Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Contrail] How to configure Allowed Address Pair with/without virtual MAC address

0

0

Article ID: KB35962 KB Last Updated: 22 Jun 2020Version: 1.0
Summary:

This article describes how to configure Allowed Address Pair (AAP) in Contrail web UI for two different scenarios

Symptoms:

When using Active/Standby high availability (HA) for VNFs of the same service chain, HA features other than Contrail are required to achieve the scenario. As a possible solution, the setup must provide virtual IP (VIP) address and correspondent MAC address. By configuring Allowed Address Pair (AAP) feature, the VIP is exposed and available to use.

For a brief introduction of AAP, refer to the technical documentation on Service Chain Active-Standby Mode with Allowed Address Pair
For configuration via CLI, refer to KB33573 - Configuring and verifying AAP from CLI.

Solution:

Regarding MAC address, there are two options depending on the HA feature, such as PCS (pacemaker + corosync) or VRRP. PCS is for server side clustering package which does not have virtual MAC address, while VRRP is a well known feature in the router which has virtual MAC address with VRRP group ID.

GUI configuration in the following two scenarios:


Scenario 1

HA clustering without virtual MAC address

In this scenario, it is described with PCS in CentOS 7 as an example of HA software.
The current setting is done. VM-a has VIP as master node.
VM-a: IP=10.1.0.6 MAC=00:66:66:66:66:66
VM-b: IP=10.1.0.6 MAC=00:77:77:77:77:77
VIP:     10.1.0.99
Notes:
  • Without virtual MAC, the setting does not work in older release such as Contrail 3.x.
  • GUI screenshots of this article was collected using R1909. The word, field order, and design might differ in other versions.
[root@vm-a ~]# pcs status
Cluster name:
<snip>
Online: [ vm-a vm-b ]
 
Full list of resources:
 VIP    (ocf::heartbeat:IPaddr2):       Started vm-a
 
Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled

[root@vm-a ~]# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:66:66:66:66:66 brd ff:ff:ff:ff:ff:ff
    inet 10.1.0.6/24 brd 10.1.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 10.1.0.99/24 brd 10.1.0.255 scope global secondary eth0   <<<< VIP is in VM-a's interface.
       valid_lft forever preferred_lft forever
 
[root@vm-b ~]# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:77:77:77:77:77 brd ff:ff:ff:ff:ff:ff
    inet 10.1.0.7/24 brd 10.1.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever

Now, ping is not yet reachable from other host.

$ ping 10.1.0.99
PING 10.1.0.99 (10.1.0.99): 56 data bytes
^C
--- 10.1.0.99 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
$

To configure AAP, move [Configure] --> [Ports] --> [Gear icon] --> [Edit] for Virtual Machine Interface (VMI) IP address of target VM.