openstack-manuals/doc/install-guide/section_neutron-install.xml
annegentle fd01182026 Adds openvswitch-datapath-dkms package install for Ubuntu
Adds a note with troubleshooting information when GRE doesn't work
on Ubuntu 12.04 LTS.

Change-Id: I6223bbc0a0e77b1b0971ed52d7bbc7266d5fc69b
Closes-bug: 1249589
Partial-bug: 1238445
2013-11-12 15:21:21 -06:00

1140 lines
58 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="neutron-install-network-node"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:html="http://www.w3.org/1999/xhtml" version="5.0">
<title>Install Networking services</title>
<para os="debian">When you install a Networking node, you must
configure it for API endpoints, RabbitMQ,
<code>keystone_authtoken</code>, and the database. Use
<package>debconf</package> to configure these values.</para>
<para os="debian">When you install a Networking package,
<package>debconf</package> prompts you to choose configuration
options including which plug-in to use, as follows:</para>
<informalfigure os="debian">
<mediaobject>
<imageobject>
<imagedata scale="50"
fileref="figures/debconf-screenshots/neutron_1_plugin_selection.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<para os="debian">This parameter sets the
<parameter>core_plugin</parameter> option value in the
<filename>/etc/neutron/neutron.conf</filename> file.</para>
<note os="debian">
<para>When you install the <package>neutron-common</package>
package, all plug-ins are installed by default.</para>
</note>
<para os="debian">This table lists the values for the
<parameter>core_plugin</parameter> option. These values depend
on your response to the <package>debconf</package> prompt.</para>
<table rules="all" os="debian">
<caption>Plug-ins and the core_plugin option</caption>
<thead>
<tr>
<th>Plug-in</th>
<th>core_plugin value in
<filename>neutron.conf</filename></th>
</tr>
</thead>
<tbody>
<tr>
<td><para>BigSwitch</para></td>
<td><para>neutron.plugins.bigswitch.plugin.NeutronRestProxyV2</para></td>
</tr>
<tr>
<td><para>Brocade</para></td>
<td><para>neutron.plugins.brocade.NeutronPlugin.BrocadePluginV2</para></td>
</tr>
<tr>
<td><para>Cisco</para></td>
<td><para>neutron.plugins.cisco.network_plugin.PluginV2</para></td>
</tr>
<tr>
<td><para>Hyper-V</para></td>
<td><para>neutron.plugins.hyperv.hyperv_neutron_plugin.HyperVNeutronPlugin</para></td>
</tr>
<tr>
<td><para>LinuxBridge</para></td>
<td><para>neutron.plugins.linuxbridge.lb_neutron_plugin.LinuxBridgePluginV2</para></td>
</tr>
<tr>
<td><para>Mellanox</para></td>
<td><para>neutron.plugins.mlnx.mlnx_plugin.MellanoxEswitchPlugin</para></td>
</tr>
<tr>
<td><para>MetaPlugin</para></td>
<td><para>neutron.plugins.metaplugin.meta_neutron_plugin.MetaPluginV2</para></td>
</tr>
<tr>
<td><para>Midonet</para></td>
<td><para>neutron.plugins.midonet.plugin.MidonetPluginV2</para></td>
</tr>
<tr>
<td><para>ml2</para></td>
<td><para>neutron.plugins.ml2.plugin.Ml2Plugin</para></td>
</tr>
<tr>
<td><para>Nec</para></td>
<td><para>neutron.plugins.nec.nec_plugin.NECPluginV2</para></td>
</tr>
<tr>
<td><para>OpenVSwitch</para></td>
<td><para>neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</para></td>
</tr>
<tr>
<td><para>PLUMgrid</para></td>
<td><para>neutron.plugins.plumgrid.plumgrid_nos_plugin.plumgrid_plugin.NeutronPluginPLUMgridV2</para></td>
</tr>
<tr>
<td><para>RYU</para></td>
<td><para>neutron.plugins.ryu.ryu_neutron_plugin.RyuNeutronPluginV2</para></td>
</tr>
</tbody>
</table>
<para os="debian">Depending on the value of
<parameter>core_plugin</parameter>, the start-up scripts start
the daemons by using the corresponding plug-in configuration file
directly. For example, if you selected the Open vSwitch plug-in,
<code>neutron-server</code> automatically launches with
<parameter>--config-file
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</parameter>.</para>
<para os="debian">The <package>neutron-common</package> package also
prompts you for the default network configuration:</para>
<informalfigure os="debian">
<mediaobject>
<imageobject>
<imagedata scale="50"
fileref="figures/debconf-screenshots/neutron_2_networking_type.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<informalfigure os="debian">
<mediaobject>
<imageobject>
<imagedata scale="50"
fileref="figures/debconf-screenshots/neutron_3_hypervisor_ip.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<para os="rhel;centos;fedora;opensuse;sles;ubuntu">Before you
configure individual nodes for Networking, you must create the
required OpenStack components: user, service, database, and one or
more endpoints. After you complete these steps, follow the
instructions in this guide to set up OpenStack Networking
nodes.</para>
<procedure os="rhel;centos;fedora;opensuse;sles;ubuntu">
<step>
<!-- TODO(sross): change this to use `openstack-db` once it supports Neutron -->
<!-- TODO(sross): move this into its own section -->
<para>Use the password that you set previously to log in as root
and create a <literal>neutron</literal> database:</para>
<screen><prompt>#</prompt> <userinput>mysql -u root -p</userinput>
<prompt>mysql></prompt> <userinput>CREATE DATABASE neutron;</userinput>
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY '<replaceable>NEUTRON_DBPASS</replaceable>';</userinput>
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY '<replaceable>NEUTRON_DBPASS</replaceable>';</userinput></screen>
</step>
<step>
<para>Create the required user, service, and endpoint so that
Networking can interface with the Identity Service.</para>
<para>To list the tenant IDs:</para>
<screen><prompt>#</prompt> <userinput>keystone tenant-list</userinput></screen>
<para>To list role IDs:</para>
