Jump to: navigation, search


Revision as of 12:00, 14 September 2014 by Irenab (talk | contribs) (SR-IOV Networking in OpenStack Juno)

This Page is under construction

Once it will be ready, the content might move to another location.

SR-IOV Networking in OpenStack Juno

OpenStack Juno adds inbox support to request VM access to virtual network via SR-IOV NIC. With the introduction of SR-IOV based NIC, the traditional virtual bridge is no longer required. Each SR-IOV port is associated with a virtual function (VF). SR-IOV ports may be provided by Hardware-based Virtual Eithernet Bridging (HW VEB); or they may be extended to an upstream physical switch (IEEE 802.1br). There are two ways that SR-IOV port may be connected:

  • directly connected to its VF
  • connected with a macvtap device that resides on the host, which is then connected to the corresponding VF.


Nova support for SR-IOV is ....


Neutron support for SR-IOV is ... embedded NIC is ...

VM creation flow with SR-IOV vNIC

  • Create one or more neutron ports
  neutron port-create <net-id> --binding:vnic-type direct
  • Boot VM with one or more neutron ports
  nova boot --flavor m1.large --image <image>
         --nic port-id=<port1> --nic port-id=<port2>

Note that in the nova boot API, users can specify either a port-id or a net-id. If it's the latter case, it's assumed that the user is requesting a normal virtual port (which is not a SR-IOV port).

SR-IOV Configuration

Neutron Server

Using ML2 Neutron plugin modify /etc/neutron/plugins/ml2/ml2_conf.ini:

tenant_network_types = vlan
type_drivers = vlan
mechanism_drivers = openvswitch,sriovnicswitch
network_vlan_ranges = default:2:100

Make sure /etc/neutron/plugins/ml2/ml2_conf_sriov.ini has the following section:

agent_required = True

Neutron server should be run with the two configuration files /etc/neutron/plugins/ml2/ml2_conf.in and /etc/neutron/plugins/ml2/ml2_conf_sriov.ini

neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini



On each compute you have to associate the Virtual Functions available to each Physical Network. You do it by configuring pci_passthrough_whitelist in /etc/nova/noca.conf

For example:

pci_passthrough_whitelist = {"address":"*:0a:00.*","physical_network":"physnet1"}

This will associate any VF with address that includes ':0a:00.' in it's address to the Physical network physnet1

After configuring the white list you have to restart nova-compute service.


If the hardware supports and and you want to enable changing the port admin_state you have to run the Neutron SR-IOV agent.

Note:If you configured agent_required=True on the Neutron server you must run the Agent on each compute node.

In /etc/neutron/plugins/ml2/ml2_conf.ini make sure you have the following:

firewall_driver = neutron.agent.firewall.NoopFirewallDriver

Modify /etc/neutron/plugins/ml2/ml2_conf_sriov.ini as follows

physical_device_mappings = physnet1:eth1
exclude_devices =

physnet1 is the physical network eth1 if the Physical Function (PF) exclude_devices is empty so All the VFs associated with eth1 are allowed to be configured by the agent.

After modifying the configuration file start the Neutron SR-IOV agent:

neutron-sriov-nic-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini

Exclude VFs

If you want to exclude some of the VFs so the agent won't configure them you need to list them in the sriov_nic section:

Example: exclude_devices = eth1:0000:07:00.2; 0000:07:00.3, eth2:0000:05:00.1; 0000:05:00.2


Openstack ML2 SR-IOV driver support