about using sriov-agent
Hello Experts, I am learning using SR-IOV to enable faster network access. I do not have a smartNIC so I am only talking about regular VF device passthrough. Right now, I configure Nova and use regular device passthrough flavor to create an instance. It works but since the PF device is a trunk network port, I have to configure sub interface manually in the guest. I find that I can only use neutron to configure SR-IOV VF devices (bandwidth, spoofcheck etc.). I am not trying it yet but I would like to ask if I use SR-IOV through neutron, does neutron's sriovagent will configure vlan id automatically such that I do not need to configure it inside the guest? if answer is yes, could you show me the related code? Thank you for your help. -- Best Regards, Jiatong Shen
Hello Jiatong: If you are using a VLAN network to create the SR-IOV ports on it, Nova will assign the corresponding VLAN ID to the VF. The traffic inside the VM won't have the VLAN header but it will be tagged when egressing the VF. This is the same as a tagged OVS TAP port. If you are talking about VLAN trunking, ML2/SR-IOV mechanism driver does not support it. Each vendor and model would require a different implementation. There was some years ago an attempt to implement it in Neutron [1]. If you are willing to continue this implementation (maybe with another driver), I'll help you with this. I don't know if this is what you are looking for. Regards. [1]https://review.opendev.org/c/openstack/neutron/+/665467 On Mon, Mar 10, 2025 at 3:10 PM Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Experts,
I am learning using SR-IOV to enable faster network access. I do not have a smartNIC so I am only talking about regular VF device passthrough. Right now, I configure Nova and use regular device passthrough flavor to create an instance. It works but since the PF device is a trunk network port, I have to configure sub interface manually in the guest.
I find that I can only use neutron to configure SR-IOV VF devices (bandwidth, spoofcheck etc.). I am not trying it yet but I would like to ask if I use SR-IOV through neutron, does neutron's sriovagent will configure vlan id automatically such that I do not need to configure it inside the guest? if answer is yes, could you show me the related code? Thank you for your help.
--
Best Regards,
Jiatong Shen
Hello Rodolfo: Thank you for your answer. I am talking about the VLAN network. About "Nova will assign the corresponding VLAN ID to the VF" part, I am curious how to assign VLAN ID to VF? Can you show me the code where nova implements this feature? Thank you. Best regards, Jiatong Shen On Mon, Mar 10, 2025 at 10:59 PM Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote:
Hello Jiatong:
If you are using a VLAN network to create the SR-IOV ports on it, Nova will assign the corresponding VLAN ID to the VF. The traffic inside the VM won't have the VLAN header but it will be tagged when egressing the VF. This is the same as a tagged OVS TAP port.
If you are talking about VLAN trunking, ML2/SR-IOV mechanism driver does not support it. Each vendor and model would require a different implementation. There was some years ago an attempt to implement it in Neutron [1]. If you are willing to continue this implementation (maybe with another driver), I'll help you with this. I don't know if this is what you are looking for.
Regards.
[1]https://review.opendev.org/c/openstack/neutron/+/665467
On Mon, Mar 10, 2025 at 3:10 PM Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Experts,
I am learning using SR-IOV to enable faster network access. I do not have a smartNIC so I am only talking about regular VF device passthrough. Right now, I configure Nova and use regular device passthrough flavor to create an instance. It works but since the PF device is a trunk network port, I have to configure sub interface manually in the guest.
I find that I can only use neutron to configure SR-IOV VF devices (bandwidth, spoofcheck etc.). I am not trying it yet but I would like to ask if I use SR-IOV through neutron, does neutron's sriovagent will configure vlan id automatically such that I do not need to configure it inside the guest? if answer is yes, could you show me the related code? Thank you for your help.
--
Best Regards,
Jiatong Shen
-- Best Regards, Jiatong Shen
Hi Jiatong: The VIFs are plugged calling [1]; SR-IOV ports in particular will call ``plug_hw_veb``. In any case, I would suggest you to ping Nova folks for Nova related questions. VF configuration: https://man7.org/linux/man-pages/man8/ip-link.8.html. From this manual: """ vlan VLANID - change the assigned VLAN for the specified VF. When specified, all traffic sent from the VF will be tagged with the specified VLAN ID. Incoming traffic will be filtered for the specified VLAN ID, and will have all VLAN tags stripped before being passed to the VF. Setting this parameter to 0 disables VLAN tagging and filtering. The vf parameter must be specified. """ Regards. [1] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L1... On Tue, Mar 11, 2025 at 1:57 AM Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodolfo:
Thank you for your answer. I am talking about the VLAN network. About "Nova will assign the corresponding VLAN ID to the VF" part, I am curious how to assign VLAN ID to VF? Can you show me the code where nova implements this feature? Thank you.
