Jump to: navigation, search

Difference between revisions of "Mellanox-Neutron-Juno-Redhat-Ethernet-SRIOV"

(Created page with " = Overview = == Mellanox Neutron ML2 Driver == Mellanox ML2 Mechanism Driver implements the ML2 Plugin Mechanism Driver API. This driver supports Mellanox embedded swit...")
 
Line 1: Line 1:
 +
=SR-IOV Networking in OpenStack Juno=
 +
OpenStack Juno adds inbox support to request VM access to virtual network via SR-IOV NIC. With the introduction of SR-IOV based NICs, the traditional virtual bridge is no longer required. Each SR-IOV port is associated with a virtual function (VF). SR-IOV ports may be provided by Hardware-based Virtual Ethernet Bridging (HW VEB); or they may be extended to an upstream physical switch (IEEE 802.1br). 
 +
There are two ways that SR-IOV port may be connected:
 +
* directly connected to its VF
 +
* connected with a macvtap device that resides on the host, which is then connected to the corresponding VF
  
 
+
==Nova==
= Overview =  
+
Nova support for SR-IOV enables scheduling an instance with SR-IOV ports based on their network connectivity. The neutron ports' associated physical networks have to be considered in making the scheduling decision.
== Mellanox Neutron ML2 Driver ==
+
PCI Whitelist has been enchanced to allow tags to be associated with PCI devices. PCI devices available for SR-IOV networking should be tagged with physical_network label.
Mellanox ML2 Mechanism Driver implements the ML2 Plugin Mechanism Driver API.  
 
  
This driver supports Mellanox embedded switch functionality as part of the VPI (Ethernet/InfiniBand) HCA. Mellanox ML2 Mechanism Driver provides functional parity with Mellanox Neutron plugin.
+
For SR-IOV networking, a pre-defined tag "physical_network" is used to define the physical network to which the devices are attached. A whitelist entry is defined as:
 +
    ["vendor_id": "<id>",] ["product_id": "<id>",]
 +
    ["address": "[[[[<domain>]:]<bus>]:][<slot>][.[<function>]]" |
 +
    "devname": "Ethernet Interface Name",] 
 +
    "physical_network":"name string of the physical network"
  
Mellanox ML2 Mechanism Driver supports DIRECT (pci passthrough) and MACVTAP (virtual interface with a tap-like software interface) vnic types. For vnic type configuration API details, please refer to configuration reference guide (click [http://docs.openstack.org/api/openstack-network/2.0/content/binding_ext_ports.html here]). Hardware vNICs mapped to the guest VMs allow higher performance and advanced features such as RDMA (remote direct memory access).  
+
<id> can be an asterisk (*) or a valid vendor/product ID as displayed by the Linux utility lspci. The address uses the same syntax as in lspci. The devname can be a valid PCI device name. The only device names that are supported are those displayed by the Linux utility ifconfig -a and correspond to either a PF or a VF on a vNIC.
  
The driver supports VLAN network type to facilitate virtual networks either on Ethernet or InfiniBand fabrics.
+
If the device defined by the address or devname corresponds to a SR-IOV PF, all VFs under the PF will match the entry.
 
• Mellanox OpenStack Neutron Agent (L2 Agent) runs on each compute node.  
 
  
• Agent should apply VIF connectivity based on mapping between a VIF (VM vNIC) and Embedded Switch port.
+
Multiple whitelist entries per host are supported.
  
== Mellanox Neutron Plugin ==
+
==Neutron==  
Please note,
+
Neutron support for SR-IOV requires ML2 Plugin with SR-IOV supporting mechanism driver.
Mellanox Plug-in is deprecated in the Icehouse release and won't be supported in the Juno release.
+
Currently there is ML2 Mechanism Driver for SR-IOV capable NIC based switching (HW VEB).
The features in the plug-in are now part of the ML2 plug-in in the form of Mellanox mechanism driver.
+
There are network adapters from different vendors that vary by supporting various functionality.
 +
If VF link state update is supported by vendor network adapter, the SR-IOV NIC L2 agent should be deployed to leverage this functionality .
  
