[DEFAULT] [ml2] # # From neutron.ml2 # # List of network type driver entrypoints to be loaded from the # neutron.ml2.type_drivers namespace. (list value) #type_drivers = local,flat,vlan,gre,vxlan,geneve # Ordered list of network_types to allocate as tenant networks. The default # value 'local' is useful for single-box testing but provides no connectivity # between hosts. (list value) #tenant_network_types = local # An ordered list of networking mechanism driver entrypoints to be loaded from # the neutron.ml2.mechanism_drivers namespace. (list value) #mechanism_drivers = # An ordered list of extension driver entrypoints to be loaded from the # neutron.ml2.extension_drivers namespace. For example: extension_drivers = # port_security,qos (list value) #extension_drivers = # Maximum size of an IP packet (MTU) that can traverse the underlying physical # network infrastructure without fragmentation when using an overlay/tunnel # protocol. This option allows specifying a physical network MTU value that # differs from the default global_physnet_mtu value. (integer value) #path_mtu = 0 # A list of mappings of physical networks to MTU values. The format of the # mapping is :. This mapping allows specifying a physical # network MTU value that differs from the default global_physnet_mtu value. # (list value) #physical_network_mtus = # Default network type for external networks when no provider attributes are # specified. By default it is None, which means that if provider attributes are # not specified while creating external networks then they will have the same # type as tenant networks. Allowed values for external_network_type config # option depend on the network type values configured in type_drivers config # option. (string value) #external_network_type = # IP version of all overlay (tunnel) network endpoints. Use a value of 4 for # IPv4 or 6 for IPv6. (integer value) #overlay_ip_version = 4 [ml2_type_flat] # # From neutron.ml2 # # List of physical_network names with which flat networks can be created. Use # default '*' to allow flat networks with arbitrary physical_network names. Use # an empty list to disable flat networks. (list value) #flat_networks = * [ml2_type_geneve] # # From neutron.ml2 # # Comma-separated list of : tuples enumerating ranges of # Geneve VNI IDs that are available for tenant network allocation (list value) #vni_ranges = # Geneve encapsulation header size is dynamic, this value is used to calculate # the maximum MTU for the driver. This is the sum of the sizes of the outer ETH # + IP + UDP + GENEVE header sizes. The default size for this field is 50, # which is the size of the Geneve header without any additional option headers. # (integer value) #max_header_size = 30 [ml2_type_gre] # # From neutron.ml2 # # Comma-separated list of : tuples enumerating ranges of GRE # tunnel IDs that are available for tenant network allocation (list value) #tunnel_id_ranges = [ml2_type_vlan] # # From neutron.ml2 # # List of :: or # specifying physical_network names usable for VLAN provider and tenant # networks, as well as ranges of VLAN tags on each available for allocation to # tenant networks. (list value) #network_vlan_ranges = [ml2_type_vxlan] # # From neutron.ml2 # # Comma-separated list of : tuples enumerating ranges of # VXLAN VNI IDs that are available for tenant network allocation (list value) #vni_ranges = # Multicast group for VXLAN. When configured, will enable sending all broadcast # traffic to this multicast group. When left unconfigured, will disable # multicast VXLAN mode. (string value) #vxlan_group = [ovn] # # From networking_ovn # # The connection string for the OVN_Northbound OVSDB. # Use tcp:IP:PORT for TCP connection. # Use ssl:IP:PORT for SSL connection. The ovn_nb_private_key, # ovn_nb_certificate and ovn_nb_ca_cert are mandatory. # Use unix:FILE for unix domain socket connection. (string value) #ovn_nb_connection = tcp:127.0.0.1:6641 # The PEM file with private key for SSL connection to OVN-NB-DB (string value) #ovn_nb_private_key = # The PEM file with certificate that certifies the private key specified in # ovn_nb_private_key (string value) #ovn_nb_certificate = # The PEM file with CA certificate that OVN should use to verify certificates # presented to it by SSL peers (string value) #ovn_nb_ca_cert = # The connection string for the OVN_Southbound OVSDB. # Use tcp:IP:PORT for TCP connection. # Use ssl:IP:PORT for SSL connection. The ovn_sb_private_key, # ovn_sb_certificate and ovn_sb_ca_cert are mandatory. # Use unix:FILE for unix domain socket connection. (string value) #ovn_sb_connection = tcp:127.0.0.1:6642 # The PEM file with private key for SSL connection to OVN-SB-DB (string value) #ovn_sb_private_key = # The PEM file with certificate that certifies the private key specified in # ovn_sb_private_key (string value) #ovn_sb_certificate = # The PEM file with CA certificate that OVN should use to verify certificates # presented to it by SSL peers (string value) #ovn_sb_ca_cert = # Timeout in seconds for the OVSDB connection transaction (integer value) #ovsdb_connection_timeout = 180 # Max interval in seconds between each retry to get the OVN NB and SB IDLs # (integer value) #ovsdb_retry_max_interval = 180 # The probe interval in for the OVSDB session in milliseconds. If this is zero, # it disables the connection keepalive feature. If non-zero the value will be # forced to at least 1000 milliseconds. Defaults to 60 seconds. (integer value) # Minimum value: 0 #ovsdb_probe_interval = 60000 # The synchronization mode of OVN_Northbound OVSDB with Neutron DB. # off - synchronization is off # log - during neutron-server startup, check to see if OVN is in sync with the # Neutron database. Log warnings for any inconsistencies found so that an # admin can investigate # repair - during neutron-server startup, automatically create resources found # in Neutron but not in OVN. Also remove resources from OVN that are no longer # in Neutron. (string value) # Possible values: # off - # log - # repair - #neutron_sync_mode = log # DEPRECATED: Whether to use OVN native L3 support. Do not change the value for # existing deployments that contain routers. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option is no longer used. Native L3 support in OVN is always # used. #ovn_l3_mode = true # The OVN L3 Scheduler type used to schedule router gateway ports on # hypervisors/chassis. # leastloaded - chassis with fewest gateway ports selected # chance - chassis randomly selected (string value) # Possible values: # leastloaded - # chance - #ovn_l3_scheduler = leastloaded # Enable distributed floating IP support. # If True, the NAT action for floating IPs will be done locally and not in the # centralized gateway. This saves the path to the external network. This # requires the user to configure the physical network map (i.e. ovn-bridge- # mappings) on each compute node. (boolean value) #enable_distributed_floating_ip = false # DEPRECATED: Type of VIF to be used for ports valid values are (ovs, # vhostuser) default ovs (string value) # Possible values: # ovs - # vhostuser - # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The port VIF type is now determined based on the OVN chassis # information when the port is bound to a host. #vif_type = ovs # The directory in which vhost virtio socket is created by all the vswitch # daemons (string value) #vhost_sock_dir = /var/run/openvswitch # Default least time (in seconds) to use with OVN's native DHCP service. # (integer value) #dhcp_default_lease_time = 43200 # The log level used for OVSDB (string value) # Possible values: # CRITICAL - # ERROR - # WARNING - # INFO - # DEBUG - #ovsdb_log_level = INFO # Whether to use metadata service. (boolean value) #ovn_metadata_enabled = false # Comma-separated list of the DNS servers which will be used as forwarders if a # subnet's dns_nameservers field is empty. If both subnet's dns_nameservers and # this option is empty, then the DNS resolvers on the host running the neutron # server will be used. (list value) #dns_servers = # Dictionary of global DHCPv4 options which will be automatically set on each # subnet upon creation and on all existing subnets when Neutron starts. # An empty value for a DHCP option will cause that option to be unset globally. # EXAMPLES: # - ntp_server:1.2.3.4,wpad:1.2.3.5 - Set ntp_server and wpad # - ntp_server:,wpad:1.2.3.5 - Unset ntp_server and set wpad # See the ovn-nb(5) man page for available options. (dict value) #ovn_dhcp4_global_options = # Dictionary of global DHCPv6 options which will be automatically set on each # subnet upon creation and on all existing subnets when Neutron starts. # An empty value for a DHCP option will cause that option to be unset globally. # EXAMPLES: # - ntp_server:1.2.3.4,wpad:1.2.3.5 - Set ntp_server and wpad # - ntp_server:,wpad:1.2.3.5 - Unset ntp_server and set wpad # See the ovn-nb(5) man page for available options. (dict value) #ovn_dhcp6_global_options = # Configure OVN to emit "need to frag" packets in case of MTU mismatch. # Before enabling this configuration make sure that its supported by the host # kernel (version >= 5.2) or by checking the output of the following command: # ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep "Check pkt # length action". (boolean value) #ovn_emit_need_to_frag = false [ovs] # # From networking_ovn # # Enable IGMP snooping for integration bridge. If this option is set to True, # support for Internet Group Management Protocol (IGMP) is enabled in # integration bridge. Setting this option to True will also enable Open vSwitch # mcast-snooping-disable-flood-unregistered flag. This option will disable # flooding of unregistered multicast packets to all ports. The switch will send # unregistered multicast packets only to ports connected to multicast routers. # (boolean value) #igmp_snooping_enable = false [ovs_driver] # # From neutron.ml2 # # Comma-separated list of VNIC types for which support is administratively # prohibited by the mechanism driver. Please note that the supported vnic_types # depend on your network interface card, on the kernel version of your # operating system, and on other factors, like OVS version. In case of ovs # mechanism driver the valid vnic types are normal and direct. Note that direct # is supported only from kernel 4.8, and from ovs 2.8.0. Bind DIRECT (SR-IOV) # port allows to offload the OVS flows using tc to the SR-IOV NIC. This allows # to support hardware offload via tc and that allows us to manage the VF by # OpenFlow control plane using representor net-device. (list value) #vnic_type_blacklist = [securitygroup] # # From neutron.ml2 # # Driver for security groups firewall in the L2 agent (string value) #firewall_driver = # Controls whether the neutron security group API is enabled in the server. It # should be false when using no security groups or using the nova security # group API. (boolean value) #enable_security_group = true # Use ipset to speed-up the iptables based security groups. Enabling ipset # support requires that ipset is installed on L2 agent node. (boolean value) #enable_ipset = true # Comma-separated list of ethertypes to be permitted, in hexadecimal (starting # with "0x"). For example, "0x4008" to permit InfiniBand. (list value) #permitted_ethertypes = [sriov_driver] # # From neutron.ml2 # # Comma-separated list of VNIC types for which support is administratively # prohibited by the mechanism driver. Please note that the supported vnic_types # depend on your network interface card, on the kernel version of your # operating system, and on other factors. In case of sriov mechanism driver the # valid VNIC types are direct, macvtap and direct-physical. (list value) #vnic_type_blacklist =