VIP create by user-instance cannot access from same network in Openstack network?

asked 2020-03-18 02:09:33 -0500

quanlm gravatar image

I have this example

2 instance in an Openstack network call VM1 and VM2

Both instance use keepalived to create VIP jump between 2 nodes

Keepalived config:

global_defs { router_id loadbalance1 } vrrp_script haproxy { script "killall -0 haproxy" interval 2 weight 2 } vrrp_instance 50 { virtual_router_id 50 advert _int 1 priority 101 state MASTER interface ens3 virtual_ipaddress { dev ens3 } track_script { haproxy } }

The VIP hasn't been use by anyothers machine/port/.....

The Keepalived work and VIP can jump between 2 hosts, but the others host who doesnt have VIP at the moments can't ping to the VIP

Why does this problems happended ?, in the KVM this setting still work.

Because Neutron blocks traffic to unknown IP addresses. Since the VIP is not associated with the instance as far as Neutron is concerned, it is blocked. You need to configure allowed address pairs.

Bernd Bausch gravatar imageBernd Bausch ( 2020-03-18 19:47:51 -0500 )edit
eblock gravatar imageeblock ( 2020-03-20 14:05:41 -0500 )edit