For details regarding Mellanox Neutron plugin, please refer to https://wiki.openstack.org/wiki/Mellanox-Neutron-Havana-Redhat.
+
==VM creation flow with SR-IOV vNIC==
 +
* Create one or more neutron ports. Run:
 +
  neutron port-create <net-id> --binding:vnic-type <direct | macvtap | normal>
  
==  Mellanox Nova VIF Driver ==
+
* Boot VM with one or more neutron ports. Run:
The Mellanox Nova VIF driver should be used when running Mellanox Mechnism Driver. The VIF driver supports the VIF plugin by binding vNIC of type DIRECT  to the embedded switch port.
+
  nova boot --flavor m1.large --image <image>
VIF Driver for MACVTAP type is included in Nova libvirt generic vif driver. For SR-IOV pass-through (vnic type DIRECT) one needs to use VIF driver from Mellanox git repository or RPM.
+
          --nic port-id=<port1> --nic port-id=<port2> <vm name>
 
+
   
== Prerequisites ==
+
Note that in the nova boot API, users can specify either a port-ID or a net-ID. If a net-ID is specified, it is assumed that the user is requesting a normal virtual port (which is not an SR-IOV port).
* A running OpenStack environment installed with the ML2 plugin on top of OVS.
 
* All nodes equipped with Mellanox ConnectX®-3 Network Adapter (http://www.mellanox.com/page/products_dyn?product_family=119)
 
* Mellanox OFED 2.2 or greater installed on all nodes. Please refer to Mellanox website for the latest OFED: http://www.mellanox.com/page/products_dyn?product_family=26&mtag=linux_sw_drivers
 
* SR-IOV enabled on all compute nodes. For more information, please refer to Mellanox Community [http://community.mellanox.com/docs/DOC-1317 click here].
 
* The software package iproute2 - (http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 ) installed on all Compute nodes
 
* VLANs configured on the ports in the switch.
 
 
 
= Ethernet Network =
 
== Neutron Server Node ==
 
  
1. Make sure ML2 plugin is the current Neutron plugin by checking core_plugin option in /etc/neutron/neutron.conf:
+
=SR-IOV Configuration=
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
 
  
2. Make sure /etc/neutron/plugin.ini is pointing at (symbolic link) /etc/neutron/plugins/ml2/ml2_conf.ini
 
  
3. Modify /etc/neutron/plugins/ml2/ml2_conf.ini and include the following:  
+
===Neutron Server===
 +
Using ML2 Neutron plugin modify /etc/neutron/plugins/ml2/ml2_conf.ini:
  
[ml2]
+
[ml2]
type_drivers = vlan,flat
 
 
  tenant_network_types = vlan
 
  tenant_network_types = vlan
  mechanism_drivers = openvswitch,mlnx
+
type_drivers = vlan
 +
  mechanism_drivers = openvswitch,sriovnicswitch
 
  [ml2_type_vlan]
 
  [ml2_type_vlan]
  network_vlan_ranges = default:2:100
+
  network_vlan_ranges = physnet1:2:100
[eswitch]
 
vnic_type = hostdev
 
apply_profile_patch = True
 
  
4. Start (or restart) the Neutron server:  
+
Add supported PCI vendor VF devices, defined by vendor_id:product_id according to the PCI ID Repository in the /etc/neutron/plugins/ml2/ml2_conf_sriov.ini:
    #service neutron-server restart
 
  
== Compute Node ==
+
  [ml2_sriov]
To configure the Compute node:  
+
supported_pci_vendor_devs = vendor_id:product_id
  
1. Download the following Mellanox OpenStack repo file:
+
Example for Intel NIC that supports SR-IOV:
    #wget http://www.mellanox.com/downloads/solutions/openstack/icehouse/repo/mlnx-icehouse/mlnx-icehouse.repo -O /etc/yum.repos.d/mlnx-icehouse.repo
+
  supported_pci_vendor_devs = 8086:10ca
2. Install the eSwitch Daemon (eSwitchd) RPM:
 
