I found other posts which deal with the HA topic in general, but I did not find one that strictly discussed the specifics or guidance on guest instance network failover mechanisms.
I'm currently developing against neutron Grizzly using the OVS plugin with VLANs and GRE tunnelling. Flooding is working on both. Tell us to move to Havana is not a show stopper, but will require work. I have guest instances which want to use their own L2 failover mechanism. They are clustered VMs which migrate L3 fixed_ip addresses based on a triggered failover, which can happen for many different reasons. On typical dynamic learning Ethernet, the VMs send out GARPs which takes care of the network update. In neutron I can make port updates to move the fixed_ips from one port to another, but that takes time to let everything catch up and delays the failover process significantly. I know what ports should be allowed traffic for specific fixed_ips on a failover event, so it would be great if I could allow everything I need before a failover is triggered. Currently the ip_spoofing_rule in the iptables firewall is getting in the way as it will only let traffic originate from fixed_ips associated with a port. I would love to be able to associate a specific fixed_ip with multiple ports which would adjust the iptables rule, but that's a pretty fundamental change seeing that IPAllocation is a foreign key to port in the data model. For that matter on the engress rule, I would also like to allow multiple MAC addresses in the destination filter, but that not a requirement to make this work quickly. Anyone have a convenient way to augment the iptable ip_spoofing_rule to allow for my failover without waiting on port updates to the controller to migrate fixed_ips between ports? I have a mechanism to allow each fixed_ip address to have its own port (MAC address) if that helps, but it complicates the orchestration of both the guest instance setup and failover. Has there been any discussion around secondary_fixed_ips or clustered_fixed_ips which can be associated with more than one port at a time that I've missed on the mailing list? Thanks for your help everyone. John
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev