14:05:10 #startmeeting neutron_qos 14:05:11 Meeting started Wed Aug 19 14:05:10 2015 UTC and is due to finish in 60 minutes. The chair is ajo. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:05:13 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:05:15 The meeting name has been set to 'neutron_qos' 14:05:17 do it, ping me when there is smth for me, I may be off sometimes 14:05:32 ihrachyshka, let's start with an status update, may be you're better for that 14:05:38 ok 14:05:47 #topic where we are 14:05:55 ajo, gimme a co-chain 14:05:58 *chair 14:05:59 #topic where we are 14:06:04 ihrachyshka how do I do that? :) 14:06:12 #help 14:06:18 nah, whatever 14:06:21 so where we are. 14:06:28 we merged into master on Mon 14:06:37 hi 14:06:56 meaning, feature/qos is about to retire and hooks cleaned up from project-config: https://review.openstack.org/212475 14:06:57 #addmeeting ihrachyshka 14:06:59 ;-) 14:07:05 sorry, #addchair ihrachyshka 14:07:12 #addchair ihrachyshka 14:07:30 now, during merge we disabled gating for qos because master lacked the hooks in project-config 14:07:30 ihrachyshka++ :-) 14:07:34 everybody++ 14:07:53 so the critical thing is to enable the gating before we introduce a regression 14:07:58 NOTE: disabled gating means: no api tests or tempest 14:08:08 first, we tried to make it in devstack: https://review.openstack.org/212453 14:08:11 functional, unit, and fullstack may be ok 14:08:21 but folks requested a devstack plugin. so here we go: https://review.openstack.org/214249 14:08:49 I need to enable the qos api tests in that same patch to check it worked as expected. (afaik it did not though) 14:09:02 ajo, how do you know what will affect API? 14:09:25 anyway... gating is the thing we need like yesterday. 14:09:36 so apart from it... 14:09:51 ajo started to report bugs in LP. ajo link to qos tag? 14:10:16 ihrachyshka: what do you mean by "what will affect API?" 14:10:18 now if anything buggy qos related in the product, please report a bug and mark with 'qos' tag for ease of searching 14:10:19 * ajo looks for the link 14:10:30 #link https://bugs.launchpad.net/neutron/+bugs?field.tag=qos neutron qos bugs 14:10:41 ajo, I mean, that you can't ever be sure changing some code that it won't affect api tests. 14:10:47 thanks ajo 14:11:02 ihrachyshka: that's true 14:11:03 I saw people actively fix qos bugs and send reviews. 14:11:30 I suggest all patches to have marked with bp/quantum-qos-api top or whatever relevant 14:11:32 ihrachyshka: may be we should hold those until api-tests are re-enabled to avoid later head-aches? 14:11:39 so that it shows up in reviewer dashboard for L 14:11:55 sounds like a good idea 14:11:56 ajo, I think we should hold merges before gating, yes. 14:12:11 I will set my patches on-hold for that reason 14:12:19 anyone apart from the owner can change topic, so please check your lists 14:12:46 ajo, ok. I hope people will mind. if it's something clearly agent side, I think we are good to merge. 14:12:53 so server side is problematic 14:13:16 ok, what else... ah right. THANKS ALL FOR YOU GREAT WORK 14:13:32 it's a pleasure to work with you folks :) 14:13:46 ihrachyshka: makes sense 14:13:47 so ajo I think you can now move to specific discussions 14:13:57 ajo, while I clear some stuff in donwstream 14:13:58 so server/db/api side -> let's hold until api-tests are back 14:14:03 it was pleasure to work with you guys as well :) 14:14:14 yeah :-) 14:14:24 ok 14:14:44 so, may be we could go over a couple of bugs, and then irenab and I were talking about nova integration with nova flavors 14:15:10 #topic Bugs 14:15:34 first, this bug, I think it's important: 14:15:40 #link https://bugs.launchpad.net/neutron/+bug/1486039 14:15:41 Launchpad bug 1486039 in neutron "Setting a policy to a network will limit the router/dhcp/net-device ports, that's not expected" [Undecided,New] 14:15:55 basically 14:16:02 if we set a rule to "private-net" 14:16:10 policy with a bw limit rule, I mean 14:16:19 and then you create the router, and the dhcp port is created... 