To configure distributed virtual routers, there are a few required components that must be installed and configured:
- The ML2 plugin
- The L2population mechanism driver
- The Open vSwitch mechanism driver
- The layer 3 agent installed on all network and compute nodes
- The external bridge configured on all network and compute nodes
To install the Neutron L3 agent, run the following command on the remaining compute nodes if it has not yet been installed:
# apt-get install neutron-l3-agent
Open vSwitch and the Open vSwitch mechanism driver are required to enable and utilize distributed virtual routers.
Update the Neutron L3 configuration file on the compute nodes and specify the following interface driver:
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
The ML2 plugin is required to operate distributed virtual routers and must be configured accordingly.
Update the ML2 configuration file at /etc/neutron/plugins/ml2/ml2_conf.ini on all nodes to enable the OVS agent to support distributed virtual routing and L2 population:
[agent] ... enable_distributed_routing = True l2_population = True
On all nodes, set the external_network_bridge configuration option to an unset value in the L3 agent configuration file:
[DEFAULT] ... external_network_bridge =
By default, the Neutron L3 agent does not delete network namespaces when a router is deleted due to a bug found in older releases of the iproute2 utility. In modern operating systems, including the latest Ubuntu 14.04 LTS discussed in this book, the router_delete_namespaces option in the L3 agent configuration file can be set from false to true on all nodes:
[DEFAULT] ... router_delete_namespaces = true
When using distributed virtual routers, a node can operate in one of two modes: dvr or dvr_snat. A node configured in dvr_snat mode handles north-south SNAT traffic, while a node in dvr mode handles the north-south DNAT (for example, floating IP) and east-west traffic between instances.
In this book, the controller node serves as a network node in addition to handling API services and will handle SNAT traffic. On the controller node, configure the L3 agent to operate in dvr_snat mode by modifying the agent_mode option in the L3 agent configuration file:
[DEFAULT] ... agent_mode = dvr_snat
On the compute nodes, configure the L3 agent to operate in dvr mode:
[DEFAULT] ... agent_mode = dvr
Neutron uses default settings to determine the type of routers that tenants are allowed to create as well as the number of routers that should be deployed across L3 agents.
The following default settings are specified within the neutron.conf configuration file and only need to be modified on the host running the Neutron API service. In this environment, the neutron-server service runs on the controller node:
# ==Start Global Config Option for Distributed L3 Router==
# Setting the "router_distributed" flag to "True" will default
# to the creation of distributed tenant routers. The admin can
# override this flag by specifying the type of the router on the
# create request (admin-only attribute). Default value is "False"
# to support legacy mode (centralized) routers.
#
# router_distributed = False
#
# ==End Global Config Option for Distributed L3 Router==To set distributed routers as the default router type for tenants, set the router_distributed configuration option to True in neutron.conf. For this demonstration, the default value of false is sufficient.
Once the changes have been made, restart the neutron-server service on controller01 for the changes to take effect.
After making changes to the configuration of the Neutron L3 and L2 agents, issue the following command on all nodes to restart the respective agents:
# service neutron-l3-agent restart # service neutron-plugin-openvswitch-agent restart
After a restart of the services, the additional agents should check in. Use the following Neutron agent-list command to return a listing of all L3 agents:
# neutron agent-list --agent_type="L3 Agent"
The service should return a similar output to that shown in the following screenshot:
Figure 9.2
If an agent is not listed in the output as expected, troubleshoot any errors that may be indicated in the /var/log/neutron/l3-agent.log log file on the respective node.
With few exceptions, managing a distributed router is no different from its standalone counterpart. Neutron's router management commands were covered in Chapter 7, Creating Standalone Routers with Neutron. The exception is covered in the following section.
As an administrator, distributed virtual routers can be created using the following Neutron router-create command syntax:
usage: router-create [--tenant-id TENANT_ID] [--admin-state-down] --distributed {True,False} NAME
Note
As a regular user, the type of router that is created, whether it's a standalone, HA, or distributed virtual router, is determined by the router_distributed option in the Neutron configuration file. Users do not have the ability to override the default router type and cannot specify the --distributed option.