/
contrail-vrouter-agent.conf
398 lines (315 loc) · 11.9 KB
/
contrail-vrouter-agent.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
#
# Vnswad configuration options
#
[CONTROL-NODE]
# List of IPAdress:Port of control-node's separated by space.(Mandatory)
# servers=10.0.0.1:5269 10.0.0.2:5260 10.0.0.3:5260
# When datacenter is distributed across different locations, each site is
# identified by sub-cluster identifier. The sub-cluster identifier below is
# configured to ensure that vrouter-agent connects only to control-node in the
# same sub-cluster. This subcluster_name is sent by vrouter-agent in XMPP open
# message.
# subcluster_name=
[DEFAULT]
# Everything in this section is optional
# IP address and port to be used to connect to collector.
# Multiple IP:port strings separated by space can be provided
# collectors=127.0.0.1:8086 10.0.0.1:8086
# Agent mode : can be vrouter / tsn / tsn-no-forwarding / tor (default is vrouter)
# agent_mode=
# Aging time for flow-records in seconds
# flow_cache_timeout=0
# hostname= # Retrieved from gethostname() or `hostname -s` equivalent
# Http server port for inspecting vnswad state (useful for debugging)
# http_server_port=8085
# Category for logging. Default value is '*'
# log_category=
# Number of tx-buffers on pkt0 interface
# pkt0_tx_buffers=1000
#
# Measure delays in different queues
# measure_queue_delay=0
#
# Local log file name
log_file=/var/log/contrail/contrail-vrouter-agent.log
# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
log_level=SYS_NOTICE
# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
log_local=1
# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable)
# Flag is deprecated as of 5.0.1
# log_flow=0
# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
# tunnel_type=
# DHCP relay mode (true or false) to determine if a DHCP request in fabric
# interface with an unconfigured IP should be relayed or not
# dhcp_relay_mode=
# Sandesh send rate limit can be used to throttle system logs transmitted per
# second. System logs are dropped if the sending rate is exceeded
# sandesh_send_rate_limit=
# Enable/Disable SSL based XMPP Authentication
# xmpp_auth_enable=false
# xmpp_dns_auth_enable=false
# xmpp_server_cert=/etc/contrail/ssl/certs/server.pem
# xmpp_server_key=/etc/contrail/ssl/private/server-privkey.pem
# xmpp_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
# Gateway mode : can be server/ vcpe (default is none)
# gateway_mode=
# TSN list - list of tsn nodes working in active/backup mode
# when agent runs in tsn-no-forwarding mode.
# tsn_servers=<host-ip-1> <host-ip-2>
# tsn_servers=
# The Prefix len configured for Allowed-address-pair entries determine the
# number of Arp probes sent for that subnet. By default, the minimum value
# supported for this is 24. It can be modified by the following parameter
# min_aap_prefix_len=24
# Send VMI, VM and VN UVEs from agent at the following interval (seconds)
# vmi_vm_vn_uve_interval = 30
[SANDESH]
# sandesh_ssl_enable=false
# introspect_ssl_enable=false
# sandesh_keyfile=/etc/contrail/ssl/private/server-privkey.pem
# sandesh_certfile=/etc/contrail/ssl/certs/server.pem
# sandesh_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
[RESTART]
# Enable/Disable backup of config and resource files
# backup_enable=true
#
# Directory containing backup of config and resource files
# backup_dir=/var/lib/contrail/backup
#
# Number of backup files
# backup_file_count=3
#
# Agent avoids generating backup file if change is detected within time
# configured below (in milli-sec)
# backup_idle_timeout=10000
#
# Restore config/resource definitions from file
# restore_enable=true
#
# Audit time for config/resource read from file
# restore_audit_timeout=15000
#
# Huge pages, mounted at the files specified below, to be used by vrouter
# running in kernel mode for flow table and brige table.
# huge_page_1G=<1G_huge_page_1> <1G_huge_page_2>
# huge_page_2M=<2M_huge_page_1> <2M_huge_page_2>
[DNS]
