|
|
Line 1: |
Line 1: |
− | =This Page is under construction=
| + | Refer to this page: https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking |
− | Once it will be ready, the content might move to another location.
| |
− | =SR-IOV Networking in OpenStack Juno=
| |
− | OpenStack Juno adds inbox support to request VM access to virtual network via SR-IOV NIC. With the introduction of SR-IOV based NIC, the traditional virtual bridge is no longer required. Each SR-IOV port is associated with a virtual function (VF). SR-IOV ports may be provided by Hardware-based Virtual Eithernet Bridging (HW VEB); or they may be extended to an upstream physical switch (IEEE 802.1br).
| |
− | There are two ways that SR-IOV port may be connected:
| |
− | * directly connected to its VF
| |
− | * connected with a macvtap device that resides on the host, which is then connected to the corresponding VF.
| |
− | | |
− | ==Nova==
| |
− | Nova support for SR-IOV enables to schedule an instance with SR-IOV ports based on their network connectivity. The neutron ports' associated physical networks have to be used in making the scheduling decision.
| |
− | PCI Whitelist was enchanced to allow tags to be associated with PCI devices. PCI devices available for SR-IOV networking should be tagged with physical_network label.
| |
− | | |
− | For SR-IOV networking, a pre-defined tag "physical_network" is used to define the physical network that the devices are attached to. A whitelist entry is defined as:
| |
− | ["device_id": "<id>",] ["product_id": "<id>",]
| |
− | ["address": "[[[[<domain>]:]<bus>]:][<slot>][.[<function>]]" |
| |
− | "devname": "Ethernet Interface Name",]
| |
− | "physical_network":"name string of the physical network"
| |
− | | |
− | <id> can be a '*' or a valid device/product id as displayed by the linux utility lspci. The address uses the same syntax as it's in lspci. The devname can be a valid PCI device name. The only device names that are supportedare those that are displayed by the linux utility ifconfig -a and correspond to either a PF or a VF on a vNIC.
| |
− | | |
− | If the device defined by the address or devname corresponds to a SR-IOV PF, all the VFs under the PF will match the entry.
| |
− | | |
− | Multiple whitelist entries per host are supported.
| |
− | | |
− | ==Neutron==
| |
− | Neutron support for SR-IOV requires ML2 Plugin with SR-IOV supporting Mechanism Driver.
| |
− | Currently there is ML2 Mechanism Driver for SR-IOV capable NIC based switching (HW VEB).
| |
− | There are Network Adapters from different vendors that may differ by supporting various functionality.
| |
− | If VF link state update is supported by vendor Network Adapter, the SR-IOV NIC L2 Agent should be deployed to leverage this functionality .
| |
− | | |
− | ==VM creation flow with SR-IOV vNIC==
| |
− | * Create one or more neutron ports
| |
− | neutron port-create <net-id> --binding:vnic-type direct
| |
− | | |
− | * Boot VM with one or more neutron ports
| |
− | nova boot --flavor m1.large --image <image>
| |
− | --nic port-id=<port1> --nic port-id=<port2>
| |
− |
| |
− | Note that in the nova boot API, users can specify either a port-id or a net-id. If it's the latter case, it's assumed that the user is requesting a normal virtual port (which is not a SR-IOV port).
| |
− | | |
− | =SR-IOV Configuration=
| |
− | | |
− | | |
− | ===Neutron Server===
| |
− | Using ML2 Neutron plugin modify /etc/neutron/plugins/ml2/ml2_conf.ini:
| |
− | | |
− | [ml2]
| |
− | tenant_network_types = vlan
| |
− | type_drivers = vlan
| |
− | mechanism_drivers = openvswitch,sriovnicswitch
| |
− | [ml2_type_vlan]
| |
− | network_vlan_ranges = default:2:100
| |
− | | |
− | Make sure /etc/neutron/plugins/ml2/ml2_conf_sriov.ini has the following section:
| |
− | | |
− | [ml2_sriov]
| |
− | agent_required = True
| |
− | | |
− | Neutron server should be run with the two configuration files /etc/neutron/plugins/ml2/ml2_conf.in and /etc/neutron/plugins/ml2/ml2_conf_sriov.ini
| |
− | neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini
| |
− | | |
− | ==Compute==
| |
− | ===Nova===
| |
− | On each compute you have to associate the Virtual Functions available to each Physical Network.
| |
− | You do it by configuring pci_passthrough_whitelist in /etc/nova/noca.conf
| |
− | | |
− | For example:
| |
− | pci_passthrough_whitelist = {"address":"*:0a:00.*","physical_network":"physnet1"}
| |
− | This will associate any VF with address that includes ':0a:00.' in it's address to the Physical network physnet1
| |
− | | |
− | After configuring the white list you have to restart nova-compute service.
| |
− | | |
− | ===Neutron===
| |
− | If the hardware supports and and you want to enable changing the port admin_state you have to run the Neutron SR-IOV agent.<br />
| |
− | | |
− | '''Note:'''If you configured agent_required=True on the Neutron server you must run the Agent on each compute node.
| |
− | | |
− | In /etc/neutron/plugins/ml2/ml2_conf.ini make sure you have the following:
| |
− | [securitygroup]
| |
− | firewall_driver = neutron.agent.firewall.NoopFirewallDriver
| |
− | | |
− | Modify /etc/neutron/plugins/ml2/ml2_conf_sriov.ini as follows
| |
− | | |
− | [sriov_nic]
| |
− | physical_device_mappings = physnet1:eth1
| |
− | exclude_devices =
| |
− | | |
− | physnet1 is the physical network
| |
− | eth1 if the Physical Function (PF)
| |
− | exclude_devices is empty so All the VFs associated with eth1 are allowed to be configured by the agent.
| |
− | | |
− | After modifying the configuration file start the Neutron SR-IOV agent:
| |
− | neutron-sriov-nic-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini
| |
− | | |
− | ====Exclude VFs====
| |
− | If you want to exclude some of the VFs so the agent won't configure them you need to list them in the sriov_nic section:<br />
| |
− | | |
− | '''Example:''' exclude_devices = eth1:0000:07:00.2; 0000:07:00.3, eth2:0000:05:00.1; 0000:05:00.2
| |
− | | |
− | =References=
| |
− | | |
− | [http://community.mellanox.com/docs/DOC-1484 Openstack ML2 SR-IOV driver support]
| |