ml2_conf.ini¶
ml2¶
-
type_drivers
¶ - Type
list
- Default
local,flat,vlan,gre,vxlan,geneve
List of network type driver entrypoints to be loaded from the neutron.ml2.type_drivers namespace.
-
tenant_network_types
¶ - Type
list
- Default
local
Ordered list of network_types to allocate as tenant networks. The default value ‘local’ is useful for single-box testing but provides no connectivity between hosts.
-
mechanism_drivers
¶ - Type
list
- Default
''
An ordered list of networking mechanism driver entrypoints to be loaded from the neutron.ml2.mechanism_drivers namespace.
-
extension_drivers
¶ - Type
list
- Default
''
An ordered list of extension driver entrypoints to be loaded from the neutron.ml2.extension_drivers namespace. For example: extension_drivers = port_security,qos
-
path_mtu
¶ - Type
integer
- Default
0
Maximum size of an IP packet (MTU) that can traverse the underlying physical network infrastructure without fragmentation when using an overlay/tunnel protocol. This option allows specifying a physical network MTU value that differs from the default global_physnet_mtu value.
-
physical_network_mtus
¶ - Type
list
- Default
''
A list of mappings of physical networks to MTU values. The format of the mapping is <physnet>:<mtu val>. This mapping allows specifying a physical network MTU value that differs from the default global_physnet_mtu value.
-
external_network_type
¶ - Type
string
- Default
<None>
Default network type for external networks when no provider attributes are specified. By default it is None, which means that if provider attributes are not specified while creating external networks then they will have the same type as tenant networks. Allowed values for external_network_type config option depend on the network type values configured in type_drivers config option.
-
overlay_ip_version
¶ - Type
integer
- Default
4
IP version of all overlay (tunnel) network endpoints. Use a value of 4 for IPv4 or 6 for IPv6.
ml2_type_flat¶
-
flat_networks
¶ - Type
list
- Default
*
List of physical_network names with which flat networks can be created. Use default ‘*’ to allow flat networks with arbitrary physical_network names. Use an empty list to disable flat networks.
ml2_type_geneve¶
-
vni_ranges
¶ - Type
list
- Default
''
Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of Geneve VNI IDs that are available for tenant network allocation
-
max_header_size
¶ - Type
integer
- Default
30
Geneve encapsulation header size is dynamic, this value is used to calculate the maximum MTU for the driver. This is the sum of the sizes of the outer ETH + IP + UDP + GENEVE header sizes. The default size for this field is 50, which is the size of the Geneve header without any additional option headers.
ml2_type_gre¶
-
tunnel_id_ranges
¶ - Type
list
- Default
''
Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
ml2_type_vlan¶
-
network_vlan_ranges
¶ - Type
list
- Default
''
List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network> specifying physical_network names usable for VLAN provider and tenant networks, as well as ranges of VLAN tags on each available for allocation to tenant networks.
ml2_type_vxlan¶
-
vni_ranges
¶ - Type
list
- Default
''
Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of VXLAN VNI IDs that are available for tenant network allocation
-
vxlan_group
¶ - Type
string
- Default
<None>
Multicast group for VXLAN. When configured, will enable sending all broadcast traffic to this multicast group. When left unconfigured, will disable multicast VXLAN mode.
ovn¶
-
ovn_nb_connection
¶ - Type
string
- Default
tcp:127.0.0.1:6641
The connection string for the OVN_Northbound OVSDB. Use tcp:IP:PORT for TCP connection. Use ssl:IP:PORT for SSL connection. The ovn_nb_private_key, ovn_nb_certificate and ovn_nb_ca_cert are mandatory. Use unix:FILE for unix domain socket connection.
-
ovn_nb_private_key
¶ - Type
string
- Default
''
The PEM file with private key for SSL connection to OVN-NB-DB
-
ovn_nb_certificate
¶ - Type
string
- Default
''
The PEM file with certificate that certifies the private key specified in ovn_nb_private_key
-
ovn_nb_ca_cert
¶ - Type
string
- Default
''
The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers
-
ovn_sb_connection
¶ - Type
string
- Default
tcp:127.0.0.1:6642
The connection string for the OVN_Southbound OVSDB. Use tcp:IP:PORT for TCP connection. Use ssl:IP:PORT for SSL connection. The ovn_sb_private_key, ovn_sb_certificate and ovn_sb_ca_cert are mandatory. Use unix:FILE for unix domain socket connection.
-
ovn_sb_private_key
¶ - Type
string
- Default
''
The PEM file with private key for SSL connection to OVN-SB-DB
-
ovn_sb_certificate
¶ - Type
string
- Default
''
The PEM file with certificate that certifies the private key specified in ovn_sb_private_key
-
ovn_sb_ca_cert
¶ - Type
string
- Default
''
The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers
-
ovsdb_connection_timeout
¶ - Type
integer
- Default
180
Timeout in seconds for the OVSDB connection transaction
-
ovsdb_retry_max_interval
¶ - Type
integer
- Default
180
Max interval in seconds between each retry to get the OVN NB and SB IDLs
-
ovsdb_probe_interval
¶ - Type
integer
- Default
60000
- Minimum Value
0
The probe interval in for the OVSDB session in milliseconds. If this is zero, it disables the connection keepalive feature. If non-zero the value will be forced to at least 1000 milliseconds. Defaults to 60 seconds.
