
 
PPTX
Quantum (OpenStack Meetup Feb 9th, 2012)
Dan Wendlandt
 
PDF
High Availability for OpenStack
Kamesh Pemmaraju
 
PDF
Introduction to Software Defined Networking and OpenStack Neutron
Sana Khan
 
PPTX
Neutron DVR
Edgar Magana
 
PPTX
Navigating OpenStack Networking
PLUMgrid
 
PDF
OpenStack networking (Neutron)
CREATE-NET
 
PDF
Open daylight and Openstack
Dave Neary
 
OpenStack HA
Kenneth Hui
 
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
Open stack HA - Theory to Reality
Sriram Subramanian
 
L2 and L3 agent restructure
Rossella Sblendido
 
OpenStack Neutron Advanced Services by Akanda
Sean Roberts
 
OpenStack Paris Summit: Bridges and Tunnels: A Drive Through OpenStack Networ...
markmcclain
 
Open stack networking_101_update_2014
yfauser
 
Bridges and Tunnels a Drive Through OpenStack Networking
markmcclain
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Juergen Brendel
 
OpenStack Neutron behind the Scenes
Anil Bidari ( CEO , Cloud Enabled)
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Cloud Native Day Tel Aviv
 
MidoNet deep dive
Taku Fukushima
 
Open stack ha design & deployment kilo
Steven Li
 
Quantum (OpenStack Meetup Feb 9th, 2012)
Dan Wendlandt
 
High Availability for OpenStack
Kamesh Pemmaraju
 
Introduction to Software Defined Networking and OpenStack Neutron
Sana Khan
 
Neutron DVR
Edgar Magana
 
Navigating OpenStack Networking
PLUMgrid
 
OpenStack networking (Neutron)
CREATE-NET
 
Open daylight and Openstack
Dave Neary
 
Ad

Similar to Neutron high availability open stack architecture openstack israel event 2015 (20)

PPTX
OpenStack: Virtual Routers On Compute Nodes
clayton_oneill
 
PDF
Deep dive into highly available open stack architecture openstack summit va...
Arthur Berezin
 
PPTX
Multi tier-app-network-topology-neutron-final
Sadique Puthen
 
PDF
Network as a Service, Assaf Muller
Cloud Native Day Tel Aviv
 
PDF
Openstack Networking Internals - first part
lilliput12
 
PDF
neutron_icehouse_update
Akihiro Motoki
 
PPTX
OpenStack HA
tcp cloud
 
PPTX
OpenStack High Availability
Jakub Pavlik
 
PDF
Open stack networking_101_update_2014-os-meetups
yfauser
 
ODP
What's new in Neutron Juno
Jaume Devesa Gomez
 
PDF
Agile OpenStack Networking with Cisco Solutions
Cisco DevNet
 
PDF
Nova net-or-neutron-atlanta2014.pptx
Somik Behera
 
PDF
Open stack networking_101_part-1
yfauser
 
PDF
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
OpenStack Korea Community
 
PPTX
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
Rohit Agarwalla
 
PPTX
OpenStack Neutron Dragonflow l3 SDNmeetup
Eran Gampel
 
PPTX
Dragonflow 01 2016 TLV meetup
Eran Gampel
 
PPTX
Midokura OpenStack Meetup Taipei
Dan Mihai Dumitriu
 
PPTX
Openstack Overview
rajdeep
 
PPTX
Neutron Advanced Services - Akanda - Astara 201 presentation
Eric Lopez
 
OpenStack: Virtual Routers On Compute Nodes
clayton_oneill
 
Deep dive into highly available open stack architecture openstack summit va...
Arthur Berezin
 
Multi tier-app-network-topology-neutron-final
Sadique Puthen
 
Network as a Service, Assaf Muller
Cloud Native Day Tel Aviv
 
Openstack Networking Internals - first part
lilliput12
 
neutron_icehouse_update
Akihiro Motoki
 
OpenStack HA
tcp cloud
 
OpenStack High Availability
Jakub Pavlik
 
Open stack networking_101_update_2014-os-meetups
yfauser
 
What's new in Neutron Juno
Jaume Devesa Gomez
 
Agile OpenStack Networking with Cisco Solutions
Cisco DevNet
 
Nova net-or-neutron-atlanta2014.pptx
Somik Behera
 
Open stack networking_101_part-1
yfauser
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
OpenStack Korea Community
 
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
Rohit Agarwalla
 
OpenStack Neutron Dragonflow l3 SDNmeetup
Eran Gampel
 
Dragonflow 01 2016 TLV meetup
Eran Gampel
 
Midokura OpenStack Meetup Taipei
Dan Mihai Dumitriu
 
Openstack Overview
rajdeep
 
Neutron Advanced Services - Akanda - Astara 201 presentation
Eric Lopez
 
Ad

More from Arthur Berezin (15)

