13:00:29 <baoli> #startmeeting PCI Passthrough 13:00:30 <openstack> Meeting started Thu Jan 30 13:00:29 2014 UTC and is due to finish in 60 minutes. The chair is baoli. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:00:31 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:00:33 <openstack> The meeting name has been set to 'pci_passthrough' 13:00:56 <baoli> Hi 13:01:07 <BrianB_> Hi 13:01:09 <irenab> hi 13:01:17 <rkukura> hi 13:01:49 <baoli> #topic neutron BPs for SRIOV 13:02:11 <irenab> lets refine the neutron part first? 13:02:12 <baoli> #topic vnic_type 13:02:25 <baoli> irenab, go ahead 13:02:54 <irenab> so for vnic_type we have a bp, and discussion on mailing list where to define it 13:03:17 <irenab> I think it fit the port binding space 13:03:34 <baoli> I second it. 13:03:53 <rkukura> lets resolve top-level vs. binding:profile 1st, then if former, decide which extension 13:04:30 <baoli> Given it's functionality, it fits well as binding:vnic_type 13:05:08 <irenab> baoli: I also think so, it just require change to CLI/API 13:05:24 <rkukura> Is there consensus it needs to be top-level, and is this due to needing use access? 13:05:30 <rkukura> s/use/user/ 13:05:41 <irenab> rkukura: do not think so 13:05:51 <rkukura> irenab: No consensus? 13:06:16 <irenab> No for user access, as I said in the mail, he user will set something much more abstract 13:06:41 <irenab> 'high performance ...' NIC 13:06:56 <rkukura> I'd be happiest if this we admin-only (in binding:profile) and the user passed something in --nic to nova that resulted in nova setting up binding:profile as admin. 13:07:19 <rkukura> s/this we/this was/ 13:07:21 <irenab> rkukura: exactly what I have in mind 13:07:46 <irenab> may it be admin or network owner? 13:07:47 <rkukura> I apologize that I'm not even trying to keep up with the nova side of these discussions 13:08:17 <irenab> rkukura: I think we should be able to decouple nova and neutron 13:08:23 <rkukura> Normally, network owners are normal users, and don't know/see anything internal to the deployment 13:08:57 <irenab> rkukura: so they won't create neutron port? 13:09:15 <rkukura> Plus, we need to make sure its works for normal user whether they are the owner of the network, or someone else owns the network and sets --shared True 13:09:32 <baoli> if we call it nic_type (instead of vnic_type): virtio/direct/macvtap? would it be less confusing? 13:10:20 <irenab> baoli: do you think user should be able to set it? 13:11:00 <baoli> The question is that should the user be allowed to choose a virtio port versus sriov port? 13:11:11 <rkukura> Do we have a plan in place on the nova side for nova code to set things in binding:profile, or is the idea that users do this manually, and later nova automates it? 13:11:34 <irenab> yes, or it should be admin choice 13:12:00 <sadasu> we were designing for "nova code to set things in binding:profile" 13:12:03 <baoli> rkukura, we did. But due to the discussions we had so far, we changed the course, and decided to work on the neutron port-create first 13:12:18 <sadasu> and then what baoli said happened 13:12:45 <rkukura> baoli: That's what I thought, but we need to know whether we can assume the neutron port-create/port-update is done by nova as admin 13:12:54 <irenab> rkukura: for vnic_type it will be user choice translated by nova to vnic_type and set on neutron port 13:13:19 <baoli> that's right, irenab 13:13:37 <rkukura> irenab: Sounds good, just want to make sure the nova code will make icehouse 13:14:09 <irenab> for icehouse, we do not need nova for vnic_type, we set it on neutron port via port-create 13:14:10 <baoli> rkukura, we are not going to change the nova code/CLI in the initial release 13:14:32 <irenab> and then use --nic port_id = xxx for novaboot 13:14:33 <rkukura> irenab: Normal users are not admin 13:15:13 <rkukura> Does this same thing apply to other details like PCI slot, ...? 13:15:14 <baoli> rkukura, so normal users can not choose a virtio port versus a sriov port? 13:15:47 <rkukura> the VNIC that the user's VM sees is really a nova concept, not a neutron concept. 13:15:54 <irenab> PCI slot is not user or admin choice directly, nova allocates it 13:16:27 <baoli> rkukura, nova boot can be used by normal users 13:16:40 <rkukura> irenab: So in icehouse, will nova store pci_slot in binding:profile (as admin)? 