[openstack-dev] [neutron][sriov] status of neutron sriov passthrough support

Andreas Scheuring scheuran at linux.vnet.ibm.com
Thu Mar 12 09:37:03 UTC 2015

I was looking at the neutron pci sriov integration, to see what's the
current state, but I still have a few questions. Maybe one of you could
help out. I'm referring to the direct passthrough and not to the macvtap
passthrough right now:

- Only VLAN for the tenant network is supported. Is that true? Where is
the vlan tagging happening? Does libvirt program the VF to be a access

- I read some wiki and code, that the sriov nicswitch agent is there for
setting the link state of a VF. Does it have any other functionality? 

- Are Security Groups and rules supported with this setup. Are they
being programmed into the sriov switch via the nicswitch agent or
somewhere else? At least the agent inherits some security group class,
but I couldn't find more details...

- Similar the the anti spoofing rules, that are applied by default for
every instance. Are they implemented with sriov somewhere? Or are they
not required anymore due to the nature of a VF?

- It's only for attaching instances, right? I've not seen support for
the network node. If so, is also a SingleNode setup supported? I assume
in this case the ovs for the l3 service has to run on top of the PF and
you require a switch in haripin mode. Does that make sense?

- The wiki [1] describes how to attach a port manually. I also read in a
wiki for nova pci passthrough [2] that there are plans to provide
passthrough based on a flavor. Is this also working for neutron sriov

Thanks a lot!

[1] https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
[2] https://wiki.openstack.org/wiki/Pci_passthrough

(irc: scheuran)

More information about the OpenStack-dev mailing list