<screen><prompt>#</prompt> <userinput>keystone role-list</userinput></screen>
<para>Create a <literal>neutron</literal> user:</para>
<screen><prompt>#</prompt> <userinput>keystone user-create --name=neutron --pass=<replaceable>NEUTRON_PASS</replaceable> --email=<replaceable>neutron@example.com</replaceable></userinput></screen>
<para>Add the user role to the neutron user:</para>
<screen><prompt>#</prompt> <userinput>keystone user-role-add --user=neutron --tenant=service --role=admin</userinput></screen>
<para>Create the neutron service:</para>
<screen><prompt>#</prompt> <userinput>keystone service-create --name=neutron --type=network \
--description="OpenStack Networking Service"</userinput></screen>
<para>Create a Networking endpoint. Use the
<literal>id</literal> property for the service that was
returned in the previous step to create the endpoint:</para>
<screen><prompt>#</prompt> <userinput>keystone endpoint-create \
--service-id <replaceable>the_service_id_above</replaceable> \
--publicurl http://<replaceable>controller</replaceable>:9696 \
--adminurl http://<replaceable>controller</replaceable>:9696 \
--internalurl http://<replaceable>controller</replaceable>:9696</userinput></screen>
</step>
</procedure>
<section xml:id="neutron-install.dedicated-network-node">
<title>Install Networking services on a dedicated network
node</title>
<note>
<para>Before you start, set up a machine as a dedicated network
node. Dedicated network nodes have a
<replaceable>MGMT_INTERFACE</replaceable> NIC, a
<replaceable>DATA_INTERFACE</replaceable> NIC, and a
<replaceable>EXTERNAL_INTERFACE</replaceable> NIC.</para>
<para>The management network handles communication among nodes.
The data network handles communication coming to and from VMs.
The external NIC connects the network node, and optionally to
the controller node, so your VMs can connect to the outside
world.</para>
<para>All NICs must have static IPs. However, the data and
external NICs have a special set up. For details about
Networking plug-ins, see <xref
linkend="install-neutron.install-plug-in"/>.</para>
</note>
<warning os="rhel;centos">
<para>By default, the <literal>system-config-firewall</literal>
automated firewall configuration tool is in place on RHEL.
This graphical interface (and a curses-style interface with
<literal>-tui</literal> on the end of the name) enables you
to configure IP tables as a basic firewall. You should disable
it when you work with Networking unless you are familiar with
the underlying network technologies, as, by default, it blocks
various types of network traffic that are important to
Networking. To disable it, simply launch the program and clear
the <guilabel>Enabled</guilabel> check box.</para>
<para>After you successfully set up OpenStack Networking, you
can re-enable and configure the tool. However, during
Networking set up, disable the tool to make it easier to debug
network issues.</para>
</warning>
<procedure>
<step>
<para>Install the OpenStack Networking service on the network
node:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-server neutron-dhcp-agent neutron-plugin-openvswitch-agent neutron-l3-agent</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron openstack-neutron-l3-agent openstack-neutron-dhcp-agent</userinput></screen>
</step>
<step os="debian">
<para>Respond to prompts for <link
linkend="debconf-dbconfig-common">database
management</link>, <link
linkend="debconf-keystone_authtoken"
><literal>[keystone_authtoken]</literal>
settings</link>, <link linkend="debconf-rabbitqm">RabbitMQ
credentials</link> and <link
linkend="debconf-api-endpoints">API endpoint</link>
registration.</para>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Configure basic Networking-related services to start at
boot time:</para>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>for s in neutron-{dhcp,l3}-agent; do chkconfig $s on; done</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>for s in openstack-neutron-{dhcp,l3}-agent; do chkconfig $s on; done</userinput></screen>
</step>
<step>
<para>Enable packet forwarding and disable packet destination
filtering so that the network node can coordinate traffic
for the VMs. Edit the <filename>/etc/sysctl.conf</filename>
file, as follows:</para>
<programlisting language="ini">net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0</programlisting>
<note>
<para>With system network-related configurations, you might
need to restart the network service to activate
configurations, as follows:</para>
<screen os="ubuntu"><prompt>#</prompt> <userinput>service networking restart</userinput></screen>
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>service network restart</userinput></screen>
</note>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Configure the core networking components. Edit the
<filename>/etc/neutron/neutron.conf</filename> file and
add these lines to the <literal>keystone_authtoken</literal>
section:</para>
<programlisting language="ini">[keystone_authtoken]
auth_host = <replaceable>controller</replaceable>
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
<para>To activate changes in the
<filename>/etc/sysctl.conf</filename> file, run the
following command:</para>
<screen><prompt>#</prompt> <userinput>sysctl -p</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Configure Networking to connect to the database. Edit
the <literal>[database]</literal> section in the same file,
as follows:</para>
<programlisting language="ini">[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>/neutron</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Edit the <filename>/etc/neutron/api-paste.ini</filename>
file and add these lines to the
