l3_agent.ini

DEFAULT

ovs_use_veth
Type:

boolean

Default:

False

Uses veth for an OVS interface or not. Support kernels with limited namespace support (e.g. RHEL 6.5) and rate limiting on router’s gateway port so long as ovs_use_veth is set to True.

interface_driver
Type:

string

Default:

<None>

The driver used to manage virtual interfaces.

rpc_response_max_timeout
Type:

integer

Default:

600

Maximum seconds to wait for a response from an RPC call.

agent_mode
Type:

string

Default:

legacy

Valid Values:

dvr, dvr_snat, legacy, dvr_no_external

The working mode for the agent. Allowed modes are: ‘legacy’ - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT and SNAT. Use this mode if you do not want to adopt DVR. ‘dvr’ - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. ‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack). dvr_snat mode is not supported on a compute host. ‘dvr_no_external’ - this mode enables only East/West DVR routing functionality for an L3 agent that runs on a compute host, the North/South functionality such as DNAT and SNAT will be provided by the centralized network node that is running in ‘dvr_snat’ mode. This mode should be used when there is no external network connectivity on the compute host.

metadata_port
Type:

port number

Default:

9697

Minimum Value:

0

Maximum Value:

65535

TCP Port used by Neutron metadata namespace proxy.

handle_internal_only_routers
Type:

boolean

Default:

True

Indicates that this L3 agent should also handle routers that do not have an external network gateway configured. This option should be True only for a single agent in a Neutron deployment, and may be False for all agents if all routers must have an external network gateway.

ipv6_gateway
Type:

string

Default:

''

With IPv6, the network used for the external gateway does not need to have an associated subnet, since the automatically assigned link-local address (LLA) can be used. However, an IPv6 gateway address is needed for use as the next-hop for the default route. If no IPv6 gateway address is configured here, (and only then) the Neutron router will be configured to get its default route from Router Advertisements (RAs) from the upstream router; in which case the upstream router must also be configured to send these RAs. The ipv6_gateway, when configured, should be the LLA of the interface on the upstream router. If a next-hop using a global unique address (GUA) is desired, it needs to be done via a subnet allocated to the network and not through this parameter.

prefix_delegation_driver
Type:

string

Default:

dibbler

Driver used for IPv6 Prefix Delegation. This needs to be an entry point defined in the neutron.agent.linux.pd_drivers namespace. See setup.cfg for entry points included with the Neutron source code.

enable_metadata_proxy
Type:

boolean

Default:

True

Allow running metadata proxy.

metadata_access_mark
Type:

string

Default:

0x1

Iptables mangle mark used to mark metadata valid requests. This mark will be masked with 0xffff so that only the lower 16 bits will be used.

external_ingress_mark
Type:

string

Default:

0x2

Iptables mangle mark used to mark ingress from an external network. This mark will be masked with 0xffff so that only the lower 16 bits will be used.

radvd_user
Type:

string

Default:

''

The username passed to radvd, used to drop root privileges and change user ID to username and group ID of the primary group of username. If no user specified (default), the user executing the L3 agent will be passed. If “root” is specified, because radvd is spawned as root, no “username” parameter will be passed.

cleanup_on_shutdown
Type:

boolean

Default:

False

Delete all routers on L3 agent shutdown. For L3 HA routers it includes a shutdown of keepalived and the state change monitor. NOTE: Setting to True could affect the data plane when stopping or restarting the L3 agent.

periodic_interval
Type:

integer

Default:

40

Seconds between running periodic tasks.

api_workers
Type:

integer

Default:

<None>

Minimum Value:

1

Number of separate API worker processes for service. If not specified, the default is equal to the number of CPUs available for best performance, capped by potential RAM usage.

rpc_workers
Type:

integer

Default:

<None>

Minimum Value:

0

Number of RPC worker processes for service. If not specified, the default is equal to half the number of API workers. If set to 0, no RPC worker is launched.

rpc_state_report_workers
Type:

integer

Default:

1

Minimum Value:

0

Number of RPC worker processes dedicated to the state reports queue. If set to 0, no dedicated RPC worker for state reports queue is launched.

periodic_fuzzy_delay
Type:

integer

Default:

5

Range of seconds to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0)

ha_confs_path
Type:

string

Default:

$state_path/ha_confs

Location to store keepalived config files

ha_vrrp_auth_type
Type:

string

Default:

PASS

Valid Values:

AH, PASS

VRRP authentication type

ha_vrrp_auth_password
Type:

string

Default:

<None>

VRRP authentication password

ha_vrrp_advert_int
Type:

integer

Default:

2

The advertisement interval in seconds

ha_keepalived_state_change_server_threads
Type:

integer

Default:

(1 + <num_of_cpus>) / 2

Minimum Value:

1

This option has a sample default set, which means that its actual default value may vary from the one documented above.

