 L3 agent

Use the following options in the l3_agent.ini file for the L3 agent.

Table 10.74. Description of L3 agent configuration options
Configuration option = Default value Description
agent_mode = legacy (StrOpt) The working mode for the agent. Allowed modes are: 'legacy' - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. 'dvr' - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. 'dvr_snat' - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack)
allow_automatic_dhcp_failover = True (BoolOpt) Automatically remove networks from offline DHCP agents.
allow_automatic_l3agent_failover = False (BoolOpt) Automatically reschedule routers from offline L3 agents to online L3 agents.
enable_metadata_proxy = True (BoolOpt) Allow running metadata proxy.
enable_snat_by_default = True (BoolOpt) Define the default value of enable_snat if not provided in external_gateway_info.
external_ingress_mark = 0x2 (StrOpt) Iptables mangle mark used to mark ingress from external network. This mark will be masked with 0xffff so that only the lower 16 bits will be used.
external_network_bridge = br-ex (StrOpt) Name of bridge used for external network traffic.
gateway_external_network_id = (StrOpt) UUID of external network for routers implemented by the agents.
ha_confs_path = $state_path/ha_confs (StrOpt) Location to store keepalived/conntrackd config files
ha_vrrp_advert_int = 2 (IntOpt) The advertisement interval in seconds
ha_vrrp_auth_password = None (StrOpt) VRRP authentication password
ha_vrrp_auth_type = PASS (StrOpt) VRRP authentication type
handle_internal_only_routers = True (BoolOpt) Agent should implement routers with no gateway
ipv6_gateway = (StrOpt) With IPv6, the network used for the external gateway does not need to have an associated subnet, since the automatically assigned link-local address (LLA) can be used. However, an IPv6 gateway address is needed for use as the next-hop for the default route. If no IPv6 gateway address is configured here, (and only then) the neutron router will be configured to get its default route from router advertisements (RAs) from the upstream router; in which case the upstream router must also be configured to send these RAs. The ipv6_gateway, when configured, should be the LLA of the interface on the upstream router. If a next-hop using a global unique address (GUA) is desired, it needs to be done via a subnet allocated to the network and not through this parameter.
l3_ha = False (BoolOpt) Enable HA mode for virtual routers.
l3_ha_net_cidr = (StrOpt) Subnet used for the l3 HA admin network.
l3_ha_network_physical_name = (StrOpt) The physical network name with which the HA network can be created.
l3_ha_network_type = (StrOpt) The network type to use when creating the HA network for an HA router. By default or if empty, the first 'tenant_network_types' is used. This is helpful when the VRRP traffic should use a specific network which is not the default one.
max_l3_agents_per_router = 3 (IntOpt) Maximum number of agents on which a router will be scheduled.
min_l3_agents_per_router = 2 (IntOpt) Minimum number of agents on which a router will be scheduled.
router_id = (StrOpt) If namespaces is disabled, the l3 agent can only configure a router that has the matching router ID.
send_arp_for_ha = 3 (IntOpt) Send this many gratuitous ARPs for HA setup, if less than or equal to 0, the feature is disabled
comment_iptables_rules = True (BoolOpt) Add comments to iptables rules.
use_helper_for_ns_read = True (BoolOpt) Use the root helper to read the namespaces from the operating system.