<literal>[filter:authtoken]</literal> section:</para>
<programlisting language="ini">[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host=<replaceable>controller</replaceable>
auth_uri=http://<replaceable>controller</replaceable>:5000
admin_user=neutron
admin_tenant_name=service
admin_password=<replaceable>NEUTRON_PASS</replaceable></programlisting>
<warning>
<para><literal>keystoneclient.middleware.auth_token</literal>:
You must configure <literal>auth_uri</literal> to point to
the public identity endpoint. Otherwise, clients might not
be able to authenticate against an admin endpoint.</para>
</warning>
</step>
<step os="debian">
<para>Configure your network plug-in. For instructions, see
<link linkend="install-neutron.install-plug-in"
>instructions</link>. Then, return here.</para>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Install and configure a networking plug-in. OpenStack
Networking uses this plug-in to perform software-defined
networking. For instructions, see <link
linkend="install-neutron.install-plug-in"
>instructions</link>. Then, return here.</para>
</step>
</procedure>
<para>Now that you've installed and configured a plug-in (you did
do that, right?), it is time to configure the remaining parts of
Networking.</para>
<procedure>
<step>
<para>To perform DHCP on the software-defined networks,
Networking supports several different plug-ins. However, in
general, you use the Dnsmasq plug-in. Edit the
<filename>/etc/neutron/dhcp_agent.ini</filename>
file:</para>
<programlisting language="ini">dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq</programlisting>
</step>
<step>
<para>Restart Networking:</para>
<screen><prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput></screen>
<!-- TODO(sross): enable Neutron metadata as well? -->
</step>
<step>
<para>After you configure the <link
linkend="install-neutron.dedicated-compute-node"
>compute</link> and <link
linkend="install-neutron.dedicated-controller-node"
>controller</link> nodes, <link
linkend="install-neutron.configure-networks">configure the
base networks</link>.</para>
</step>
</procedure>
<section xml:id="install-neutron.install-plug-in">
<title>Install and configure the Networking plug-ins</title>
<section xml:id="install-neutron.install-plug-in.ovs">
<title>Install the Open vSwitch (OVS) plug-in</title>
<procedure>
<step>
<para>Install the Open vSwitch plug-in and its
dependencies:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent openvswitch-switch</userinput></screen>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
<screen os="opensuse;sles;"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
</step>
<step>
<para>Start Open vSwitch:</para>
<screen os="debian;rhel;fedora;centos"><prompt>#</prompt> <userinput>service openvswitch start</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
<para os="rhel;fedora;centos;opensuse;sles">And configure it to start when the system boots:</para>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
</step>
<step>
<para>No matter which networking technology you use, you
must add the <literal>br-int</literal> integration
bridge, which connects to the VMs, and the
<literal>br-ex</literal> external bridge, which
connects to the outside world.</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput></screen>
</step>
<step>
<para>Add a <firstterm>port</firstterm> (connection) from
the <replaceable>EXTERNAL_INTERFACE</replaceable>
interface to <literal>br-ex</literal> interface:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex EXTERNAL_INTERFACE</userinput></screen>
</step>
<step>
<para>Configure the
<replaceable>EXTERNAL_INTERFACE</replaceable> without
an IP address and in promiscuous mode. Additionally, you
must set the newly created <literal>br-ex</literal>
interface to have the IP address that formerly belonged
to <replaceable>EXTERNAL_INTERFACE</replaceable>.</para>
<para os="rhel;fedora;centos">Edit the
<filename>/etc/sysconfig/network-scripts/ifcfg-EXTERNAL_INTERFACE</filename>
file:</para>
<programlisting language="ini" os="rhel;fedora;centos">DEVICE_INFO_HERE
ONBOOT=yes
BOOTPROTO=none
PROMISC=yes</programlisting>
</step>
<step os="rhel;fedora;centos">
<para>Create and edit the
<filename>/etc/sysconfig/network-scripts/ifcfg-br-ex</filename>
file:</para>
<programlisting language="ini">DEVICE=br-ex
TYPE=Bridge
ONBOOT=no
BOOTPROTO=none
IPADDR=EXTERNAL_INTERFACE_IP
NETMASK=EXTERNAL_INTERFACE_NETMASK
GATEWAY=EXTERNAL_INTERFACE_GATEWAY</programlisting>
</step>
<!-- TODO(sross): support other distros -->
<step>
<para>You must set some common configuration options no
matter which networking technology you choose to use with
Open vSwitch. Configure the L3 and DHCP agents to use
<acronym>OVS</acronym> and namespaces. Edit the
<filename>/etc/neutron/l3_agent.ini</filename> and
<filename>/etc/neutron/dhcp_agent.ini</filename>
files, respectively:</para>
<programlisting language="ini">interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True</programlisting>
<para os="rhel;centos">You must enable veth support if you
use certain kernels. Some kernels, such as recent versions
of RHEL (not RHOS) and CentOS, only partially support
namespaces. Edit the previous
files, as follows:</para>
<programlisting language="ini" os="rhel;centos">ovs_use_veth = True</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Similarly, you must also tell Neutron core to use
<acronym>OVS</acronym>. Edit the
<filename>/etc/neutron/neutron.conf</filename> file:</para>
<programlisting language="ini">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</programlisting>
</step>
<step>
<para>Choose a networking technology to create the virtual networks.
