Ask Your Question

Which routing prorocol does neutron l3 agent use?

asked 2016-09-30 18:42:25 -0500

fifi gravatar image

updated 2016-09-30 18:44:08 -0500

When we create a virtual router in openstack, l3 agent creates a router name space. I'm curious to know if this virtual router works the same as ordinary physical routers(i mean internally)? If they do, which routing prorocol they use. If don't, how they route traffic. I also appreciate if anyone can introduce a good reference or source which discusses openstack virtual rouring in depth.


edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted

answered 2016-09-30 22:47:41 -0500

VSR gravatar image

updated 2016-09-30 22:50:22 -0500

As you have mentioned every virtual router is actually a namespace on the Network Node where the L3 agent is running. It just uses static (default) and connected tenant networks. It does not participate in any dynamic routing.

On the network node iossue command "ip netns" to list all namespaces. then execute ip netns exec <namespace-id> route -n to see its routing table.

If you use a SDN ML2 plugin like OpenContrail its done differently though. Thanks! -VJ.

edit flag offensive delete link more


Do you mean If we use a SDN ML2 plugin, it affects l3 agent functionality?

fifi gravatar imagefifi ( 2016-10-01 09:58:34 -0500 )edit

If you use Opencontrail as opposed to Openvswitch (default) It replaces the Openvswitch running on the Compute nodes with something called a vRouter. This vRouter performs all L3 functions without steering the traffic to the Network node or to the L3 agent. Check out -VJ

VSR gravatar imageVSR ( 2016-10-02 17:00:44 -0500 )edit

answered 2016-10-01 18:41:22 -0500

fifi gravatar image

Thanks for you answer. I also found out that Neutron has an API extension to allow administrators and tenants to create "routers" that connect to L2 networks. Known as the "neutron-l3-agent", it uses the Linux IP stack and iptables to perform L3 forwarding and NAT. In order to support multiple routers with potentially overlapping IP addresses, neutron-l3-agent defaults to using Linux network namespaces to provide isolated forwarding contexts. Like the DHCP namespaces that exist for every network defined in Neutron, each router will have its own namespace with a name based on its UUID.

edit flag offensive delete link more


Yes there exists namespaces for every network(qdhcp-UUID) and router(qrouter-UUID). Also the access & security group policies applied on tapdevice(for an instance) are realized in Linux IPtables in the compute Node where instance is hosted.

Praveen N gravatar imagePraveen N ( 2016-10-02 01:52:58 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2016-09-30 18:42:25 -0500

Seen: 281 times

Last updated: Oct 01 '16