13:17:29 <irenab> depends on baoli's work :-) 13:17:56 <rkukura> baoli: I'm not arguing that normal users should not be able to specify the VNIC type, just that they should do this through nova API so that nova does all the right stuff, including what's needed on the neutron port 13:18:21 <irenab> rkukura: I think we all agree 13:18:24 <baoli> rkukura, following the existing work flow in nova, binding:profile will be set and neutron port-update is called 13:18:57 <rkukura> If we can count on having some nova code in icehouse that creates/updates the neuton port with binding:profile as admin, then I think we just stick with using binding:profile for all this. 13:19:50 <rkukura> So my issue with users needing to directly set vnic-type on the neutron port was misguided, right? I was hoping for that answer! 13:20:19 <baoli> rkukura, if a normal user can choose the nic_type from nova boot, why it can't do so in the neutron port-create command? 13:20:38 <irenab> rkukura: initialy we for icehouse we start with setting vnc_type on neutron port and then run nova-boot 13:21:23 <rkukura> irenab: Does that same thing apply to the other items (pci slot, ...) that we want to put in binding:profile? 13:21:36 <irenab> rkukura: only vnic_type 13:21:47 <rkukura> So who sets the others? 13:21:56 <irenab> rkukura: nova 13:22:21 <rkukura> So if nova sets the others, why can't it also set vnic_type? 13:23:02 <rkukura> Is the issue that this would require extending the nova API somehow, and we won't get that in icehouse? 13:23:08 <irenab> rkukura: to make long story short, currently lack of agreement and time to implement 13:23:19 <irenab> rkukura: correct 13:23:27 <baoli> rkukura, to use sriov, we need to do this initially: nova boot --flavor m1.large --image <i-uuid> --nic port-id=<port-uuid> 13:23:42 <baoli> so we have to create a sriov port first 13:24:18 <rkukura> Ok, so normal users need to be able to set vnic_type, so best way forward seems to be to make it top-level 13:25:02 <baoli> Cool, so we'll proceed with that? 13:25:13 <rkukura> Then the only question is whether its in the portbindings extension or a different extension 13:25:17 <irenab> rkukura: I think that normal user will get some abstract definition of nic flavors that precreated by admin, and this will imply vnic_type 13:25:46 <rkukura> irenab: For icehouse, or later? 13:25:58 <irenab> rkukura: later 13:26:09 <rkukura> And where does this "abstract definition" live? In nova eventually? 13:26:19 <irenab> Controller 13:26:26 <rkukura> ? 13:26:33 <irenab> like VM Flavors 13:26:40 <rkukura> Oh, nova controller? 13:26:50 <rkukura> Make sense I think 13:27:22 <baoli> ok, back to rkukura's question on the extension 13:27:26 <irenab> I think the port binding seems the right place to land this 13:27:38 <rkukura> So eventually users won't need to deal with binding:vnic_type directly, so hiding it in portbindings extension is fine with me 13:27:55 <irenab> rkukura: Cool 13:28:43 <baoli> ok, so the conclusion is that user can now specify vnic_type and it will be stored as binding:vmic_type 13:28:44 <irenab> so top-level or part of profile on binding, actually depends on how do you plan to deal with profile as part of generic support for ML2 13:29:41 <irenab> since vnic_type should be checked and stored not on Mech Driver level but on the level on top of it 13:29:49 <rkukura> I think baoli is correct because normal users needing access to vnic_type cannot easily be done within binding:profile 13:30:10 <irenab> so top-lvel on binding extension? 13:30:29 <baoli> agree 13:30:32 <rkukura> I think irenab's BP should cover making the ml2 plugin persist binding:vnic_type 13:30:46 <irenab> rkukura: agree. 13:30:50 <baoli> agree 13:30:51 <rkukura> with default of virtio 13:31:00 <irenab> its exactly the code change I shared with you few days 13:31:23 <rkukura> and all binding-capable MechanismDrivers should check the value when trying to bind, and act appropriately 13:31:42 <irenab> so, if we are OK with it, I can complete it and push next week 13:31:53 <rkukura> Sounds good to me! 13:32:14 <rkukura> I'll submit the BP to implement binding:profile in ML2 today, and also push next week 13:32:21 <baoli> One question, where vmci_type is persisted? 13:32:26 <irenab> rkukura: great! 