Neutron supports GRE tunneling, VLANs, and VXLANs. This guide
shows how to configure GRE tunneling and VLANs.</para>
<para>
<link linkend="install-neutron.install-plug-in.ovs.gre">GRE
tunneling</link> is simpler to set up because it does not
require any special configuration from any physical network
hardware. However, its protocol makes it difficult to filter
traffic on the physical network. Additionally, this configuration
does not use namespaces. You can have only one router for each
network node. However, you can enable namespacing, and potentially
veth, as described in the section detailing how to use VLANs with
<acronym>OVS</acronym>).</para>
<note os="ubuntu">
<para>On Ubuntu 12.04 LTS with GRE you must install
openvswitch-datapath-dkms and restart the service to enable the
GRE flow so that OVS 1.10 and higher is used. Make sure you are
running the OVS 1.10 kernel module in addition to the OVS 1.10
userspace. Both the kernel module and userspace are required for
VXLAN support. The error you see in the
<filename>/var/log/openvswitchovs-vswitchd.log</filename> log
file is "Stderr: 'ovs-ofctl: -1: negative values not supported
for in_port\n'". If you see this error, make sure
<command>modinfo openvswitch</command> shows the right
version. Also check the output from <command>dmesg</command> for
the version of the OVS module being loaded.</para>
</note>
<para>On the other hand, <link
linkend="install-neutron.install-plug-in.ovs.vlan">VLAN
tagging</link> modifies the ethernet header of packets. You can
filter packets on the physical network through normal methods.
However, not all NICs handle the increased packet size of
VLAN-tagged packets well, and you might need to complete
additional configuration on physical network hardware to ensure
that your Neutron VLANs do not interfere with any other VLANs on
your network and that any physical network hardware between nodes
does not strip VLAN tags.</para>
<note>
<para>While the examples in this guide enable network namespaces
by default, you can disable them if issues occur or your kernel
does not support them. Edit the
<filename>/etc/neutron/l3_agent.ini</filename> and
<filename>/etc/neutron/dhcp_agent.ini</filename> files,
respectively:</para>
<programlisting language="ini">use_namespaces = False</programlisting>
<para>Edit the <filename>/etc/neutron/neutron.conf</filename> file
to disable overlapping IP addresses:</para>
<programlisting language="ini">allow_overlapping_ips = False</programlisting>
<para>Note that when network namespaces are disabled, you can have
only one router for each network node and overlapping IP
addresses are not supported.</para>
<para>You must complete additional steps after you create the
initial Neutron virtual networks and router.</para>
</note>
</step>
<!-- TODO(sross): support provider networks? you need to modify things above for this to work -->
<step>
<para>Configure a firewall plug-in. If you do not wish to
enforce firewall rules, called <firstterm>security
groups</firstterm> by OpenStack, you can use
<literal>neutron.agent.firewall.NoopFirewall</literal>.
Otherwise, you can choose one of the Networking firewall
plug-ins. The most common choice is the Hybrid
OVS-IPTables driver, but you can also use the
Firewall-as-a-Service driver. Edit the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
<warning>
<para>You must use at least the No-Op firewall.
Otherwise, Horizon and other OpenStack services cannot
get and set required VM boot options.</para>
</warning>
</step>
<!-- TODO(sross): document other firewall options -->
<step>
<para>Restart the <acronym>OVS</acronym> plug-in and make
sure it starts on boot:</para>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>service neutron-openvswitch-agent restart</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent restart</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-plugin-openvswitch-agent on</userinput></screen>
</step>
<step>
<para>Now, return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
<section xml:id="install-neutron.install-plug-in.ovs.gre">
<title>Configure the Neutron <acronym>OVS</acronym> plug-in
for GRE tunneling</title>
<procedure>
<step>
<para>Configure the <acronym>OVS</acronym> plug-in to
use GRE tunneling, the <literal>br-int</literal>
integration bridge, the <literal>br-tun</literal>
tunneling bridge, and a local IP for the
<replaceable>DATA_INTERFACE</replaceable> tunnel IP.
Edit the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = DATA_INTERFACE_IP</programlisting>
</step>
<step>
<para>Return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
</section>
<section xml:id="install-neutron.install-plug-in.ovs.vlan">
<title>Configure the Neutron <acronym>OVS</acronym> plug-in
for VLANs</title>
<procedure>
<step>
<para>Configure <acronym>OVS</acronym> to use VLANS.
