Configure L3 agent

The OpenStack Networking Service has a widely used API extension to allow administrators and tenants to create routers to interconnect L2 networks, and floating IPs to make ports on private networks publicly accessible.

Many plug-ins rely on the L3 service agent to implement the L3 functionality. However, the following plug-ins already have built-in L3 capabilities:

NSX plug-in

Big Switch/Floodlight plug-in, which supports both the open source Floodlight controller and the proprietary Big Switch controller.

	Note
	Only the proprietary BigSwitch controller implements L3 functionality. When using Floodlight as your OpenFlow controller, L3 functionality is not available.

PLUMgrid plug-in

	Warning
	Do not configure or use `neutron-l3-agent` if you use one of these plug-ins.

Procedure 7.13. To install the L3 agent for all other plug-ins

Install the neutron-l3-agent binary on the network node:
```
# apt-get install neutron-l3-agent
```
To uplink the node that runs neutron-l3-agent to the external network, create a bridge named "br-ex" and attach the NIC for the external network to this bridge.
For example, with Open vSwitch and NIC eth1 connected to the external network, run:
```
# ovs-vsctl add-br br-ex
# ovs-vsctl add-port br-ex eth1
```
Do not manually configure an IP address on the NIC connected to the external network for the node running neutron-l3-agent. Rather, you must have a range of IP addresses from the external network that can be used by OpenStack Networking for routers that uplink to the external network. This range must be large enough to have an IP address for each router in the deployment, as well as each floating IP.
The neutron-l3-agent uses the Linux IP stack and iptables to perform L3 forwarding and NAT. In order to support multiple routers with potentially overlapping IP addresses, neutron-l3-agent defaults to using Linux network namespaces to provide isolated forwarding contexts. As a result, the IP addresses of routers are not visible simply by running the ip addr list or ifconfig command on the node. Similarly, you cannot directly ping fixed IPs.
To do either of these things, you must run the command within a particular network namespace for the router. The namespace has the name "qrouter-<UUID of the router>. These example commands run in the router namespace with UUID 47af3868-0fa8-4447-85f6-1304de32153b:
```
# ip netns exec qrouter-47af3868-0fa8-4447-85f6-1304de32153b ip addr list
```
```
# ip netns exec qrouter-47af3868-0fa8-4447-85f6-1304de32153b ping <fixed-ip>
```

Important

	Important
If you reboot a node that runs the L3 agent, you must run the neutron-ovs-cleanup command before the `neutron-l3-agent` service starts. On Red Hat, SUSE and Ubuntu based systems, the `neutron-ovs-cleanup` service runs the neutron-ovs-cleanup command automatically. However, on Debian-based systems (including Ubuntu prior to Icehouse), you must manually run this command or write your own system script that runs on boot before the `neutron-l3-agent` service starts.

If you reboot a node that runs the L3 agent, you must run the neutron-ovs-cleanup command before the neutron-l3-agent service starts.

On Red Hat, SUSE and Ubuntu based systems, the neutron-ovs-cleanup service runs the neutron-ovs-cleanup command automatically. However, on Debian-based systems (including Ubuntu prior to Icehouse), you must manually run this command or write your own system script that runs on boot before the neutron-l3-agent service starts.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

Legal notices