l3_agent.ini

DEFAULT

ovs_integration_bridge
Type

string

Default

br-int

Name of Open vSwitch bridge to use

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason

This variable is a duplicate of OVS.integration_bridge. To be removed in W.

ovs_use_veth
Type

boolean

Default

False

Uses veth for an OVS interface or not. Support kernels with limited namespace support (e.g. RHEL 6.5) and rate limiting on router’s gateway port so long as ovs_use_veth is set to True.

interface_driver
Type

string

Default

<None>

The driver used to manage the virtual interface.

rpc_response_max_timeout
Type

integer

Default

600

Maximum seconds to wait for a response from an RPC call.

agent_mode
Type

string

Default

legacy

Valid Values

dvr, dvr_snat, legacy, dvr_no_external

The working mode for the agent. Allowed modes are: ‘legacy’ - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. ‘dvr’ - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. ‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack). ‘dvr_no_external’ - this mode enables only East/West DVR routing functionality for a L3 agent that runs on a compute host, the North/South functionality such as DNAT and SNAT will be provided by the centralized network node that is running in ‘dvr_snat’ mode. This mode should be used when there is no external network connectivity on the compute host.

metadata_port
Type

port number

Default

9697

Minimum Value

0

Maximum Value

65535

TCP Port used by Neutron metadata namespace proxy.

handle_internal_only_routers
Type

boolean

Default

True

Indicates that this L3 agent should also handle routers that do not have an external network gateway configured. This option should be True only for a single agent in a Neutron deployment, and may be False for all agents if all routers must have an external network gateway.

ipv6_gateway
Type

string

Default

''

With IPv6, the network used for the external gateway does not need to have an associated subnet, since the automatically assigned link-local address (LLA) can be used. However, an IPv6 gateway address is needed for use as the next-hop for the default route. If no IPv6 gateway address is configured here, (and only then) the neutron router will be configured to get its default route from router advertisements (RAs) from the upstream router; in which case the upstream router must also be configured to send these RAs. The ipv6_gateway, when configured, should be the LLA of the interface on the upstream router. If a next-hop using a global unique address (GUA) is desired, it needs to be done via a subnet allocated to the network and not through this parameter.

prefix_delegation_driver
Type

string

Default

dibbler

Driver used for ipv6 prefix delegation. This needs to be an entry point defined in the neutron.agent.linux.pd_drivers namespace. See setup.cfg for entry points included with the neutron source.

enable_metadata_proxy
Type

boolean

Default

True

Allow running metadata proxy.

metadata_access_mark
Type

string

Default

0x1

Iptables mangle mark used to mark metadata valid requests. This mark will be masked with 0xffff so that only the lower 16 bits will be used.

external_ingress_mark
Type

string

Default

0x2

Iptables mangle mark used to mark ingress from external network. This mark will be masked with 0xffff so that only the lower 16 bits will be used.

radvd_user
Type

string

Default

''

The username passed to radvd, used to drop root privileges and change user ID to username and group ID to the primary group of username. If no user specified (by default), the user executing the L3 agent will be passed. If “root” specified, because radvd is spawned as root, no “username” parameter will be passed.

cleanup_on_shutdown
Type

boolean

Default

False

Delete all routers on L3 agent shutdown. For L3 HA routers it includes a shutdown of keepalived and the state change monitor. NOTE: Setting to True could affect the data plane when stopping or restarting the L3 agent.

keepalived_use_no_track
Type

boolean

Default

True

If keepalived without support for “no_track” option is used, this should be set to False. Support for this option was introduced in keepalived 2.x

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason

By keepalived version detection introduced by https://review.opendev.org/757620 there is no need for this config option. To be removed in X.

periodic_interval
Type

integer

Default

40

Seconds between running periodic tasks.

api_workers
Type

integer

Default

<None>

Number of separate API worker processes for service. If not specified, the default is equal to the number of CPUs available for best performance, capped by potential RAM usage.

rpc_workers
Type

integer

Default

<None>

Number of RPC worker processes for service. If not specified, the default is equal to half the number of API workers.