14:16:30 both the inner leg of the router will be BW limited, and the dhcp port will be bw limited too 14:16:35 which is not expected 14:17:14 therea are use cases, where the tenant or admin could want to explicitly limit some of the device ports (router legs, etc...) 14:17:28 ajo: would filtering out network types device owners will be ok? 14:17:29 so all the agreggated network connection to the outside world is limited, etc... 14:17:37 ajo: if there is a usecase like kevinbenton pointed out - would it make sense to *not* limit router by default and if needed, they can update port with --qos-policy-id ? 14:17:37 irenab: it depends on where we do it 14:17:48 jlibosva, irenab , correct 14:17:52 *but* 14:18:09 (sec) 14:18:13 I had a distracting monkey ;) 14:18:20 -kid- :) 14:18:31 the issue comes when we put other rules in play 14:18:32 for example 14:18:47 DSCP marking of a private network, could be desired for the inner router leg, or the dhcp leg 14:19:00 as... that would also prioritize those packets in the switch 14:19:10 (expected if you set a network to have a qos policy with dscp marking) 14:19:16 so 14:19:22 I think that a possible solution 14:19:44 could be to provide a separate qos_profile_id in the get_info_for_devices with the network qos_profile_id 14:19:52 sounds like we should have per rule type policy if to apply settings on network ports 14:19:54 network_qos_profile_id ? ... 14:20:03 and let the rule handler at low level decide 14:20:09 or the plugin 14:20:10 :) 14:20:31 as the rules are network objects... 14:20:45 may be we can add an attribute like "apply_to_network_devices" 14:21:00 and then that's clear for all the stack up/down 14:21:46 it's a funny bug :) 14:21:49 lots of corner cases 14:21:50 ajo: by attribute you don’t mean API wise? 14:22:04 irenab: yes, internal implementation attribute in the neutron object 14:22:10 QoSBandwidthLimitRule in this case 14:22:16 under neutron.objects.qos 14:22:28 not stored in db 14:22:34 just a static attribute of the rule 14:23:18 ok, let's not spend time on design stuff, as long as we are aware of the corner cases, and we agree on how to handle it.. 14:23:19 ajo: So back to basic use case, once compute port is created without policy on network that has associated policy, the port will inherit it? 14:23:37 yes 14:23:49 that boils down to the other bug 14:23:49 ajo: can you share the link to this bug? 14:24:01 from the spec, we said: 14:24:12 1) if port has no qos policy, the policy from network is used 14:24:21 2) if port has an specific policy, the network policy is overriden 14:24:31 now, the other: 14:24:42 #link https://bugs.launchpad.net/neutron/+bug/1486028 network policy changes propagation 14:24:42 Launchpad bug 1486028 in neutron "If you attach a QoS policy to a network, agents handling the port networks are not notified" [Undecided,New] 14:25:13 if port updates are propagated, I'd also expect that to happen 14:25:40 otherwise we'd be violating the eventual consistency with the model 14:25:52 ajo: regarding this, I am not sure updatedpolicy should be applied on the existing bound ports 14:26:17 irenab, I'm quite convinced that it should be the case, otherwise the current spec is missleading 14:26:38 if the model says that a network with a policy will have the ports with no policy controlled by such network policy... 14:26:43 ajo: spec update patch is not merged yet :-) 14:26:49 the system will be left in an unconsistent state 14:27:00 irenab: true, we need a +A ':) 14:28:35 any other opinion on network policy updates to agent? 14:28:44 ihrachyshka, jlibosva , jschwarz , moshele ? 