l3_agent.ini¶
DEFAULT¶
-
ovs_integration_bridge
¶ - Type
string
- Default
br-int
Name of Open vSwitch bridge to use
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
- Reason
This variable is a duplicate of OVS.integration_bridge. To be removed in W.
-
ovs_use_veth
¶ - Type
boolean
- Default
False
Uses veth for an OVS interface or not. Support kernels with limited namespace support (e.g. RHEL 6.5) and rate limiting on router’s gateway port so long as ovs_use_veth is set to True.
-
interface_driver
¶ - Type
string
- Default
<None>
The driver used to manage the virtual interface.
-
rpc_response_max_timeout
¶ - Type
integer
- Default
600
Maximum seconds to wait for a response from an RPC call.
-
agent_mode
¶ - Type
string
- Default
legacy
- Valid Values
dvr, dvr_snat, legacy, dvr_no_external
The working mode for the agent. Allowed modes are: ‘legacy’ - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. ‘dvr’ - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. ‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack). ‘dvr_no_external’ - this mode enables only East/West DVR routing functionality for a L3 agent that runs on a compute host, the North/South functionality such as DNAT and SNAT will be provided by the centralized network node that is running in ‘dvr_snat’ mode. This mode should be used when there is no external network connectivity on the compute host.
-
metadata_port
¶ - Type
port number
- Default
9697
- Minimum Value
0
- Maximum Value
65535
TCP Port used by Neutron metadata namespace proxy.
-
handle_internal_only_routers
¶ - Type
boolean
- Default
True
Indicates that this L3 agent should also handle routers that do not have an external network gateway configured. This option should be True only for a single agent in a Neutron deployment, and may be False for all agents if all routers must have an external network gateway.
-
ipv6_gateway
¶ - Type
string
- Default
''
With IPv6, the network used for the external gateway does not need to have an associated subnet, since the automatically assigned link-local address (LLA) can be used. However, an IPv6 gateway address is needed for use as the next-hop for the default route. If no IPv6 gateway address is configured here, (and only then) the neutron router will be configured to get its default route from router advertisements (RAs) from the upstream router; in which case the upstream router must also be configured to send these RAs. The ipv6_gateway, when configured, should be the LLA of the interface on the upstream router. If a next-hop using a global unique address (GUA) is desired, it needs to be done via a subnet allocated to the network and not through this parameter.
-
prefix_delegation_driver
¶ - Type
string
- Default
dibbler
Driver used for ipv6 prefix delegation. This needs to be an entry point defined in the neutron.agent.linux.pd_drivers namespace. See setup.cfg for entry points included with the neutron source.
-
enable_metadata_proxy
¶ - Type
boolean
- Default
True
Allow running metadata proxy.
-
metadata_access_mark
¶ - Type
string
- Default
0x1
Iptables mangle mark used to mark metadata valid requests. This mark will be masked with 0xffff so that only the lower 16 bits will be used.
-
external_ingress_mark
¶ - Type
string
- Default
0x2
Iptables mangle mark used to mark ingress from external network. This mark will be masked with 0xffff so that only the lower 16 bits will be used.
-
radvd_user
¶ - Type
string
- Default
''
The username passed to radvd, used to drop root privileges and change user ID to username and group ID to the primary group of username. If no user specified (by default), the user executing the L3 agent will be passed. If “root” specified, because radvd is spawned as root, no “username” parameter will be passed.
-
cleanup_on_shutdown
¶ - Type
boolean
- Default
False
Delete all routers on L3 agent shutdown. For L3 HA routers it includes a shutdown of keepalived and the state change monitor. NOTE: Setting to True could affect the data plane when stopping or restarting the L3 agent.
-
keepalived_use_no_track
¶ - Type
boolean
- Default
True
If keepalived without support for “no_track” option is used, this should be set to False. Support for this option was introduced in keepalived 2.x
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
- Reason
By keepalived version detection introduced by https://review.opendev.org/757620 there is no need for this config option. To be removed in X.
-
periodic_interval
¶ - Type
integer
- Default
40
Seconds between running periodic tasks.
-
api_workers
¶ - Type
integer
- Default
<None>
Number of separate API worker processes for service. If not specified, the default is equal to the number of CPUs available for best performance, capped by potential RAM usage.
-
rpc_workers
¶ - Type
integer
- Default
<None>
Number of RPC worker processes for service. If not specified, the default is equal to half the number of API workers.
