Overview
The
Unable to show "metadata-from": No such page "_space_variables"
supports two packet (PKT) ports such as PKT0 and PKT1. If these PKT ports are virtual interfaces (ports from a virtual Standard Switch (vSS) or virtual Distributed Switch (vDS) on VMware ESXi or ports from OVS on a KVM platform), port redundancy is supported through the NIC teaming or bonding feature, which exists on the respective hypervisor vSwitches.
However, if these PKT ports are SR-IOV interfaces, port redundancy cannot be managed the same way for the PKT interfaces since the hypervisor is by-passed in such a NIC configuration. To support port redundancy on SR-IOV interfaces in an OpenStack cloud platform, the process works based on an ICMP/ARP probing mechanism. This mechanism requires four PKT ports (SR-IOV VFs) configured on a SWe instance, where each of these SR-IOV VFs may come from different physical NICs for better handling of connectivity failures due to physical NIC or physical link connected towards different physical switches.
The PKT ports are automatically configured in active-standby mode to provide port redundancy on an active SWe instance. The PKT ports connected on a standby SWe instance remain in standby mode. The ICMPv4/v6 probing mechanism is used on active PKT ports, while ARP ACD/ICMPv6 NUD mechanism is used on standby ports.
Architecture
If an SBC SWe deployment includes four packet ports, it can be configured for port redundancy in which each active port is backed up by a standby port. To enable packet port redundancy, four packet ports must be attached to the SBC SWe instance when it is instantiated. Within the Link Monitor object that is configured for each port (part of Link Detection Group (LDG) configuration), ensure that the Physical Port (physicalPort <portname>
) configuration is completed and that the Probe On Standby (probeOnStandby enabled
) option is enabled. This configuration enables port redundancy through regular monitoring of the link state of standby ports using the ARP/ICMPv6 NUD probing mechanism.
The following figure shows the four-port
Unable to show "metadata-from": No such page "_space_variables"
redundancy model from a port-centric view using a secondary packet port for each primary packet port. A standby SWe node with its own primary and secondary packet ports is also depicted in this figure. On the standby SWe node, all packet ports remain as standby. For example, in this diagram, the active SWe ports are PKT0_P and PKT1_S ports.
Port Redundancy Architecture
- Primary port: The PKT port that attempts to become active on an active SWe node. The packet ports on the SBC SWe (PKT0_P, PKT1_P) are considered as primary ports.
- Secondary port: The PKT port designated as an alternative for a specific on-board primary port. The SBC SWe nodes contain one secondary port for each primary port.
Active port: The PKT port that is currently selected for use (For example, signaling, media); either a primary or a secondary port on an active SWe node.
- Local standby port: A standby PKT port on an active SWe node provides redundancy protection to the currently active port.
- Standby port: A collective term for a local standby PKT port on an active SWe node or any packet port on an standby SWe node. Standby ports provides protection for active PKT ports.
Enabled or Disabled ports: The PKT port may be administratively enabled or disabled. A PKT port that is disabled cannot be an active port.
Link Detection Support
The
Unable to show "metadata-from": No such page "_space_variables"
supports two levels of link detection for both standby and active ethernet ports to monitor the health of the ports and to ensure the health of a standby port before initiating a switchover to it. By default, physical link detection is enabled on all ports configured in Link Monitor. This mechanism checks for the presence of the cable and that the adjacent device is powered on. If hardware failures are detected they are reported to the SBC processes that monitor ports and a switchover can be triggered if the standby port is available.
A second level of link detection can be enabled that checks connectivity between a port and and a configured destination. The specific mechanism used to check the port depends on the whether the port is in an active or standby state. These probing mechanisms for link detection are available regardless of the number of ports attached to the SWe instance and are summarized in the following table.
The following probing mechanisms are available on the
Unable to show "metadata-from": No such page "_space_variables"
platforms:
SBC Probing Mechanism Types
Probing Mechanism | Affected Ports | Purpose |
---|
Physical link detection | All ports
(active and standby nodes) | Detects the presence of the port cable and that the adjacent device is powered on (enabled by default on all physical ports configured by Link Monitor except for any ports administratively disabled or set to out-of-service). |
ICMP ping | Active ports only | Checks two-way connectivity between Unable to show "metadata-from": No such page "_space_variables" port and the configured destination (adjacent router) by sending ICMP Ping messages at configured intervals to the destination.NOTE: When destination IP address is configured in a Link Monitor, ICMP ping is enabled. By setting the destination IP address to NULL (0.0.0.0), the ICMP ping is disabled. |
ARP ACD/ICMPv6 NUD* | Standby ports only | Performs active checking of two-way traffic through at least the local Ethernet interface, the cable, and the adjacent layer 2 switching function. Checks are accomplished using ARP (for IPv4) or Neighbor Discovery (for IPv6) mechanisms to probe an arbitrary, operator-specified target IP address on a local IP subnet, typically an address of a router (Gateway IP address). Depending on the address family (IPv4/IPv6) of the gateway IP address configured, either ARP ACD or ICMPv6 NUD probing messages are sent in such a way that explicit assignments of IP addresses to the standby ports are not required. Checks the link state between Unable to show "metadata-from": No such page "_space_variables" port and the adjacent router.For SWe deployments in a cloud environment with 4 packet ports, the flag "ProbeOnStandby" is provided and enabled by default. ARP probe monitoring of the standby ports is enabled when "ProbeOnStandby" is enabled. ARP probe monitoring of the standby port is enabled when "ProbeOnStandbySWe" is enabled. |
* Address Resolution Protocol - Address Conflict Detection / Internet Control Message Protocol Version 6 – Neighbor Unreachability Detection
ARP ACD/ICMPv6 NUD Methods for Standby Ports
IPv4 ARP ACD
If the destination address configured is an IPv4 address, then IPv4 probing is initiated by sending an ARP Probe requests and listening for the responses.
ARP request probes are sent with:
- Sender IP address of 0.0.0.0. The use of 0.0.0.0 is compatible with rfc 5227 on IPv4 Address Conflict Detection. This is convenient to use on standby ports since IP addresses are not assigned for standby ports.
- Sender hardware address containing the current local MAC address assigned to the sending port.
- Target IP address containing the configured target IP address to be probed.
- Target hardware address containing all zeros. The ARP request is sent on the LAN using L2 broadcast.
The target can be expected to respond with an ARP Response using L2 unicast.
IPv6 ICMPv6 NUD
If the destination address configured is an IPv6 address, then IPv6 probing would be initiated using Neighbor Unreachability Detection mechanism (RFC 4861 section 7). This is based on Neighbor Solicitation and Neighbor Advertisement ICMPv6 messages.
Because these are IP packets, the
Unable to show "metadata-from": No such page "_space_variables"
needs IP addresses to send/receive them. The
Unable to show "metadata-from": No such page "_space_variables"
uses auto-generated link local IPv6 address from the current local MAC address.
Neighbor Solicitation messages are sent with:
- IP source address containing auto-generated link local IP address
- IP destination address containing configured target IP address
- ICMP layer target address containing configured target IP address
- ICMP layer source link layer address containing PKT port MAC address
The Neighbor Solicitation message is sent on the LAN via L2 unicast to the system with the target IP address.
The target can be expected to respond with a Neighbor Advertisement using L2 unicast. Received messages are validated per RFC 4861 section 7.1.2: Check that the S bit = 1 (solicited) and that the target address = our configured target IP address.