[DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = False # L3 requires that an interface driver be set. Choose the one that best # matches your plugin. # interface_driver = # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) # that supports L3 agent # interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Use veth for an OVS interface or not. # Support kernels with limited namespace support # (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. # ovs_use_veth = False # Example of interface_driver option for LinuxBridge # interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and # iproute2 package that supports namespaces). This option is deprecated and # will be removed in a future release, at which point the old behavior of # use_namespaces = True will be enforced. # use_namespaces = True # If use_namespaces is set as False then the agent can only configure one router. # This is done by setting the specific router_id. # router_id = # When external_network_bridge is set, each L3 agent can be associated # with no more than one external network. This value should be set to the UUID # of that external network. To allow L3 agent support multiple external # networks, both the external_network_bridge and gateway_external_network_id # must be left empty. # gateway_external_network_id = # With IPv6, the network used for the external gateway does not need # to have an associated subnet, since the automatically assigned # link-local address (LLA) can be used. However, an IPv6 gateway address # is needed for use as the next-hop for the default route. If no IPv6 # gateway address is configured here, (and only then) the neutron router # will be configured to get its default route from router advertisements (RAs) # from the upstream router; in which case the upstream router must also be # configured to send these RAs. # The ipv6_gateway, when configured, should be the LLA of the interface # on the upstream router. If a next-hop using a global unique address (GUA) # is desired, it needs to be done via a subnet allocated to the network # and not through this parameter. # ipv6_gateway = # Indicates that this L3 agent should also handle routers that do not have # an external network gateway configured. This option should be True only # for a single agent in a Neutron deployment, and may be False for all agents # if all routers must have an external network gateway # handle_internal_only_routers = True # Name of bridge used for external network traffic. This should be set to # empty value for the linux bridge. when this parameter is set, each L3 agent # can be associated with no more than one external network. # external_network_bridge = br-ex # TCP Port used by Neutron metadata server # metadata_port = 9697 # Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 # to disable this feature. # send_arp_for_ha = 3 # seconds between re-sync routers' data if needed # periodic_interval = 40 # seconds to start to sync routers' data after # starting agent # periodic_fuzzy_delay = 5 # enable_metadata_proxy, which is true by default, can be set to False # if the Nova metadata server is not available # enable_metadata_proxy = True # Iptables mangle mark used to mark metadata valid requests # metadata_access_mark = 0x1 # Iptables mangle mark used to mark ingress from external network # external_ingress_mark = 0x2 # router_delete_namespaces, which is false by default, can be set to True if # namespaces can be deleted cleanly on the host running the L3 agent. # Do not enable this until you understand the problem with the Linux iproute # utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and # you are sure that your version of iproute does not suffer from the problem. # If True, namespaces will be deleted when a router is destroyed. # router_delete_namespaces = False # Timeout for ovs-vsctl commands. # If the timeout expires, ovs commands will fail with ALARMCLOCK error. # ovs_vsctl_timeout = 10 # The working mode for the agent. Allowed values are: # - legacy: this preserves the existing behavior where the L3 agent is # deployed on a centralized networking node to provide L3 services # like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. # - dvr: this mode enables DVR functionality, and must be used for an L3 # agent that runs on a compute host. # - dvr_snat: this enables centralized SNAT support in conjunction with # DVR. This mode must be used for an L3 agent running on a centralized # node (or in single-host deployments, e.g. devstack). # agent_mode = legacy # Location to store keepalived and all HA configurations # ha_confs_path = $state_path/ha_confs # VRRP authentication type AH/PASS # ha_vrrp_auth_type = PASS # VRRP authentication password # ha_vrrp_auth_password = # The advertisement interval in seconds # ha_vrrp_advert_int = 2