Split into other RFEs:
https://bugs.launchpad.net/neutron/+bug/1690937
Launchpad bug 1690937 in neutron "[RFE] Support allowed address pairs without
ip address" [Wishlist,Triaged]
https://bugs.launchpad.net/neutron/+bug/1690921
Launchpad bug 1690921 in neutron "[RFE] Manage Broadcast, Unicast, and
Multicast traffic" [Wishlist,Triaged]
** Changed in: neutron
Status: Triaged => Invalid
** Tags removed: rfe sriov-pci-pt
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1662650
Title:
[RFE] Advance configuration of SR-IOV ports- api extension
Status in neutron:
Invalid
Bug description:
The need to configure and manage virtual functions (VFs) on a NIC in order to
apply policy has grown to the point that we have implemented a small, DPDK
based, tool to do so. The tool, VFd
(Virtual Function daemon), allows users to configure VFs using a per VF
description provided by an external source (e.g. a virtualization manager such
as Openstack).
We would like to exercise the use case described here[1]
“Software Defined Network (SDN) trends are demanding fast host-based packet
handling. In a virtualization environment, the DPDK VF PMD driver performs the
same throughput result as a non-VT native environment.
With such host instance fast packet processing, lots of services such as
filtering, QoS, DPI can be offloaded on the host fast path.”
The following has been identified to be offloaded into the host fast path:
VLAN_FILTER – Filters traffic based on a list of VLAN ID(s), this filter is
applied on SR-IOV VF before passing the traffic to VM.
VLAN_STRIP – Enable to strip outer VLAN tag per VF
INSERT_STAG – Enable to Insert outer VLAN tag per VF
BROADCAST_ALLOW – Enable to allow broadcast per VF
UNKNOWN_UNICAST_ALLOW – Enable to allow unicast per VF
UNKNOWN_MULTICAST_ALLOW – Enable to allow multicast per VF
MAC_FILTER – Directs outbound traffic based on a list of MAC address. This
will allow a VM to transmit packets with specified source MAC address in
addition to MAC which belongs to VM.
VLAN_ANTI_SPOOF_CHECK – Enable to ensure anti MAC spoof checks are done at
the SR-IOV VF level to comply with security.
Some API extension is needed for the user to pass the VF configuration.
The extensions for per VF configuration are suggested to go into any of the
following:
1. The port’s profile:binding field
2. The port’s profile:vif_details
3. A new vf_policy object to manage vf_policies, where vf_policy_id is an
attached synthetic field on port, see [2]
4. Distribute properties across neutron
a. VLAN_STRIP and INSERT_STAG, are added as network attributes
b. BROADCAST, UNICAST, MULTICAST, are added into security groups
[3]
c. VLAN_FILTER, MAC_FILTER, and VLAN_ANTI_SPOOF_CHECK are TBD
perhaps added as an extension of port-security (if it doesn’t exist already)
Using the existing SR-IOV agent we can configure virtual functions to
use a tool called IPLEX[4] to interface with VFd[5] to complete the
requested operations.
VFd was added as experimental in the DPDK Release 17.02[6]
[1]
http://dpdk.readthedocs.io/en/latest/nics/intel_vf.html#dpdk-sr-iov-pmd-pf-vf-driver-usage-model
[2] https://review.openstack.org/#/c/453904/
[3] https://review.openstack.org/#/c/455445/
[4] https://github.com/att/vfd/blob/master/src/system/iplex
[5] https://github.com/att/vfd/wiki
[6] http://dpdk.org/doc/guides/rel_notes/release_17_02.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1662650/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
