4fdd89e94f
We rely on keepalived to send gratuitous ARPs when floating IP is added. Older versions of keepalived up to 1.2.20 (exclusive) contain bug [1] where keepalived does not send GARP on receiving SIGHUP. Unfortunately, newer versions containing the fix are not packaged yet for some distributions like RHEL or CentOS or Ubuntu Xenial, so this patch adds a workaround for such distributions until new packages are available. The patch also sets net.ipv4.ip_nonlocal_bind kernel parameter to 0 for Snat and HA router namespaces in order to avoid sending gratuitous ARPs for IP addresses that are not bound to the interface anymore - possibly because of failover or removal. Note that kernel < 3.19 contain a bug where this knob is missing. In case it attempts to set the parameter and it's missing on the system, it doesn't set the knob in root namespace like it's done for fip namespaces, but only issues a warning message. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1391553 Change-Id: Ieab53624dc34dc687a0e8eebd84778f7fc95dd77 Closes-bug: 1639315
19 lines
930 B
YAML
19 lines
930 B
YAML
---
|
|
issues:
|
|
- In kernels < 3.19 net.ipv4.ip_nonlocal_bind was not
|
|
a per-namespace kernel option. L3 HA sets this option
|
|
to zero to avoid sending gratuitous ARPs for IP addresses
|
|
that were removed while processing. If this happens then
|
|
gratuitous ARPs are going to be sent which might populate
|
|
ARP caches of peer machines with the wrong MAC address.
|
|
fixes:
|
|
- Versions of keepalived < 1.2.20 don't send gratuitous ARPs
|
|
when keepalived process receives SIGHUP signal. These
|
|
versions are not packaged in some Linux distributions like
|
|
RHEL, CentOS or Ubuntu Xenial. Not sending gratuitous ARPs
|
|
may lead to peer ARP caches containing wrong information
|
|
about floating IP addresses until the entry is invalidated.
|
|
Neutron now sends gratuitous ARPs for all new IP addresses
|
|
that appear on non-HA interfaces in router namespace which
|
|
simulates behavior of new versions of keepalived.
|