rpc_state_report_workers
Type

integer

Default

1

Number of RPC worker processes dedicated to state reports queue.

periodic_fuzzy_delay
Type

integer

Default

5

Range of seconds to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0)

ha_confs_path
Type

string

Default

$state_path/ha_confs

Location to store keepalived config files

ha_vrrp_auth_type
Type

string

Default

PASS

Valid Values

AH, PASS

VRRP authentication type

ha_vrrp_auth_password
Type

string

Default

<None>

VRRP authentication password

ha_vrrp_advert_int
Type

integer

Default

2

The advertisement interval in seconds

ha_keepalived_state_change_server_threads
Type

integer

Default

(1 + <num_of_cpus>) / 2

Minimum Value

1

This option has a sample default set, which means that its actual default value may vary from the one documented above.

Number of concurrent threads for keepalived server connection requests. More threads create a higher CPU load on the agent node.

ha_vrrp_health_check_interval
Type

integer

Default

0

The VRRP health check interval in seconds. Values > 0 enable VRRP health checks. Setting it to 0 disables VRRP health checks. Recommended value is 5. This will cause pings to be sent to the gateway IP address(es) - requires ICMP_ECHO_REQUEST to be enabled on the gateway(s). If a gateway fails, all routers will be reported as primary, and a primary election will be repeated in a round-robin fashion, until one of the routers restores the gateway connection.

pd_confs
Type

string

Default

$state_path/pd

Location to store IPv6 PD files.

vendor_pen
Type

string

Default

8888

A decimal value as Vendor’s Registered Private Enterprise Number as required by RFC3315 DUID-EN.

ra_confs
Type

string

Default

$state_path/ra

Location to store IPv6 RA config files

min_rtr_adv_interval
Type

integer

Default

30

MinRtrAdvInterval setting for radvd.conf

max_rtr_adv_interval
Type

integer

Default

100

MaxRtrAdvInterval setting for radvd.conf

agent

availability_zone
Type

string

Default

nova

Availability zone of this node

report_interval
Type

floating point

Default

30

Seconds between nodes reporting state to server; should be less than agent_down_time, best if it is half or less than agent_down_time.

log_agent_heartbeats
Type

boolean

Default

False

Log agent heartbeats

extensions
Type

list

Default

[]

Extensions list to use

network_log

rate_limit
Type

integer

Default

100

Minimum Value

100

Maximum packets logging per second.

burst_limit
Type

integer

Default

25

Minimum Value

25

Maximum number of packets per rate_limit.

local_output_log_base
Type

string

Default

<None>

Output logfile path on agent side, default syslog file.

ovs

ovsdb_connection
Type

string

Default

tcp:127.0.0.1:6640

The connection string for the OVSDB backend. Will be used for all ovsdb commands and by ovsdb-client when monitoring

ssl_key_file
Type

string

Default

<None>

The SSL private key file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection

ssl_cert_file
Type

string

Default

<None>

The SSL certificate file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection

ssl_ca_cert_file
Type

string

Default

<None>

The Certificate Authority (CA) certificate to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection

ovsdb_debug
Type

boolean

Default

False

Enable OVSDB debug logs

ovsdb_timeout
Type

integer

Default

10

Timeout in seconds for ovsdb commands. If the timeout expires, ovsdb commands will fail with ALARMCLOCK error.

bridge_mac_table_size
Type

integer

Default

50000

The maximum number of MAC addresses to learn on a bridge managed by the Neutron OVS agent. Values outside a reasonable range (10 to 1,000,000) might be overridden by Open vSwitch according to the documentation.

igmp_snooping_enable
Type

boolean

Default

False

Enable IGMP snooping for integration bridge. If this option is set to True, support for Internet Group Management Protocol (IGMP) is enabled in integration bridge. Setting this option to True will also enable Open vSwitch mcast-snooping-disable-flood-unregistered flag. This option will disable flooding of unregistered multicast packets to all ports. The switch will send unregistered multicast packets only to ports connected to multicast routers.