You can configure a port to allow SR-IOV passthrough and then create OpenStack instances that use physical network adapters.

If you want to create multiple ports with different SR-IOV physical NICs to provide network redundancy for a VM, perform the optional steps in the following procedure.

Prerequisites

  • Enable SR-IOV in vSphere. See Enable SR-IOV on a Host Physical Adapter in vSphere Networking.
  • Create a dedicated compute cluster for SR-IOV devices. DRS rules do not apply to these devices.
  • To persist the MAC address of a physical device, add its cluster as a compute node before enabling passthrough on the device. If passthrough has already been enabled, you can disable it, restart the cluster, and enable direct passthrough again.
  • Enable VMware Integrated OpenStack Carrier Edition features. See Enable Carrier Edition Features.

Procedure

  1. Log in to the Integrated OpenStack Manager as the root user. 
    ssh root@mgmt-server-ip
  2. Edit the Nova compute configuration. 
    viocli update nova-compute
  3. Add the following information in the nova_compute section. 
    pci:
  passthrough_whitelist:
    type: multistring
    values:
    - '{"product_id": "*", "vendor_id": "*", "physical_network": "*"}'
  4. If you are using a DVS or NSX-T Data Center deployment, add the dvs_moid parameter in the vmware section. 
    dvs_moid: sriov-vds-moid
    Set the value of dvs_moid to the managed object identifier (MOID) of the distributed switch associated with the compute cluster for SR-IOV devices.
  5. Open the toolbox and set the password for the admin account. 
    toolbox
export OS_PASSWORD=admin-password
  6. (Optional) If you want to configure port redundancy, create a VM flavor with the isolate property.
    The isolate property ensures that the SR-IOV ports are by different physical NICs in the ESXi server host as required for port redundancy. 
    openstack flavor set <FLAVOR_ID> --property group_policy=isolate
    FLAVOR_ID is the UUID of the Nova flavor to be used for the VMs with isolated SR-IOV ports.
  7. Create a provider network for SR-IOV devices.
    • For NSX Data Center for vSphere deployments, create a VLAN or port group network.
    • For NSX-T Data Center deployments, create a VLAN or opaque network.
    • For DVS deployments, create a VLAN network.
    neutron net-create network-name --tenant-id project-uuid --provider:network_type {vlan | portgroup | nsx-net} --provider:physical_network physical-id [--provider:segmentation_id vlan-id]
    Option Description
    network-name

    Enter a name for the network.

    --tenant-id

    Specify the UUID of the project for which to create the port. You can find the UUID of a project by running the openstack project list command.

    --provider:network_type

    Enter vlan for a VLAN network, portgroup for a port group network, or nsx-net for an opaque network.

    --provider:physical_network
    • For a VLAN network in NSX Data Center for vSphere, specify the MOID of the distributed switch.
    • For a VLAN network in NSX-T Data Center, specify the UUID of the VLAN transport zone.
    • For a VLAN network in a DVS deployment, specify the name of the distributed vSwitch.
    • For a port group network, specify the name of the port group. The network name must match the port group name.
    • For an opaque network, specify the UUID of the logical switch.
    --provider:segmentation_id

    If you want to create a VLAN-based network, enter the VLAN ID.

  8. Create a subnet on the network. 
    neutron subnet-create network-id --tenant-id project-uuid --name subnet-name
    Option Description
    network-id

    Specify the UUID of the network on which to create the subnet. You can find the UUID of a network by running the openstack network list command.

    --tenant-id

    Specify the UUID of the project for which to create the subnet.

    --name

    Enter a name for the subnet.

  9. Create a passthrough-enabled port by using the --vnic_type direct parameter. 
    neutron port-create network-id --tenant-id project-uuid --name port-name --vnic_type direct
    Option Description
    network-id

    Specify the UUID of the network on which to create the port. You can find the UUID of a network by running the openstack network list command.

    --tenant-id

    Specify the UUID of the project for which to create the port.

    --name

    Enter a name for the port.

    Note: Port security is not supported for passthrough-enabled ports and is automatically disabled for the port created.
    To provide your OpenStack instance with access to physical network adapters, configure your instance with this single port. Or to deploy a VM with multiple ports that provide redundancy, note the port ID in the output and repeat this step to create a second direct port.
  10. (Optional) Deploy a VM with the VM flavor and two direct ports. 
    nova boot --flavor <FLAVOR_ID> --image <IMAGE_ID> --nic port-id=<port1-id> --nic port-id=<port2-id> <VM_NAME>
    Option Description
    FLAVOR_ID

    Specify the flavor created in Step 6.
    --nic

    Enter the port ID created with each direct port.