Before you install and configure OpenStack Networking, you must enable certain kernel networking functions. Edit the /etc/sysctl.conf file and add the following lines: net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 Implement the changes: # sysctl -p # apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ openvswitch-datapath-dkms # yum install openstack-neutron-ml2 openstack-neutron-openvswitch # zypper install openstack-neutron-openvswitch-agent Ubuntu installations that use Linux kernel version 3.11 or later do not require the openvswitch-datapath-dkms package. SUSE does not use a separate ML2 plug-in package. # apt-get install neutron-plugin-openvswitch-agent openvswitch-datapath-dkms Debian does not use a separate ML2 plug-in package. Respond to prompts for database management, Identity service credentials, service endpoint registration, and message broker credentials. Select the ML2 plug-in: Selecting the ML2 plug-in also populates the service_plugins and allow_overlapping_ips keys in the /etc/neutron/neutron.conf file with the appropriate values. The Networking common component configuration includes the authentication mechanism, message broker, and plug-in. Configure Networking to use the Identity service for authentication: Edit the /etc/neutron/neutron.conf file and add the following key to the [DEFAULT] section: [DEFAULT] ... auth_strategy = keystone Add the following keys to the [keystone_authtoken] section: [keystone_authtoken] ... auth_uri = http://controller:5000 auth_host = controller auth_protocol = http auth_port = 35357 admin_tenant_name = service admin_user = neutron admin_password = NEUTRON_PASS Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. Configure Networking to use the message broker: Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section: Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ. [DEFAULT] ... rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = controller rabbit_password = RABBIT_PASS Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services: Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section: [DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True To assist with troubleshooting, addverbose = True to the [DEFAULT] section in the /etc/neutron/neutron.conf file. The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances. Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and add the following keys to the [ml2] section: [ml2] ... type_drivers = gre tenant_network_types = gre mechanism_drivers = openvswitch Add the following keys to the [ml2_type_gre] section: [ml2_type_gre] ... tunnel_id_ranges = 1:1000 Add the [ovs] section and the following keys to it: Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your compute node. [ovs] ... local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS tunnel_type = gre enable_tunneling = True Add the [securitygroup] section and the following keys to it: [securitygroup] ... firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True The OVS service provides the underlying virtual networking framework for instances. Start the OVS service and configure it to start when the system boots: # service openvswitch start # chkconfig openvswitch on Start the OVS service and configure it to start when the system boots: # service openvswitch-switch start # chkconfig openvswitch-switch on Restart the OVS service: # service openvswitch-switch restart Restart the OVS service: # service openvswitch restart By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking. Edit the /etc/nova/nova.conf and add the following keys to the [DEFAULT] section: Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. [DEFAULT] ... network_api_class = nova.network.neutronv2.api.API neutron_url = http://controller:9696 neutron_auth_strategy = keystone neutron_admin_tenant_name = service neutron_admin_username = neutron neutron_admin_password = NEUTRON_PASS neutron_admin_auth_url = http://controller:35357/v2.0 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver security_group_api = neutron By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver. The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the configuration file associated with your chosen plug-in. Using the ML2 plug-in, for example, the symbolic link must point to /etc/neutron/plugins/ml2/ml2_conf.ini. If this symbolic link does not exist, create it using the following commands: # ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini The Networking service initialization scripts expect the variable NEUTRON_PLUGIN_CONF in the /etc/sysconfig/neutron file to reference the configuration file associated with your chosen plug-in. Using ML2, for example, edit the /etc/sysconfig/neutron file and add the following: NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini" Restart the Compute service: # service openstack-nova-compute restart # service nova-compute restart Start the Open vSwitch (OVS) agent and configure it to start when the system boots: # service openstack-neutron-openvswitch-agent start # chkconfig openstack-neutron-openvswitch-agent on Restart the Open vSwitch (OVS) agent: # service neutron-plugin-openvswitch-agent restart