# Client port used by vrouter-agent while connecting to contrail-named
# dns_client_port=
# List of IPAdress:Port of DNS Servers separated by space.
# servers=10.0.0.1:53 10.0.0.2:53 10.0.0.3:53
# Timeout for DNS server queries in milli-seconds
# dns_timeout=
# Maximum retries for DNS server queries
# dns_max_retries=
[HYPERVISOR]
# Everything in this section is optional
# Hypervisor type. Possible values are kvm, xen and vmware
# type=kvm
# Link-local IP address and prefix in ip/prefix_len format (for xen)
# xen_ll_ip=
# Link-local interface name when hypervisor type is Xen
# xen_ll_interface=
# Physical interface name when hypervisor type is vmware
# vmware_physical_interface=
# Mode of operation for VMWare. Possible values esxi_neutron, vcenter
# default is esxi_neutron
# vmware_mode=
[FLOWS]
# Everything in this section is optional
# Number of threads for flow setup
# thread_count = 4
#
# Maximum flows allowed per VM (given as % of maximum system flows)
# max_vm_flows=
# Maximum number of link-local flows allowed across all VMs
# max_system_linklocal_flows=4096
# Maximum number of link-local flows allowed per VM
# max_vm_linklocal_flows=1024
# Number of Index state-machine events to log
# index_sm_log_count=0
# Enable/Disable tracing of flow messages. Introspect can over-ride this value
# trace_enable=false
#
# Number of add-tokens
# add_tokens=100
# Number of ksync-tokens
# ksync_tokens=50
# Number of del-tokens
# del_tokens=50
# Number of update-tokens
# update_tokens=50
# Maximum sessions that can be encoded in single SessionAggInfo entry. This is
# used during export of session messages. Default is 100
# max_sessions_per_aggregate=100
# Maximum aggregate entries that can be encoded in single SessionEndpoint entry
# This is used during export of session messages. Default is 8
# max_aggregates_per_session_endpoint=8
# Maximum SessionEndpoint entries that can be encoded in single
# SessionEndpointObject. This is used during export of session messages. Default
# is 5
# max_endpoints_per_session_msg=5
[METADATA]
# Shared secret for metadata proxy service (Optional)
# metadata_proxy_secret=contrail
# Metadata proxy port on which agent listens (Optional)
# metadata_proxy_port=
# Enable(true) ssl support for metadata proxy service
# metadata_use_ssl=
# Path for Metadata Agent client certificate
# metadata_client_cert=
# Metadata Agent client certificate type(default=PEM)
# metdata_client_cert_type=
# Path for Metadata Agent client private key
# metadata_client_key=
# Path for CA certificate
# metadata_ca_cert=
[NETWORKS]
# control-channel IP address used by WEB-UI to connect to vnswad to fetch
# required information (Optional)
# control_network_ip=
[VIRTUAL-HOST-INTERFACE]