Edit the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:1:4094
bridge_mappings = physnet1:br-DATA_INTERFACE</programlisting>
</step>
<step>
<para>Create the bridge for
<replaceable>DATA_INTERFACE</replaceable> and add
<replaceable>DATA_INTERFACE</replaceable> to
it:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-DATA_INTERFACE</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-DATA_INTERFACE DATA_INTERFACE</userinput></screen>
</step>
<step>
<para>Transfer the IP address for
<replaceable>DATA_INTERFACE</replaceable> to the
bridge in the same way that you transferred the
<replaceable>EXTERNAL_INTERFACE</replaceable> IP
address to <literal>br-ex</literal>. However, do not
turn on promiscuous mode.</para>
</step>
<step>
<para>Return to the <acronym>OVS</acronym> general
instruction.</para>
</step>
</procedure>
</section>
</section>
</section>
</section>
<section xml:id="install-neutron.configure-networks">
<title>Create the base Neutron networks</title>
<note>
<para>In these sections, replace
<replaceable>SPECIAL_OPTIONS</replaceable> with any options
specific to your Networking plug-in choices. See <link
linkend="install-neutron.configure-networks.plug-in-specific"
>here</link> to check if your plug-in requires any special
options.</para>
</note>
<procedure>
<step>
<para>Create the <literal>ext-net</literal> external network.
This network represents a slice of the outside world. VMs
are not directly linked to this network; instead, they
connect to internal networks. Outgoing traffic is routed by
Neutron to the external network. Additionally, floating IP
addresses from the subnet for <literal>ext-net</literal>
might be assigned to VMs so that the external network can
contact them. Neutron routes the traffic
appropriately.</para>
<screen><prompt>#</prompt> <userinput>neutron net-create ext-net -- --router:external=True <replaceable>SPECIAL_OPTIONS</replaceable></userinput></screen>
</step>
<step>
<para>Create the associated subnet with the same gateway and
CIDR as <replaceable>EXTERNAL_INTERFACE</replaceable>. It
does not have DHCP because it represents a slice of the
external world:</para>
<screen><prompt>#</prompt> <userinput>neutron subnet-create ext-net \
--allocation-pool start=<replaceable>FLOATING_IP_START</replaceable>,end=<replaceable>FLOATING_IP_END</replaceable> \
--gateway=<replaceable>EXTERNAL_INTERFACE_GATEWAY</replaceable> --enable_dhcp=False \
<replaceable>EXTERNAL_INTERFACE_CIDR</replaceable></userinput></screen>
</step>
<step>
<para>Create one or more initial tenants. The following steps
use the <replaceable>DEMO_TENANT</replaceable>
tenant.</para>
<para>Create the router attached to the external network. This
router routes traffic to the internal subnets as
appropriate. You can create it under the a given tenant:
Append <literal>--tenant-id</literal> option with a value of
<replaceable>DEMO_TENANT_ID</replaceable> to the
command.</para>
<screen><prompt>#</prompt> <userinput>neutron router-create ext-to-int</userinput></screen>
</step>
<step>
<para>Connect the router to <literal>ext-net</literal> by
setting the gateway for the router as
<literal>ext-net</literal>:</para>
<screen><prompt>#</prompt> <userinput>neutron router-gateway-set <replaceable>EXT_TO_INT_ID</replaceable> <replaceable>EXT_NET_ID</replaceable></userinput></screen>
</step>
<step>
<para>Create an internal network for
<replaceable>DEMO_TENANT</replaceable> (and associated
subnet over an arbitrary internal IP range, such as,
<literal>10.5.5.0/24</literal>), and connect it to the
router by setting it as a port:</para>
<screen><prompt>#</prompt> <userinput>neutron net-create --tenant-id <replaceable>DEMO_TENANT_ID</replaceable> demo-net <replaceable>SPECIAL_OPTIONS</replaceable></userinput>
<prompt>#</prompt> <userinput>neutron subnet-create --tenant-id <replaceable>DEMO_TENANT_ID</replaceable> demo-net 10.5.5.0/24 --gateway 10.5.5.1</userinput>
<prompt>#</prompt> <userinput>neutron router-interface-add <replaceable>EXT_TO_INT_ID</replaceable> <replaceable>DEMO_NET_SUBNET_ID</replaceable></userinput></screen>
</step>
<step>
<para>Check the special options page for your plug-in for
remaining steps. Now, return to the general
<acronym>OVS</acronym> instructions.</para>
</step>
</procedure>
<section
xml:id="install-neutron.configure-networks.plug-in-specific">
<title>Plug-in-specific Neutron network options</title>
<section
xml:id="install-neutron.configure-networks.plug-in-specific.ovs">
<title>Open vSwitch Network configuration options</title>
<section
xml:id="install-neutron.configure-networks.plug-in-specific.ovs.gre">
<title>GRE tunneling network options</title>
<note>
<para>While this guide currently enables network
namespaces by default, you can disable them if you have
issues or your kernel does not support them. If you
disabled namespaces, you must perform some additional
configuration for the L3 agent.</para>
<para>After you create all the networks, tell the L3 agent
what the external network ID is, as well as the ID of
the router associated with this machine (because you are
not using namespaces, there can be only one router for
each machine). To do this, edit the
<filename>/etc/neutron/l3_agent.ini</filename>
file:</para>
<programlisting language="ini">gateway_external_network_id = <replaceable>EXT_NET_ID</replaceable>
router_id = <replaceable>EXT_TO_INT_ID</replaceable></programlisting>
<para>Then, restart the L3 agent:</para>
