ovs_integration_bridge
¶string
br-int
Name of Open vSwitch bridge to use
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
This variable is a duplicate of OVS.integration_bridge. To be removed in W.
ovs_use_veth
¶boolean
False
Uses veth for an OVS interface or not. Support kernels with limited namespace support (e.g. RHEL 6.5) and rate limiting on router’s gateway port so long as ovs_use_veth is set to True.
interface_driver
¶string
<None>
The driver used to manage the virtual interface.
rpc_response_max_timeout
¶integer
600
Maximum seconds to wait for a response from an RPC call.
agent_mode
¶string
legacy
dvr, dvr_snat, legacy, dvr_no_external
The working mode for the agent. Allowed modes are: ‘legacy’ - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. ‘dvr’ - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. ‘dvr_snat’ - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack). dvr_snat mode is not supported on a compute host. ‘dvr_no_external’ - this mode enables only East/West DVR routing functionality for a L3 agent that runs on a compute host, the North/South functionality such as DNAT and SNAT will be provided by the centralized network node that is running in ‘dvr_snat’ mode. This mode should be used when there is no external network connectivity on the compute host.
metadata_port
¶port number
9697
0
65535
TCP Port used by Neutron metadata namespace proxy.
handle_internal_only_routers
¶boolean
True
Indicates that this L3 agent should also handle routers that do not have an external network gateway configured. This option should be True only for a single agent in a Neutron deployment, and may be False for all agents if all routers must have an external network gateway.
ipv6_gateway
¶string
''
With IPv6, the network used for the external gateway does not need to have an associated subnet, since the automatically assigned link-local address (LLA) can be used. However, an IPv6 gateway address is needed for use as the next-hop for the default route. If no IPv6 gateway address is configured here, (and only then) the neutron router will be configured to get its default route from router advertisements (RAs) from the upstream router; in which case the upstream router must also be configured to send these RAs. The ipv6_gateway, when configured, should be the LLA of the interface on the upstream router. If a next-hop using a global unique address (GUA) is desired, it needs to be done via a subnet allocated to the network and not through this parameter.
prefix_delegation_driver
¶string
dibbler
Driver used for ipv6 prefix delegation. This needs to be an entry point defined in the neutron.agent.linux.pd_drivers namespace. See setup.cfg for entry points included with the neutron source.
enable_metadata_proxy
¶boolean
True
Allow running metadata proxy.
metadata_access_mark
¶string
0x1
Iptables mangle mark used to mark metadata valid requests. This mark will be masked with 0xffff so that only the lower 16 bits will be used.
external_ingress_mark
¶string
0x2
Iptables mangle mark used to mark ingress from external network. This mark will be masked with 0xffff so that only the lower 16 bits will be used.
radvd_user
¶string
''
The username passed to radvd, used to drop root privileges and change user ID to username and group ID to the primary group of username. If no user specified (by default), the user executing the L3 agent will be passed. If “root” specified, because radvd is spawned as root, no “username” parameter will be passed.
cleanup_on_shutdown
¶boolean
False
Delete all routers on L3 agent shutdown. For L3 HA routers it includes a shutdown of keepalived and the state change monitor. NOTE: Setting to True could affect the data plane when stopping or restarting the L3 agent.
keepalived_use_no_track
¶boolean
True
If keepalived without support for “no_track” option is used, this should be set to False. Support for this option was introduced in keepalived 2.x
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
By keepalived version detection introduced by https://review.opendev.org/757620 there is no need for this config option. To be removed in X.
periodic_interval
¶integer
40
Seconds between running periodic tasks.
api_workers
¶integer
<None>
Number of separate API worker processes for service. If not specified, the default is equal to the number of CPUs available for best performance, capped by potential RAM usage.
rpc_workers
¶integer
<None>
Number of RPC worker processes for service. If not specified, the default is equal to half the number of API workers.
rpc_state_report_workers
¶integer
1
Number of RPC worker processes dedicated to state reports queue.
periodic_fuzzy_delay
¶integer
5
Range of seconds to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0)
ha_confs_path
¶string
$state_path/ha_confs
Location to store keepalived config files
ha_vrrp_auth_type
¶string
PASS
AH, PASS
VRRP authentication type
ha_vrrp_auth_password
¶string
<None>
VRRP authentication password
ha_vrrp_advert_int
¶integer
2
The advertisement interval in seconds
ha_keepalived_state_change_server_threads
¶integer
(1 + <num_of_cpus>) / 2
1
This option has a sample default set, which means that its actual default value may vary from the one documented above.
Number of concurrent threads for keepalived server connection requests. More threads create a higher CPU load on the agent node.
ha_vrrp_health_check_interval
¶integer
0
The VRRP health check interval in seconds. Values > 0 enable VRRP health checks. Setting it to 0 disables VRRP health checks. Recommended value is 5. This will cause pings to be sent to the gateway IP address(es) - requires ICMP_ECHO_REQUEST to be enabled on the gateway(s). If a gateway fails, all routers will be reported as primary, and a primary election will be repeated in a round-robin fashion, until one of the routers restores the gateway connection.
pd_confs
¶string
$state_path/pd
Location to store IPv6 PD files.
vendor_pen
¶string
8888
A decimal value as Vendor’s Registered Private Enterprise Number as required by RFC3315 DUID-EN.
ra_confs
¶string
$state_path/ra
Location to store IPv6 RA config files
min_rtr_adv_interval
¶integer
30
MinRtrAdvInterval setting for radvd.conf
max_rtr_adv_interval
¶integer
100
MaxRtrAdvInterval setting for radvd.conf
availability_zone
¶string
nova
Availability zone of this node
report_interval
¶floating point
30
Seconds between nodes reporting state to server; should be less than agent_down_time, best if it is half or less than agent_down_time.
log_agent_heartbeats
¶boolean
False
Log agent heartbeats
extensions
¶list
[]
Extensions list to use
rate_limit
¶integer
100
100
Maximum packets logging per second.
burst_limit
¶integer
25
25
Maximum number of packets per rate_limit.
local_output_log_base
¶string
<None>
Output logfile path on agent side, default syslog file.
ovsdb_connection
¶string
tcp:127.0.0.1:6640
The connection string for the OVSDB backend. Will be used for all ovsdb commands and by ovsdb-client when monitoring
ssl_key_file
¶string
<None>
The SSL private key file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection
ssl_cert_file
¶string
<None>
The SSL certificate file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection
ssl_ca_cert_file
¶string
<None>
The Certificate Authority (CA) certificate to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection
ovsdb_debug
¶boolean
False
Enable OVSDB debug logs
ovsdb_timeout
¶integer
10
Timeout in seconds for ovsdb commands. If the timeout expires, ovsdb commands will fail with ALARMCLOCK error.
bridge_mac_table_size
¶integer
50000
The maximum number of MAC addresses to learn on a bridge managed by the Neutron OVS agent. Values outside a reasonable range (10 to 1,000,000) might be overridden by Open vSwitch according to the documentation.
igmp_snooping_enable
¶boolean
False
Enable IGMP snooping for integration bridge. If this option is set to True, support for Internet Group Management Protocol (IGMP) is enabled in integration bridge. Setting this option to True will also enable Open vSwitch mcast-snooping-disable-flood-unregistered flag. This option will disable flooding of unregistered multicast packets to all ports. The switch will send unregistered multicast packets only to ports connected to multicast routers.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.