Openstack – Configure Neutron on Network Node – Part 7

Configuring the Neutron services in openstack is quite lengthy process since we need to make the necessary configuration changes on controller node (API node), Network node & Compute node. In the previous article , we have configured the neutron services on Openstack controller node. This article will demonstrate that how to configure the Network node for Neutron networking. The network node primarily handles the L3 layer networking. It is responsible for internal and external routing. It offers DHCP service for virtual networks within the openstack environment.  We need to enable the few kernel parameter before installing the openstack networking packages on Networking node.

Let’s configure the Neutron for our environment.

 Configure prerequisites on Network Node:


1. Login to openstack Network node.

2. Edit the sysctl.conf file and add the lines below .



3.Dynamically load the configuration which you have added in sysctl.conf.

root@OSNWT-UA:~# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0


4. Install the networking components on Network Node.

root@OSNWT-UA:~# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:

Here is the attached console logs for the package installation.
Neutron installation on Network Node – logs


5. Configure the Networking common components. This configuration will setup the authentication methods , MQ configuration and other plugins.

  • Configure the Networking service to use the Identify service “keystone”. Edit the “/etc/neutron/neutron.conf ”
    and add the following keys in [DEFAULT] section.
auth_strategy = keystone


  • Add the following keys to the [keystone_authtoken] section
auth_url = http://controller:5000
auth_host = OSCTRL-UA
auth_protocol = http
auth_port = 35357
admin_tenant_name = service
admin_user = neutron
admin_password = neutron123


  • Configure Networking to use the message broker “Rabbit MQ” :
rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = OSCTRL-UA
rabbit_password = rabbit123
  • Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services:
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
verbose = True


  • Comment out any lines in the [service_providers] section.


Configure the Layer-3 (L3) agent on Network Node:

1. Edit the “/etc/neutron/l3_agent.ini ” file and add the following lines under the [DEFAULT] section.

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
verbose = True


Configure the DHCP agent:

1. Edit the /etc/neutron/dhcp_agent.ini file and add the following keys to the [DEFAULT] section.

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
verbose = True


Configure the metadata agent:

1. Edit the “/etc/neutron/metadata_agent.ini ” file and add the following keys to the [DEFAULT] section.

auth_url = http://OSCTRL-UA:5000/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = neutron
admin_password = neutron123
nova_metadata_ip = OSCTRL-UA
metadata_proxy_shared_secret = metadatapass

Configure the Modular Layer 2 (ML2) plug-in:

1. Edit the “/etc/neutron/plugins/ml2/ml2_conf.ini” like below. Replace the IP address with the IP address of the instance tunnels network interface on your network node.

root@OSNWT-UA:~# cat /etc/neutron/plugins/ml2/ml2_conf.ini |egrep -v "#|^$"
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
flat_networks = external
tunnel_id_ranges = 1:1000
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
tunnel_types = gre
local_ip =
bridge_mappings = external:br-ex


Configuration on the Controller Node:

The below steps need to be executed  on the Controller Node.

1.Login to the openstack controller node.

2.Edit the “/etc/nova/nova.conf” configuration file & add the following keys to [DEFAULT] section.

service_neutron_metadata_proxy = true
neutron_metadata_proxy_shared_secret = metadatapass


3.Restart the nova-api service.

root@OSCTRL-UA:~# service nova-api restart
nova-api stop/waiting
nova-api start/running, process 28975


Configure the Open vSwitch (OVS) service on Network Node:

Open vSwtich provides the virtual networking framework for instances . br-init (Integration Bridge) handles the internal traffic within OVS. br-ext (External Bridge) handles the external instance traffic with OVS. The external bridge requires a port on the physical external network interface to provide instances with external network access.

Let’s see how we can add the integration & external bridge.

1. Restart the OVS service on network node.

root@OSNWT-UA:~# service openvswitch-switch restart
openvswitch-switch stop/waiting
openvswitch-switch start/running


2. Create the Integration bridge if its not already exists.

root@OSNWT-UA:~# ovs-vsctl add-br br-int


3.Create the External Bridge.

root@OSNWT-UA:~# ovs-vsctl add-br br-ex


4. Add a port to the external bridge that connects to the physical external network interface.

root@OSNWT-UA:~# ovs-vsctl add-port br-ex eth2


Finalize the Neutron Installation & Configuration on Network Node:

1. Restart the agents.

root@OSNWT-UA:~# service neutron-plugin-openvswitch-agent restart
neutron-plugin-openvswitch-agent stop/waiting
neutron-plugin-openvswitch-agent start/running, process 6477
root@OSNWT-UA:~# service neutron-l3-agent restart
stop: Unknown instance:
neutron-l3-agent start/running, process 6662
root@OSNWT-UA:~# service neutron-dhcp-agent restart
neutron-dhcp-agent stop/waiting
neutron-dhcp-agent start/running, process 6707
root@OSNWT-UA:~# service neutron-metadata-agent restart
neutron-metadata-agent stop/waiting
neutron-metadata-agent start/running, process 6731


2. Check the service status ,

root@OSNWT-UA:~# service neutron-plugin-openvswitch-agent status; service neutron-l3-agent status;service neutron-dhcp-agent status;service neutron-metadata-agent status
neutron-plugin-openvswitch-agent start/running, process 6477
neutron-l3-agent start/running, process 6662
neutron-dhcp-agent start/running, process 6707
neutron-metadata-agent start/running, process 6731


Verify Network Node Operation:

1. Login to the controller node.

2. Source the admin credentials

root@OSCTRL-UA:~# cat admin.rc
export OS_USERNAME=admin
export OS_PASSWORD=admin123
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://OSCTRL-UA:35357/v2.0
root@OSCTRL-UA:~# source admin.rc


3. List the neutron agents.

root@OSCTRL-UA:~# neutron agent-list
| id                                   | agent_type         | host     | alive | admin_state_up | binary                    |
| 12d30025-2b13-4edf-806a-cfea51089c1e | L3 agent           | OSNWT-UA | :-)   | True           | neutron-l3-agent          |
| 26b7634d-7e81-4d84-9458-af95db545828 | Metadata agent     | OSNWT-UA | :-)   | True           | neutron-metadata-agent    |
| 6a65089e-7af5-4fe0-b746-07bc8fa7d7d0 | DHCP agent         | OSNWT-UA | :-)   | True           | neutron-dhcp-agent        |
| ad45ceea-6fa4-4cad-af17-ae7e40becb4b | Open vSwitch agent | OSNWT-UA | :-)   | True           | neutron-openvswitch-agent |

“Alive & Admin_state_up” shows that how successfully we have configured the neutron services on Network node.


Hope this article is informative to you .  In the next article , we will configure neutron related services for compute Node.



  1. You are truly a life saver 🙂 Best article and explanation I have ever come across 🙂

  2. very good ! u r the best !!