# Everything in this section is mandatory
# name of virtual host interface
# name=vhost0
# IP address and prefix in ip/prefix_len format
# ip=10.1.1.1/24
# Gateway IP address for virtual host
# gateway=10.1.1.254
# Flag to indicate if hosts in vhost subnet can be resolved by ARP
# If set to 1 host in subnet would be resolved by ARP, if set to 0
# all the traffic destined to hosts within subnet also go via
# default gateway
# subnet_hosts_resolvable=0
# Physical interface name to which virtual host interface maps to
# physical_interface=vnet0
# List of IP addresses assigned for the compute node other than vhost. Specify
# this only if vhost interface is un-numbered in host-os. Agent will use one
# of the compute_node_address to run services that need IP Address in host-os
# (like metadata...)
#compute_node_address = 10.204.216.28
# We can have multiple gateway sections with different indices in the
# following format
[GATEWAY-0]
# Name of the routing_instance for which the gateway is being configured
# routing_instance=default-domain:admin:public:public
# Gateway interface name
# interface=vgw
# Virtual network ip blocks for which gateway service is required. Each IP
# block is represented as ip/prefix. Multiple IP blocks are represented by
# separating each with a space
# ip_blocks=1.1.1.1/24
[GATEWAY-1]
# Name of the routing_instance for which the gateway is being configured
# routing_instance=default-domain:admin:public1:public1
# Gateway interface name
# interface=vgw1
# Virtual network ip blocks for which gateway service is required. Each IP
# block is represented as ip/prefix. Multiple IP blocks are represented by
# separating each with a space
# ip_blocks=2.2.1.0/24 2.2.2.0/24
# Routes to be exported in routing_instance. Each route is represented as
# ip/prefix. Multiple routes are represented by separating each with a space
# routes=10.10.10.1/24 11.11.11.1/24
[SERVICE-INSTANCE]
# Path to the script which handles the netns commands
netns_command=/usr/bin/opencontrail-vrouter-netns
docker_command=/usr/bin/opencontrail-vrouter-docker
# Number of workers that will be used to start netns commands
#netns_workers=1
# Timeout for each netns command, when the timeout is reached, the netns
# command is killed.
#netns_timeout=30
#
[TASK]
# Number of threads used by TBB
# thread_count = 8
# Log message if time taken to execute task exceeds a threshold (in msec)
# log_exec_threshold = 10
#
# Log message if time taken to schedule task exceeds a threshold (in msec)
# log_schedule_threshold = 25
#
# TBB Keepawake timer interval in msec
# tbb_keepawake_timeout = 20
#
# Timeout for task monitor in msec
# task_monitor_timeout = 50000
#
# Policy to pin the ksync netlink io thread to CPU. By default, CPU pinning
# is disabled. Other values for policy are,
# "last" - Last CPUID
# "<num>" - CPU-ID to pin (in decimal)
# ksync_thread_cpu_pin_policy=last
[SERVICES]
# bgp_as_a_service_port_range - reserving set of ports to be used.
# bgp_as_a_service_port_range=30000-35000
# [QOS]
#
# #Knob to configure priority tagging when in DCB mode. Default value is true
# priority_tagging = false
#
# [QUEUE-1]
# Logical nic queues for qos config
# logical_queue=
# [QUEUE-2]
# Logical nic queues for qos config
# logical_queue=
# [QUEUE-3]
# This is the default hardware queue
# default_hw_queue= true
# Logical nic queues for qos config
# logical_queue=
# [QOS-NIANTIC]
# [PG-1]
# Scheduling algorithm for priority group (strict/rr)
# scheduling=
# Total hardware queue bandwidth used by priority group
# bandwidth=
# [PG-2]
# Scheduling algorithm for priority group (strict/rr)
# scheduling=
# Total hardware queue bandwidth used by priority group
# bandwidth=
# [PG-3]
# Scheduling algorithm for priority group (strict/rr)
# scheduling=
# Total hardware queue bandwidth used by priority group
# bandwidth=
[LLGR]
# Note: All time values are in seconds.
# End of Rib Rx(received from CN)
# Fallback time in seconds to age out stale entries on CN becoming
# active this is used only when end-of-rib is not seen from CN.
# end_of_rib_rx_fallback_time=
# End of Rib Tx(to be sent to CN)
# Fallback time in seconds to send EOR to CN. Agent waits for inactivity to
# send the same however it may so happen that activity never dies down,
# so use fallback.
# Inactivity time is the time agent waits to conclude EOC. During this interval
# no config will be seen.
# end_of_rib_tx_fallback_time=
# end_of_rib_tx_inactivity_time=
# Config cleanup time
# Once end of config is determined this time is used to start stale cleanup
# of config.
# stale_config_cleanup_time=
# End of config determination time
# Inactivity time is the time agent waits to conclude EOC. During this interval
# no config will be seen.
# Fallback time in seconds to find EOC in case config inactivity is not seen.
# config_fallback_time=
# config_inactivity_time=
[CRYPT]
# If configured, Crypt interface is expected to be present, during bring up.
# crypt_interface = crypt0
#[SESSION]
# This section lets one configure destinations for sampled and SLO sessions
# The default destination is collector for both sampled and logged sessions
# sample_destination = collector # values can be any/all of collector, file,
# syslog. eg., sample_destination = collector file syslog
# slo_destination = collector # values can be any/all of collector, file,
# syslog. eg., slo_destination = collector file syslog