PDF
Uncovering the black magic of an open source community
Arthur Berezin
 
PDF
Uncovering the black magic of an open source community
Arthur Berezin
 
PDF
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...
Arthur Berezin
 
PDF
How cloud native vn fs deployed on open stack will change the telecom industry
Arthur Berezin
 
PDF
Aria 1.0 roadmap
Arthur Berezin
 
PDF
Orchestrating and managing VNFss on openstack - demo- [Cloudify + openstack ...
Arthur Berezin
 
PDF
Introduction into ARIA
Arthur Berezin
 
PDF
Cloudify NFV Orchestrator for Optimal Performance
Arthur Berezin
 
PDF
An approach for migrating enterprise apps into open stack
Arthur Berezin
 
PDF
Orchestrating Cloud Applications With TOSCA
Arthur Berezin
 
PDF
OpenStack Best Practices and Considerations - terasky tech day
Arthur Berezin
 
PDF
Openstack platform -Red Hat Pizza and technology event - Israel
Arthur Berezin
 
PDF
Openstack il2014 staypuft- your friendly foreman openstack installer
Arthur Berezin
 
PDF
Oracle week Israel - OpenStack Platform - 2013
Arthur Berezin
 
PDF
Building The Modern IT
Arthur Berezin
 
Uncovering the black magic of an open source community
Arthur Berezin
 
Uncovering the black magic of an open source community
Arthur Berezin
 
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...
Arthur Berezin
 
How cloud native vn fs deployed on open stack will change the telecom industry
Arthur Berezin
 
Aria 1.0 roadmap
Arthur Berezin
 
Orchestrating and managing VNFss on openstack - demo- [Cloudify + openstack ...
Arthur Berezin
 
Introduction into ARIA
Arthur Berezin
 
Cloudify NFV Orchestrator for Optimal Performance
Arthur Berezin
 
An approach for migrating enterprise apps into open stack
Arthur Berezin
 
Orchestrating Cloud Applications With TOSCA
Arthur Berezin
 
OpenStack Best Practices and Considerations - terasky tech day
Arthur Berezin
 
Openstack platform -Red Hat Pizza and technology event - Israel
Arthur Berezin
 
Openstack il2014 staypuft- your friendly foreman openstack installer
Arthur Berezin
 
Oracle week Israel - OpenStack Platform - 2013
Arthur Berezin
 
Building The Modern IT
Arthur Berezin
 

Recently uploaded (20)

PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
System and Network Administraation Chapter 3
jaramharo
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
Introduction to Artificial Intelligence
lohedi9363
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Transform Your Business with a Software ERP System
Canada Software Company
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 

