Thales Elero Cervi bc0870eade PCI-PT configuration when SR-IOV is not available (stx 7.0, stx8, ds7)

There is a known limitation [1] and NICs that do not support SR-IOV
require a different procedure [2] when configuring PCI-PT.

This change adds a note on checking SR-IOV support for the target NIC,
when configuring PCI-Passthrough for it, and adds the necessary
steps for the configuration to work properly whit this type of NIC.

For completeness, it also duplicates the PCI-PT example for when
configuring PCI SRIOV Ethernet Interfaces, with the necessary
changes to the procedure.

[1] https://bugs.launchpad.net/starlingx/+bug/1836682
[2] https://wiki.openstack.org/wiki/StarlingX/Networking#Useful_Networking_Commands

Partial-bug: 1836682

Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I7258ab34cb7ce69a2f4b82c682f72d9467d95c70

2022-09-12 14:38:38 +00:00

9.3 KiB

Raw Blame History

Configure PCI Passthrough Ethernet Interfaces

A passthrough Ethernet interface is a physical Ethernet on a compute node to which a virtual machine is granted direct access. This minimizes packet processing delays but at the same time demands special operational considerations.

Configure a Passthrough Ethernet Interface on a host and request it for an instance at boot/create time.

Note

To use passthrough or devices, you must have Intel VT-x and Intel VT-d features enabled in the BIOS.

The exercise assumes that the underlying data network group0-data0 exists already, and that ID 10 is a valid segmentation ID assigned to project1.

Log in as the admin user to the .
Lock the compute node you want to configure.
Configure the Ethernet interface to be used as a PCI passthrough interface.
1. Select Admin > Platform > Host Inventory from the left-hand pane.
2. Select the Hosts tab.
3. Click the name of the compute host.
4. Select the Interfaces tab.
5. Click the Edit Interface button associated with the interface you want to configure.
The Edit Interface dialog appears.

Select pci-passthrough, from the Interface Class drop-down, and then select the data network to attach the interface.

You may also need to change the .

The interface can also be configured from the as illustrated below:
```
~(keystone_admin)$ system host-if-modify -c pci-passthrough compute-0 enp0s3
~(keystone_admin)$ system interface-datanetwork-assign compute-0 <enp0s3_interface_uuid> <group0_data0_data_network_uuid>
```
Check if the Ethernet interface supports
1. Check the host port associated with the configured -passthrough interface.
```
~(keystone_admin)$ system host-if-list <host-name> | grep pci-passthrough
```
2. Describe the target port to check the value of sriov_totalvfs on it. If the value is None, the Ethernet interface does not support . Otherwise, it does.
```
~(keystone_admin)$ system host-port-show <host-name> <port-name> | grep sriov_totalvfs
```
3. For Ethernet interfaces without support, there is a known limitation reported here. This limitation is overcome with a specific step later on this procedure.
Note

It will be required to know if the Ethernet interface supports or not later in this procedure.
For Ethernet interfaces that support , create the net0 project network

Note

If the Ethernet interface DOES NOT support , skip this step.

Log in as the admin user to the .

Select Admin > Network > Networks, select the Networks tab, and then click Create Network. Fill in the Create Network dialog box as illustrated below. You must ensure that:
- project1 has access to the project network, either assigning it as the owner, as in the illustration (using Project), or by enabling the shared flag.
- The segmentation ID is set to 10.
Click the Next button to proceed to the Subnet tab.

Click the Next button to proceed to the Subnet Details tab.
Configure the access switch. Refer to the OEM documentation to configure the access switch.

Log in as the admin user to the .

Configure the physical port on the access switch used to connect to Ethernet interface enp0s3 as an access port with default ID of 10. Traffic across the connection is therefore untagged, and effectively integrated into the targeted project network.

You can also use a trunk port on the access switch so that it handles tagged packets as well. However, this opens the possibility for guest applications to join other project networks using tagged packets with different IDs, which might compromise the security of the system. See : L2 Access Switches <network-planning-l2-access-switches> for other details regarding the configuration of the access switch.
Unlock the compute node.
For Ethernet interfaces that support , create a neutron port with a type, direct-physical.

Note

If the Ethernet interface DOES NOT support , skip this step.

First, you must set up the environment and determine the correct network to use with the port.
```
~(keystone_admin)$ source /etc/platform/openrc
~(keystone_admin)$ OS_AUTH_URL=http://keystone.openstack.svc.cluster.local/v3
~(keystone_admin)$ openstack network list | grep net0
~(keystone_admin)$ openstack port create --network <uuid_of_net0> --vnic-type direct-physical <port_name>
```
You have now created a port to be used when launching the server in the next step.
For Ethernet interfaces that do not support , the following Nova configuration is required.

Note

If the Ethernet interface DOES support , skip this step.
- Get the Ethernet interface vendor_id and product_id:
```
~(keystone_admin)$ source /etc/platform/openrc
~(keystone_admin)$ system host-port-show <host-name> <port-name> | grep -E '(pvendor |pdevice )'
```
- Use the retrieved IDs to create a alias with "device_type":"type-PCI", as peer Configure a PCI Alias in Nova <configuring-a-pci-alias-in-nova>.
- Configure a flavor with the extra spec key pci_passthrough:alias pointing to the previously created alias, as peer Configure a Flavor to Use a Generic PCI Device <configuring-a-flavor-to-use-a-generic-pci-device>
Launch the virtual machine

Note

You will need to source to the same project selected in the Create Network 'net0' step.
- For Ethernet interfaces with support: specify the port uuid created
```
~(keystone_admin)$ openstack server create --flavor <flavor_name> --image <image_name> --nic port-id=<port_uuid> <name>
```
- For Ethernet interfaces without support: specify the created flavor to use the device
```
~(keystone_admin)$ openstack server create --flavor <pci_flavor_name> --image <image_name>
```
For more information, see the Neutron documentation at: https://docs.openstack.org/neutron/train/admin/config-sriov.html.

The new virtual machine instance is up now. It has a PCI passthrough connection to the net0 project network identified with ID 10.

partner

start-after: warning-text-begin
end-before: warning-text-end

Access switches must be properly configured to ensure that virtual machines using -passthrough or Ethernet interfaces have the expected connectivity. In a common scenario, the virtual machine using these interfaces connects to external end points only, that is, it does not connect to other virtual machines in the same cluster. In this case:

Traffic between the virtual machine and the access switch can be tagged or untagged.
The connecting port on the access switch is part of a port-based .

partner

start-after: vlan-bullet-1-begin
end-before: vlan-bullet-1-end

The port-based provides the required connectivity to external switching and routing equipment needed by guest applications to establish connections to the intended end points.

For connectivity to other virtual machines in the cluster the following configuration is also required:

The ID used for the project network, 10 in this example, and the default port ID of the access port on the switch are the same. This ensures that incoming traffic from the virtual machine is tagged internally by the switch as belonging to ID 10, and switched to the appropriate exit ports.

partner

start-after: vlan-bullet-2-begin
end-before: vlan-bullet-2-end

partner

start-after: vlan-bullet-3-begin
end-before: vlan-bullet-3-end

9.3 KiB Raw Blame History

Configure PCI Passthrough Ethernet Interfaces

9.3 KiB

Raw Blame History