The following are the important notes that you must heed to when integrate FortiADC with OpenStack:
- When configuring the Monitor Details of the Load Balancer in OpenStack, make sure that the value for Timeout is less than the value for Interval for FortiADC.
- If the interfaces of a FortiADC instance have changed in OpenStack, you must enable "retrieve_physical_hwaddr" of the physical ports in the CLI, and then reboot your FortiADC appliance. This allows FortiADC to update the MAC addresses of the physical ports.
- FortiADC does not support "SOURCE_IP" as "lb_algorithm" and will use the default RR instead.
- You cannot create a virtual server if "fadc_vs_persistency" in fadc_lbaas.ini is not supported for the virtual server profile.
- FortiADC and OpenStack lbaas has different value ranges:
- Connection limit starts from -1 in lbaas, but 0 in FortiADC. Setting lbaas to 0 or -1 will set FortiADC to 0.
- Pool Member weight is 0–256 in lbaas, but 1–256 in FortiADC. FortiADC will not change the current weight when trying to configure weight 0.
- Delay and timeout range in FortiADC is 1–3600 and the timeout value must be less than the interval. There is no such limit in lbaas.
- After HA is enabled, FortiADC in OpenStack cannot be accessed. This is because OVS has a MAC spoofing protection table (see https://docs.openstack.org/dragonflow/latest/specs/mac_spoofing.html/). By default, OVS on ESXI allows MAC spoofing. As a result, FortiADC has service access restriction on each port. To get HA or a virtual server to work, do either of the following:
- Add a forged MAC or IP address pair. See http://superuser.openstack.org/articles/implementing-high-availability-instances-with-neutron-using-vrrp/.
- Disable port security on the port or the whole network. See http://kimizhang.com/neutron-ml2-port-security/.
- By default, 'retrieve 'retrieve_physical_hwaddr' is not enabled in FortiADC. If network ports are changed in OpenStack VM, you must use the console and enable the settings in the changed FortiADC ports manually.
- After you have deployed FortiADC in OpenStack and added data disk to it, you must reboot it to update its hardware information.