<screen><prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput></screen>
</note>
<para>When creating networks, you should use the
options:</para>
<screen><userinput>--provider:network_type gre --provider:segmentation_id SEG_ID</userinput></screen>
<para><replaceable>SEG_ID</replaceable> should be
<literal>2</literal> for the external network, and just
any unique number inside the tunnel range specified before
for any other network.</para>
<note>
<para>These options are not needed beyond the first
network, as Neutron automatically increments the
segmentation id and copy the network type option for any
additional networks.</para>
</note>
<para>Now, return to the general <acronym>OVS</acronym>
instructions.</para>
</section>
<section
xml:id="install-neutron.configure-networks.plug-in-specific.ovs.vlan">
<title>VLAN network options</title>
<para>When creating networks, use these options:</para>
<screen><userinput>--provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id SEG_ID</userinput> </screen>
<para><replaceable>SEG_ID</replaceable> should be
<literal>2</literal> for the external network, and just
any unique number inside the vlan range specified above
for any other network.</para>
<note>
<para>These options are not needed beyond the first
network, as Neutron automatically increments the
segmentation ID and copies the network type and physical
network options for any additional networks. They are
only needed if you wish to modify those values in any
way.</para>
</note>
<warning>
<para>Some NICs have Linux drivers that do not handle
VLANs properly. See the
<literal>ovs-vlan-bug-workaround</literal> and
<literal>ovs-vlan-test</literal> man pages for more
information. Additionally, you might try turning off
<literal>rx-vlan-offload</literal> and
<literal>tx-vlan-offload</literal> by using
<literal>ethtool</literal> on the
<replaceable>DATA_INTERFACE</replaceable>. Another
potential caveat to VLAN functionality is that VLAN tags
add an additional 4 bytes to the packet size. If your
NICs cannot handle large packets, make sure to set the
MTU to a value that is 4 bytes less than the normal
value on the
<replaceable>DATA_INTERFACE</replaceable>.</para>
<para>If you run OpenStack inside a virtualized
environment (for testing purposes), switching to the
<literal>virtio</literal> NIC type (or a similar
technology if you are not using KVM/QEMU to run your
host VMs) might solve the issue.</para>
</warning>
</section>
</section>
</section>
</section>
<section xml:id="install-neutron.dedicated-compute-node">
<title>Install networking support on a dedicated compute
node</title>
<note>
<para>This section details set up for any node that runs the
<literal>nova-compute</literal> component but does not run
the full network stack.</para>
</note>
<warning os="rhel;centos">
<para>By default, the <literal>system-config-firewall</literal>
automated firewall configuration tool is in place on RHEL.
This graphical interface (and a curses-style interface with
<literal>-tui</literal> on the end of the name) enables you
to configure IP tables as a basic firewall. You should disable
it when you work with Neutron unless you are familiar with the
underlying network technologies, as, by default, it blocks
various types of network traffic that are important to
Neutron. To disable it, simple launch the program and clear
the <guilabel>Enabled</guilabel> check box.</para>
<para>After you successfully set up OpenStack with Neutron, you
can re-enable and configure the tool. However, during Neutron
set up, disable the tool to make it easier to debug network
issues.</para>
</warning>
<procedure>
<step>
<para>Disable packet destination filtering (route
verification) to let the networking services route traffic
to the VMs. Edit the <filename>/etc/sysctl.conf</filename>
file and then restart networking:</para>
<programlisting language="ini">net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0</programlisting>
</step>
<step>
<para>Install and configure your networking plug-in
components. To install and configure the network plug-in
that you chose when you set up your network node, see <xref
linkend="install-neutron.install-plugin-compute"/>.</para>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Configure the core components of Neutron. Edit the
<filename>/etc/neutron/neutron.conf</filename>
file:</para>
<programlisting language="ini">auth_host = <replaceable>controller</replaceable>
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable>
auth_url = http://<replaceable>controller</replaceable>:35357/v2.0
auth_strategy = keystone
rpc_backend = <replaceable>YOUR_RPC_BACKEND</replaceable>
<replaceable>PUT_YOUR_RPC_BACKEND_SETTINGS_HERE_TOO</replaceable></programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Edit the database URL under the
<literal>[database]</literal> section in the above file,
to tell Neutron how to connect to the database:</para>
<programlisting language="ini">[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>/neutron</programlisting>
</step>
<step>
<para>Edit the <filename>/etc/neutron/api-paste.ini</filename>
file and add these lines to the
<literal>[filter:authtoken]</literal> section:</para>
<programlisting language="ini">[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host=<replaceable>controller</replaceable>
admin_user=neutron
admin_tenant_name=service
admin_password=<replaceable>NEUTRON_PASS</replaceable></programlisting>
