I want to add that I'm not using the NoopFirewall as I'm using agent_required = False. So all instances that are not using SRIOV can still use security groups like normal. Instances that are using SRIOV won't have security groups applied though.
On Mon, Jul 20, 2015 at 3:21 PM, Moshe Levi <mosh...@mellanox.com> wrote: > > > > -----Original Message----- > > From: Andreas Scheuring [mailto:scheu...@linux.vnet.ibm.com] > > Sent: Monday, July 20, 2015 10:04 AM > > To: Moshe Levi > > Cc: Sam Stoelinga; openstack@lists.openstack.org > > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling SRIOV on > > OpenStack Juno step-by-step guide > > > > +1 for updating the wiki > > +1 for adding a section to the docs > > > > > > Moshe, > > what about the firewall support Sam mentioned? I assume fwaas is > > supported, as it runs on the network node which uses ovs, but Security > > Groups are not working as you're using the NoopFirewallDriver, right? > Yes that is correct. I will update that as well in the wiki. > > > Or is there another FW driver that could be used? > > > > Thanks > > > > > > > > On So, 2015-07-19 at 08:12 +0000, Moshe Levi wrote: > > > See my comments inline > > > > > > > > > > > > From: Sam Stoelinga [mailto:sammiest...@gmail.com] > > > Sent: Sunday, July 19, 2015 10:37 AM > > > To: Moshe Levi > > > Cc: openstack@lists.openstack.org > > > Subject: Re: [Openstack] [Neutron][SRIOV][docs] Enabling SRIOV on > > > OpenStack Juno step-by-step guide > > > > > > > > > > > > > > > I think it was not fair to say it's not up to date. It seems it's up > > > to date, but current downsides of existing OpenStack wikis on SRIOV > > > are missing info, many different Wikis and hard to consume the info: > > > > > > > > > 1. https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking > > > > > > > > > 2. https://wiki.openstack.org/wiki/Nova-neutron-sriov > > > > > > > > > 3. https://wiki.openstack.org/wiki/PCI_passthrough_SRIOV_support > > > > > > > > > 4. https://wiki.openstack.org/wiki/Pci_passthrough > > > > > > > > > > > > [ML] – I think the only wiki users should be using is > > > https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking > > > [2],[3] are the blueprints and [4] is PCI-Pass-through without SR-IOV > > > and it refer to [1] which is good. > > > > > > > > > > > > > > > Things that I noticed that were missing / could be better: > > > > > > > > > 1. Adding PCIDeviceFilter to nova-scheduler > > > > > > [ML] I think you mean the PciPassthroughFilter and you are correct > indeed > > it is missing. I will update the wiki. > > > 2. How to enable VFs on compute nodes > > > > > > [ML] – This vendor specific but we can add links to vendor wiki page > > > on how to configure their NIC to support SR-IOV > > > > > > > > > 3. This wiki: https://wiki.openstack.org/wiki/Nova-neutron-sriov > > > contains incorrect information. > > > > > > > > > Current wrong: "neutron port-create <net-uuid-from-step-1> --name > > > sriov_port --vnic-type direct " > > > > > > > > > should be "neutron port-create <net-uuid-from-step-1> --name > > > sriov_port --binding:vnic_type direct" > > > > > > [ML] – this is blueprint but I will check if I can update it. > > > > > > > > > 3. Make it more clear that agent_required = False is totally fine > > > and may be better. From what I read you have to disable the firewall > > > functionality if you enable sriov-agent? Not sure if that > > > understanding is correct. > > > > > > [ML] – I agree this is totally need clarification. The > > > agent_required=False is used when you have Intel NIC that doesn’t > > > support admin up/down change. SR-IOV NIC that support admin up/down > > > change should be configured with agent_required =True. > > > > > > I will update the wiki explaining that flag. (by the way we hope to > > > change it in liberty and deprecate the agent_required flag) > > > > > > > > > > > > > > > > > > I would prefer this information to have release bound documentation in > > > for example the Networking > > > Guide: http://docs.openstack.org/networking-guide/ or the Cloud > > > Administrator > > > Guide: http://docs.openstack.org/admin-guide-cloud/content/ > > > > > > [ML] – Ok, I guess this is required change in > > > openstack/openstack-manuals repository. Can you help and adding > > > documentations there? Just put me as review. If not I will try do it > > > myself or find someone in Mellanox. > > > > > > > > > > > > > > > I believe that using the pci sys interface is vendor compatible. Would > > > be great if you could confirm. Could you try testing $ echo '7' > > > > /sys/class/net/eth3/device/sriov_numvfs on a mellanox card? > > > > > > > > > This way we don't have to write vendor specific docs on enabling VFs > > > :) > > > > > > > > > When using modprobe ixgbe max_vfs=7 it tells you that using max_vfs is > > > deprecated and that the pci sys interface should be used. That's how I > > > found out about this. > > > > > > [ML] – unfortunately it is not generic in Melllanox you need to > > > configure number of VFs and number of probes (also Single Port or > > > Duel Port ) it is more complicateL > > > > > > see https://community.mellanox.com/docs/DOC-1484 > > > > > > > > > > > > > > > On Sun, Jul 19, 2015 at 2:44 PM, Moshe Levi <mosh...@mellanox.com> > > > wrote: > > > > > > Hi Sam, > > > > > > > > > > > > Can you explain why you think that the > > > > https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking > > is out of date? > > > > > > Moreover you blog explain how to configure SR-IOV on Intel > > > NIC, but keep in mind Neutron SRIOV is generic and can support > > > any other vendors such as Mellanox. > > > > > > Maybe will should add links to how to configure SR-IOV NIC for > > > several Vendors. We can start with Mellanox and Intel NIC. > > > What do you think? > > > > > > > > > > > > > > > > > > From: Sam Stoelinga [mailto:sammiest...@gmail.com] > > > Sent: Saturday, July 18, 2015 5:55 PM > > > To: openstack@lists.openstack.org > > > Subject: [Openstack] [Neutron][SRIOV][docs] Enabling SRIOV on > > > OpenStack Juno step-by-step guide > > > > > > > > > > > > > > > Hi networking gurus, > > > > > > > > > > > > > > > While it may be easy for many of you to enable Neutron SRIOV > > > on OpenStack it wasn't a smooth ride for me. I documented > > > exactly which steps were required to enable SRIOV on OpenStack > > > on my > > > blog: > > > http://samos-it.com/posts/sriov-openstack-juno-fuel-6-1.html > > > > > > > > > > > > > > > > > > It seems there is no official documentation yet other than 2 > > > out of date wiki pages. I would like take the content of my > > > blog post to official OpenStack docs if you guys/girls think > > > it's useful for the broader audience. > > > > > > > > > > > > > > > > > > Regards, > > > > > > > > > Sam Stoelinga > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > Post to : openstack@lists.openstack.org > > > Unsubscribe : > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > -- > > Andreas > > (IRC: scheuran) > > > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack