To prevent system resources from being exhausted, Neutron supports per-tenant quota limits via the quotas
extension. Every tenant is bound to a default quota that is set by the administrator in the Neutron configuration file:
[quotas] # resource name(s) that are supported in quota features # quota_items = network,subnet,port # number of networks allowed per tenant, and minus means unlimited # quota_network = 10 # number of subnets allowed per tenant, and minus means unlimited # quota_subnet = 10 # number of ports allowed per tenant, and minus means unlimited # quota_port = 50 # number of security groups allowed per tenant, and minus means unlimited # quota_security_group = 10 # number of security group rules allowed per tenant, and minus means unlimited # quota_security_group_rule = 100
To change the default settings, change the value and uncomment the line associated with the quota you want to change. Restarting neutron-server
is necessary for changes to take effect.
You can also set a quota to limit the number of routers and floating IPs per tenant by adding the following to the [quotas]
section:
[quotas] # number of routers allowed per tenant, and minus means unlimited quota_router = 10 # number of floating IPs allowed per tenant, and minus means unlimited quota_floatingip = 50
The following Neutron commands can be used to manage per-tenant quotas:
quota-delete
quota-list
quota-show
quota-update
To see a list of the default quotas, use the Neutron quota-show
command as follows:
Syntax: quota-show
The listed output will contain the default per-tenant Neutron quotas:
To update a quota for a specified tenant, use the Neutron quota-update
command as follows:
Syntax: quota-update --tenant-id <ID of tenant> [--network NUM_OF_NETWORKS] [--port NUM_OF_PORTS] [--subnet NUM_OF_SUBNETS] [--floatingip NUM_OF_FLOATIP] [--security_group NUM_OF_SECGROUPS] [--security_group_rule NUM_OF_SECGRP_RULES] [--router NUM_OF_ROUTERS]
The attributes in brackets are optional and allow you to specify new values for the respective quota. You can update multiple attributes simultaneously, as shown in the following screenshot:
To list the quotas of a tenant, use the Neutron quota-list
command as follows:
Syntax: quota-list --tenant-id <ID of tenant>
If a tenant is using default quotas, no output will be provided. If the quotas have been modified, the output will resemble the following screenshot: