Add HA deployment for Networking section

Add basic content for Networking HA section.
Provide decription of haproxy namespace and VIP
HA failover details.
TODO - provide details for Neutron agents HA, failover,
cleanup and reschedule procedures.

Related bug: #1415398

Change-Id: I4485da25bdbab98c9496e7c13598c2dcd1ea2eb6
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>

pages/reference-architecture/6000-network-architecture.rst

@@ -12,6 +12,7 @@ Network Architecture
 
 
 .. include:: /pages/reference-architecture/network-concepts/6010-logical-networks.rst
+.. include:: /pages/reference-architecture/network-concepts/6011-ha-networking.rst
 .. include:: /pages/reference-architecture/network-concepts/6015-mcn.rst
 .. include:: /pages/reference-architecture/network-concepts/6020-public-floating-ip.rst
 .. include:: /pages/reference-architecture/network-concepts/6030-router.rst

pages/reference-architecture/network-concepts/6011-ha-networking.rst

@@ -0,0 +1,38 @@
+.. index:: Reference Architectures: Networking HA Details
+
+.. _Close_look_networking_HA:
+
+HA deployment for Networking
+----------------------------
+
+Fuel leverages
+`Pacemaker resource agents <http://www.linux-ha.org/wiki/Resource_agents>`_
+in order to deploy highly avaiable networking for OpenStack environments.
+
+Virtual IP addresses deployment details
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Starting from the Fuel 5.0 release, HAProxy service and network interfaces
+running virtual IP addresses reside in separate `haproxy`
+network namespace. Using a separate namespace forces Linux kernel to treat
+connections from OpenStack services to HAProxy as remote ones, this ensures
+reliable failover of established connections when the management IP address
+migrates to another node
+(see `LP1285449 <https://bugs.launchpad.net/fuel/+bug/1285449>`_).
+In order to achieve this, resource agent scripts for `ocf:heartbeat:haproxy`
+and `ocf:heartbeat:IPaddr2` were hardened with network namespaces support.
+
+Successfull failover of public VIP address requires controller nodes
+to perform active checking of the public gateway. Fuel configures
+the Pacemaker resource `clone_ping_vip__public` that makes public VIP to
+migrate in case the controller can't ping its public gateway.
+
+TCP keepalive configuration details
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Failover sometimes ends up with dead connections. The detection
+of such connections requires additional assistance from the Linux kernel.
+To speed up the detection process from the default of two hours to a more
+acceptable 3 minutes, Fuel adjusts kernel parameters for
+`net.ipv4.tcp_keepalive_time`, `net.ipv4.tcp_keepalive_intvl`,
+`net.ipv4.tcp_keepalive_probes` and `net.ipv4.tcp_retries2`.

pages/terminology/n/networking.rst

@@ -14,6 +14,7 @@ communicate with each other over using one of the network topologies:
 
 The following documents provide information:
 
+* For networking HA reference architecture, see :ref:`Close_look_networking_HA`.
 * For general information to help you select the best network topology
   for your environment, see :ref:`net-topology-plan`.
 * For a list of the logical networks used in OpenStack