</step>
<step>
<para>You must <link
linkend="install-neutron.install-plugin-compute">configure
the networking plug-in</link>.</para>
</step>
</procedure>
<section xml:id="install-neutron.install-plugin-compute">
<title>Install and configure Neutron plug-ins on a dedicated
compute node</title>
<section xml:id="install-neutron.install-plugin-compute.ovs">
<title>Install the Open vSwitch (OVS) plug-in on a dedicated
compute node</title>
<procedure>
<step>
<para>Install the Open vSwitch plug-in and its
dependencies:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent openvswitch-switch openvswitch-datapath-dkms</userinput></screen>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
</step>
<step>
<para>Start Open vSwitch and configure it to start when
the system boots:</para>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
<screen os="opensuse;sles;ubuntu;debian"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
</step>
<step>
<para>You must set some common configuration options no
matter which networking technology you choose to use
with Open vSwitch. You must add the
<literal>br-int</literal> integration bridge, which
connects to the VMs.</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>You must set some common configuration options. You
must configure Networking core to use
<acronym>OVS</acronym>. Edit the
<filename>/etc/neutron/neutron.conf</filename>
file:</para>
<programlisting language="ini">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</programlisting>
</step>
<step>
<para>Configure the networking type that you chose when
you set up the network node: either <link
linkend="install-neutron.install-plugin-compute.ovs.gre"
>GRE tunneling</link> or <link
linkend="install-neutron.install-plugin-compute.ovs.vlan"
>VLANs</link>.</para>
</step>
<!-- TODO(sross): support provider networks? you need to modify things above for this to work -->
<step>
<para>You must configure a firewall as well. You should
use the same firewall plug-in that you chose to use when
you set up the network node. To do this, edit
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file and set the <literal>firewall_driver</literal>
value under the <literal>securitygroup</literal> to the
same value used on the network node. For instance, if
you chose to use the Hybrid OVS-IPTables plug-in, your
configuration looks like this:</para>
<programlisting language="ini">[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
<warning>
<para>You must use at least the No-Op firewall.
Otherwise, Horizon and other OpenStack services cannot
get and set required VM boot options.</para>
</warning>
</step>
<step>
<para>After you complete OVS configuration <emphasis>and
the core Neutron configuration after this
section</emphasis>, restart the Neutron Open vSwitch
agent, and set it to start at boot:</para>
<screen os="opensuse;sles;fedora;centos;rhel"><prompt>#</prompt> <userinput>service neutron-openvswitch-agent restart</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent restart</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-plugin-openvswitch-agent on</userinput></screen>
</step>
<step>
<para>Now, return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
<section
xml:id="install-neutron.install-plugin-compute.ovs.gre">
<title>Configure the Neutron <acronym>OVS</acronym> plug-in
for GRE tunneling on a dedicated compute node</title>
<procedure>
<step>
<para>Tell the <acronym>OVS</acronym> plug-in to use GRE
tunneling with a <literal>br-int</literal> integration
bridge, a <literal>br-tun</literal> tunneling bridge,
and a local IP for the tunnel of
<replaceable>DATA_INTERFACE</replaceable>'s IP Edit
the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = <replaceable>DATA_INTERFACE_IP</replaceable></programlisting>
</step>
<step>
<para>Now, return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
</section>
<section
xml:id="install-neutron.install-plugin-compute.ovs.vlan">
<title>Configure the Neutron <acronym>OVS</acronym> plug-in
for VLANs on a dedicated compute node</title>
<procedure>
<step>
<para>Tell <acronym>OVS</acronym> to use VLANs. Edit the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:1:4094
bridge_mappings = physnet1:br-<replaceable>DATA_INTERFACE</replaceable></programlisting>
</step>
<step>
<para>Create the bridge for the
<replaceable>DATA_INTERFACE</replaceable> and add
<replaceable>DATA_INTERFACE</replaceable> to it, the
same way you did on the network node:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-DATA_INTERFACE</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-DATA_INTERFACE DATA_INTERFACE</userinput></screen>
</step>
<step>
<para>Return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
</section>
</section>
</section>
</section>
<section xml:id="install-neutron.dedicated-controller-node">
<title>Install networking support on a dedicated controller
node</title>
<note>
<para>This is for a node which runs the control components of
Neutron, but does not run any of the components that provide
the underlying functionality (such as the plug-in agent or the
L3 agent). If you wish to have a combined controller/compute
node follow these instructions, and then those for the compute
node.</para>
</note>
<warning os="rhel;centos">
<para>By default, the <literal>system-config-firewall</literal>
automated firewall configuration tool is in place on RHEL.
