Enable virtual router HA in neutron (enable L3 HA)¶

In this post you will find the instructions to enable HA between two Neutron nodes; in other words, how to put neutron L3 agents (virtual routers) in HA.

We assume our OpenStack cluster contains two neutron-gateway nodes.

neutron-api charm configuration¶

On the Juju client issue the following command:

juju config neutron-api enable-l3ha=true

Check: add a new router¶

Now create a new router as usual. The routers are configured in Active/Standby mode on the two neutron-gateway hosts. Issue the following CLI command to check how the router is configured:

$ neutron l3-agent-list-hosting-router $ROUTER_ID
+--------------------------------------+------------+----------------+-------+----------+
| id                                   | host       | admin_state_up | alive | ha_state |
+--------------------------------------+------------+----------------+-------+----------+
| 775a4d38-d6b7-4f6d-a34b-e5327563e2e5 | pa1-r2-s09 | True           | :-)   | standby  |
| 9f9a2fe0-561f-43e8-aa94-1f3224266f06 | pa1-r1-s11 | True           | :-)   | active   |
+--------------------------------------+------------+----------------+-------+----------+

The router is Active on the host pa1-r1-s11 and Standby on pa1-r2-s09. To see what this means let’s log on the two hosts. On both nodes we “see” the router in the output of ip netns. But if we log into the router netspace and issue ifconfig we see that only the active member has the IP addresses and routing description:

#ip netns exec qrouter-e8b15351-6add-42b4-b878-09e07e4230bf bash
# ifconfig
ha-e5cf102f-69 Link encap:Ethernet  HWaddr fa:16:3e:46:9a:f1
     inet addr:169.254.192.10  Bcast:169.254.255.255  Mask:255.255.192.0
     ....

lo        Link encap:Local Loopback
     inet addr:127.0.0.1  Mask:255.0.0.0
     ....

qg-e74c62c3-9d Link encap:Ethernet  HWaddr fa:16:3e:9c:65:0f
     inet addr:90.147.189.205  Bcast:0.0.0.0  Mask:255.255.255.255
     ....

qr-4dd6a2b0-99 Link encap:Ethernet  HWaddr fa:16:3e:70:dc:62
     inet addr:192.168.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
     ....

Also note the new interface ha-XXX which activates the VRRP link between the two members.

Enabling HA of already existing routers¶

Virtual routers created before L3 HA is enabled are not automatically configured in HA. To do it let’s issue, from an OpenStack client:

neutron router-update $ROUTER_ID --admin_state_up=false
neutron router-update $ROUTER_ID --ha=true
neutron router-update $ROUTER_ID --admin_state_up=true