← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #64114

[Bug 1662650] Re: [RFE] Advance configuration of SR-IOV ports- api extension

  Thread PreviousDate PreviousThread Next 
Split into other RFEs:

https://bugs.launchpad.net/neutron/+bug/1690937
Launchpad bug 1690937 in neutron "[RFE] Support allowed address pairs without ip address" [Wishlist,Triaged]
https://bugs.launchpad.net/neutron/+bug/1690921
Launchpad bug 1690921 in neutron "[RFE] Manage Broadcast, Unicast, and Multicast traffic" [Wishlist,Triaged]

** Changed in: neutron
       Status: Triaged => Invalid

** Tags removed: rfe sriov-pci-pt

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1662650

Title:
  [RFE] Advance configuration of SR-IOV ports- api extension

Status in neutron:
  Invalid

Bug description:
  The need to configure and manage virtual functions (VFs) on a NIC in order to apply policy has grown to the point that we have implemented a small, DPDK based, tool to do so.  The tool, VFd
  (Virtual Function daemon), allows users to configure VFs using a per VF description provided by an external source (e.g. a virtualization manager such as Openstack).

  We would like to exercise the use case described here[1]
  “Software Defined Network (SDN) trends are demanding fast host-based packet handling. In a virtualization environment, the DPDK VF PMD driver performs the same throughput result as a non-VT native environment.
  With such host instance fast packet processing, lots of services such as filtering, QoS, DPI can be offloaded on the host fast path.”

  The following has been identified to be offloaded into the host fast path:
  VLAN_FILTER – Filters traffic based on a list of VLAN ID(s), this filter is applied on SR-IOV VF before passing the traffic to VM.
  VLAN_STRIP – Enable to strip outer VLAN tag per VF
  INSERT_STAG – Enable to Insert outer VLAN tag per VF
  BROADCAST_ALLOW – Enable to allow broadcast per VF
  UNKNOWN_UNICAST_ALLOW – Enable to allow unicast per VF
  UNKNOWN_MULTICAST_ALLOW – Enable to allow multicast per VF
  MAC_FILTER – Directs outbound traffic based on a list of MAC address. This will allow a VM to transmit packets with specified source MAC address in addition to MAC which belongs to VM.
  VLAN_ANTI_SPOOF_CHECK – Enable to ensure anti MAC spoof checks are done at the SR-IOV VF level to comply with security.

  Some API extension is needed for the user to pass the VF configuration.
  The extensions for per VF configuration are suggested to go into any of the following:
  1.	The port’s profile:binding field
  2.	The port’s profile:vif_details
  3.	A new vf_policy object to manage vf_policies, where vf_policy_id is an attached synthetic field on port, see [2]
  4. Distribute properties across neutron
       a.	VLAN_STRIP and INSERT_STAG, are added as network attributes
       b.	BROADCAST, UNICAST, MULTICAST, are added into security groups [3]
       c.	VLAN_FILTER, MAC_FILTER, and VLAN_ANTI_SPOOF_CHECK are TBD perhaps added as an extension of port-security (if it doesn’t exist already)

  Using the existing SR-IOV agent we can configure virtual functions to
  use a tool called IPLEX[4] to interface with VFd[5] to complete the
  requested operations.

  VFd was added as experimental in the DPDK Release 17.02[6]

  [1] http://dpdk.readthedocs.io/en/latest/nics/intel_vf.html#dpdk-sr-iov-pmd-pf-vf-driver-usage-model
  [2] https://review.openstack.org/#/c/453904/
  [3] https://review.openstack.org/#/c/455445/
  [4] https://github.com/att/vfd/blob/master/src/system/iplex
  [5] https://github.com/att/vfd/wiki
  [6] http://dpdk.org/doc/guides/rel_notes/release_17_02.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1662650/+subscriptions

References

  Thread PreviousDate PreviousThread Next