vr_keepalive - OpenNebula/one-apps GitHub Wiki

Keepalived: Virtual Router Failover

Keepalived offers failover capabilities for Virtual Router instances, utilizing the VRRP protocol to enable seamless failover of the Gateway IP within a network. In OpenNebula, a Virtual Routers with multiple instances serve as redundant gateways for the network.

To illustrate, Figure 1 depicts a LAN topology with configured VRRP. In this scenario, there is a single OpenNebula Virtual Router featuring three instances: VR-1 (10.0.0.2), VR-2 (10.0.0.3), and VR-3 (10.0.0.4). Each virtual machine can now be configured to utilize the FLOATING_IP of the Virtual Router as its default gateway.

 Public Network
────────┬──────────┬──────────┬───────────────────
        β”‚          β”‚          β”‚
 β”Œβ”€ ─ ─ β”Ό ─ ─ ─ ─ ─┼ ─ ─ ─ ─ ─┼ ─ ─ ┐ OpenNebula Virtual Router
 β”‚      β”‚          β”‚          β”‚     β”‚ VRRP group
 β”‚ β”Œβ”€β”€β”€β”€β”΄β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”΄β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”΄β”€β”€β”€β” β”‚
 β”‚ β”‚        β”‚ β”‚        β”‚ β”‚        β”‚ β”‚ FLOATING_IP
 β”‚ β”‚  VR-1  β”‚ β”‚  VR-2  β”‚ β”‚  VR-3  β”‚ β”‚ 10.0.0.1
 β”‚ β”‚        β”‚ β”‚        β”‚ β”‚        β”‚ β”‚
 β”‚ └──eth1β”€β”€β”˜ └──eth1β”€β”€β”˜ └──eth1β”€β”€β”˜ β”‚
 β”‚     β”‚           β”‚          β”‚     β”‚
 β”‚  10.0.0.2    10.0.0.3   10.0.0.4 β”‚
 β”‚     β”‚           β”‚          β”‚     β”‚
 └─ ─ ─│─ ─ ─ ─ ─ ─│─ ─ ─ ─ ─ ┼─ ─ β”€β”˜
       β”‚           β”‚          β”‚
───────┴───────────┼──────────┼──────────┬───────
Private Network    β”‚          β”‚          β”‚
                   β”‚          β”‚          β”‚
                 β”Œβ”€β”΄β”€β”€β”     β”Œβ”€β”΄β”€β”€β”     β”Œβ”€β”΄β”€β”€β”
                 β”‚ VM β”‚     β”‚ VM β”‚     β”‚ VM β”‚
                 β””β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”˜

Virtual Router Configuration

The following attributes control the basic configuration for a VRRP group:

  • FLOATING_IP = YES for every interface where VRRP protocol needs to run
  • KEEPALIVED_ID (Optional) OpenNebula will assign an automatic ID to the VRRP group, use this setting to overwrite.
  • KEEPALIVED_PASSWORD (Optional) sets a password for the VRRP protocol.

For the previous example, you could use:

NAME = "VRRP router"

NIC = [ NETWORK = public ]
NIC = [ NETWORK = private, FLOATING_IP = "YES" ]

Note

Since OpenNebula 6.8.2+ there is a related feature "floating only", i.e. FLOATING_ONLY = "YES" attached to a NIC section (NIC = [ ..., FLOATING_ONLY = "YES", ... ]). When enabled, VR gets the VIP, but no other IP addresses are taken from the AR (this is ideal for public VNETs). Note that in this case, the interface with "floating_only" will not run VRRP.

When the Virtual Router instances are created, OpenNebula will automatically set the following context attributes for each NIC:

Parameter Description
VROUTER_ID VR ID in OpenNebula database
VROUTER_KEEPALIVED_ID ID used as virtual_router_id (1-255)
VROUTER_KEEPALIVED_PASSWORD Global VR password (max 8 characters)
ETHx_VROUTER_IP "floating IP" attached (if requested) for ethX
ETHx_VROUTER_MANAGEMENT Set ethX a management interface (YES/NO)

Important

When the ONEAPP_VNF_KEEPALIVED_VRID parameter is undefined, then VR tries to detect if SERVICE_ID is defined (or queries OneGate for that id). If it's possible to obtain the SERVICE_ID, then VR assumes it's running inside an OneFlow service and computes ONEAPP_VNF_KEEPALIVED_VRID = SERVICE_ID % 255 + 1. That way it should be relatively safe to leave ONEAPP_VNF_KEEPALIVED_VRID unconfigured.

Context Attributes

Module Configuration Attributes

All module configuration attributes are set from the virtual router definition, you can override default settings by defining them in the context section of the associated VM template.

Parameter Default Description
ONEAPP_VROUTER_ETHx_VIP0 ETHx_VROUTER_IP Primary VIP for ethX
ONEAPP_VROUTER_ETHx_VIP<1-9> none Optional VIPs for ethX
ONEAPP_VNF_KEEPALIVED_INTERFACES all NICs List of managed NICs (<[!]ethX> ...)
ONEAPP_VNF_KEEPALIVED_PASSWORD VROUTER_KEEPALIVED_PASSWORD Global VR password (max 8 characters)
ONEAPP_VNF_KEEPALIVED_PRIORITY 100 Global VR numerical priority
ONEAPP_VNF_KEEPALIVED_VRID VROUTER_KEEPALIVED_ID ID used as virtual_router_id (1-255)
ONEAPP_VNF_KEEPALIVED_INTERVAL 1 Global advertising interval (seconds)
ONEAPP_VNF_KEEPALIVED_ETHx_PASSWORD ONEAPP_VNF_KEEPALIVED_PASSWORD VR password for ethX (max 8 characters)
ONEAPP_VNF_KEEPALIVED_ETHx_PRIORITY ONEAPP_VNF_KEEPALIVED_PRIORITY VR numerical priority for ethX
ONEAPP_VNF_KEEPALIVED_ETHx_VRID ONEAPP_VNF_KEEPALIVED_VRID ID used as virtual_router_id for ethX (1-255)
ONEAPP_VNF_KEEPALIVED_ETHx_SKIP NO Exclude ETHx from VRRP traffic
ONEAPP_VNF_KEEPALIVED_ETHx_INTERVAL ONEAPP_VNF_KEEPALIVED_INTERVAL Advertising interval for ethX (seconds)
⚠️ **GitHub.com Fallback** ⚠️