This section explains how to configure a cluster in NSX Advanced Load Balancer for an OpenStack cloud. To provide NSX Advanced Load Balancer Controller HA, add two additional Controller nodes to create a three-node Controller cluster.

For more information on deploying a cluster, see Deploying a NSX Advanced Load Balancer Controller Cluster.

Prerequisites for Cluster Deployment

There are certain prerequisites defined for the leader and follower nodes in a cluster. For complete information, see Prerequisites for Cluster Deployment.

From an OpenStack perspective, consider the following:

  1. A Neutron port is created and is available for cluster VIP.

  2. A floating IP is available for Neutron port.

Deploying an NSX Advanced Load Balancer Controller Cluster

For complete information on configuring Controller’s management interfaces and cluster IP, see Deploying an NSX Advanced Load Balancer Controller Cluster.

The following sections are for creating OpenStack floating IP and binding that with the cluster IP:

Write Mode

  1. Access OpenStack Horizon CLI.

    1. List the Network

      openstack network list — This indicates the configured requisite networks.

      root@openstack-mitaka:/root# openstack network list
      +--------------------------------------+---------------+------------------------------------------------------+
      | id                                   | name          | subnets                                              |
      +--------------------------------------+---------------+------------------------------------------------------+
      | 10a514a3-d843-499d-80fd-28274d4a4912 | webserver-net | 3ebfb2ef-9b47-44f7-9da5-5245e1d0ed53 192.168.10.0/24 |
      | 5dd0b1cb-ebba-4ff9-84fd-74dcf13c7f86 | client-net    | a9a00d61-6ee8-4fac-80df-4e0bb8c8b4f3 192.168.11.0/24 |
      | c1c045f5-2d0f-43e3-ab43-55f990cde9b7 | provider1     | 1b65c0da-38c7-4c85-88a9-30c52c6a4558 10.130.128.0/18 |
      | dd9dab27-9228-4765-96f2-d56194136ba0 | avimgmt       | 5785c1cf-a222-4b0a-9343-003153f37a65 172.16.0.0/24   |
      +--------------------------------------+---------------+------------------------------------------------------+
    2. Create a floating IP.

      openstack floating ip create provider1provider1 is the network used.

      root@openstack-mitaka:/root# openstack floating ip create provider1

      New floating IP is created.

      +---------------------+--------------------------------------+
      | Field               | Value                                |
      +---------------------+--------------------------------------+
      | description         |                                      |
      | fixed_ip_address    |                                      |
      | floating_ip_address | 10.130.170.86                        |
      | floating_network_id | c1c045f5-2d0f-43e3-ab43-55f990cde9b7 |
      | id                  | 4ec57a12-7357-461a-80f6-d87ae7536335 |
      | port_id             |                                      |
      | router_id           |                                      |
      | status              | DOWN                                 |
      | tenant_id           | 904fb201a92f443297bffca3b354d52d     |
      +---------------------+--------------------------------------+
    3. Get the port-id for cluster IP.

       openstack port list -c ID -c 'Fixed IP Addresses'|grep 172.16.0.65
           95665123-64a4-453a-abde-70fdb3d2ae2a| ip_address='172.16.0.65', subnet_id='5785c1cf-a222-4b0a-9343-003153f37a65'
    4. Associate the cluster IP with the floating IP.

      Using the port-id from the command above (95665123-64a4-453a-abde-70fdb3d2ae2a in this case), associate it with the floating IP created in step b.

      root@openstack-mitaka:/root# openstack floating ip set --port 95665123-64a4-453a-abde-70fdb3d2ae2a 4ec57a12-7357-461a-80f6-d87ae7536335
      
      +--------------------------+--------------------------------------+
      | Field                    | Value                               |
      +--------------------------+--------------------------------------+
      | description              |                                     |
      | fixed_ip_address         | 172.16.0.65                         |
      | floating_ip_address      | 10.130.170.86                       |
      | floating_network_id      | c1c045f5-2d0f-43e3-ab43-55f990cde9b7|
      | id                       | 4ec57a12-7357-461a-80f6-d87ae7536335|
      | port_id                  | 95665123-64a4-453a-abde-70fdb3d2ae2a|
      | router_id                | 2d3b93a2-7804-4841-90c4-be15b148d099|
      | status                   | ACTIVE                              |
      | tenant_id                | 904fb201a92f443297bffca3b354d52d    |
      +--------------------------+--------------------------------------+
  2. Add the cluster IP and the secondary IP for the cluster leader.