-
neutron_sync_mode
¶ - Type
string
- Default
log
- Valid Values
off, log, repair
The synchronization mode of OVN_Northbound OVSDB with Neutron DB. off - synchronization is off log - during neutron-server startup, check to see if OVN is in sync with the Neutron database. Log warnings for any inconsistencies found so that an admin can investigate repair - during neutron-server startup, automatically create resources found in Neutron but not in OVN. Also remove resources from OVN that are no longer in Neutron.
-
ovn_l3_mode
¶ - Type
boolean
- Default
true
Whether to use OVN native L3 support. Do not change the value for existing deployments that contain routers.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
- Reason
This option is no longer used. Native L3 support in OVN is always used.
-
ovn_l3_scheduler
¶ - Type
string
- Default
leastloaded
- Valid Values
leastloaded, chance
The OVN L3 Scheduler type used to schedule router gateway ports on hypervisors/chassis. leastloaded - chassis with fewest gateway ports selected chance - chassis randomly selected
-
enable_distributed_floating_ip
¶ - Type
boolean
- Default
false
Enable distributed floating IP support. If True, the NAT action for floating IPs will be done locally and not in the centralized gateway. This saves the path to the external network. This requires the user to configure the physical network map (i.e. ovn-bridge-mappings) on each compute node.
-
vif_type
¶ - Type
string
- Default
ovs
- Valid Values
ovs, vhostuser
Type of VIF to be used for ports valid values are (ovs, vhostuser) default ovs
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
- Reason
The port VIF type is now determined based on the OVN chassis information when the port is bound to a host.
-
vhost_sock_dir
¶ - Type
string
- Default
/var/run/openvswitch
The directory in which vhost virtio socket is created by all the vswitch daemons
-
dhcp_default_lease_time
¶ - Type
integer
- Default
43200
Default least time (in seconds) to use with OVN’s native DHCP service.
-
ovsdb_log_level
¶ - Type
string
- Default
INFO
- Valid Values
CRITICAL, ERROR, WARNING, INFO, DEBUG
The log level used for OVSDB
-
ovn_metadata_enabled
¶ - Type
boolean
- Default
false
Whether to use metadata service.
-
dns_servers
¶ - Type
list
- Default
''
Comma-separated list of the DNS servers which will be used as forwarders if a subnet’s dns_nameservers field is empty. If both subnet’s dns_nameservers and this option is empty, then the DNS resolvers on the host running the neutron server will be used.
-
ovn_dhcp4_global_options
¶ - Type
dict
- Default
''
Dictionary of global DHCPv4 options which will be automatically set on each subnet upon creation and on all existing subnets when Neutron starts. An empty value for a DHCP option will cause that option to be unset globally. EXAMPLES: - ntp_server:1.2.3.4,wpad:1.2.3.5 - Set ntp_server and wpad - ntp_server:,wpad:1.2.3.5 - Unset ntp_server and set wpad See the ovn-nb(5) man page for available options.
-
ovn_dhcp6_global_options
¶ - Type
dict
- Default
''
Dictionary of global DHCPv6 options which will be automatically set on each subnet upon creation and on all existing subnets when Neutron starts. An empty value for a DHCP option will cause that option to be unset globally. EXAMPLES: - ntp_server:1.2.3.4,wpad:1.2.3.5 - Set ntp_server and wpad - ntp_server:,wpad:1.2.3.5 - Unset ntp_server and set wpad See the ovn-nb(5) man page for available options.
-
ovn_emit_need_to_frag
¶ - Type
boolean
- Default
false
Configure OVN to emit “need to frag” packets in case of MTU mismatch. Before enabling this configuration make sure that its supported by the host kernel (version >= 5.2) or by checking the output of the following command: ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep “Check pkt length action”.
ovs¶
-
igmp_snooping_enable
¶ - Type
boolean
- Default
false
Enable IGMP snooping for integration bridge. If this option is set to True, support for Internet Group Management Protocol (IGMP) is enabled in integration bridge. Setting this option to True will also enable Open vSwitch mcast-snooping-disable-flood-unregistered flag. This option will disable flooding of unregistered multicast packets to all ports. The switch will send unregistered multicast packets only to ports connected to multicast routers.
ovs_driver¶
-
vnic_type_blacklist
¶ - Type
list
- Default
''
Comma-separated list of VNIC types for which support is administratively prohibited by the mechanism driver. Please note that the supported vnic_types depend on your network interface card, on the kernel version of your operating system, and on other factors, like OVS version. In case of ovs mechanism driver the valid vnic types are normal and direct. Note that direct is supported only from kernel 4.8, and from ovs 2.8.0. Bind DIRECT (SR-IOV) port allows to offload the OVS flows using tc to the SR-IOV NIC. This allows to support hardware offload via tc and that allows us to manage the VF by OpenFlow control plane using representor net-device.
securitygroup¶
-
firewall_driver
¶ - Type
string
- Default
<None>
Driver for security groups firewall in the L2 agent
-
enable_security_group
¶ - Type
boolean
- Default
true
Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the nova security group API.
-
enable_ipset
¶ - Type
boolean
- Default
true
Use ipset to speed-up the iptables based security groups. Enabling ipset support requires that ipset is installed on L2 agent node.
-
permitted_ethertypes
¶ - Type
list
- Default
''
Comma-separated list of ethertypes to be permitted, in hexadecimal (starting with “0x”). For example, “0x4008” to permit InfiniBand.
sriov_driver¶
-
vnic_type_blacklist
¶ - Type
list
- Default
''
Comma-separated list of VNIC types for which support is administratively prohibited by the mechanism driver. Please note that the supported vnic_types depend on your network interface card, on the kernel version of your operating system, and on other factors. In case of sriov mechanism driver the valid VNIC types are direct, macvtap and direct-physical.