To install the Neutron L3 agent, run the following command on the controller node:
# apt-get install neutron-l3-agent
Neutron stores the L3 agent configuration in the /etc/neutron/l3_agent.ini file. The most common configuration options will be covered in the next section.
The Neutron L3 agent must be configured to use an interface driver that corresponds to the chosen mechanism driver. In a reference implementation, that can be either the LinuxBridge or Open vSwitch drivers.
On the controller node, update the Neutron L3 agent configuration file at /etc/neutron/l3_agent.ini and specify one of the following interface drivers.
For LinuxBridge, use the following settings:
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
For Open vSwitch, run the following settings:
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
The external_network_bridge configuration option defines a single bridge on the host that can be used to connect external router interfaces to the network. When set, each L3 agent can be associated with no more than a single external network, and all routers are restricted to using the same external provider network. To allow the use of multiple external networks, both external_network_bridge and gateway_external_network_id must be left unset.
The default value of external_network_bridge is br-ex, which is a bridge expected to be configured manually and dedicated to a single external network. When this option is configured, Neutron places external (qg) router interfaces in the bridge but does not manage the creation of tagged or untagged interfaces or flows that would be used to connect to the physical infrastructure. Instead, the cloud administrator is expected to manually connect the respective interface to the bridge. Provider attributes of the external network created within Neutron, including the segmentation ID, network type, and provider bridge label, are ignored.
When left unset, Neutron treats external provider networks similarly to any other network, in that the user or administrator is not expected to make manual changes to the underlying network configuration. The respective agent is responsible for creating bridges, interfaces, and/or flow rules that allow routers to communicate with the physical infrastructure and external gateway devices.
On the controller node, set the external_network_bridge configuration option to an unset value in the L3 agent configuration file using the following settings:
[DEFAULT] ... external_network_bridge =
An external network connected to a router is one that not only provides external connectivity to the router and the instances behind it, but also serves as the network from which floating IPs are derived. In Havana, an L3 agent can be associated with only one external network at a time. In Icehouse and beyond, L3 agents are capable of supporting multiple external networks; to allow this, both external_network_bridge and gateway_external_network_id values must be left unset.
To be eligible to serve as an external network, a provider network must have its router:external attribute set to true. In Havana, if more than one provider network has the attribute set to true, the gateway_external_network_id configuration option must be used to associate a particular external network to the agent.
To define a specific external network, configure the gateway_external_network_id option, as in the following command:
gateway_external_network_id = <UUID of eligible provider network>
The default configuration contains an empty or unset value and is sufficient for most environments.
Note
Improvements to Neutron and L3 agent functionality in the last few releases have all but deprecated the use of external_network_bridge and gateway_external_network_id in most environments. Until the options are fully deprecated or defaulted to more useful values, it is important to understand how they should be configured to avoid issues in the environment.
By default, the Neutron L3 agent does not delete network namespaces when a router is deleted due to a bug found in older releases of the iproute2 utility. In modern operating systems, including the latest Ubuntu 14.04 LTS version discussed in this book, the router_delete_namespaces option can be set to true. Update the value from false to true in the L3 agent configuration file at /etc/neutron/l3_agent.ini according to the following example:
[DEFAULT] ... router_delete_namespaces = true
When Neutron routers are used as the gateway for instances, requests for metadata are proxied by the router and forwarded to the Nova metadata service. This feature is enabled by default and can be disabled by setting the enable_metadata_proxy value to false in the l3_agent.ini configuration file and uncommenting the line. For this environment, leave the setting at its default true value.
By default, the Neutron L3 agent works in legacy mode, which means that the L3 agent is deployed on a centralized node responsible for networking services. The default value for agent_mode is legacy, which will remain unchanged for the remainder of this chapter.
After making changes to the configuration of the Neutron L3 agent, issue the following command on the controller node to restart the agent:
# service neutron-l3-agent restart
Verify that the agent is running through the following command:
# service neutron-l3-agent status
The service should return a similar output to that shown here:
root@controller01:~# service neutron-l3-agent status neutron-l3-agent start/running, process 28332
If the service remains stopped, troubleshoot any errors that may be indicated in the /var/log/neutron/l3-agent.log log file.