Sample ml2_conf.ini

This sample configuration can also be viewed in the raw format.

[DEFAULT]


[ml2]

#
# From neutron.ml2
#

# List of network type driver entrypoints to be loaded from the
# neutron.ml2.type_drivers namespace. (list value)
#type_drivers = local,flat,vlan,gre,vxlan,geneve

# Ordered list of network_types to allocate as tenant networks. The default
# value 'local' is useful for single-box testing but provides no connectivity
# between hosts. (list value)
#tenant_network_types = local

# An ordered list of networking mechanism driver entrypoints to be loaded from
# the neutron.ml2.mechanism_drivers namespace. (list value)
#mechanism_drivers =

# An ordered list of extension driver entrypoints to be loaded from the
# neutron.ml2.extension_drivers namespace. For example: extension_drivers =
# port_security,qos (list value)
#extension_drivers =

# Maximum size of an IP packet (MTU) that can traverse the underlying physical
# network infrastructure without fragmentation when using an overlay/tunnel
# protocol. This option allows specifying a physical network MTU value that
# differs from the default global_physnet_mtu value. (integer value)
#path_mtu = 0

# A list of mappings of physical networks to MTU values. The format of the
# mapping is <physnet>:<mtu val>. This mapping allows specifying a physical
# network MTU value that differs from the default global_physnet_mtu value.
# (list value)
#physical_network_mtus =

# Default network type for external networks when no provider attributes are
# specified. By default it is None, which means that if provider attributes are
# not specified while creating external networks then they will have the same
# type as tenant networks. Allowed values for external_network_type config
# option depend on the network type values configured in type_drivers config
# option. (string value)
#external_network_type = <None>

# IP version of all overlay (tunnel) network endpoints. Use a value of 4 for
# IPv4 or 6 for IPv6. (integer value)
#overlay_ip_version = 4


[ml2_type_flat]

#
# From neutron.ml2
#

# List of physical_network names with which flat networks can be created. Use
# default '*' to allow flat networks with arbitrary physical_network names. Use
# an empty list to disable flat networks. (list value)
#flat_networks = *


[ml2_type_geneve]

#
# From neutron.ml2
#

# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
# Geneve VNI IDs that are available for tenant network allocation (list value)
#vni_ranges =

# Geneve encapsulation header size is dynamic, this value is used to calculate
# the maximum MTU for the driver. This is the sum of the sizes of the outer ETH
# + IP + UDP + GENEVE header sizes. The default size for this field is 50,
# which is the size of the Geneve header without any additional option headers.
# (integer value)
#max_header_size = 30


[ml2_type_gre]

#
# From neutron.ml2
#

# Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE
# tunnel IDs that are available for tenant network allocation (list value)
#tunnel_id_ranges =


[ml2_type_vlan]

#
# From neutron.ml2
#

# List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network>
# specifying physical_network names usable for VLAN provider and tenant
# networks, as well as ranges of VLAN tags on each available for allocation to
# tenant networks. (list value)
#network_vlan_ranges =


[ml2_type_vxlan]

#
# From neutron.ml2
#

# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
# VXLAN VNI IDs that are available for tenant network allocation (list value)
#vni_ranges =

# Multicast group for VXLAN. When configured, will enable sending all broadcast
# traffic to this multicast group. When left unconfigured, will disable
# multicast VXLAN mode. (string value)
#vxlan_group = <None>


[ovn]

#
# From networking_ovn
#

# The connection string for the OVN_Northbound OVSDB.
# Use tcp:IP:PORT for TCP connection.
# Use ssl:IP:PORT for SSL connection. The ovn_nb_private_key,
# ovn_nb_certificate and ovn_nb_ca_cert are mandatory.
# Use unix:FILE for unix domain socket connection. (string value)
#ovn_nb_connection = tcp:127.0.0.1:6641

# The PEM file with private key for SSL connection to OVN-NB-DB (string value)
#ovn_nb_private_key =

# The PEM file with certificate that certifies the private key specified in
# ovn_nb_private_key (string value)
#ovn_nb_certificate =

# The PEM file with CA certificate that OVN should use to verify certificates
# presented to it by SSL peers (string value)
#ovn_nb_ca_cert =

# The connection string for the OVN_Southbound OVSDB.
# Use tcp:IP:PORT for TCP connection.
# Use ssl:IP:PORT for SSL connection. The ovn_sb_private_key,
# ovn_sb_certificate and ovn_sb_ca_cert are mandatory.
# Use unix:FILE for unix domain socket connection. (string value)
#ovn_sb_connection = tcp:127.0.0.1:6642

# The PEM file with private key for SSL connection to OVN-SB-DB (string value)
#ovn_sb_private_key =

# The PEM file with certificate that certifies the private key specified in
# ovn_sb_private_key (string value)
#ovn_sb_certificate =

# The PEM file with CA certificate that OVN should use to verify certificates
# presented to it by SSL peers (string value)
#ovn_sb_ca_cert =

# Timeout in seconds for the OVSDB connection transaction (integer value)
#ovsdb_connection_timeout = 180

# Max interval in seconds between each retry to get the OVN NB and SB IDLs
# (integer value)
#ovsdb_retry_max_interval = 180

# The probe interval in for the OVSDB session in milliseconds. If this is zero,
# it disables the connection keepalive feature. If non-zero the value will be
# forced to at least 1000 milliseconds. Defaults to 60 seconds. (integer value)
# Minimum value: 0
#ovsdb_probe_interval = 60000

# The synchronization mode of OVN_Northbound OVSDB with Neutron DB.
# off - synchronization is off
# log - during neutron-server startup, check to see if OVN is in sync with the
# Neutron database.  Log warnings for any inconsistencies found so that an
# admin can investigate
# repair - during neutron-server startup, automatically create resources found
# in Neutron but not in OVN. Also remove resources from OVN that are no longer
# in Neutron. (string value)
# Possible values:
# off - <No description provided>
# log - <No description provided>
# repair - <No description provided>
#neutron_sync_mode = log