14:29:13 I like item 1) in the bug :) We just need to be careful not to update ports with already assigned policy 14:29:24 in given network 14:29:33 yes, that's mandatory :) 14:29:43 otherwise the model is again unconsistent with the system :) 14:29:54 yes, consistency++ 14:30:32 no opinions here 14:30:35 ok 14:30:38 let's move on 14:31:21 #link https://review.openstack.org/#/c/199112/ qos-spec update 14:31:24 we need a +A there 14:31:29 ajo: I just think no policy can be on intension as well… 14:31:55 but lets move on 14:31:58 irenab, then we will have to extend the model to block policies 14:32:06 irenab, otherwise at next vm boot... the state will be changed 14:32:25 irenab: like "disable port security" -> "disable qos policies" 14:32:33 or something like that 14:32:45 in that case, I'd advise the tenant not to set a policy on the net, and do it per-port 14:33:23 I will ping mestery/armax about the +A 14:33:32 ajo: I would prefer we provide ‘idiot proof’ support 14:33:59 irenab, but, if you leave policy: None on the port, network_policy = A later 14:34:02 and not update the port 14:34:03 anyway, as long as its well documented, it ok 14:34:04 then... 14:34:14 somebody stops/starts the VM... 14:34:20 or it's migrated 14:34:25 the policy get's applied 14:34:31 we should document it well, 14:34:42 and if the no-policy case comes up... we find a way to do it 14:35:01 ajo: probably you are correct about disable-qos-policy, so its feature for next version :-) 14:35:35 :) 14:36:14 I guess the other bugs don't need much discussion 14:36:28 so probably we can move to the nova integration 14:36:47 #topic nova integration via flavors 14:37:00 irenab, the stage is yours :) 14:37:20 we started etherpad with initial ideas here: https://etherpad.openstack.org/p/qos-nova-neutron 14:37:37 #link https://etherpad.openstack.org/p/qos-nova-neutron initial ideas for neutron-nova integration on qos 14:38:13 The use case is to associate qos policy with nova flavor, so that tenant can deploy VM and get qos configured without additional commands 14:38:47 irenab: why it can't be part during port creation for nova instance? It calls neutron api to create port, right? 14:39:19 according to some available documentation, there is already the following that supposed to work: 14:39:32 nova-manage flavor set_key --name m1.small --key quota:vif_inbound_average --value 10240 14:40:09 as we discussed with ajo, it maybe modified to nova-manage flavor set_key --name m1.small --key quota:vif_qos_policy --value 14:40:29 yes, the other will work for nova network, or for neutron without qos-plugin 14:40:30 I am not sure what quota means here 14:40:43 yeah, the specific key must be decided by the nova team 14:40:46 IIRC, that 'vif_qos_policy' only works with libvirt-kvm/qemu 14:40:57 Would you be removing this feature? 14:41:06 sfinucan, not removing, nova-net probably needs it 14:41:16 the day nova-net is deprecated: AKA never :) 14:41:34 sfinucan: ajo :so this one only for nova-network? 14:41:34 vif_qos_policy is what we'd be adding 14:41:52 ajo: OK, just checking :) 14:41:57 sfinucan: I think it works with any tap port coming from a VM with KVM 14:42:04 and as jlibosva mentioned it should be sent to neutron port create 14:42:08 irenab^ , sorry 14:42:12 yes 14:42:23 I agree, if we attach a neutron qos policy id to the flavor 14:42:32 ah, sorry. I asked before I read the etherpad carefully :) 14:42:32 then , the ports could be created in such policy, *but* 14:42:41 there's an issue 14:42:54 I think port creation from nova happens with the tenant credentials 14:42:56 ajo: previously you raised a valid point regarding ownership of the policy 14:43:03 and qos policies, could be admin, and not shared 14:43:25 (for example, not shared because you don't want tenants to attach ports to those specific policies, and raise the flavor limits..) 