To prevent system resources from being exhausted, Neutron supports per-tenant quota limits via the quotas extension. Every tenant is bound to a default quota that is set by the administrator in the Neutron configuration file, as follows:
[quotas] # Default driver to use for quota checks # quota_driver = neutron.db.quota_db.DbQuotaDriver # Resource name(s) that are supported in quota features # quota_items = network,subnet,port # Default number of resource allowed per tenant. # default_quota = -1 # Number of networks allowed per tenant. # quota_network = 10 # Number of subnets allowed per tenant. # quota_subnet = 10 # Number of ports allowed per tenant. # quota_port = 50 # Number of security groups allowed per tenant. # quota_security_group = 10 # Number of security group rules allowed per tenant. # quota_security_group_rule = 100 # Number of vips allowed per tenant. # quota_vip = 10 # Number of pools allowed per tenant. # quota_pool = 10 # Number of pool members allowed per tenant. # quota_member = -1 # Number of health monitors allowed per tenant. # quota_health_monitor = -1 # Number of loadbalancers allowed per tenant. # quota_loadbalancer = 10 # Number of listeners allowed per tenant. # quota_listener = -1 # Number of v2 health monitors allowed per tenant. # quota_healthmonitor = -1 # Number of routers allowed per tenant. # quota_router = 10 # Number of floating IPs allowed per tenant. # quota_floatingip = 50 # Number of firewalls allowed per tenant. # quota_firewall = 1 # Number of firewall policies allowed per tenant. # quota_firewall_policy = 1 # Number of firewall rules allowed per tenant. # quota_firewall_rule = 100
A negative value for a quota means that the tenant may create an unlimited amount of the resource. To change the default, change the value and uncomment the line associated with the quota that you want to change. A restart of the neutron-server service is necessary for the changes to take effect.
The following Neutron commands can be used to manage per-tenant quotas:
quota-deletequota-listquota-showquota-update
To get a list of the current quotas, use the Neutron quota-show command, as follows:
Usage: quota-show [--tenant-id TENANT_ID]
The returned output will contain the current per-tenant Neutron quotas, as shown in the following screenshot:
Figure A.2
To update a quota for a specified tenant, use the Neutron quota-update command, as shown here:
Usage: quota-update --tenant-id TENANT_ID [--network NUM_OF_NETWORKS] [--port NUM_OF_PORTS] [--subnet NUM_OF_SUBNETS] [--floatingip NUM_OF_FLOATING_IPS] [--security-group NUM_OF_SEC_GROUPS] [--security-group-rule NUM_OF_SEC_GROUP_RULES] [--router NUM_OF_ROUTERS]
The attributes in brackets are optional and allow you to specify new values for the respective quota. You can update multiple attributes simultaneously, as shown in the following screenshot:
Figure A.3
To list the quotas of a tenant, use the Neutron quota-list command as shown below:
Usage: quota-list
If a tenant is using the default quotas, no output will be provided. If the quotas are modified, the output will resemble the following screenshot:
Figure A.4