# DEPRECATED: Whether to use OVN native L3 support. Do not change the value for
# existing deployments that contain routers. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option is no longer used. Native L3 support in OVN is always
# used.
#ovn_l3_mode = true

# The OVN L3 Scheduler type used to schedule router gateway ports on
# hypervisors/chassis.
# leastloaded - chassis with fewest gateway ports selected
# chance - chassis randomly selected (string value)
# Possible values:
# leastloaded - <No description provided>
# chance - <No description provided>
#ovn_l3_scheduler = leastloaded

# Enable distributed floating IP support.
# If True, the NAT action for floating IPs will be done locally and not in the
# centralized gateway. This saves the path to the external network. This
# requires the user to configure the physical network map (i.e. ovn-bridge-
# mappings) on each compute node. (boolean value)
#enable_distributed_floating_ip = false

# DEPRECATED: Type of VIF to be used for ports valid values are (ovs,
# vhostuser) default ovs (string value)
# Possible values:
# ovs - <No description provided>
# vhostuser - <No description provided>
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The port VIF type is now determined based on the OVN chassis
# information when the port is bound to a host.
#vif_type = ovs

# The directory in which vhost virtio socket is created by all the vswitch
# daemons (string value)
#vhost_sock_dir = /var/run/openvswitch

# Default least time (in seconds) to use with OVN's native DHCP service.
# (integer value)
#dhcp_default_lease_time = 43200

# The log level used for OVSDB (string value)
# Possible values:
# CRITICAL - <No description provided>
# ERROR - <No description provided>
# WARNING - <No description provided>
# INFO - <No description provided>
# DEBUG - <No description provided>
#ovsdb_log_level = INFO

# Whether to use metadata service. (boolean value)
#ovn_metadata_enabled = false

# Comma-separated list of the DNS servers which will be used as forwarders if a
# subnet's dns_nameservers field is empty. If both subnet's dns_nameservers and
# this option is empty, then the DNS resolvers on the host running the neutron
# server will be used. (list value)
#dns_servers =

# Dictionary of global DHCPv4 options which will be automatically set on each
# subnet upon creation and on all existing subnets when Neutron starts.
# An empty value for a DHCP option will cause that option to be unset globally.
# EXAMPLES:
# - ntp_server:1.2.3.4,wpad:1.2.3.5 - Set ntp_server and wpad
# - ntp_server:,wpad:1.2.3.5 - Unset ntp_server and set wpad
# See the ovn-nb(5) man page for available options. (dict value)
#ovn_dhcp4_global_options =

# Dictionary of global DHCPv6 options which will be automatically set on each
# subnet upon creation and on all existing subnets when Neutron starts.
# An empty value for a DHCP option will cause that option to be unset globally.
# EXAMPLES:
# - ntp_server:1.2.3.4,wpad:1.2.3.5 - Set ntp_server and wpad
# - ntp_server:,wpad:1.2.3.5 - Unset ntp_server and set wpad
# See the ovn-nb(5) man page for available options. (dict value)
#ovn_dhcp6_global_options =

# Configure OVN to emit "need to frag" packets in case of MTU mismatch.
# Before enabling this configuration make sure that its supported by the host
# kernel (version >= 5.2) or by checking the output of the following command:
# ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep "Check pkt
# length action". (boolean value)
#ovn_emit_need_to_frag = false


[ovs]

#
# From networking_ovn
#

# Enable IGMP snooping for integration bridge. If this option is set to True,
# support for Internet Group Management Protocol (IGMP) is enabled in
# integration bridge. Setting this option to True will also enable Open vSwitch
# mcast-snooping-disable-flood-unregistered flag. This option will disable
# flooding of unregistered multicast packets to all ports. The switch will send
# unregistered multicast packets only to ports connected to multicast routers.
# (boolean value)
#igmp_snooping_enable = false


[ovs_driver]

#
# From neutron.ml2
#

# Comma-separated list of VNIC types for which support is administratively
# prohibited by the mechanism driver. Please note that the supported vnic_types
# depend on your network interface card, on the kernel version of your
# operating system, and on other factors, like OVS version. In case of ovs
# mechanism driver the valid vnic types are normal and direct. Note that direct
# is supported only from kernel 4.8, and from ovs 2.8.0. Bind DIRECT (SR-IOV)
# port allows to offload the OVS flows using tc to the SR-IOV NIC. This allows
# to support hardware offload via tc and that allows us to manage the VF by
# OpenFlow control plane using representor net-device. (list value)
#vnic_type_blacklist =


[securitygroup]

#
# From neutron.ml2
#

# Driver for security groups firewall in the L2 agent (string value)
#firewall_driver = <None>

# Controls whether the neutron security group API is enabled in the server. It
# should be false when using no security groups or using the nova security
# group API. (boolean value)
#enable_security_group = true

# Use ipset to speed-up the iptables based security groups. Enabling ipset
# support requires that ipset is installed on L2 agent node. (boolean value)
#enable_ipset = true

# Comma-separated list of ethertypes to be permitted, in hexadecimal (starting
# with "0x"). For example, "0x4008" to permit InfiniBand. (list value)
#permitted_ethertypes =


[sriov_driver]

#
# From neutron.ml2
#

# Comma-separated list of VNIC types for which support is administratively
# prohibited by the mechanism driver. Please note that the supported vnic_types
# depend on your network interface card, on the kernel version of your
# operating system, and on other factors. In case of sriov mechanism driver the
# valid VNIC types are direct, macvtap and direct-physical. (list value)
#vnic_type_blacklist =