  #yum install eswitchd
 
3. Install Mellanox VIF driver:
 
    #yum install mlnxvif
 
4. Install the required RPM for the Neutron agent:
 
    #yum install openstack-neutron-mellanox
 
5. Configure the eSwitch fabrics parameter in  /etc/eSwitchd/eSwitchd.conf:
 
    fabrics='<network name as in ml2>:<interface>'
 
6. In /etc/nova/nova.conf, check that the compute driver is libvirt:
 
    [libvirt]
 
    vif_driver=mlnxvif.vif.MlxEthVIFDriver
 
7. Modify the /etc/neutron/plugins/mlnx/mlnx_conf.ini file to reflect your environment:
 
    [AGENT]
 
    polling_interval - Polling interval (in seconds)for existing vNICs. The default is 2 seconds.
 
    rpc_support_old_agents - must be set to 'True'
 
    [ESWITCH]
 
    physical_interface_mapping - the network_interface_mappings maps each physical network name to the physical interface (on top of Mellanox Adapter) connecting the node to that
 
    physical network. The format of this paramter is:
 
    <fabric name>:< PF name> (Only relevant on Compute node). PF Name can either be the PF (Physical Function) Name or 'autoeth' for automatic Ethernet configuration,'autoib' for  
 
    automatic InfiniBand configuration. The default is "default:autoeth". 
 
8. Restart Nova :
 
    service openstack-nova-compute restart
 
9. Start eSwitch Daemon (eSwitchd):
 
    service eswitchd start
 
10. Start the Neutron agent:
 
    #service neutron-mlnx-agent start
 
  
NOTE: eSwitch Daemon should be running before the Neutron
+
If SRIOV network adapters support VF link state setting and admin state management is desired, make sure  to add /etc/neutron/plugins/ml2/ml2_conf_sriov.ini    [ml2_sriov] section
 +
the following setting:
  
== Network Node ==
+
agent_required = True
  
To configure the Network node:
+
Neutron server should be run with the two configuration files /etc/neutron/plugins/ml2/ml2_conf.in and /etc/neutron/plugins/ml2/ml2_conf_sriov.ini
 +
neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini
  
1. Change the configuration of the ini file located at: /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini.
+
==Compute==
The "default in the following example is the name of the physical network as configured in /etc/neutron/plugins/ml2/ml2_conf.ini:
+
===nova-compute===
    bridge_mappings = default:br-eth3,public:br-ex
+
On each compute node you have to associate the VFs available to each physical network.
2. Update /etc/neutron/dhcp_agent.ini in the DHCP server:
+
That is performed by configuring  pci_passthrough_whitelist in /etc/nova/nova.conf. So, for example:
    interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
+
pci_passthrough_whitelist = {"address":"*:0a:00.*","physical_network":"physnet1"}
For additional information, please refer to the following link:  
+
This associates any VF with address that includes ':0a:00.' in its address to the physical network physnet1.
http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_dhcp_agent.html
 
  
3. Start the DHCP server:
+
After configuring the whitelist you have to restart nova-compute service.
    #service neutron-openvswitch-agent start
 
    #service neutron-dhcp-agent start
 
  
4. Configure the L3 agent configuration file (/etc/neutron/l3_agent.ini):
+
When using devstack pci_passthrough_whitelist can be configured in local.conf file, for example:
    #gateway_external_network_id = d4fdfebb-e027-4acd-bed4-1d96e896f336
+
<pre>
      router_id = 41bf1aa0-3daf-4f51-9d23-0a4b15020c36
+
[[post-config|$NOVA_CONF]]
      interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+
[DEFAULT]
      external_network_bridge = br-ex
+
pci_passthrough_whitelist = {"'"address"'":"'"*:02:00.*"'","'"physical_network"'":"'"default"'"}
 +
</pre>
  
NOTE: The above is an example for configuring one router for tenants. Your values for gateway_external_network_id, router_id, and external_network_bridge may differ.
+
===SR-IOV neutron agent===
 +
If the hardware supports it and you want to enable changing the port admin_state, you have to run the Neutron SR-IOV agent.<br />
  
