{"id":630,"date":"2016-01-10T22:42:29","date_gmt":"2016-01-10T21:42:29","guid":{"rendered":"http:\/\/www.opencloudblog.com\/?p=630"},"modified":"2021-01-17T14:35:23","modified_gmt":"2021-01-17T13:35:23","slug":"openstack-juno-neutron-deployment-part-3-neutron-config","status":"publish","type":"post","link":"https:\/\/www.opencloudblog.com\/?p=630","title":{"rendered":"OpenStack Liberty Neutron Deployment (Part 3 Neutron Config)"},"content":{"rendered":"

When a distributed setup of Neutron is used, many Neutron configuration files must be synchronized to all nodes running neutron components. Linux network namespaces must be enabled.<\/p>\n

neutron.conf<\/h1>\n

The base configuration file on the Control node contains many options. Some of these (not all!) are shown below in this deployment:<\/p>\n

#\n# does not contain all options !\n#\n[DEFAULT]\nmax_l3_agents_per_router = 2\nl3_ha = False\nallow_automatic_l3agent_failover = True\nallow_overlapping_ips = true\n#\ncore_plugin = ml2\nservice_plugins = router,lbaas,vpnaas,metering,qos\n#\nforce_gateway_on_subnet = true\ndhcp_options_enabled = False\ndhcp_agents_per_network = 1\n#\nrouter_distributed = False\nrouter_delete_namespaces = True\ncheck_child_processes = True\n\n[securitygroup]\nfirewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver\nenable_ipset = True\nenable_security_group = True\n\n[agent]\nenable_distributed_routing = False\ndont_fragment = True\narp_responder = False\n\n[fwaas]\nenabled = true\ndriver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver\n\n[service_providers]\nservice_provider=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default\nservice_provider=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default\n<\/pre>\n
ml2_conf.ini<\/h2>\n
The ml2 config file can be deployed on all Network, Compute and Control Nodes. The only difference is, that „local_ip“ must be set on Network and Compute Nodes to the IP address of the local „l3vxlan“ interface (see part 2).<\/p>\n
[ml2]\ntype_drivers = vxlan,local,vlan,flat,geneve\ntenant_network_types = vxlan\nmechanism_drivers = openvswitch\nextension_drivers = port_security\n\n[ml2_type_vxlan]\nvni_ranges = 65537:69999\n\n[ml2_type_vlan]\nnetwork_vlan_ranges = vlannet:100:299\n\n[ml2_type_flat]\nflat_networks = *\n\n# the ovs section is only needed on compute and network nodes\n# where the openvswitch and the L2 agent are running\n# but it does not hurt, if it is also included on the control node\n[ovs]\nbridge_mappings = vlannet:br-vlan\ntunnel_type = vxlan\ntunnel_bridge = br-tun\nintegration_bridge = br-int\ntunnel_id_ranges = 65537:69999\nenable_tunneling = True\ntenant_network_type = vxlan\n###>>>>>>>>> local_ip is only used on compute and network nodes ### \n# local_ip = <ip address of the l3vxlan interface>\n\n[agent]\ntunnel_types = vxlan\nl2_population = False\n<\/pre>\n
The vxlan vni range is set to 65537:69999, which is not the default value. I prefer this setting, because it is easy to distinguish vxlan vni values\u00a0 from vlan values, which are in the range 0 – 4095. This avoids any confusion when an error occurs and Openflow entries must be debugged.<\/p>\n
The vlan type driver requires only one configuration line [see also<\/a>].<\/p>\n