Number of concurrent threads for keepalived server connection requests. More threads create a higher CPU load on the agent node.

ha_vrrp_health_check_interval
Type:

integer

Default:

0

The VRRP health check interval in seconds. Values > 0 enable VRRP health checks. Setting it to 0 disables VRRP health checks. Recommended value is 5. This will cause pings to be sent to the gateway IP address(es) - requires ICMP_ECHO_REQUEST to be enabled on the gateway(s). If a gateway fails, all routers will be reported as primary, and a primary election will be repeated in a round-robin fashion, until one of the routers restores the gateway connection.

pd_confs
Type:

string

Default:

$state_path/pd

Location to store IPv6 Prefix Delegation files.

vendor_pen
Type:

string

Default:

8888

A decimal value as Vendor’s Registered Private Enterprise Number as required by RFC3315 DUID-EN.

ra_confs
Type:

string

Default:

$state_path/ra

Location to store IPv6 Router Advertisement config files

min_rtr_adv_interval
Type:

integer

Default:

30

MinRtrAdvInterval setting for radvd.conf

max_rtr_adv_interval
Type:

integer

Default:

100

MaxRtrAdvInterval setting for radvd.conf

agent

availability_zone
Type:

string

Default:

nova

Availability zone of this node

report_interval
Type:

floating point

Default:

30

Seconds between nodes reporting state to server; should be less than agent_down_time, best if it is half or less than agent_down_time.

log_agent_heartbeats
Type:

boolean

Default:

False

Log agent heartbeats

extensions
Type:

list

Default:

[]

Extensions list to use

metadata_rate_limiting

rate_limit_enabled
Type:

boolean

Default:

False

Enable rate limiting on the metadata API.

ip_versions
Type:

list

Default:

[4]

Comma separated list of the metadata address IP versions (4, 6) for which rate limiting will be enabled. The default is to rate limit only for the metadata IPv4 address. NOTE: at the moment, the open source version of HAProxy only allows us to rate limit for IPv4 or IPv6, but not both at the same time.

base_window_duration
Type:

integer

Default:

10

Duration (seconds) of the base window on the metadata API.

base_query_rate_limit
Type:

integer

Default:

10

Max number of queries to accept during the base window.

burst_window_duration
Type:

integer

Default:

10

Duration (seconds) of the burst window on the metadata API.

burst_query_rate_limit
Type:

integer

Default:

10

Max number of queries to accept during the burst window.

network_log

rate_limit
Type:

integer

Default:

100

Minimum Value:

100

Maximum packets logging per second.

burst_limit
Type:

integer

Default:

25

Minimum Value:

25

Maximum number of packets per rate_limit.

local_output_log_base
Type:

string

Default:

<None>

Output logfile path on agent side, default syslog file.

ovs

ovsdb_connection
Type:

string

Default:

tcp:127.0.0.1:6640

The connection string for the OVSDB backend. Will be used for all OVSDB commands and by ovsdb-client when monitoring

ssl_key_file
Type:

string

Default:

<None>

The SSL private key file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection

ssl_cert_file
Type:

string

Default:

<None>

The SSL certificate file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection

ssl_ca_cert_file
Type:

string

Default:

<None>

The Certificate Authority (CA) certificate to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection

ovsdb_debug
Type:

boolean

Default:

False

Enable OVSDB debug logs

ovsdb_timeout
Type:

integer

Default:

10

Timeout in seconds for OVSDB commands. If the timeout expires, OVSDB commands will fail with ALARMCLOCK error.

bridge_mac_table_size
Type:

integer

Default:

50000

The maximum number of MAC addresses to learn on a bridge managed by the Neutron OVS agent. Values outside a reasonable range (10 to 1,000,000) might be overridden by Open vSwitch according to the documentation.

igmp_snooping_enable
Type:

boolean

Default:

False

Enable IGMP snooping for integration bridge. If this option is set to True, support for Internet Group Management Protocol (IGMP) is enabled in integration bridge.

igmp_flood
Type:

boolean

Default:

False

Multicast packets (except reports) are unconditionally forwarded to the ports bridging a logical network to a physical network.

igmp_flood_reports
Type:

boolean

Default:

True

Multicast reports are unconditionally forwarded to the ports bridging a logical network to a physical network.

igmp_flood_unregistered
Type:

boolean

Default:

False

This option enables or disables flooding of unregistered multicast packets to all ports. If False, The switch will send unregistered multicast packets only to ports connected to multicast routers.