Difference between revisions of "Juno-SR-IOV"
(→SR-IOV Networking in OpenStack Juno) |
(→Neutron) |
||
Line 14: | Line 14: | ||
Neutron support for SR-IOV requires ML2 Plugin with SR-IOV supporting Mechanism Driver. | Neutron support for SR-IOV requires ML2 Plugin with SR-IOV supporting Mechanism Driver. | ||
Currently there is ML2 Mechanism Driver for SR-IOV capable NIC based switching (HW VEB). | Currently there is ML2 Mechanism Driver for SR-IOV capable NIC based switching (HW VEB). | ||
− | + | There are Network Adapters from different vendors. | |
− | + | There is SR-IOV NIC L2 Agent that supports admin status update. This agent should be deplyed if the VF state update is supported by vendor Netwrok Adapter. | |
==VM creation flow with SR-IOV vNIC== | ==VM creation flow with SR-IOV vNIC== |
Revision as of 12:34, 14 September 2014
Contents
This Page is under construction
Once it will be ready, the content might move to another location.
SR-IOV Networking in OpenStack Juno
OpenStack Juno adds inbox support to request VM access to virtual network via SR-IOV NIC. With the introduction of SR-IOV based NIC, the traditional virtual bridge is no longer required. Each SR-IOV port is associated with a virtual function (VF). SR-IOV ports may be provided by Hardware-based Virtual Eithernet Bridging (HW VEB); or they may be extended to an upstream physical switch (IEEE 802.1br). There are two ways that SR-IOV port may be connected:
- directly connected to its VF
- connected with a macvtap device that resides on the host, which is then connected to the corresponding VF.
Nova
Nova support for SR-IOV enables to schedule an instance with SR-IOV ports based on their network connectivity. The neutron ports' associated physical networks have to be used in making the scheduling decision. PCI Whitelist was exchanced to allow tags to be associated with PCI devices. PCI devices awailable for SR-IOV networking should be tagged with physical_network label.
Neutron
Neutron support for SR-IOV requires ML2 Plugin with SR-IOV supporting Mechanism Driver. Currently there is ML2 Mechanism Driver for SR-IOV capable NIC based switching (HW VEB). There are Network Adapters from different vendors. There is SR-IOV NIC L2 Agent that supports admin status update. This agent should be deplyed if the VF state update is supported by vendor Netwrok Adapter.
VM creation flow with SR-IOV vNIC
- Create one or more neutron ports
neutron port-create <net-id> --binding:vnic-type direct
- Boot VM with one or more neutron ports
nova boot --flavor m1.large --image <image> --nic port-id=<port1> --nic port-id=<port2>
Note that in the nova boot API, users can specify either a port-id or a net-id. If it's the latter case, it's assumed that the user is requesting a normal virtual port (which is not a SR-IOV port).
SR-IOV Configuration
Neutron Server
Using ML2 Neutron plugin modify /etc/neutron/plugins/ml2/ml2_conf.ini:
[ml2] tenant_network_types = vlan type_drivers = vlan mechanism_drivers = openvswitch,sriovnicswitch [ml2_type_vlan] network_vlan_ranges = default:2:100
Make sure /etc/neutron/plugins/ml2/ml2_conf_sriov.ini has the following section:
[ml2_sriov] agent_required = True
Neutron server should be run with the two configuration files /etc/neutron/plugins/ml2/ml2_conf.in and /etc/neutron/plugins/ml2/ml2_conf_sriov.ini
neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini
Compute
Nova
On each compute you have to associate the Virtual Functions available to each Physical Network. You do it by configuring pci_passthrough_whitelist in /etc/nova/noca.conf
For example:
pci_passthrough_whitelist = {"address":"*:0a:00.*","physical_network":"physnet1"}
This will associate any VF with address that includes ':0a:00.' in it's address to the Physical network physnet1
After configuring the white list you have to restart nova-compute service.
Neutron
If the hardware supports and and you want to enable changing the port admin_state you have to run the Neutron SR-IOV agent.
Note:If you configured agent_required=True on the Neutron server you must run the Agent on each compute node.
In /etc/neutron/plugins/ml2/ml2_conf.ini make sure you have the following:
[securitygroup] firewall_driver = neutron.agent.firewall.NoopFirewallDriver
Modify /etc/neutron/plugins/ml2/ml2_conf_sriov.ini as follows
[sriov_nic] physical_device_mappings = physnet1:eth1 exclude_devices =
physnet1 is the physical network eth1 if the Physical Function (PF) exclude_devices is empty so All the VFs associated with eth1 are allowed to be configured by the agent.
After modifying the configuration file start the Neutron SR-IOV agent:
neutron-sriov-nic-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini
Exclude VFs
If you want to exclude some of the VFs so the agent won't configure them you need to list them in the sriov_nic section:
Example: exclude_devices = eth1:0000:07:00.2; 0000:07:00.3, eth2:0000:05:00.1; 0000:05:00.2