Configure Passthrough for Networking Devices

You can configure a port to allow SR-IOV passthrough and then create OpenStack instances that use physical network adapters.

Important: This feature is offered in VMware Integrated OpenStack Carrier Edition only. For more information, see VMware Integrated OpenStack Licensing.

Prerequisites

Enable SR-IOV in vSphere. See Enable SR-IOV on a Host Physical Adapter in vSphere Networking.
Create a dedicated compute cluster for SR-IOV devices. DRS rules do not apply to these devices.
To persist the MAC address of a physical device, add its cluster as a compute node before enabling passthrough on the device. If passthrough has already been enabled, you can disable it, restart the cluster, and enable direct passthrough again.
Enable VMware Integrated OpenStack Carrier Edition features. See Enable Carrier Edition Features.

Procedure

Log in to the Integrated OpenStack Manager as the root user.
```
ssh root@mgmt-server-ip
```
Edit the Nova compute configuration.
```
viocli update nova-compute
```

Add the following information in the nova_compute section.

pci:
  passthrough_whitelist:
    type: multistring
    values:
    - '{"product_id": "*", "vendor_id": "*", "physical_network": "*"}'

If you are using an NSX-T Data Center deployment, add the dvs_moid parameter in the vmware section.
```
dvs_moid: sriov-vds-moid
```
Set the value of dvs_moid to the managed object identifier (MOID) of the distributed switch associated with the compute cluster for SR-IOV devices.
Open the toolbox and set the password for the admin account.
```
toolbox
export OS_PASSWORD=admin-password
```

Create a provider network for SR-IOV devices.

For NSX Data Center for vSphere deployments, create a VLAN or port group network.
For NSX-T Data Center deployments, create a VLAN or opaque network.

neutron net-create network-name --tenant-id project-uuid --provider:network_type {vlan | portgroup | nsx-net} --provider:physical_network physical-id [--provider:segmentation_id vlan-id]

Option	Description
`network-name`	Enter a name for the network.
--tenant-id	Specify the UUID of the project for which to create the port. You can find the UUID of a project by running the openstack project list command.
--provider:network_type	Enter `vlan` for a VLAN network, `portgroup` for a port group network, or `nsx-net` for an opaque network.
--provider:physical_network	For a VLAN network in NSX Data Center for vSphere, specify the MOID of the distributed switch. For a VLAN network in NSX-T Data Center, specify the UUID of the VLAN transport zone. For a port group network, specify the MOID of the port group. For an opaque network, specify the UUID of the logical switch.
--provider:segmentation_id	If you want to create a VLAN-based network, enter the VLAN ID.

Create a subnet on the network.

neutron subnet-create network-id --tenant-id project-uuid --name subnet-name

Option	Description
`network-id`	Specify the UUID of the network on which to create the subnet. You can find the UUID of a network by running the openstack network list command.
--tenant-id	Specify the UUID of the project for which to create the subnet.
--name	Enter a name for the subnet.

Create a passthrough-enabled port by using the --vnic_type direct parameter.

neutron port-create network-id --tenant-id project-uuid --name port-name --vnic_type direct

Option	Description
`network-id`	Specify the UUID of the network on which to create the port. You can find the UUID of a network by running the openstack network list command.
--tenant-id	Specify the UUID of the project for which to create the port.
--name	Enter a name for the port.

Note: Port security is not supported for passthrough-enabled ports and will be automatically disabled for the port created.

Results

You can configure instances with the port created in this procedure to allow them to use SR-IOV devices.