That's right. But the firewall_driver = NoopFirewallDriver is an agent configuration, so if you would have the sriov-agent configured with this driver, you still could configure an ovs agent with another driver I guess. Does that make sense? If so, maybe we could add this information to the wiki as well!
Thanks! Andreas On Mo, 2015-07-20 at 16:58 +0800, Sam Stoelinga wrote: > I want to add that I'm not using the NoopFirewall as I'm using > agent_required = False. So all instances that are not using SRIOV can > still use security groups like normal. Instances that are using SRIOV > won't have security groups applied though. > > On Mon, Jul 20, 2015 at 3:21 PM, Moshe Levi <mosh...@mellanox.com> > wrote: > > > > -----Original Message----- > > From: Andreas Scheuring [mailto:scheu...@linux.vnet.ibm.com] > > Sent: Monday, July 20, 2015 10:04 AM > > To: Moshe Levi > > Cc: Sam Stoelinga; openstack@lists.openstack.org > > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling > SRIOV on > > OpenStack Juno step-by-step guide > > > > +1 for updating the wiki > > +1 for adding a section to the docs > > > > > > Moshe, > > what about the firewall support Sam mentioned? I assume > fwaas is > > supported, as it runs on the network node which uses ovs, > but Security > > Groups are not working as you're using the > NoopFirewallDriver, right? > Yes that is correct. I will update that as well in the wiki. > > > Or is there another FW driver that could be used? > > > > Thanks > > > > > > > > On So, 2015-07-19 at 08:12 +0000, Moshe Levi wrote: > > > See my comments inline > > > > > > > > > > > > From: Sam Stoelinga [mailto:sammiest...@gmail.com] > > > Sent: Sunday, July 19, 2015 10:37 AM > > > To: Moshe Levi > > > Cc: openstack@lists.openstack.org > > > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling > SRIOV on > > > OpenStack Juno step-by-step guide > > > > > > > > > > > > > > > I think it was not fair to say it's not up to date. It > seems it's up > > > to date, but current downsides of existing OpenStack wikis > on SRIOV > > > are missing info, many different Wikis and hard to consume > the info: > > > > > > > > > 1. > https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking > > > > > > > > > 2. https://wiki.openstack.org/wiki/Nova-neutron-sriov > > > > > > > > > 3. > https://wiki.openstack.org/wiki/PCI_passthrough_SRIOV_support > > > > > > > > > 4. https://wiki.openstack.org/wiki/Pci_passthrough > > > > > > > > > > > > [ML] – I think the only wiki users should be using is > > > > https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking > > > [2],[3] are the blueprints and [4] is PCI-Pass-through > without SR-IOV > > > and it refer to [1] which is good. > > > > > > > > > > > > > > > Things that I noticed that were missing / could be better: > > > > > > > > > 1. Adding PCIDeviceFilter to nova-scheduler > > > > > > [ML] I think you mean the PciPassthroughFilter and you are > correct indeed > > it is missing. I will update the wiki. > > > 2. How to enable VFs on compute nodes > > > > > > [ML] – This vendor specific but we can add links to > vendor wiki page > > > on how to configure their NIC to support SR-IOV > > > > > > > > > 3. This wiki: > https://wiki.openstack.org/wiki/Nova-neutron-sriov > > > contains incorrect information. > > > > > > > > > Current wrong: "neutron port-create <net-uuid-from-step-1> > --name > > > sriov_port --vnic-type direct " > > > > > > > > > should be "neutron port-create <net-uuid-from-step-1> > --name > > > sriov_port --binding:vnic_type direct" > > > > > > [ML] – this is blueprint but I will check if I can update > it. > > > > > > > > > 3. Make it more clear that agent_required = False is > totally fine > > > and may be better. From what I read you have to disable > the firewall > > > functionality if you enable sriov-agent? Not sure if that > > > understanding is correct. > > > > > > [ML] – I agree this is totally need clarification. The > > > agent_required=False is used when you have Intel NIC that > doesn’t > > > support admin up/down change. SR-IOV NIC that support > admin up/down > > > change should be configured with agent_required =True. > > > > > > I will update the wiki explaining that flag. (by the way > we hope to > > > change it in liberty and deprecate the agent_required > flag) > > > > > > > > > > > > > > > > > > I would prefer this information to have release bound > documentation in > > > for example the Networking > > > Guide: http://docs.openstack.org/networking-guide/ or the > Cloud > > > Administrator > > > Guide: > http://docs.openstack.org/admin-guide-cloud/content/ > > > > > > [ML] – Ok, I guess this is required change in > > > openstack/openstack-manuals repository. Can you help and > adding > > > documentations there? Just put me as review. If not I > will try do it > > > myself or find someone in Mellanox. > > > > > > > > > > > > > > > I believe that using the pci sys interface is vendor > compatible. Would > > > be great if you could confirm. Could you try testing $ > echo '7' > > > > /sys/class/net/eth3/device/sriov_numvfs on a mellanox > card? > > > > > > > > > This way we don't have to write vendor specific docs on > enabling VFs > > > :) > > > > > > > > > When using modprobe ixgbe max_vfs=7 it tells you that > using max_vfs is > > > deprecated and that the pci sys interface should be used. > That's how I > > > found out about this. > > > > > > [ML] – unfortunately it is not generic in Melllanox you > need to > > > configure number of VFs and number of probes (also Single > Port or > > > Duel Port ) it is more complicateL > > > > > > see https://community.mellanox.com/docs/DOC-1484 > > > > > > > > > > > > > > > On Sun, Jul 19, 2015 at 2:44 PM, Moshe Levi > <mosh...@mellanox.com> > > > wrote: > > > > > > Hi Sam, > > > > > > > > > > > > Can you explain why you think that the > > > > https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking > > is out of date? > > > > > > Moreover you blog explain how to configure SR-IOV > on Intel > > > NIC, but keep in mind Neutron SRIOV is generic and > can support > > > any other vendors such as Mellanox. > > > > > > Maybe will should add links to how to configure > SR-IOV NIC for > > > several Vendors. We can start with Mellanox and > Intel NIC. > > > What do you think? > > > > > > > > > > > > > > > > > > From: Sam Stoelinga [mailto:sammiest...@gmail.com] > > > Sent: Saturday, July 18, 2015 5:55 PM > > > To: openstack@lists.openstack.org > > > Subject: [Openstack] [Neutron][SRIOV][docs] > Enabling SRIOV on > > > OpenStack Juno step-by-step guide > > > > > > > > > > > > > > > Hi networking gurus, > > > > > > > > > > > > > > > While it may be easy for many of you to enable > Neutron SRIOV > > > on OpenStack it wasn't a smooth ride for me. I > documented > > > exactly which steps were required to enable SRIOV > on OpenStack > > > on my > > > blog: > > > > http://samos-it.com/posts/sriov-openstack-juno-fuel-6-1.html > > > > > > > > > > > > > > > > > > It seems there is no official documentation yet > other than 2 > > > out of date wiki pages. I would like take the > content of my > > > blog post to official OpenStack docs if you > guys/girls think > > > it's useful for the broader audience. > > > > > > > > > > > > > > > > > > Regards, > > > > > > > > > Sam Stoelinga > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > Post to : openstack@lists.openstack.org > > > Unsubscribe : > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > -- > > Andreas > > (IRC: scheuran) > > > > > > -- Andreas (IRC: scheuran) _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