This graphical interface (and a curses-style interface with
<literal>-tui</literal> on the end of the name) enables you
to configure IP tables as a basic firewall. You should disable
it when you work with Neutron unless you are familiar with the
underlying network technologies, as, by default, it blocks
various types of network traffic that are important to
Neutron. To disable it, simple launch the program and clear
the <guilabel>Enabled</guilabel> check box.</para>
<para>After you successfully set up OpenStack with Neutron, you
can re-enable and configure the tool. However, during Neutron
set up, disable the tool to make it easier to debug network
issues.</para>
</warning>
<procedure>
<step>
<para>Install the main Neutron server, Neutron libraries for
Python, and the Neutron command-line interface (CLI):</para>
<screen os="fedora;rhel;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron python-neutron python-neutronclient</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron python-neutron python-neutronclient</userinput></screen>
<!-- TODO(sross): support other distros -->
</step>
<step>
<para>Configure the core components of Neutron. Edit the
<filename>/etc/neutron/neutron.conf</filename>
file:</para>
<programlisting language="ini">auth_host = <replaceable>controller</replaceable>
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable>
auth_url = http://<replaceable>controller</replaceable>:35357/v2.0
auth_strategy = keystone
rpc_backend = <replaceable>YOUR_RPC_BACKEND</replaceable>
<replaceable>PUT_YOUR_RPC_BACKEND_SETTINGS_HERE_TOO</replaceable></programlisting>
</step>
<step>
<para>Edit the database URL under the
<literal>[database]</literal> section in the above file,
to tell Neutron how to connect to the database:</para>
<programlisting language="ini">[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>/neutron</programlisting>
</step>
<step>
<para>Configure the Neutron copy of the
<filename>api-paste.ini</filename> at
<filename>/etc/neutron/api-paste.ini</filename>
file:</para>
<programlisting language="ini">[filter:authtoken]
EXISTING_STUFF_HERE
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
</step>
<step>
<para>Configure the plug-in you chose when you set up the
network node. Follow the <link
linkend="install-neutron.install-plug-in-controller"
>instructions</link> and return here.</para>
</step>
<step>
<para>Tell Nova about Neutron. Specifically, you must tell
Nova that Neutron will be handling networking and the
firewall. Edit the <filename>/etc/nova/nova.conf</filename>
file:</para>
<programlisting language="ini">network_api_class=nova.network.neutronv2.api.API
neutron_url=http://<replaceable>controller</replaceable>:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=<replaceable>NEUTRON_PASS</replaceable>
neutron_admin_auth_url=http://<replaceable>controller</replaceable>:35357/v2.0
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron</programlisting>
<note>
<para>Regardless of which firewall driver you chose when you
configure the network and compute nodes, set this driver
as the No-Op firewall. The difference is that this is a
<emphasis>Nova</emphasis> firewall, and because Neutron
handles the Firewall, you must tell Nova not to use
one.</para>
</note>
</step>
<step>
<para>Start neutron-server and set it to start at boot:</para>
<screen><prompt>#</prompt> <userinput>service neutron-server start</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-server on</userinput></screen>
<note>
<para>Make sure that the plug-in restarted successfully. If
you get errors about a missing
<filename>plugin.ini</filename> file, make a symlink
that points to
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
with the name
<filename>/etc/neutron/plugins.ini</filename>.</para>
</note>
</step>
</procedure>
<section xml:id="install-neutron.install-plug-in-controller">
<title>Install and configure the Neutron plug-ins on a dedicated
controller node</title>
<section xml:id="install-neutron.install-plug-in-controller.ovs">
<title>Install the Open vSwitch (OVS) plug-in on a dedicated
controller node</title>
<procedure>
<step>
<para>Install the Open vSwitch plug-in:</para>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
<!-- TODO(sross): support other distros -->
</step>
<step>
<para>You must set some common configuration options no
matter which networking technology you choose to use
with Open vSwitch. You must configure Networking core to
use <acronym>OVS</acronym>. Edit the
<filename>/etc/neutron/neutron.conf</filename>
file:</para>
<programlisting language="ini">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</programlisting>
</step>
<step>
<para>Configure the <acronym>OVS</acronym> plug-in for the
networking type that you chose when you configured the
network node: <link
linkend="install-neutron.install-plug-in-controller.ovs.gre"
>GRE tunneling</link> or <link
linkend="install-neutron.install-plug-in-controller.ovs.vlan"
>VLANs</link>.</para>
<!-- TODO(sross): support provider networks? you need to modify things above for this to work -->
<note>
<para>The dedicated controller node does not need to run
Open vSwitch or the Open vSwitch agent.</para>
</note>
</step>
<step>
<para>Now, return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
<section
xml:id="install-neutron.install-plug-in-controller.ovs.gre">
<title>Configure the Neutron <acronym>OVS</acronym> plug-in
for GRE tunneling on a dedicated controller node</title>
<procedure>
<step>
<para>Tell the <acronym>OVS</acronym> plug-in to use GRE
tunneling. Edit the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True</programlisting>
</step>
<step>
<para>Return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
</section>
<section
xml:id="install-neutron.install-plug-in-controller.ovs.vlan">
<title>Configure the Neutron <acronym>OVS</acronym> plug-in
for VLANs on a dedicated controller node</title>
<procedure>
<step>
<para>Tell <acronym>OVS</acronym> to use VLANS. Edit the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file, as follows:</para>
<programlisting language="ini">[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:1:4094</programlisting>
</step>
<step>
<para>Return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
</section>
</section>
</section>
</section>
</section>