[Openstack] [Neutron][SRIOV][docs] Enabling SRIOV on OpenStack Juno step-by-step guide

Andreas Scheuring scheuran at linux.vnet.ibm.com
Mon Jul 20 09:33:44 UTC 2015


That's right. 

But the firewall_driver = NoopFirewallDriver is an agent configuration,
so if you would have the sriov-agent configured with this driver, you
still could configure an ovs agent with another driver I guess. Does
that make sense?
If so, maybe we could add this information to the wiki as well!

Thanks!

Andreas



On Mo, 2015-07-20 at 16:58 +0800, Sam Stoelinga wrote:
> I want to add that I'm not using the NoopFirewall as I'm using
> agent_required = False. So all instances that are not using SRIOV can
> still use security groups like normal. Instances that are using SRIOV
> won't have security groups applied though. 
> 
> On Mon, Jul 20, 2015 at 3:21 PM, Moshe Levi <moshele at mellanox.com>
> wrote:
>         
>         
>         > -----Original Message-----
>         > From: Andreas Scheuring [mailto:scheuran at linux.vnet.ibm.com]
>         > Sent: Monday, July 20, 2015 10:04 AM
>         > To: Moshe Levi
>         > Cc: Sam Stoelinga; openstack at lists.openstack.org
>         > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling
>         SRIOV on
>         > OpenStack Juno step-by-step guide
>         >
>         > +1 for updating the wiki
>         > +1 for adding a section to the docs
>         >
>         >
>         > Moshe,
>         > what about the firewall support Sam mentioned? I assume
>         fwaas is
>         > supported, as it runs on the network node which uses ovs,
>         but Security
>         > Groups are not working as you're using the
>         NoopFirewallDriver, right?
>         Yes that is correct. I will update that as well in the wiki.
>         
>         > Or is there another FW driver that could be used?
>         >
>         > Thanks
>         >
>         >
>         >
>         > On So, 2015-07-19 at 08:12 +0000, Moshe Levi wrote:
>         > > See my comments inline
>         > >
>         > >
>         > >
>         > > From: Sam Stoelinga [mailto:sammiestoel at gmail.com]
>         > > Sent: Sunday, July 19, 2015 10:37 AM
>         > > To: Moshe Levi
>         > > Cc: openstack at lists.openstack.org
>         > > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling
>         SRIOV on
>         > > OpenStack Juno step-by-step guide
>         > >
>         > >
>         > >
>         > >
>         > > I think it was not fair to say it's not up to date. It
>         seems it's up
>         > > to date, but current downsides of existing OpenStack wikis
>         on SRIOV
>         > > are missing info, many different Wikis and hard to consume
>         the info:
>         > >
>         > >
>         > > 1.
>         https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
>         > >
>         > >
>         > > 2. https://wiki.openstack.org/wiki/Nova-neutron-sriov
>         > >
>         > >
>         > > 3.
>         https://wiki.openstack.org/wiki/PCI_passthrough_SRIOV_support
>         > >
>         > >
>         > > 4. https://wiki.openstack.org/wiki/Pci_passthrough
>         > >
>         > >
>         > >
>         > > [ML] – I think the only wiki users should be using is
>         > >
>         https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
>         > >  [2],[3] are the blueprints and [4] is PCI-Pass-through
>         without SR-IOV
>         > > and it refer to [1] which is good.
>         > >
>         > >
>         > >
>         > >
>         > > Things that I noticed that were missing / could be better:
>         > >
>         > >
>         > > 1.     Adding PCIDeviceFilter to nova-scheduler
>         > >
>         > > [ML] I think you mean the PciPassthroughFilter and you are
>         correct indeed
>         > it is missing. I will update the wiki.
>         > > 2.     How to enable VFs on compute nodes
>         > >
>         > > [ML] – This  vendor specific but we can add links to
>         vendor wiki page
>         > > on how to configure their NIC to support SR-IOV
>         > >
>         > >
>         > > 3. This wiki:
>         https://wiki.openstack.org/wiki/Nova-neutron-sriov
>         > > contains incorrect information.
>         > >
>         > >
>         > > Current wrong: "neutron port-create <net-uuid-from-step-1>
>         --name
>         > > sriov_port --vnic-type direct "
>         > >
>         > >
>         > > should be "neutron port-create <net-uuid-from-step-1>
>         --name
>         > > sriov_port --binding:vnic_type direct"
>         > >
>         > > [ML] – this is blueprint but I will check if I can update
>         it.
>         > >
>         > >
>         > > 3.     Make it more clear that agent_required = False is
>         totally fine
>         > > and may be better. From what I read you have to disable
>         the firewall
>         > > functionality if you enable sriov-agent? Not sure if that
>         > > understanding is correct.
>         > >
>         > > [ML] – I agree this is totally need clarification. The
>         > > agent_required=False is used when you have Intel NIC that
>         doesn’t
>         > > support admin up/down  change. SR-IOV NIC that support