    root@172-16-0-66:~# ip a
    eth0: (BROADCAST,MULTICAST,UP,LOWER_UP) mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:bd:5a:0f brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.66/24 brd 172.16.0.255 scope global eth0
    valid_lft forever preferred_lft forever
    inet 172.16.0.65/32 scope global eth0:1 Cluster IP

No-Access Mode

For OpenStack No-Access cloud type, the AAP entries need to be configured manually using the following command.

An example is shown in the code block below.

root@openstack-mitaka:/root# openstack port set --allowed--address ip-address=172.16.0.133 Controller_Port
root@openstack-mitaka:/root#  openstack port set --allowed--address ip-address=172.16.0.133 d0bf0bda-02e2-46bf-abd2-0d05cc4654df
root@openstack-mitaka:/root# openstack port show d0bf0bda-02e2-46bf-abd2-0d05cc4654df    
        +-------------------------------+-----------------------------------------------------------------------------------+
 | Field                    | Value                                                                                  |
 +--------------------------+----------------------------------------------------------------------------------------+
 | admin_state_up           |   True                                                                                 |
 | allowed_address_pairs    |   {"ip_address": "172.16.0.131", "mac_address": "fa:16:3e:47:6b:70"}                   |
 | binding:host_id          |   openstack-mitaka                                                                     |
 | binding:profile          |   {}                                                                                   |
 | binding:vif_details      |   {"port_filter": true}                                                                |
 | binding:vif_type         |   bridge                                                                               |
 | binding:vnic_type        |   normal                                                                               |
 | created_at               |   2018-01-12T13:58:02                                                                  |
 | description              |                                                                                        |
 | device_id                |   2adedfc3-75d6-4296-ad18-bfc38873485c                                                 |
 | device_owner             |   compute:nova                                                                         |
 | extra_dhcp_opts          |                                                                                        |
 | fixed_ips                |   {"subnet_id": "5785c1cf-a222-4b0a-9343-003153f37a65", "ip_address": "172.16.0.133"}  |
 | id                       |   d0bf0bda-02e2-46bf-abd2-0d05cc4654df                                                 |
 | mac_address              |   fa:16:3e:47:6b:70                                                                    |
 | name                     |                                                                                        |
 | network_id               |   dd9dab27-9228-4765-96f2-d56194136ba0                                                 |
 | port_security_enabled    |   True                                                                                 |
 | security_groups          |   3cc1092e-538c-4ff7-b4ac-eeff84731f75                                                 |
 | status                   |   ACTIVE                                                                               |
 | tenant_id                |   904fb201a92f443297bffca3b354d52d                                                     |
 | updated_at               |   2018-01-12T14:19:06                                                                  |
 +--------------------------+----------------------------------------------------------------------------------------+

Create the neutron port for the VIP by using the following command.

openstack port create --network "neutron_network_name" --allowed-address mac-address="fa:16:3e:52:81:03",ip-address="172.16.0.63" --allowed-address mac-address="fa:16:3e:52:81:04",ip-address="172.16.0.64" --allowed-address mac-address="fa:16:3e:52:81:06",ip-address="172.16.0.66" --fixed-ip ip-address="172.16.0.65" --project "904fb201a92f443297bffca3b354d52d"

The following is an example.

openstack port create --network "neutron_network_name" --allowed-address mac-address="controller_mac1",ip-address="controller_ip1" --allowed-address mac-address="controller_mac2",ip-address="controller_ip2" --allowed-address mac-address="controller_mac3",ip-address="controller_ip3" --fixed-ip ip-address="cluster_ip" --project "project-id"
Note:

When the leader Controller fails (or reboots), a follower Controller will take over the cluster IP (in this case, 172.16.0.65), and the mapping between floating IP (10.130.170.86) and cluster IP (172.16.0.65) will not change. Therefore without intervention, the floating IP and cluster IP association will work as expected.