OpenStack Neutron Gateway Charm

[Wishlist] Config option to disable ha_vrrp_healthcheck

Bug #1855436 reported by Nicolas Pochet on 2019-12-06

This bug report is a duplicate of: Bug #1890900: support disabling keepalived healthcheck. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Neutron Gateway Charm	Triaged	Wishlist	Unassigned

Bug Description

In an environment where the default GW discards ICMP packages, the fact that we have ha_vrrp_healthcheck_interval set means that the router will failover rapidly [0]. Moving, at the same time, any floating IP that is associated.
It would then be useful to have an option to disable this behavior.

[0] https://docs.openstack.org/ocata/networking-guide/deploy-ovs-ha-vrrp.html#keepalived-vrrp-health-check

Revision history for this message

Nicolas Pochet (npochet) wrote on 2019-12-06:

The work-around is to create non-HA routers.

Andrew McLeod (admcleod) on 2020-03-05

Changed in charm-neutron-gateway:
status:	New → Triaged
importance:	Undecided → Wishlist

Revision history for this message

Billy Olsen (billy-olsen) wrote on 2021-03-23:

This was originally introduced as fully enabled with a 30 second check in the charms in the 19.07 charm release (commit 786906d). Subsequently, a patch was introduced to allow configuring this interval in the 20.10 charm release (commit 5d83c2c7).

This can be effectively disabled in the charms by specifying the keepalived-healthcheck-interval option to 0, which is what the upstream default setting is.

The charm default, however is not an opt-in scenario and provides the configuration as 30 seconds for a health check interval by default. It is now configurable, but when first introduced it was enabled by default.

ICMP ping is not the best of checks to use, especially since only a single packet is sent. In many environments, the first ping packet is lost as the devices do not have the necessary entries in the ARP table so it must be populated first. That will cause the ping to fail, which will in turn cause a VRRP transition. Which then causes the next ping to fail.

This bug is being marked as a duplicate of the newer bug (not ideal, but want to track only one version of this). A subsequent bug will be filed for the default enablement.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1890900 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.