-
rpc_state_report_workers
¶ - Type
integer
- Default
1
Number of RPC worker processes dedicated to state reports queue.
-
periodic_fuzzy_delay
¶ - Type
integer
- Default
5
Range of seconds to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0)
-
ha_confs_path
¶ - Type
string
- Default
$state_path/ha_confs
Location to store keepalived config files
-
ha_vrrp_auth_type
¶ - Type
string
- Default
PASS
- Valid Values
AH, PASS
VRRP authentication type
-
ha_vrrp_auth_password
¶ - Type
string
- Default
<None>
VRRP authentication password
-
ha_vrrp_advert_int
¶ - Type
integer
- Default
2
The advertisement interval in seconds
-
ha_keepalived_state_change_server_threads
¶ - Type
integer
- Default
(1 + <num_of_cpus>) / 2
- Minimum Value
1
This option has a sample default set, which means that its actual default value may vary from the one documented above.
Number of concurrent threads for keepalived server connection requests. More threads create a higher CPU load on the agent node.
-
ha_vrrp_health_check_interval
¶ - Type
integer
- Default
0
The VRRP health check interval in seconds. Values > 0 enable VRRP health checks. Setting it to 0 disables VRRP health checks. Recommended value is 5. This will cause pings to be sent to the gateway IP address(es) - requires ICMP_ECHO_REQUEST to be enabled on the gateway(s). If a gateway fails, all routers will be reported as primary, and a primary election will be repeated in a round-robin fashion, until one of the routers restores the gateway connection.
-
pd_confs
¶ - Type
string
- Default
$state_path/pd
Location to store IPv6 PD files.
-
vendor_pen
¶ - Type
string
- Default
8888
A decimal value as Vendor’s Registered Private Enterprise Number as required by RFC3315 DUID-EN.
-
ra_confs
¶ - Type
string
- Default
$state_path/ra
Location to store IPv6 RA config files
-
min_rtr_adv_interval
¶ - Type
integer
- Default
30
MinRtrAdvInterval setting for radvd.conf
-
max_rtr_adv_interval
¶ - Type
integer
- Default
100
MaxRtrAdvInterval setting for radvd.conf
agent¶
-
availability_zone
¶ - Type
string
- Default
nova
Availability zone of this node
-
report_interval
¶ - Type
floating point
- Default
30
Seconds between nodes reporting state to server; should be less than agent_down_time, best if it is half or less than agent_down_time.
-
log_agent_heartbeats
¶ - Type
boolean
- Default
False
Log agent heartbeats
-
extensions
¶ - Type
list
- Default
[]
Extensions list to use
network_log¶
-
rate_limit
¶ - Type
integer
- Default
100
- Minimum Value
100
Maximum packets logging per second.
-
burst_limit
¶ - Type
integer
- Default
25
- Minimum Value
25
Maximum number of packets per rate_limit.
-
local_output_log_base
¶ - Type
string
- Default
<None>
Output logfile path on agent side, default syslog file.
ovs¶
-
ovsdb_connection
¶ - Type
string
- Default
tcp:127.0.0.1:6640
The connection string for the OVSDB backend. Will be used for all ovsdb commands and by ovsdb-client when monitoring
-
ssl_key_file
¶ - Type
string
- Default
<None>
The SSL private key file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection
-
ssl_cert_file
¶ - Type
string
- Default
<None>
The SSL certificate file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection
-
ssl_ca_cert_file
¶ - Type
string
- Default
<None>
The Certificate Authority (CA) certificate to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection
-
ovsdb_debug
¶ - Type
boolean
- Default
False
Enable OVSDB debug logs
-
ovsdb_timeout
¶ - Type
integer
- Default
10
Timeout in seconds for ovsdb commands. If the timeout expires, ovsdb commands will fail with ALARMCLOCK error.
-
bridge_mac_table_size
¶ - Type
integer
- Default
50000
The maximum number of MAC addresses to learn on a bridge managed by the Neutron OVS agent. Values outside a reasonable range (10 to 1,000,000) might be overridden by Open vSwitch according to the documentation.
-
igmp_snooping_enable
¶ - Type
boolean
- Default
False
Enable IGMP snooping for integration bridge. If this option is set to True, support for Internet Group Management Protocol (IGMP) is enabled in integration bridge. Setting this option to True will also enable Open vSwitch mcast-snooping-disable-flood-unregistered flag. This option will disable flooding of unregistered multicast packets to all ports. The switch will send unregistered multicast packets only to ports connected to multicast routers.