[openstack-dev] [os-vif] [vif_plug_ovs] Queries on VIF_Type VIFHostDevice

Moshe Levi moshele at mellanox.com
Wed Aug 9 14:24:39 UTC 2017


Hi, 

1) you should use neutron port with vnic_type direct
2) yes,  just use neutron port with vnic_type  direct and confighure the nova compute with pci passthogth whitelist 
3) you can configure firewall_driver = openvswitch to work with Conntrack.

So in your case if have SR-IOV nic which doesn't support  hardware offload (but has VF representors port)  you will just fallback to the ovs kernel datapath.  
The ovs 2.8.0 code try to offload each datapath rule to NIC hardware if it failed it fails back to the ovs kernel datapath.
So if have NIC that can offload classification  on vlan  and action output. Only datapath flows that constructed for this classification and action  will be offload to hardware.

-----Original Meyssage-----
From: pranab boruah [mailto:pranabjyotiboruah at gmail.com] 
Sent: Wednesday, August 9, 2017 4:36 PM
To: OpenStack Development Mailing List (not for usage questions) <openstack-dev at lists.openstack.org>
Subject: [openstack-dev] [os-vif] [vif_plug_ovs] Queries on VIF_Type VIFHostDevice

Hi,
I am experimenting with the os-vif library and stumbled upon this new VIF type called VIFHostDevice. I have few general queries. TIA.

1. How do I create ports with VIF_type as VIFHostDevice? Looking for the CLI command options.


2. Say, I have OVS running completely on x86 host(no datapath or flow offload to
 NIC) as the networking mechanism and a SRIOV capable NIC(for existence of VF representors that will be added to the OVS bridge). Can I still launch instances with VIF_type as VIFHostDevice?


3. I want to use Security Groups using OVS+Conntrack as the mechanism.
Can I apply SG rules on the ports of type VIFHostDevice using the above mechanism?

PS: I am still trying to understand this. Hence, I might get my premises wrong in the above questions. Will appreciate a detailed explanation.

Regards,
Pranab

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openstack.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fopenstack-dev&data=02%7C01%7Cmoshele%40mellanox.com%7C0af8192c256c42f1252308d4df2b96b4%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636378825693889082&sdata=iNi%2FLHV5LkTKs8sSpS4BgHU6lwaoywo6O%2BNcF3hqtms%3D&reserved=0


More information about the OpenStack-dev mailing list