>         admin up/down
>         > > change should be configured with agent_required =True.
>         > >
>         > > I will update the wiki explaining that flag.  (by the way
>         we hope to
>         > > change it in liberty and deprecate the agent_required
>         flag)
>         > >
>         > >
>         > >
>         > >
>         > >
>         > > I would prefer this information to have release bound
>         documentation in
>         > > for example the Networking
>         > > Guide: http://docs.openstack.org/networking-guide/ or the
>         Cloud
>         > > Administrator
>         > > Guide:
>         http://docs.openstack.org/admin-guide-cloud/content/
>         > >
>         > > [ML] – Ok, I guess this is required change in
>         > > openstack/openstack-manuals repository. Can you help and
>         adding
>         > > documentations  there? Just put me as review.  If not I
>         will try do it
>         > > myself or find someone in Mellanox.
>         > >
>         > >
>         > >
>         > >
>         > > I believe that using the pci sys interface is vendor
>         compatible. Would
>         > > be great if you could confirm. Could you try testing $
>         echo '7'
>         > > > /sys/class/net/eth3/device/sriov_numvfs on a mellanox
>         card?
>         > >
>         > >
>         > > This way we don't have to write vendor specific docs on
>         enabling VFs
>         > > :)
>         > >
>         > >
>         > > When using modprobe ixgbe max_vfs=7 it tells you that
>         using max_vfs is
>         > > deprecated and that the pci sys interface should be used.
>         That's how I
>         > > found out about this.
>         > >
>         > > [ML] – unfortunately it is not generic  in Melllanox you
>         need to
>         > > configure number of VFs and number of probes (also Single
>         Port  or
>         > > Duel Port ) it is more complicateL
>         > >
>         > > see https://community.mellanox.com/docs/DOC-1484
>         > >
>         > >
>         > >
>         > >
>         > > On Sun, Jul 19, 2015 at 2:44 PM, Moshe Levi
>         <moshele at mellanox.com>
>         > > wrote:
>         > >
>         > >         Hi Sam,
>         > >
>         > >
>         > >
>         > >         Can you explain why you think that the
>         > >
>          https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking
>         > is out of date?
>         > >
>         > >         Moreover you blog explain how to configure SR-IOV
>         on Intel
>         > >         NIC, but keep in mind Neutron SRIOV is generic and
>         can support
>         > >         any other vendors such  as Mellanox.
>         > >
>         > >         Maybe will should add links to how to configure
>         SR-IOV NIC for
>         > >         several  Vendors. We can start with Mellanox and
>         Intel NIC.
>         > >         What do you think?
>         > >
>         > >
>         > >
>         > >
>         > >
>         > >         From: Sam Stoelinga [mailto:sammiestoel at gmail.com]
>         > >         Sent: Saturday, July 18, 2015 5:55 PM
>         > >         To: openstack at lists.openstack.org
>         > >         Subject: [Openstack] [Neutron][SRIOV][docs]
>         Enabling SRIOV on
>         > >         OpenStack Juno step-by-step guide
>         > >
>         > >
>         > >
>         > >
>         > >         Hi networking gurus,
>         > >
>         > >
>         > >
>         > >
>         > >         While it may be easy for many of you to enable
>         Neutron SRIOV
>         > >         on OpenStack it wasn't a smooth ride for me. I
>         documented
>         > >         exactly which steps were required to enable SRIOV
>         on OpenStack
>         > >         on my
>         > >         blog:
>         > >
>         http://samos-it.com/posts/sriov-openstack-juno-fuel-6-1.html
>         > >
>         > >
>         > >
>         > >
>         > >
>         > >         It seems there is no official documentation yet
>         other than 2
>         > >         out of date wiki pages. I would like take the
>         content of my
>         > >         blog post to official OpenStack docs if you
>         guys/girls think
>         > >         it's useful for the broader audience.
>         > >
>         > >
>         > >
>         > >
>         > >
>         > >         Regards,
>         > >
>         > >
>         > >         Sam Stoelinga
>         > >
>         > >
>         > >
>         > >
>         > >
>         > >
>         > >
>         > >
>         > >
>         > >
>         > >
>         > > _______________________________________________
>         > > Mailing list:
>         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>         > > Post to     : openstack at lists.openstack.org
>         > > Unsubscribe :
>         > >
>         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>         >
>         > --
>         > Andreas
>         > (IRC: scheuran)
>         >
>         
>         
> 
> 

-- 
Andreas
(IRC: scheuran)






More information about the Openstack mailing list