13:32:47 <baoli> s/vmci_type/vnic_type 13:32:49 <rkukura> If vmci_type is in bindng:profile, the ml2 plugin will persist it with my BP 13:33:14 <rkukura> I think binding:vnic type would be persisted by ml2 plugin in its port binding table 13:33:15 <irenab> so the only left on neutron is if we add common utils/driver for SRIOV generic parts to be used by Cisco/Mellanox Mech. Drivers 13:33:45 <irenab> rkukura: exactly what I had in mind 13:33:48 <rkukura> There's also the binding:vif_details output parameter I'm working with Nachi on, right? 13:35:21 <sadasu> should vnic_type be part of the vif_details? 13:35:34 <baoli> One more question, would ovs agent be able to see this binding:vmic_type? 13:35:39 <irenab> sadasu: not, it will be reflected in vif_type 13:36:07 <irenab> baoli: agent should not see it 13:36:14 <rkukura> sadasu: My understanding is that binding:vnic_type is an input param, while binding:vif_details is output 13:36:28 <baoli> irenab, we talked about running multiple agents in the same time, right? 13:36:40 <sadasu> who does the translation from binding_vnic_type to vif_type in vif_details, generic ML2 plugin or specific mech drivers? 13:37:07 <irenab> baoli: we can take it offline, I 'll explain how it is resolved in case we have more on agenda 13:37:16 <sadasu> rkukura: but vif_type in vif_details depends on input vnic_type 13:37:21 <rkukura> baoli: There is a separate effort to let the bound MD control what gets returned to the agent in the get_device_details RPC 13:37:22 <irenab> sadasu: I think Mech. Driver 13:37:33 <baoli> irenab, sure. 13:37:57 <rkukura> sadasu: Yes, the binding:vif_type attribute is output by the bound MD 13:38:15 <sadasu> ok... 13:38:41 <baoli> for sriov, do we need anything from binding:vif_details? 13:39:02 <irenab> rkukura: for PCI details sent via profile, should it be pushed back via vif_details? 13:39:21 <rkukura> Isn't this where nova's GenericVIFDriver might get the VLAN to tag the PF with? 13:39:24 <sadasu> I don't think we need to send the pci address info back via vif_details 13:39:57 <rkukura> irenab: binding:profile is input to neutron, binding:vif_details is output from neutron 13:40:12 <irenab> sadasu: it should be available to VIFDriver 13:40:38 <baoli> So what would be inside this binding:vif_details for SRIOV? 13:40:58 <baoli> would get_port() return binding:profile? 13:41:10 <sadasu> irenab: agreed. But, since it is already an inout via binding_profile, why do we send it back out ? 13:41:10 <rkukura> In my view each binding:vif_type value will determine what nova's GenericVIFDriver looks for in binding:vif_details. The GenericVIFDriver and the MD that bindings need to agree on how this works. 13:42:31 <irenab> for SRIOV MD we have some common part and part that specific for solution. Cisco has profile_id, right? 13:42:56 <rkukura> The dictionary returned by port-create, port-update, and port-show will contain binding:vnic_type for all users, and for admins will contain binding:vif_type, binding:profile, and binding:vif_details 13:42:57 <baoli> rkukura, I think that it can be done that way. It's just that we need to figure out how much it will impact the existing code, and what would be inside binding:vif_details for SRIOV 13:43:05 <sadasu> rkukura: Ideally, we would need the pci address details and "profile_id" (here profile is a libvirt term) to be part of vif_details 13:43:52 <irenab> we may want vlan_id to be there too, since libvirt can set it 13:44:23 <sadasu> irenab: for me its part of profile_id...but yes...depending on MD functionality 13:44:59 <sadasu> but the only part I am not clear about is, should pci address be part of vif_details... 13:45:08 <baoli> Ok, sure so we'll set vif_details to includes things like profileid and/or vlan_id 13:45:08 <irenab> sadasu: agree, but any SRIOV Mech Driver require pci address to be present 13:45:16 <rkukura> Seems we need to be working on a concrete proposal regarding what the MDs put in binding:vif_details and how nova's GenericVIFDriver uses binding:vif_type and binding:vif_details 13:45:41 <sadasu> we know GebericVIFDriver needs it 13:45:54 <irenab> rkukura: do you say the binding:profile won't be propagated to VIFDriver? 13:46:05 <sadasu> will be able to get it directly from Nova, or should it be part of vif_details? 