[Openstack] [Neutron][SRIOV][docs] Enabling SRIOV on OpenStack Juno step-by-step guide
Andreas Scheuring
scheuran at linux.vnet.ibm.com
Mon Jul 20 09:33:44 UTC 2015
That's right.
But the firewall_driver = NoopFirewallDriver is an agent configuration,
so if you would have the sriov-agent configured with this driver, you
still could configure an ovs agent with another driver I guess. Does
that make sense?
If so, maybe we could add this information to the wiki as well!
Thanks!
Andreas
On Mo, 2015-07-20 at 16:58 +0800, Sam Stoelinga wrote:
> I want to add that I'm not using the NoopFirewall as I'm using
> agent_required = False. So all instances that are not using SRIOV can
> still use security groups like normal. Instances that are using SRIOV
> won't have security groups applied though.
>
> On Mon, Jul 20, 2015 at 3:21 PM, Moshe Levi <moshele at mellanox.com>
> wrote:
>
>
> > -----Original Message-----
> > From: Andreas Scheuring [mailto:scheuran at linux.vnet.ibm.com]
> > Sent: Monday, July 20, 2015 10:04 AM
> > To: Moshe Levi
> > Cc: Sam Stoelinga; openstack at lists.openstack.org
> > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling
> SRIOV on
> > OpenStack Juno step-by-step guide
> >
> > +1 for updating the wiki
> > +1 for adding a section to the docs
> >
> >
> > Moshe,
> > what about the firewall support Sam mentioned? I assume
> fwaas is
> > supported, as it runs on the network node which uses ovs,
> but Security
> > Groups are not working as you're using the
> NoopFirewallDriver, right?
> Yes that is correct. I will update that as well in the wiki.
>
> > Or is there another FW driver that could be used?
> >
> > Thanks
> >
> >
> >
> > On So, 2015-07-19 at 08:12 +0000, Moshe Levi wrote:
> > > See my comments inline
> > >
> > >
> > >
> > > From: Sam Stoelinga [mailto:sammiestoel at gmail.com]
> > > Sent: Sunday, July 19, 2015 10:37 AM
> > > To: Moshe Levi
> > > Cc: openstack at lists.openstack.org
> > > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling
> SRIOV on
> > > OpenStack Juno step-by-step guide
> > >
> > >
> > >
> > >
> > > I think it was not fair to say it's not up to date. It
> seems it's up
> > > to date, but current downsides of existing OpenStack wikis
> on SRIOV
> > > are missing info, many different Wikis and hard to consume
> the info:
> > >
> > >
> > > 1.
> https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
> > >
> > >
> > > 2. https://wiki.openstack.org/wiki/Nova-neutron-sriov
> > >
> > >
> > > 3.
> https://wiki.openstack.org/wiki/PCI_passthrough_SRIOV_support
> > >
> > >
> > > 4. https://wiki.openstack.org/wiki/Pci_passthrough
> > >
> > >
> > >
> > > [ML] – I think the only wiki users should be using is
> > >
> https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
> > > [2],[3] are the blueprints and [4] is PCI-Pass-through
> without SR-IOV
> > > and it refer to [1] which is good.
> > >
> > >
> > >
> > >
> > > Things that I noticed that were missing / could be better:
> > >
> > >
> > > 1. Adding PCIDeviceFilter to nova-scheduler
> > >
> > > [ML] I think you mean the PciPassthroughFilter and you are
> correct indeed
> > it is missing. I will update the wiki.
> > > 2. How to enable VFs on compute nodes
> > >
> > > [ML] – This vendor specific but we can add links to
> vendor wiki page
> > > on how to configure their NIC to support SR-IOV
> > >
> > >
> > > 3. This wiki:
> https://wiki.openstack.org/wiki/Nova-neutron-sriov
> > > contains incorrect information.
> > >
> > >
> > > Current wrong: "neutron port-create <net-uuid-from-step-1>
> --name
> > > sriov_port --vnic-type direct "
> > >
> > >
> > > should be "neutron port-create <net-uuid-from-step-1>
> --name
> > > sriov_port --binding:vnic_type direct"
> > >
> > > [ML] – this is blueprint but I will check if I can update
> it.