Best regards, Jiatong Shen
On Mon, Mar 10, 2025 at 10:59 PM Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote:
Hello Jiatong:
If you are using a VLAN network to create the SR-IOV ports on it, Nova
will assign the corresponding VLAN ID to the VF. The traffic inside the VM won't have the VLAN header but it will be tagged when egressing the VF. This is the same as a tagged OVS TAP port.
If you are talking about VLAN trunking, ML2/SR-IOV mechanism driver does
not support it. Each vendor and model would require a different implementation. There was some years ago an attempt to implement it in Neutron [1]. If you are willing to continue this implementation (maybe with another driver), I'll help you with this. I don't know if this is what you are looking for.
Regards.
[1]https://review.opendev.org/c/openstack/neutron/+/665467
On Mon, Mar 10, 2025 at 3:10 PM Jiatong Shen <yshxxsjt715@gmail.com>
wrote:
Hello Experts,
I am learning using SR-IOV to enable faster network access. I do not have a smartNIC so I am only talking about regular VF device passthrough. Right now, I configure Nova and use regular device passthrough flavor to create an instance. It works but since the PF device is a trunk network port, I have to configure sub interface manually in the guest.
I find that I can only use neutron to configure SR-IOV VF devices (bandwidth, spoofcheck etc.). I am not trying it yet but I would like to ask if I use SR-IOV through neutron, does neutron's sriovagent will configure vlan id automatically such that I do not need to configure it inside the guest? if answer is yes, could you show me the related code? Thank you for your help.
--
Best Regards,
Jiatong Shen
--
Best Regards,
Jiatong Shen
Hello Rodofl: Thank you very much for your answer. I've somehow skimmed through the code and found the method plug_hw_veb[1]. In the method, it looks like if vnic type equals *macvtap* then vlan tag is configured by ip link toolkit. But if vnic type is *direct*, then nova will not configure vlan tag for the specific VF. Am I correct? Thank you very much. Best regards, Jiatong Shen [1] https://github.com/openstack/nova/blob/a329c103cbc864591f232b195016407e407bd... On Tue, Mar 11, 2025 at 3:45 PM Rodolfo Alonso Hernandez < ralonsoh@redhat.com> wrote:
Hi Jiatong:
The VIFs are plugged calling [1]; SR-IOV ports in particular will call ``plug_hw_veb``. In any case, I would suggest you to ping Nova folks for Nova related questions.
VF configuration: https://man7.org/linux/man-pages/man8/ip-link.8.html. From this manual: """ vlan VLANID - change the assigned VLAN for the specified VF. When specified, all traffic sent from the VF will be tagged with the specified VLAN ID. Incoming traffic will be filtered for the specified VLAN ID, and will have all VLAN tags stripped before being passed to the VF. Setting this parameter to 0 disables VLAN tagging and filtering. The vf parameter must be specified. """
Regards.
[1] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L1...
On Tue, Mar 11, 2025 at 1:57 AM Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodolfo:
Thank you for your answer. I am talking about the VLAN network. About "Nova will assign the corresponding VLAN ID to the VF" part, I am curious how to assign VLAN ID to VF? Can you show me the code where nova implements this feature? Thank you.
Best regards, Jiatong Shen
On Mon, Mar 10, 2025 at 10:59 PM Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote:
Hello Jiatong:
If you are using a VLAN network to create the SR-IOV ports on it, Nova
will assign the corresponding VLAN ID to the VF. The traffic inside the VM won't have the VLAN header but it will be tagged when egressing the VF. This is the same as a tagged OVS TAP port.
If you are talking about VLAN trunking, ML2/SR-IOV mechanism driver
does not support it. Each vendor and model would require a different implementation. There was some years ago an attempt to implement it in Neutron [1]. If you are willing to continue this implementation (maybe with another driver), I'll help you with this. I don't know if this is what you are looking for.
Regards.
