You can configure a port to allow SR-IOV or DirectPath I/O passthrough and then create OpenStack instances that use physical hardware interfaces.
This procedure uses OpenStack Neutron to enable passthrough for networking devices. For non-networking devices, see Configure Passthrough for Non-Networking Devices.
Prerequisites
- Enable SR-IOV or DirectPath I/O in vSphere:
- Create a dedicated compute cluster for SR-IOV devices. DRS rules do not apply to these devices.
- To persist the MAC address of a physical device, add its cluster as a compute node before enabling direct passthrough on the device. If direct passthrough has already been enabled, you can disable it, restart the cluster, and enable direct passthrough again.
Procedure
- Log in to the OpenStack Management Server as
viouser.
- If you are using an NSX-T Data Center deployment, specify a distributed switch for each compute cluster on which SR-IOV is enabled.
- If your deployment is not using a custom.yml file, copy the template custom.yml file to the /opt/vmware/vio/custom directory.
sudo mkdir -p /opt/vmware/vio/custom
sudo cp /var/lib/vio/ansible/custom/custom.yml.sample /opt/vmware/vio/custom/custom.yml
- Open the /opt/vmware/vio/custom/custom.yml file in a text editor.
- Uncomment the nova_dvs_moid parameter.
- Specify the DNS name of each compute driver in your deployment and the managed object identifier (MOID) of the VDS associated with it.
For example:
nova_dvs_moid:
compute01: dvs-35
compute02: dvs-36
Note that there are three spaces before the name of each compute driver.
- Deploy the updated configuration.
sudo viocli deployment configure
Deploying the configuration briefly interrupts OpenStack services.
- Switch to the
root user and load the cloud administrator credentials file.
sudo su -
source ~/cloudadmin.rc
- Create a provider network for SR-IOV devices.
- For NSX Data Center for vSphere deployments, create a VLAN or port group network.
- For NSX-T Data Center deployments, create a VLAN or opaque network.
neutron net-create network-name --tenant-id project-uuid --provider:network_type {vlan | portgroup | nsx-net} --provider:physical_network physical-id [--provider:segmentation_id vlan-id]
| Option |
Description |
| network-name |
Enter a name for the network. |
| --tenant-id |
Specify the UUID of the project for which to create the port. You can find the UUID of a project by running the openstack project list command. |
| --provider:network_type |
Enter vlan for a VLAN network, portgroup for a port group network, or nsx-net for an opaque network. |
| --provider:physical_network |
- For a VLAN network in NSX Data Center for vSphere, specify the managed object identifier (MOID) of the distributed switch.
- For a VLAN network in NSX-T Data Center, specify the UUID of the VLAN transport zone.
- For a port group network, specify the MOID of the port group.
- For an opaque network, specify the UUID of the logical switch.
|
| --provider:segmentation_id |
If you want to create a VLAN-based network, enter the VLAN ID. |
- Create a passthrough-enabled port.
neutron port-create network-id --tenant-id project-uuid --name port-name --vnic_type {direct | direct-physical}
| Option |
Description |
| network-id |
Specify the UUID of the network on which to create the port. You can find the UUID of a network by running the openstack network list command. |
| --tenant-id |
Specify the UUID of the project for which to create the port. |
| --name |
Enter a name for the port. |
| --vnic_type |
Enter direct for SR-IOV or direct-physical for direct passthrough. |
Note: Port security is not supported for
direct and
direct-physical ports and will be automatically disabled for the port created.
Results
You can now deploy passthrough-enabled virtual machines by configuring them with the port that you created during this procedure.