5. Start the L3 agent:
+
'''Note:'''If you configured agent_required=True on the Neutron server, you must run the Agent on each compute node.
    #service neutron-l3-agent restart
 
  
= Known issues and Troubleshooting =
+
In /etc/neutron/plugins/ml2/ml2_conf.ini make sure you have the following:
 +
[securitygroup]
 +
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
  
For known issues and troubleshooting options refer to  [http://community.mellanox.com/docs/DOC-1127 Mellanox OpenStack Troubleshooting].
+
Modify /etc/neutron/plugins/ml2/ml2_conf_sriov.ini as follows:
  
= References =
+
[sriov_nic]
1. [http://www.mellanox.com/openstack/ http://www.mellanox.com/openstack/]
+
physical_device_mappings = physnet1:eth1
 +
exclude_devices =
  
2. [https://github.com/mellanox-openstack Source repository]
+
Where:
 +
* physnet1 is the physical network
 +
* eth1 is the physical function (PF)
 +
* exclude_devices is empty so all the VFs associated with eth1 may be configured by the agent
  
3. [http://www.mellanox.com/page/products_dyn?product_family=26 Mellanox OFED]
+
After modifying the configuration file, start the Neutron SR-IOV agent. Run:
 +
neutron-sriov-nic-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini
  
4. [http://www.mellanox.com/openstack/pdf/mellanox-openstack-solution.pdf Mellanox OpenStack Solution Reference Architecture]
+
====Exclude VFs====
 +
If you want to exclude some of the VFs so the agent does not configure them, you need to list them in the sriov_nic section:<br />
  
5. [http://community.mellanox.com/docs/DOC-1127 Mellanox OpenStack Troubleshooting]
+
'''Example:''' exclude_devices = eth1:0000:07:00.2; 0000:07:00.3, eth2:0000:05:00.1; 0000:05:00.2
  
For more details, please refer your question to  [mailto:openstack@mellanox.com openstack@mellanox.com]
+
=References=
  
Return to [https://wiki.openstack.org/wiki/Mellanox-OpenStack  Mellanox-OpenStack] wiki page.
+
[http://community.mellanox.com/docs/DOC-1484 Openstack ML2 SR-IOV driver support]

Revision as of 08:05, 29 June 2015

SR-IOV Networking in OpenStack Juno

OpenStack Juno adds inbox support to request VM access to virtual network via SR-IOV NIC. With the introduction of SR-IOV based NICs, the traditional virtual bridge is no longer required. Each SR-IOV port is associated with a virtual function (VF). SR-IOV ports may be provided by Hardware-based Virtual Ethernet Bridging (HW VEB); or they may be extended to an upstream physical switch (IEEE 802.1br). There are two ways that SR-IOV port may be connected:

  • directly connected to its VF
  • connected with a macvtap device that resides on the host, which is then connected to the corresponding VF

Nova

Nova support for SR-IOV enables scheduling an instance with SR-IOV ports based on their network connectivity. The neutron ports' associated physical networks have to be considered in making the scheduling decision. PCI Whitelist has been enchanced to allow tags to be associated with PCI devices. PCI devices available for SR-IOV networking should be tagged with physical_network label.

For SR-IOV networking, a pre-defined tag "physical_network" is used to define the physical network to which the devices are attached. A whitelist entry is defined as: 

   ["vendor_id": "<id>",] ["product_id": "<id>",]
   ["address": "[[[[<domain>]:]<bus>]:][<slot>][.[<function>]]" |
   "devname": "Ethernet Interface Name",]  
   "physical_network":"name string of the physical network"

<id> can be an asterisk (*) or a valid vendor/product ID as displayed by the Linux utility lspci. The address uses the same syntax as in lspci. The devname can be a valid PCI device name. The only device names that are supported are those displayed by the Linux utility ifconfig -a and correspond to either a PF or a VF on a vNIC.

If the device defined by the address or devname corresponds to a SR-IOV PF, all VFs under the PF will match the entry.

Multiple whitelist entries per host are supported.