[1]https://review.opendev.org/c/openstack/neutron/+/665467
On Mon, Mar 10, 2025 at 3:10 PM Jiatong Shen <yshxxsjt715@gmail.com>
wrote:
Hello Experts,
I am learning using SR-IOV to enable faster network access. I do not have a smartNIC so I am only talking about regular VF device passthrough. Right now, I configure Nova and use regular device passthrough flavor to create an instance. It works but since the PF device is a trunk network port, I have to configure sub interface manually in the guest.
I find that I can only use neutron to configure SR-IOV VF devices (bandwidth, spoofcheck etc.). I am not trying it yet but I would like to ask if I use SR-IOV through neutron, does neutron's sriovagent will configure vlan id automatically such that I do not need to configure it inside the guest? if answer is yes, could you show me the related code? Thank you for your help.
--
Best Regards,
Jiatong Shen
--
Best Regards,
Jiatong Shen
-- Best Regards, Jiatong Shen
Hey Shen - you re correct in your observations regarding the plug_hw_veb[1] method.. When the vnic_type is set to macvtap, VLAN tagging is explicitly configured via the ip link toolkit. This ensures that the VLAN tag is properly applied at the link layer, enabling traffic segregation according to VLAN specifications. However, when the vnic_type is direct, Nova does not configure the VLAN tag for the associated Virtual Function (VF). Instead, in this scenario, the assumption is that VLAN tagging is managed externally and either by the physical switch or through SR-IOV configurations at the NIC level. This aligns with the expectation that a direct VF passthrough setup should offload network configuration responsibilities to external network control mechanisms, ensuring minimal intervention from Nova itself. This design choice likely stems from the fundamental differences in how macvtap and direct modes handle network traffic :) for example as following below; Macvtap mode, operates at the software layer and requires explicit VLAN configuration within the host. Direct mode, assumes hardware-based VLAN offloading, allowing the network infrastructure to manage VLAN tagging instead. by the way if your use case requires VLAN tagging for a direct VF within Nova, you may need to configure it manually at the NIC level or ensure proper VLAN trunking is in place on the upstream switch. i hope to this inputs helps for you. Best, Sevgiler, Kerem ÇELİKER On Tue, Mar 11, 2025 at 11:08 Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodofl:
Thank you very much for your answer. I've somehow skimmed through the code and found the method plug_hw_veb[1]. In the method, it looks like if vnic type equals *macvtap* then vlan tag is configured by ip link toolkit. But if vnic type is *direct*, then nova will not configure vlan tag for the specific VF. Am I correct? Thank you very much.
Best regards, Jiatong Shen
[1] https://github.com/openstack/nova/blob/a329c103cbc864591f232b195016407e407bd...
On Tue, Mar 11, 2025 at 3:45 PM Rodolfo Alonso Hernandez < ralonsoh@redhat.com> wrote:
Hi Jiatong:
The VIFs are plugged calling [1]; SR-IOV ports in particular will call ``plug_hw_veb``. In any case, I would suggest you to ping Nova folks for Nova related questions.
VF configuration: https://man7.org/linux/man-pages/man8/ip-link.8.html. From this manual: """ vlan VLANID - change the assigned VLAN for the specified VF. When specified, all traffic sent from the VF will be tagged with the specified VLAN ID. Incoming traffic will be filtered for the specified VLAN ID, and will have all VLAN tags stripped before being passed to the VF. Setting this parameter to 0 disables VLAN tagging and filtering. The vf parameter must be specified. """
Regards.
[1] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L1...
On Tue, Mar 11, 2025 at 1:57 AM Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodolfo:
Thank you for your answer. I am talking about the VLAN network. About "Nova will assign the corresponding VLAN ID to the VF" part, I am curious how to assign VLAN ID to VF? Can you show me the code where nova implements this feature? Thank you.
Best regards, Jiatong Shen
On Mon, Mar 10, 2025 at 10:59 PM Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote:
Hello Jiatong:
If you are using a VLAN network to create the SR-IOV ports on it, Nova
will assign the corresponding VLAN ID to the VF. The traffic inside the VM won't have the VLAN header but it will be tagged when egressing the VF. This is the same as a tagged OVS TAP port.
If you are talking about VLAN trunking, ML2/SR-IOV mechanism driver
does not support it. Each vendor and model would require a different implementation. There was some years ago an attempt to implement it in Neutron [1]. If you are willing to continue this implementation (maybe with another driver), I'll help you with this. I don't know if this is what you are looking for.
Regards.
