© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
I am not sure I see the application of this in the Octavia/amphora case.
Octavia uses allowed address pairs in a very simple use case. We need to allow a secondary IP address on a given port. This secondary IP address is then used for VRRP as the VIP of the load balancer. VRRP GARPs (Hey, I'm over here now!) this secondary IP on the instance that currently has ownership of the IP address to update the ARP tables on the hosts located on the subnet, directing future L2 packets to the new MAC.
We are not really stacking ports on top of each other or using IP based VLANs, we are simply adding a secondary IP address to a neutron port. The current mechanism for this is via the allowed address pairs implementation.
On linux the equivalent is adding a "eth0:1" secondary IP or enabling non-local binding in the kernel.
My interpretation of a.2 IPVLAN above would actually break our amphora VRRP implementation by bypassing or trying to "manage" the MAC that currently owns the IP address as opposed to continuing to use the GARP method we use today(also widely used outside of OpenStack). It is imperative that the IP migration between instances be autonomous and expedient to allow for a fast failover. We cannot call out to neutron to announce the migration of the IP from one instance to another as this would introduce excessive latency in the migration of the IP. This failover is sub-second.