Neutron

Neutron support for SR-IOV requires ML2 Plugin with SR-IOV supporting mechanism driver. Currently there is ML2 Mechanism Driver for SR-IOV capable NIC based switching (HW VEB). There are network adapters from different vendors that vary by supporting various functionality. If VF link state update is supported by vendor network adapter, the SR-IOV NIC L2 agent should be deployed to leverage this functionality .

VM creation flow with SR-IOV vNIC

  • Create one or more neutron ports. Run:
  neutron port-create <net-id> --binding:vnic-type <direct | macvtap | normal>
  • Boot VM with one or more neutron ports. Run:
  nova boot --flavor m1.large --image <image>
         --nic port-id=<port1> --nic port-id=<port2> <vm name>

Note that in the nova boot API, users can specify either a port-ID or a net-ID. If a net-ID is specified, it is assumed that the user is requesting a normal virtual port (which is not an SR-IOV port).

SR-IOV Configuration

Neutron Server

Using ML2 Neutron plugin modify /etc/neutron/plugins/ml2/ml2_conf.ini: 

[ml2]
tenant_network_types = vlan
type_drivers = vlan
mechanism_drivers = openvswitch,sriovnicswitch
[ml2_type_vlan]
network_vlan_ranges = physnet1:2:100

Add supported PCI vendor VF devices, defined by vendor_id:product_id according to the PCI ID Repository in the /etc/neutron/plugins/ml2/ml2_conf_sriov.ini: 

[ml2_sriov]
supported_pci_vendor_devs = vendor_id:product_id

Example for Intel NIC that supports SR-IOV: 

supported_pci_vendor_devs = 8086:10ca

If SRIOV network adapters support VF link state setting and admin state management is desired, make sure to add /etc/neutron/plugins/ml2/ml2_conf_sriov.ini [ml2_sriov] section the following setting: 

agent_required = True

Neutron server should be run with the two configuration files /etc/neutron/plugins/ml2/ml2_conf.in and /etc/neutron/plugins/ml2/ml2_conf_sriov.ini 

neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini

Compute

nova-compute

On each compute node you have to associate the VFs available to each physical network. That is performed by configuring pci_passthrough_whitelist in /etc/nova/nova.conf. So, for example: 

pci_passthrough_whitelist = {"address":"*:0a:00.*","physical_network":"physnet1"}

This associates any VF with address that includes ':0a:00.' in its address to the physical network physnet1.

After configuring the whitelist you have to restart nova-compute service.

When using devstack pci_passthrough_whitelist can be configured in local.conf file, for example: 

[[post-config|$NOVA_CONF]]
[DEFAULT]
pci_passthrough_whitelist = {"'"address"'":"'"*:02:00.*"'","'"physical_network"'":"'"default"'"}

SR-IOV neutron agent

If the hardware supports it and you want to enable changing the port admin_state, you have to run the Neutron SR-IOV agent.

Note:If you configured agent_required=True on the Neutron server, you must run the Agent on each compute node.

In /etc/neutron/plugins/ml2/ml2_conf.ini make sure you have the following: 

[securitygroup]
firewall_driver = neutron.agent.firewall.NoopFirewallDriver

Modify /etc/neutron/plugins/ml2/ml2_conf_sriov.ini as follows: 

[sriov_nic]
physical_device_mappings = physnet1:eth1
exclude_devices =

Where:

  • physnet1 is the physical network
  • eth1 is the physical function (PF)
  • exclude_devices is empty so all the VFs associated with eth1 may be configured by the agent

After modifying the configuration file, start the Neutron SR-IOV agent. Run: 

neutron-sriov-nic-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_sriov.ini

Exclude VFs

If you want to exclude some of the VFs so the agent does not configure them, you need to list them in the sriov_nic section:

Example: exclude_devices = eth1:0000:07:00.2; 0000:07:00.3, eth2:0000:05:00.1; 0000:05:00.2

References

Openstack ML2 SR-IOV driver support

Retrieved from "https://wiki.openstack.org/w/index.php?title=Mellanox-Neutron-Juno-Redhat-Ethernet-SRIOV&oldid=84456"