[1]https://review.opendev.org/c/openstack/neutron/+/665467
On Mon, Mar 10, 2025 at 3:10 PM Jiatong Shen <yshxxsjt715@gmail.com>
wrote:
Hello Experts,
I am learning using SR-IOV to enable faster network access. I do not have a smartNIC so I am only talking about regular VF device passthrough. Right now, I configure Nova and use regular device passthrough flavor to create an instance. It works but since the PF device is a trunk network port, I have to configure sub interface manually in the guest.
I find that I can only use neutron to configure SR-IOV VF devices (bandwidth, spoofcheck etc.). I am not trying it yet but I would like to ask if I use SR-IOV through neutron, does neutron's sriovagent will configure vlan id automatically such that I do not need to configure it inside the guest? if answer is yes, could you show me the related code? Thank you for your help.
--
Best Regards,
Jiatong Shen
--
Best Regards,
Jiatong Shen
--
Best Regards,
Jiatong Shen
Hello Kerem and Jiatong: OpenStack configures the VLAN tag on the VF device depending on the VLAN ID of the Neutron network. There is no need for manual configuration in the VF nor the VM. The VLAN ID is set in the VM XML definition, in the port section [1][2]. Regards. [1] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/config.py#L1... [2] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/config.py#L2... On Tue, Mar 11, 2025 at 9:24 AM Kerem Celiker <kmceliker@gmail.com> wrote:
Hey Shen - you re correct in your observations regarding the plug_hw_veb[1] method..
When the vnic_type is set to macvtap, VLAN tagging is explicitly configured via the ip link toolkit. This ensures that the VLAN tag is properly applied at the link layer, enabling traffic segregation according to VLAN specifications.
However, when the vnic_type is direct, Nova does not configure the VLAN tag for the associated Virtual Function (VF). Instead, in this scenario, the assumption is that VLAN tagging is managed externally and either by the physical switch or through SR-IOV configurations at the NIC level. This aligns with the expectation that a direct VF passthrough setup should offload network configuration responsibilities to external network control mechanisms, ensuring minimal intervention from Nova itself.
This design choice likely stems from the fundamental differences in how macvtap and direct modes handle network traffic :)
for example as following below;
Macvtap mode, operates at the software layer and requires explicit VLAN configuration within the host.
Direct mode, assumes hardware-based VLAN offloading, allowing the network infrastructure to manage VLAN tagging instead.
by the way if your use case requires VLAN tagging for a direct VF within Nova, you may need to configure it manually at the NIC level or ensure proper VLAN trunking is in place on the upstream switch. i hope to this inputs helps for you.
Best, Sevgiler, Kerem ÇELİKER
On Tue, Mar 11, 2025 at 11:08 Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodofl:
Thank you very much for your answer. I've somehow skimmed through the code and found the method plug_hw_veb[1]. In the method, it looks like if vnic type equals *macvtap* then vlan tag is configured by ip link toolkit. But if vnic type is *direct*, then nova will not configure vlan tag for the specific VF. Am I correct? Thank you very much.
Best regards, Jiatong Shen
[1] https://github.com/openstack/nova/blob/a329c103cbc864591f232b195016407e407bd...
On Tue, Mar 11, 2025 at 3:45 PM Rodolfo Alonso Hernandez < ralonsoh@redhat.com> wrote:
Hi Jiatong:
The VIFs are plugged calling [1]; SR-IOV ports in particular will call ``plug_hw_veb``. In any case, I would suggest you to ping Nova folks for Nova related questions.
VF configuration: https://man7.org/linux/man-pages/man8/ip-link.8.html. From this manual: """ vlan VLANID - change the assigned VLAN for the specified VF. When specified, all traffic sent from the VF will be tagged with the specified VLAN ID. Incoming traffic will be filtered for the specified VLAN ID, and will have all VLAN tags stripped before being passed to the VF. Setting this parameter to 0 disables VLAN tagging and filtering. The vf parameter must be specified. """
Regards.
[1] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L1...
On Tue, Mar 11, 2025 at 1:57 AM Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodolfo:
Thank you for your answer. I am talking about the VLAN network. About "Nova will assign the corresponding VLAN ID to the VF" part, I am curious how to assign VLAN ID to VF? Can you show me the code where nova implements this feature? Thank you.
Best regards, Jiatong Shen
On Mon, Mar 10, 2025 at 10:59 PM Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote:
Hello Jiatong:
If you are using a VLAN network to create the SR-IOV ports on it,
Nova will assign the corresponding VLAN ID to the VF. The traffic inside the VM won't have the VLAN header but it will be tagged when egressing the VF. This is the same as a tagged OVS TAP port.
If you are talking about VLAN trunking, ML2/SR-IOV mechanism driver
does not support it. Each vendor and model would require a different implementation. There was some years ago an attempt to implement it in Neutron [1]. If you are willing to continue this implementation (maybe with another driver), I'll help you with this. I don't know if this is what you are looking for.
Regards.
[1]https://review.opendev.org/c/openstack/neutron/+/665467
On Mon, Mar 10, 2025 at 3:10 PM Jiatong Shen <yshxxsjt715@gmail.com>
wrote:
Hello Experts,
I am learning using SR-IOV to enable faster network access. I do not have a smartNIC so I am only talking about regular VF device passthrough. Right now, I configure Nova and use regular device passthrough flavor to create an instance. It works but since the PF device is a trunk network port, I have to configure sub interface manually in the guest.
I find that I can only use neutron to configure SR-IOV VF devices (bandwidth, spoofcheck etc.). I am not trying it yet but I would like to ask if I use SR-IOV through neutron, does neutron's sriovagent
will
configure vlan id automatically such that I do not need to configure it inside the guest? if answer is yes, could you show me the related code? Thank you for your help.
--
Best Regards,
Jiatong Shen
--
Best Regards,
Jiatong Shen
--
Best Regards,
Jiatong Shen
Hello Rodolfo and Kerem, Thank you very much for the clarification. Best regards, Jiatong Shen On Tue, Mar 11, 2025 at 4:47 PM Rodolfo Alonso Hernandez < ralonsoh@redhat.com> wrote:
Hello Kerem and Jiatong:
OpenStack configures the VLAN tag on the VF device depending on the VLAN ID of the Neutron network. There is no need for manual configuration in the VF nor the VM.
The VLAN ID is set in the VM XML definition, in the port section [1][2].
Regards.
[1] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/config.py#L1... [2] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/config.py#L2...
On Tue, Mar 11, 2025 at 9:24 AM Kerem Celiker <kmceliker@gmail.com> wrote:
Hey Shen - you re correct in your observations regarding the plug_hw_veb[1] method..
When the vnic_type is set to macvtap, VLAN tagging is explicitly configured via the ip link toolkit. This ensures that the VLAN tag is properly applied at the link layer, enabling traffic segregation according to VLAN specifications.
However, when the vnic_type is direct, Nova does not configure the VLAN tag for the associated Virtual Function (VF). Instead, in this scenario, the assumption is that VLAN tagging is managed externally and either by the physical switch or through SR-IOV configurations at the NIC level. This aligns with the expectation that a direct VF passthrough setup should offload network configuration responsibilities to external network control mechanisms, ensuring minimal intervention from Nova itself.
This design choice likely stems from the fundamental differences in how macvtap and direct modes handle network traffic :)
for example as following below;
Macvtap mode, operates at the software layer and requires explicit VLAN configuration within the host.
Direct mode, assumes hardware-based VLAN offloading, allowing the network infrastructure to manage VLAN tagging instead.
by the way if your use case requires VLAN tagging for a direct VF within Nova, you may need to configure it manually at the NIC level or ensure proper VLAN trunking is in place on the upstream switch. i hope to this inputs helps for you.
Best, Sevgiler, Kerem ÇELİKER
On Tue, Mar 11, 2025 at 11:08 Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodofl:
Thank you very much for your answer. I've somehow skimmed through the code and found the method plug_hw_veb[1]. In the method, it looks like if vnic type equals *macvtap* then vlan tag is configured by ip link toolkit. But if vnic type is *direct*, then nova will not configure vlan tag for the specific VF. Am I correct? Thank you very much.
Best regards, Jiatong Shen
[1] https://github.com/openstack/nova/blob/a329c103cbc864591f232b195016407e407bd...
On Tue, Mar 11, 2025 at 3:45 PM Rodolfo Alonso Hernandez < ralonsoh@redhat.com> wrote:
Hi Jiatong:
The VIFs are plugged calling [1]; SR-IOV ports in particular will call ``plug_hw_veb``. In any case, I would suggest you to ping Nova folks for Nova related questions.
VF configuration: https://man7.org/linux/man-pages/man8/ip-link.8.html. From this manual: """ vlan VLANID - change the assigned VLAN for the specified VF. When specified, all traffic sent from the VF will be tagged with the specified VLAN ID. Incoming traffic will be filtered for the specified VLAN ID, and will have all VLAN tags stripped before being passed to the VF. Setting this parameter to 0 disables VLAN tagging and filtering. The vf parameter must be specified. """
Regards.
[1] https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L1...
On Tue, Mar 11, 2025 at 1:57 AM Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodolfo:
Thank you for your answer. I am talking about the VLAN network. About "Nova will assign the corresponding VLAN ID to the VF" part, I am curious how to assign VLAN ID to VF? Can you show me the code where nova implements this feature? Thank you.
Best regards, Jiatong Shen
On Mon, Mar 10, 2025 at 10:59 PM Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote:
Hello Jiatong:
If you are using a VLAN network to create the SR-IOV ports on it,
Nova will assign the corresponding VLAN ID to the VF. The traffic inside the VM won't have the VLAN header but it will be tagged when egressing the VF. This is the same as a tagged OVS TAP port.
If you are talking about VLAN trunking, ML2/SR-IOV mechanism driver
does not support it. Each vendor and model would require a different implementation. There was some years ago an attempt to implement it in Neutron [1]. If you are willing to continue this implementation (maybe with another driver), I'll help you with this. I don't know if this is what you are looking for.
Regards.
[1]https://review.opendev.org/c/openstack/neutron/+/665467
On Mon, Mar 10, 2025 at 3:10 PM Jiatong Shen <yshxxsjt715@gmail.com>
> > Hello Experts, > > I am learning using SR-IOV to enable faster network access. I do not > have a smartNIC so I am only talking about regular VF device > passthrough. Right now, I configure Nova and use regular device > passthrough flavor to create an instance. It works but since the PF > device is a trunk network port, I have to configure sub interface > manually in the guest. > > I find that I can only use neutron to configure SR-IOV VF devices > (bandwidth, spoofcheck etc.). I am not trying it yet but I would
wrote: like
> to ask if I use SR-IOV through neutron, does neutron's sriovagent will > configure vlan id automatically such that I do not need to configure > it inside the guest? if answer is yes, could you show me the related > code? Thank you for your help. > > -- > > Best Regards, > > Jiatong Shen >
--
Best Regards,
Jiatong Shen
--
Best Regards,
Jiatong Shen
-- Best Regards, Jiatong Shen
just one point to clarify nova will try and configure the vlan via the xml when that is supported and appropriate to do so for stadnard sriov we will use the xml for vnic_type=direct nova fallsback to using ip link to set it in cases where we cant do it in libvirt. vnic_type=macvtap is an example of where that is used as was noted previously. for hardware offloaded ovs the vlan on the sriov VF is programed via ovs instead of via the libvirt xml, in all case manual configuration of the vlan should not be requried. nova/libvirt can only program the VFs if they pf netdev driver supprot it. for example if you bind a nic PF to dpdk, nova/libvirt cannot program the VFs mac or vlan as ip link and the underlying ioctl sys calls cannot be made on the PF. On 11/03/2025 09:05, Jiatong Shen wrote:
Hello Rodolfo and Kerem,
Thank you very much for the clarification.
Best regards,
Jiatong Shen
On Tue, Mar 11, 2025 at 4:47 PM Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote:
Hello Kerem and Jiatong:
OpenStack configures the VLAN tag on the VF device depending on the VLAN ID of the Neutron network. There is no need for manual configuration in the VF nor the VM.
The VLAN ID is set in the VM XML definition, in the port section [1][2].
Regards.
[1]https://github.com/openstack/nova/blob/master/nova/virt/libvirt/config.py#L1... [2]https://github.com/openstack/nova/blob/master/nova/virt/libvirt/config.py#L2...
On Tue, Mar 11, 2025 at 9:24 AM Kerem Celiker <kmceliker@gmail.com> wrote:
Hey Shen - you re correct in your observations regarding the plug_hw_veb[1] method..
When the vnic_type is set to macvtap, VLAN tagging is explicitly configured via the ip link toolkit. This ensures that the VLAN tag is properly applied at the link layer, enabling traffic segregation according to VLAN specifications.
However, when the vnic_type is direct, Nova does not configure the VLAN tag for the associated Virtual Function (VF). Instead, in this scenario, the assumption is that VLAN tagging is managed externally and either by the physical switch or through SR-IOV configurations at the NIC level. This aligns with the expectation that a direct VF passthrough setup should offload network configuration responsibilities to external network control mechanisms, ensuring minimal intervention from Nova itself.
This design choice likely stems from the fundamental differences in how macvtap and direct modes handle network traffic :)
for example as following below;
Macvtap mode, operates at the software layer and requires explicit VLAN configuration within the host.
Direct mode, assumes hardware-based VLAN offloading, allowing the network infrastructure to manage VLAN tagging instead.
by the way if your use case requires VLAN tagging for a direct VF within Nova, you may need to configure it manually at the NIC level or ensure proper VLAN trunking is in place on the upstream switch.
i hope to this inputs helps for you.
Best, Sevgiler, Kerem ÇELİKER
On Tue, Mar 11, 2025 at 11:08 Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodofl:
Thank you very much for your answer. I've somehow skimmed through the code and found the method plug_hw_veb[1]. In the method, it looks like if vnic type equals *macvtap* then vlan tag is configured by ip link toolkit. But if vnic type is *direct*, then nova will not configure vlan tag for the specific VF. Am I correct? Thank you very much.
Best regards, Jiatong Shen
[1] https://github.com/openstack/nova/blob/a329c103cbc864591f232b195016407e407bd...
On Tue, Mar 11, 2025 at 3:45 PM Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote:
Hi Jiatong:
The VIFs are plugged calling [1]; SR-IOV ports in particular will call ``plug_hw_veb``. In any case, I would suggest you to ping Nova folks for Nova related questions.
VF configuration: https://man7.org/linux/man-pages/man8/ip-link.8.html. From this manual: """ vlan VLANID - change the assigned VLAN for the specified VF. When specified, all traffic sent from the VF will be tagged with the specified VLAN ID. Incoming traffic will be filtered for the specified VLAN ID, and will have all VLAN tags stripped before being passed to the VF. Setting this parameter to 0 disables VLAN tagging and filtering. The vf parameter must be specified. """
Regards.
[1]https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L1...
On Tue, Mar 11, 2025 at 1:57 AM Jiatong Shen <yshxxsjt715@gmail.com> wrote:
Hello Rodolfo:
Thank you for your answer. I am talking about the VLAN network. About "Nova will assign the corresponding VLAN ID to the VF" part, I am curious how to assign VLAN ID to VF? Can you show me the code where nova implements this feature? Thank you.
Best regards, Jiatong Shen
On Mon, Mar 10, 2025 at 10:59 PM Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote: > > Hello Jiatong: > > If you are using a VLAN network to create the SR-IOV ports on it, Nova will assign the corresponding VLAN ID to the VF. The traffic inside the VM won't have the VLAN header but it will be tagged when egressing the VF. This is the same as a tagged OVS TAP port. > > If you are talking about VLAN trunking, ML2/SR-IOV mechanism driver does not support it. Each vendor and model would require a different implementation. There was some years ago an attempt to implement it in Neutron [1]. If you are willing to continue this implementation (maybe with another driver), I'll help you with this. I don't know if this is what you are looking for. > > Regards. > > [1]https://review.opendev.org/c/openstack/neutron/+/665467 > > On Mon, Mar 10, 2025 at 3:10 PM Jiatong Shen <yshxxsjt715@gmail.com> wrote: >> >> Hello Experts, >> >> I am learning using SR-IOV to enable faster network access. I do not >> have a smartNIC so I am only talking about regular VF device >> passthrough. Right now, I configure Nova and use regular device >> passthrough flavor to create an instance. It works but since the PF >> device is a trunk network port, I have to configure sub interface >> manually in the guest. >> >> I find that I can only use neutron to configure SR-IOV VF devices >> (bandwidth, spoofcheck etc.). I am not trying it yet but I would like >> to ask if I use SR-IOV through neutron, does neutron's sriovagent will >> configure vlan id automatically such that I do not need to configure >> it inside the guest? if answer is yes, could you show me the related >> code? Thank you for your help. >> >> -- >> >> Best Regards, >> >> Jiatong Shen >>
--
Best Regards,
Jiatong Shen
--
Best Regards,
Jiatong Shen
--
Best Regards,
Jiatong Shen
participants (4)
-
Jiatong Shen
-
Kerem Celiker
-
Rodolfo Alonso Hernandez
-
Sean Mooney