13:46:26 <baoli> rkukura, it's something called VIF dictionary 13:46:33 <sadasu> I don't know implementation of GenericVIFDriver well enough to answer that question myself 13:46:47 <baoli> nova invokes neutron get_port which will return everything 13:47:04 <rkukura> I think GenericVIFDriver has admin access to the port, so it should see binding:vif_type, binding:vif_details, and binding:profile 13:47:14 <irenab> baoli: not everything is propagated to VIFDriver 13:47:38 <baoli> irenab, the VIF object 13:48:00 <irenab> GenericVIFDriver does not call into neutron, it receives what is on VIF object, but not all attributes of port present there 13:48:01 <rkukura> Would probably make sense for nova to propagate all the portbindings attributes to the VIF driver 13:48:10 <rkukura> including the new ones 13:48:42 <irenab> rkukura: is there a work on nova to support your neutron bp? 13:48:49 <baoli> We can take a look at the area 13:49:49 <baoli> 10 more minutes. I'd like to talk about the neutron port-create syntax 13:49:56 <rkukura> We need to look at Nachi's nova patch for binding:vif_security, which I've proposed to rename binding:vif_details, and see if its getting propagated to the VIF driver 13:50:39 <irenab> and if we need info from profile, need to see that it is availabe to VIF Driver too 13:50:43 <baoli> irenab, rkukura, how would it look like? 13:51:27 <irenab> baoli: to icehouse we need vnic_type and profile_if for port-create, right? 13:51:36 <rkukura> I think "neutron port-create --binding:vnic_type sriov ..." would work 13:51:38 <baoli> irenab, right 13:51:55 <irenab> so vnic_type is like rkukura said 13:51:56 <baoli> how about the profileid? 13:52:22 <rkukura> Isn't profile_id a key in binding:profile? 13:52:23 <irenab> and profileid in via --binding:profile type=dict profileid=xxx 13:52:35 <rkukura> But only admins can set binding:profile 13:53:50 <baoli> before that, a question is should we make them explicit arguments, rather than unknown arguments? doing a neutron port-create help should display those arguments, right? 13:54:41 <irenab> baoli: sounds like Juno feature.... 13:54:45 <rkukura> baoli: I think that is a general question that applies equally to other extensions 13:54:55 <sadasu> I think it is fine for now to have --binding:profile type=dict profileid=xxx set only by admin users 13:55:30 <baoli> ok, we can postpone that to juno 13:55:34 <rkukura> Is the profile_id something that the nova code in icehouse could infer from the flavor and set on binding:profile? 13:55:49 <baoli> sadasu, then the port can only be created by an admin? 13:56:09 <sadasu> rkukura: no 13:56:37 <irenab> great, so having vnic_type and binding:profile bp, do we need bp for common SRIOV on neutron side? 13:56:38 <rkukura> I'm not clear on where a normal user would get values for profile_id? 13:56:43 <sadasu> baoli: for non admin users a profile_is can be created with the vlian_id borrowed from the network that the port would be attached to 13:57:01 <rkukura> Normal users do not know about VLANs 13:57:08 <irenab> sadasu: so it won't be set on port-create? 13:57:29 <sadasu> yes, it won't be set during port create for non-admin userrs 13:57:38 <rkukura> What is the purpose of this profile_id? 13:57:47 <irenab> we have 3 mins left? 13:58:19 <baoli> I think that we have to take it offline. I'll send out some minutes. 13:58:20 <sadasu> rkukura: profile_id would point to a set of config that can be applied to the port 13:58:22 <irenab> I still not sure on the syntax for PCI slot info exchange 13:58:38 <sadasu> like qos, acls etc 13:59:02 <irenab> having further discussion on Mon? 13:59:21 <baoli> That sounds good 13:59:23 <rkukura> IF the profile_id is needed by the GenericVIFDriver, if the bound MD could figure out what it should be and put it in binding:vif_details 13:59:43 <irenab> I'll send an email to the group once push the change for vnic_type. rkukura: can you approve it? 13:59:49 <sadasu> yes, yes 14:00:12 <rkukura> irenab: Are you going to update the BP to match current agreement? 14:00:19 <sadasu> rkukura: yes. but will have to think about it some more 14:00:20 <irenab> rkukura: shure 14:00:38 <irenab> will try to make it today, most late on Sunday 14:00:48 <sadasu> irenab: thanks 14:00:52 <rkukura> irenab: Let me know when the BP is ready to approve and I'll take care of it 14:01:04 <irenab> rkukura: thanks 14:01:19 <baoli> I'll send out some minutes, and the questions we had during this meeting 14:01:25 <baoli> #endmeeting