Hello, yes! This is perfectly doable with neutron. I am not sure about nova-network (highly unlikely from what I understand about it).

You'll want to look at neutron port-create and neutron port-update commands.

So the procedure looks like the following (please note, the commands are from my memory and may not work in a copy/paste fashion):

Assumptions:

• Two existing instances with ip_addresses of 192.168.1.11 and 192.168.1.12 respectively
• One VIP address of 192.168.1.250 not currently in use by any instance or device

Steps to run keepalived:

• nova list and find the ip address associated with that instance
• neutron port-list | grep $ip_address and find the port_uuid assciated with that ip_address
• neutron port-update $port_uuid --allowed-address-pairs type=dict list=true ip_address='192.168.1.250'
• Repeat the above steps for each instance you wish to be able to talk with the VIP address

At this point you have setup the rules to allow the VIP address to talk out of each instance. However, this VIP address is not assigned with DHCP, it is entirely up to you to manage assigning and unassigning it; Only the iptables rules were created.

You can then use keepalived or some other method to implement your active/passive configuration.

Using HAProxy and Keepalived packages (services) we can achieve this.

Neutron Load Balance as a Service internally uses HAProxy.

So you can configure Neutron LBaaS to achieve your goals.