Book Image


By : James Denton
Book Image


By: James Denton

Overview of this book

Table of Contents (17 chapters)
Learning OpenStack Networking (Neutron)
About the Author
About the Reviewers

Per-tenant quotas

To prevent system resources from being exhausted, Neutron supports per-tenant quota limits via the quotas extension. Every tenant is bound to a default quota that is set by the administrator in the Neutron configuration file:

# resource name(s) that are supported in quota features
# quota_items = network,subnet,port
# number of networks allowed per tenant, and minus means unlimited
# quota_network = 10
# number of subnets allowed per tenant, and minus means unlimited
# quota_subnet = 10
# number of ports allowed per tenant, and minus means unlimited
# quota_port = 50

# number of security groups allowed per tenant, and minus means unlimited
# quota_security_group = 10

# number of security group rules allowed per tenant, and minus means unlimited
# quota_security_group_rule = 100

To change the default settings, change the value and uncomment the line associated with the quota you want to change. Restarting neutron-server is necessary for changes to take effect.

You can also set a quota to limit the number of routers and floating IPs per tenant by adding the following to the [quotas] section:

# number of routers allowed per tenant, and minus means unlimited
quota_router = 10
# number of floating IPs allowed per tenant, and minus means unlimited
quota_floatingip = 50

The following Neutron commands can be used to manage per-tenant quotas:

  • quota-delete

  • quota-list

  • quota-show

  • quota-update

Listing the default quotas

To see a list of the default quotas, use the Neutron quota-show command as follows:

Syntax: quota-show

The listed output will contain the default per-tenant Neutron quotas:

Updating tenant quotas

To update a quota for a specified tenant, use the Neutron quota-update command as follows:

Syntax: quota-update --tenant-id <ID of tenant> [--network NUM_OF_NETWORKS] [--port NUM_OF_PORTS] [--subnet NUM_OF_SUBNETS] [--floatingip NUM_OF_FLOATIP] [--security_group NUM_OF_SECGROUPS] [--security_group_rule NUM_OF_SECGRP_RULES] [--router NUM_OF_ROUTERS]

The attributes in brackets are optional and allow you to specify new values for the respective quota. You can update multiple attributes simultaneously, as shown in the following screenshot:

Listing tenant quotas

To list the quotas of a tenant, use the Neutron quota-list command as follows:

Syntax: quota-list --tenant-id <ID of tenant>

If a tenant is using default quotas, no output will be provided. If the quotas have been modified, the output will resemble the following screenshot:

Deleting tenant quotas

To revert tenant quotas to their default values, use the Neutron quota-delete command as follows:

Syntax: quota-delete --tenant-id <ID of tenant>


The quota-delete command results in all per-tenant quotas being reverted to default values. It is not possible to revert a single quota.