> > >
> > >
> > > 3. Make it more clear that agent_required = False is
> totally fine
> > > and may be better. From what I read you have to disable
> the firewall
> > > functionality if you enable sriov-agent? Not sure if that
> > > understanding is correct.
> > >
> > > [ML] – I agree this is totally need clarification. The
> > > agent_required=False is used when you have Intel NIC that
> doesn’t
> > > support admin up/down change. SR-IOV NIC that support
> admin up/down
> > > change should be configured with agent_required =True.
> > >
> > > I will update the wiki explaining that flag. (by the way
> we hope to
> > > change it in liberty and deprecate the agent_required
> flag)
> > >
> > >
> > >
> > >
> > >
> > > I would prefer this information to have release bound
> documentation in
> > > for example the Networking
> > > Guide: http://docs.openstack.org/networking-guide/ or the
> Cloud
> > > Administrator
> > > Guide:
> http://docs.openstack.org/admin-guide-cloud/content/
> > >
> > > [ML] – Ok, I guess this is required change in
> > > openstack/openstack-manuals repository. Can you help and
> adding
> > > documentations there? Just put me as review. If not I
> will try do it
> > > myself or find someone in Mellanox.
> > >
> > >
> > >
> > >
> > > I believe that using the pci sys interface is vendor
> compatible. Would
> > > be great if you could confirm. Could you try testing $
> echo '7'
> > > > /sys/class/net/eth3/device/sriov_numvfs on a mellanox
> card?
> > >
> > >
> > > This way we don't have to write vendor specific docs on
> enabling VFs
> > > :)
> > >
> > >
> > > When using modprobe ixgbe max_vfs=7 it tells you that
> using max_vfs is
> > > deprecated and that the pci sys interface should be used.
> That's how I
> > > found out about this.
> > >
> > > [ML] – unfortunately it is not generic in Melllanox you
> need to
> > > configure number of VFs and number of probes (also Single
> Port or
> > > Duel Port ) it is more complicateL
> > >
> > > see https://community.mellanox.com/docs/DOC-1484
> > >
> > >
> > >
> > >
> > > On Sun, Jul 19, 2015 at 2:44 PM, Moshe Levi
> <moshele at mellanox.com>
> > > wrote:
> > >
> > > Hi Sam,
> > >
> > >
> > >
> > > Can you explain why you think that the
> > >
> https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
> > is out of date?
> > >
> > > Moreover you blog explain how to configure SR-IOV
> on Intel
> > > NIC, but keep in mind Neutron SRIOV is generic and
> can support
> > > any other vendors such as Mellanox.
> > >
> > > Maybe will should add links to how to configure
> SR-IOV NIC for
> > > several Vendors. We can start with Mellanox and
> Intel NIC.
> > > What do you think?
> > >
> > >
> > >
> > >
> > >
> > > From: Sam Stoelinga [mailto:sammiestoel at gmail.com]
> > > Sent: Saturday, July 18, 2015 5:55 PM
> > > To: openstack at lists.openstack.org
> > > Subject: [Openstack] [Neutron][SRIOV][docs]
> Enabling SRIOV on
> > > OpenStack Juno step-by-step guide
> > >
> > >
> > >
> > >
> > > Hi networking gurus,
> > >
> > >
> > >
> > >
> > > While it may be easy for many of you to enable
> Neutron SRIOV
> > > on OpenStack it wasn't a smooth ride for me. I
> documented
> > > exactly which steps were required to enable SRIOV
> on OpenStack
> > > on my
> > > blog:
> > >
> http://samos-it.com/posts/sriov-openstack-juno-fuel-6-1.html
> > >
> > >
> > >
> > >
> > >
> > > It seems there is no official documentation yet
> other than 2
> > > out of date wiki pages. I would like take the
> content of my
> > > blog post to official OpenStack docs if you
> guys/girls think
> > > it's useful for the broader audience.
> > >
> > >
> > >
> > >
> > >
> > > Regards,
> > >
> > >
> > > Sam Stoelinga
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > > Post to : openstack at lists.openstack.org
> > > Unsubscribe :
> > >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> > --
> > Andreas
> > (IRC: scheuran)
> >
>
>
>
>
--
Andreas
(IRC: scheuran)
More information about the Openstack
mailing list