[openstack-dev] Linux kernel IPv4 configuration during the neutron installation

Akihiro Motoki amotoki at gmail.com
Fri Nov 13 10:01:40 UTC 2015


Could you share the exact place of the installation guide?
I would like to check it.

Are you talking about the network node?

I think these settings are required when you configure a network node
without network namespace.

If we use network namespace in a network node, I don't think we need
these settings in a host of a network node.
ip_forward=1 is set automatically in a router network namespace.

I checked my Juno production environment  with network namespace, I
see the following in a host level.
It uses Ubuntu 14.04.

$ cat /proc/sys/net/ipv4/ip_forward
0
$ cat /proc/sys/net/ipv4/conf/all/rp_filter
1
$ cat /proc/sys/net/ipv4/conf/default/rp_filter
1

Akihiro

2015-11-13 18:51 GMT+09:00 JinXing F <jinxing.f at gmail.com>:
> Yes,I don't understand why Neutron needs enable ip_forward and disable RPF.
> And I also don't understand where the neutron need this config during the
> instance connect to the extrernal network.
>
> I read the neutron code, found when the L3 agent creating, it needs the
> ip_forward config,but i'm not find the RPF config in the neutron code.
>
> Thank you very much!
>
>
> 2015-11-11 18:25 GMT+08:00 JinXing F <jinxing.f at gmail.com>:
>>
>> Hi, guys:
>>
>>     during the neutron installation guide, I found that we need to config
>> the linux kernel as bellow:
>>
>> net.ipv4.ip_forward=1
>>
>> net.ipv4.conf.all.rp_filter=0
>>
>> net.ipv4.conf.default.rp_filter=0
>>
>>
>> the first one is the ip address translation between LAN and WLAN, the
>> second and third command is used for "Reverse Path Filtering".
>>
>> I cann't understand the purpose of the config in the neutron.
>>
>> 1. If the instance in compute node connect with exteral network,what's the
>> function of the three config?
>>
>> 2. The instance connect with each others, what's the function of the three
>> config?
>>
>>
>> I am very confused about this config.Please explain the answer to me.
>>
>> Thanks.
>
>



More information about the OpenStack-dev mailing list