14:43:27 example: 14:43:38 flavor mini = 1CPU, 2GB, 10Mbps egress 14:43:47 flavor cool = 2CPU, 4GB, 100Mbps egress 14:43:58 user creates instance in flavor mini... 14:44:04 then ... looks for the port and does 14:44:24 neutron port-update --qos-policy "100mbps-policy-id" 14:44:30 cheating the cloud provider :) 14:44:38 so, 14:44:59 IMO, one way to prevent that, could be done via RBAC, but we need to explore that 14:45:13 or, to let the admin leave the policies as not-shared 14:45:29 ad nova does call neutron after port creation, to set the policy, with admin credentials 14:45:49 ad->and 14:45:56 not sure wether that's possible or not 14:46:04 again, in the current state, tenant could go and do 14:46:12 neutron port-update --no-qos-policy 14:46:27 ajo: so basically nova should query neutron for policy owner and either port create or port update should set it 14:46:30 I guess we would need to add business logic to disallow port detachment, when it's a non-shared policy 14:46:55 irenab: I mean, nova would call neutron with admin credentials, to set the policy 14:47:14 ajo: and if the policy is owned by tenant? 14:47:33 irenab: then admin can set it too :) 14:47:40 admin can do anything 14:47:50 well, anything that makes sense... 14:47:55 hmmm 14:47:59 this comes to another bug, 14:48:03 I'm just seeing 14:48:08 ajo: this if feature! 14:48:11 lol 14:48:12 :) 14:48:20 feature: tenant-cheating-capability 14:48:20 :D 14:48:39 in the current state, imagine the CSP uses the network qos_policy_id to enforce a policy to tenants 14:48:56 tenants could just go, and... neutron net-update --no-qos-policy 14:48:59 bye policy! ;) 14:49:47 So I guess, we may generally want to prevent a non-shared-policy to be detached by a tenant who does not own such policy 14:50:21 does it make sense? 14:50:40 I will fill it in the tracker, we could throw it away later, 14:50:45 let's go back to nova-neutron integration 14:50:58 irenab: how do we do it? , probably we should arrange a meeting with nova guys 14:51:08 or ask for a timeslot in one of their meetings? 14:52:03 ajo: sounds great. Lets just put more content on the etherpad so we can share prior to discussion. I will try to do it asap 14:52:42 ajo: what about nova scheduler guarante for qos? 14:53:20 irenab: yes, we should start talking about other rules 14:53:32 we had DSCP in the line, anybody from comcast? 14:53:43 and we had BandwidthGuarantees 14:53:46 probably to start with 14:54:15 Bandwidth Guarantees may require cooperation from nova scheduler, when those are not "best effort" 14:54:47 Hi! Yes, would you like me to update that etherpad with some DSCP info? 14:54:52 for example, to not plug (SUM(ports, port.min_limit)>interface limit) 14:55:11 njohnston, etherpad is for nova-neutron integration only, 14:55:19 njohnston, for DSCP, do we have a RFE already? 14:55:25 (bug with RFE mark? 14:55:37 ajo: this would fail too late, need ‘not schedule if (SUM(ports, port.min_limit)>interface limit)' 14:55:39 I know vhoward submited a spec, but not sure about the RFE 14:55:58 irenab: correct, we need nova to be aware, and schedule the instance to the right place 14:56:04 or.. 14:56:07 even the port 14:56:19 imagine you have , in sriov 2 PF ports, with 10G each 14:56:33 and you are requested to plug 4VFs with 5G min limit 14:56:41 if you plug the 4VFs to the first PF... 14:56:44 the limit won't be met 14:56:55 I mean, the guarantee won't be met 14:57:07 so it has to be node-aware and port aware... 14:57:19 ajo: agree 14:57:21 and I guess, nova has to query neutron and ask about the policy 14:57:27 to gather info 14:57:40 ajo: I will check with vhoward and if it isn't there we'll get that in ASAP 14:58:48 njohnston, if there's an RFE, please ask him to tag it with the qos tag too 14:59:01 will do 14:59:02 ajo: lets see if we can chat with nova guys regarding scheduler 14:59:17 njohnston: https://bugs.launchpad.net/neutron/+bug/1468353 14:59:17 Launchpad bug 1468353 in neutron "QoS DSCP marking rule support" [Undecided,In progress] - Assigned to James Reeves (james-reeves5546) 14:59:17 :-) 14:59:26 looks like we need to brainstorm it first 15:00:31 irenab: makes sense 15:00:46 oops 15:00:50 we're at the top of the hour 15:00:58 let's release the channel, 15:01:06 thanks everybody, keep rocking! ;) 15:01:09 #endmeeting