> -----Original Message-----
> From: pranab boruah [mailto:pranabjyotibor...@gmail.com]
> Sent: Wednesday, August 9, 2017 2:36 PM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: [openstack-dev] [os-vif] [vif_plug_ovs] Queries on VIF_Type
> I am experimenting with the os-vif library and stumbled upon this new
> VIF type called VIFHostDevice. I have few general queries. TIA.
> 1. How do I create ports with VIF_type as VIFHostDevice? Looking for
> the CLI command options.
[Mooney, Sean K] hi os-vif vif objects such as VIFHostDevice have no direct
With the neutron port binding extention vif_type or vnic_type. That is to say
Cannot direcly request VIFHostDevice via the cli by seting a vif_type or
The vif object in os vif are datastuctures that encapluate the common datamodel
Descibse a specific network interface type. In the case of VIFHostDevice this
To a sriov VF. This is then paird with a os-vif plugin which encapsulates the
port binding logic
For plugging these abstract vif into that specific network backend. This is
combined with an
Os vif port profile object which transports any backend specific info that
cannot be generically included
Int the os vif vif object. For example vf representor netdev address or a
vSwitches bridge name.
> 2. Say, I have OVS running completely on x86 host(no datapath or flow
> offload to
> NIC) as the networking mechanism and a SRIOV capable NIC(for existence
> of VF representors that will be added to the OVS bridge). Can I still
> launch instances with VIF_type as VIFHostDevice?
[Mooney, Sean K] you can launch an instance with that configuration yes however
You will not have any way to manage that vf via ovs. Libvirt would still
Connect the dataplane to the vm via standard host passthrouhg/sriov howver
Applying action to the representor port attached to the ovs bridge such as
Tagging the interface with a vlan or installing openflow rules to fileter the
With the ovs conntrack security group driver would have no effect on dataplane.
> 3. I want to use Security Groups using OVS+Conntrack as the mechanism.
> Can I apply SG rules on the ports of type VIFHostDevice using the above
[Mooney, Sean K] that should work with a melonox or netroneome smart nic with
A ovs that support the tc flower offload if they have implemented conntrack
But it would not work with a generic nic. That is something that in the future
we do intend
To support but at present it requires nic support to enable with conntrack. It
may be possible
To use the learn action openflow security group driver if your nic does not
For stateless firewalling which is still better then what you have today with
sriov but the
Bottome line is you need nic support in hardware/firmware and ovs support for
that nic offload to make this work.
> PS: I am still trying to understand this. Hence, I might get my
> premises wrong in the above questions. Will appreciate a detailed
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-
OpenStack Development Mailing List (not for usage questions)