[Openstack] [Neutron][SRIOV][docs] Enabling SRIOV on OpenStack Juno step-by-step guide

Sam Stoelinga sammiestoel at gmail.com
Mon Jul 20 08:58:43 UTC 2015 

I want to add that I'm not using the NoopFirewall as I'm using
agent_required = False. So all instances that are not using SRIOV can still
use security groups like normal. Instances that are using SRIOV won't have
security groups applied though.

On Mon, Jul 20, 2015 at 3:21 PM, Moshe Levi <moshele at mellanox.com> wrote:

>
>
> > -----Original Message-----
> > From: Andreas Scheuring [mailto:scheuran at linux.vnet.ibm.com]
> > Sent: Monday, July 20, 2015 10:04 AM
> > To: Moshe Levi
> > Cc: Sam Stoelinga; openstack at lists.openstack.org
> > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling SRIOV on
> > OpenStack Juno step-by-step guide
> >
> > +1 for updating the wiki
> > +1 for adding a section to the docs
> >
> >
> > Moshe,
> > what about the firewall support Sam mentioned? I assume fwaas is
> > supported, as it runs on the network node which uses ovs, but Security
> > Groups are not working as you're using the NoopFirewallDriver, right?
> Yes that is correct. I will update that as well in the wiki.
>
> > Or is there another FW driver that could be used?
> >
> > Thanks
> >
> >
> >
> > On So, 2015-07-19 at 08:12 +0000, Moshe Levi wrote:
> > > See my comments inline
> > >
> > >
> > >
> > > From: Sam Stoelinga [mailto:sammiestoel at gmail.com]
> > > Sent: Sunday, July 19, 2015 10:37 AM
> > > To: Moshe Levi
> > > Cc: openstack at lists.openstack.org
> > > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling SRIOV on
> > > OpenStack Juno step-by-step guide
> > >
> > >
> > >
> > >
> > > I think it was not fair to say it's not up to date. It seems it's up
> > > to date, but current downsides of existing OpenStack wikis on SRIOV
> > > are missing info, many different Wikis and hard to consume the info:
> > >
> > >
> > > 1. https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
> > >
> > >
> > > 2. https://wiki.openstack.org/wiki/Nova-neutron-sriov
> > >
> > >
> > > 3. https://wiki.openstack.org/wiki/PCI_passthrough_SRIOV_support
> > >
> > >
> > > 4. https://wiki.openstack.org/wiki/Pci_passthrough
> > >
> > >
> > >
> > > [ML] – I think the only wiki users should be using is
> > > https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
> > >  [2],[3] are the blueprints and [4] is PCI-Pass-through without SR-IOV
> > > and it refer to [1] which is good.
> > >
> > >
> > >
> > >
> > > Things that I noticed that were missing / could be better:
> > >
> > >
> > > 1.     Adding PCIDeviceFilter to nova-scheduler
> > >
> > > [ML] I think you mean the PciPassthroughFilter and you are correct
> indeed
> > it is missing. I will update the wiki.
> > > 2.     How to enable VFs on compute nodes
> > >
> > > [ML] – This  vendor specific but we can add links to vendor wiki page
> > > on how to configure their NIC to support SR-IOV
> > >
> > >
> > > 3. This wiki: https://wiki.openstack.org/wiki/Nova-neutron-sriov
> > > contains incorrect information.
> > >
> > >
> > > Current wrong: "neutron port-create <net-uuid-from-step-1> --name
> > > sriov_port --vnic-type direct "
> > >
> > >
> > > should be "neutron port-create <net-uuid-from-step-1> --name
> > > sriov_port --binding:vnic_type direct"
> > >
> > > [ML] – this is blueprint but I will check if I can update it.
> > >
> > >
> > > 3.     Make it more clear that agent_required = False is totally fine
> > > and may be better. From what I read you have to disable the firewall
> > > functionality if you enable sriov-agent? Not sure if that
> > > understanding is correct.
> > >
> > > [ML] – I agree this is totally need clarification. The
> > > agent_required=False is used when you have Intel NIC that doesn’t
> > > support admin up/down  change. SR-IOV NIC that support admin up/down
> > > change should be configured with agent_required =True.
> > >
> > > I will update the wiki explaining that flag.  (by the way we hope to
> > > change it in liberty and deprecate the agent_required flag)
> > >
> > >
> > >
> > >
> > >
> > > I would prefer this information to have release bound documentation in
> > > for example the Networking
> > > Guide: http://docs.openstack.org/networking-guide/ or the Cloud
> > > Administrator
> > > Guide: http://docs.openstack.org/admin-guide-cloud/content/
> > >
> > > [ML] – Ok, I guess this is required change in
> > > openstack/openstack-manuals repository. Can you help and adding
> > > documentations  there? Just put me as review.  If not I will try do it
> > > myself or find someone in Mellanox.
> > >
> > >
> > >
> > >
> > > I believe that using the pci sys interface is vendor compatible. Would
> > > be great if you could confirm. Could you try testing $ echo '7'
> > > > /sys/class/net/eth3/device/sriov_numvfs on a mellanox card?
> > >
> > >
> > > This way we don't have to write vendor specific docs on enabling VFs
> > > :)
> > >
> > >
> > > When using modprobe ixgbe max_vfs=7 it tells you that using max_vfs is
> > > deprecated and that the pci sys interface should be used. That's how I
> > > found out about this.
> > >
> > > [ML] – unfortunately it is not generic  in Melllanox you need to
> > > configure number of VFs and number of probes (also Single Port  or
> > > Duel Port ) it is more complicateL
> > >
> > > see https://community.mellanox.com/docs/DOC-1484
> > >
> > >
> > >
> > >
> > > On Sun, Jul 19, 2015 at 2:44 PM, Moshe Levi <moshele at mellanox.com>
> > > wrote:
> > >
> > >         Hi Sam,
> > >
> > >
> > >
> > >         Can you explain why you think that the
> > >
> https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
> > is out of date?
> > >
> > >         Moreover you blog explain how to configure SR-IOV on Intel
> > >         NIC, but keep in mind Neutron SRIOV is generic and can support
> > >         any other vendors such  as Mellanox.
> > >
> > >         Maybe will should add links to how to configure SR-IOV NIC for
> > >         several  Vendors. We can start with Mellanox and Intel NIC.
> > >         What do you think?
> > >
> > >
> > >
> > >
> > >
> > >         From: Sam Stoelinga [mailto:sammiestoel at gmail.com]
> > >         Sent: Saturday, July 18, 2015 5:55 PM
> > >         To: openstack at lists.openstack.org
> > >         Subject: [Openstack] [Neutron][SRIOV][docs] Enabling SRIOV on
> > >         OpenStack Juno step-by-step guide
> > >
> > >
> > >
> > >
> > >         Hi networking gurus,
> > >
> > >
> > >
> > >
> > >         While it may be easy for many of you to enable Neutron SRIOV
> > >         on OpenStack it wasn't a smooth ride for me. I documented
> > >         exactly which steps were required to enable SRIOV on OpenStack
> > >         on my
> > >         blog:
> > > http://samos-it.com/posts/sriov-openstack-juno-fuel-6-1.html
> > >
> > >
> > >
> > >
> > >
> > >         It seems there is no official documentation yet other than 2
> > >         out of date wiki pages. I would like take the content of my
> > >         blog post to official OpenStack docs if you guys/girls think
> > >         it's useful for the broader audience.
> > >
> > >
> > >
> > >
> > >
> > >         Regards,
> > >
> > >
> > >         Sam Stoelinga
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > > Post to     : openstack at lists.openstack.org
> > > Unsubscribe :
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> > --
> > Andreas
> > (IRC: scheuran)
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150720/45803b8e/attachment.html>

More information about the Openstack mailing list