Neutron high availability open stack architecture openstack israel event 2015

  • 1. @Livnat_Peer Sr. Engineering Manager, Red Hat @ArthurBerezin Sr. Technical Product Manager, Red Hat Neutron High Availability OpenStack Israel Tel-Aviv June 2015
  • 2. Agenda HA Enabling Technologies Pacemaker and HAProxy Neutron Built-in Mechanisms DHCP Agent HA L3 Agent with Virtual Router Redundancy Protocol(VRRP) Distributed Virtual Routing(DVR)
  • 3. cc: Morio2015 Source: https://www.wikiwand.com/en/Scuderia_Ferrari
  • 5. High Availability ● Minimize Downtime By Avoiding SPOF ● Service redundancy ○ Active-Active When possible ■ Stateless services ■ Built-in HA mechanisms ○ Active-Passive for others ● Scale out Architecture Add nodes as you go
  • 8. ● Cluster Resource Manager ● Uses Corosync for cluster communication ● Monitor and Control Resources: ○ Floating Virtual IP Address (VIP) ○ SystemD/LSB/OCF Services ○ Cloned Services(Active/Active) ● STONITH - Fencing with Power Management ○ Important for ensuring data consistency Pacemaker
  • 9. ● Virtual IP(VIP) ● SystemD Cloned Resource ● STONITH Fencing Pacemaker OpenStack Service Node 2 - 192.168.1.2Node 1 - 192.168.1.1 pcsd pcsd Cloned STONITH STONITH Service Service Service Virtual IP 10.0.0.1
  • 10. HAProxy Load Balancer Load Balancing and Proxy for HTTP/TCP ● Mature and popular with web applications ● Health Checking ● Load Distribution
  • 11. ● Load Distribution ○ Round Robin, ○ Stick-Table ● API Isolation ● Failure Detection Node 1 Node 2 Node 3 HAProxy Load Balancer Service Service HAProxy
  • 12. Avoiding SPOFs A day in a Highly Available Service Life
  • 14. Neutron-Server Controller Give Me Horizon Web UI NOW! Single Point Of Failure
  • 15. Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1
  • 16. Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 Single Point Of Failure Each Could Fail
  • 17. Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 Single Point Of Failure Pacemaker Cloned Horizon Service
  • 18. Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 Give Me Horizon Web UI NOW! HAProxy Controller 1 HAProxy Controller 3 HAProxy Controller 2 Pacemaker Cloned Horizon Service Pacemaker Cloned HAProxy Service
  • 19. Pacemaker Cloned HAProxy Service Neutron-Server Controller 1 Neutron-Server Controller 2 Neutron-Server Controller 3 HAProxy Controller 1 HAProxy Controller 3 HAProxy Controller 2 Give Me Horizon Web UI NOW! Horizon VIP Pacemaker Cloned Horizon Service
  • 21. ● External mechanisms ● Neutron built-in mechanisms ● Reference implementation vs. vendors code My HA Solution
  • 22. Architecture - Assuming Centralized Network Node Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Neutron server OVS agent OVS OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq Internet External Network API Network Management Network Data Network L3 Agent
  • 23. DHCP Agent ● IP address allocation is done by the Neutron server ● dnsmasq is used as a distribution mechanism of predefined allocations ● The DHCP protocol allows multiple DHCP servers to co-exist while serving the same pool ● Configuration in Neutron neutron.conf : dhcp_agents_per_network = X OVS Agent Neutron serverOVS DHCP agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent keepalived DHCP Agent
  • 24. ● Dynamic process creation: dnsmasq, keepalived, metadata proxy etc. ● ProcessMonitor check processes liveliness periodically ● Optional actions: – Respawn process – Exit agent – Notify (not available yet) ● Default configuration check_child_processes_action = respawn check_child_processes_period = 0 Process Monitoring OVS Agent Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent keepalived
  • 25. Metadata Agent OVS What Else? DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
  • 26. What Else? Metadata Agent OVS DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
  • 27. What Else? Metadata Agent OVS DHCP Agent Metadata Proxy dnsmasq L3 Agent keepalived OVS Agent OVS Metadata Agent
  • 28. VRRP (Virtual Router Redundancy Protocol) ● Providing HA of the network’s default gateway ● Configuring default gateway as VIP + Virtual MAC ● Gratuitous ARP after failover Sync Net
  • 29. L3 HA Implementing VRRP ● Using keepalived which internally implements VRRP ● Creating a per tenant HA network, used for VRRP sync messages ● When HA router is created it is scheduled on multiple network nodes (Configurable) ● New in Kilo – Report which network node is hosting the master instance ● On the work – L3 HA + l2pop – External interface tracking – L3 HA+DVR
  • 30. Traffic Flow 3-tier Application Host 1 WWW VM Host 2 App VM Host 3 DB VM Network Node Virtual Router
  • 31. DVR – Distributed Virtual Router ● DVR is moving most of the routing to the compute node – Isolating the failure domain of the network node – Optimizing the network flow ● Traffic types – East – West (Within the tenant, different networks) – North – South with floating IP (VM to/from external network) – North – South without floating IP (Based on SNAT) Direct between compute nodes Through network node
  • 32. Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Internet External Network API Network Management Network Data Network Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent Neutron server OVS agent OVS
  • 33. Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Internet External Network API Network Management Network Data Network Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent Neutron server OVS agent OVS
  • 34. Architecture - Assuming DVR Compute Node Controller Node Network Node Neutron server MySQL server Neutron server Neutron serverRabbitmq server Neutron server OVS agent OVS Internet External Network API Network Management Network Data Network Compute Node Neutron server OVS agent Neutron serverOVS L3 agent Neutron serverMetadata agent Metadata Proxy Network Node OVS Agent keepalived Neutron serverOVS DHCP agentDHCP Agent Neutron serverMetadata Agent Metadata Proxy dnsmasq L3 Agent
  • 35. Summary ● No one stop shop ● Maximize the use of built-in solutions – They are vendor neutral – Highly maintained – Widely documented ● Understand what you need, use the appropriate tools – DVR vs VRRP – What size is your deployment, maybe A/P is good enough... ● The more complicated the solution is the more likely it is to have bugs
  • 37. Resources ● http://assafmuller.com ● http://specs.openstack.org/openstack/neutron-specs/specs/kilo/agent-child-processes-statu s.html ● https://github.com/beekhof/osp-ha-deploy/blob/master/ha-openstack.md ● https://docs.google.com/document/d/1jCmraZGirmXq5V1MtRqhjdZCbUfiwBhRkUjDXGt5QUQ /edit ● https://docs.google.com/document/d/1jCmraZGirmXq5V1MtRqhjdZCbUfiwBhRkUjDXGt5QUQ /edit ● https://www.youtube.com/watch?v=00j1x-T1vhA