"Networking Quality of Service was introduced in Neutron in the Liberty cycle, the initial work included API additions and implementation of an extendable mechanism. The thought was to be able to accommodate all the crazy ideas network engineers have. We started with basic bandwidth limiting rule and then enhanced the mechanism to support upgrades, RBAC (Role Based Access Control), DSCP marking and more
In this session we would cover the the work that was done for supporting Networking QoS in Neutron as well as the near future plans in this domain."
15. Role Based Access Control (RBAC)
● QoS permission model (Liberty)
○ By default only cloud admin can create a QoS policy
○ Shared QoS policy
○ The default behaviour managed in policy.json file
● RBAC mechanism - introduced in Liberty
○ A policy framework that allows both operators and users to grant access to resources for
specific projects
○ The generic mechanism was added in Liberty with ‘Network’ as the first resource
supporting this mechanism
16. QoS Policy - RBAC Support
Support was added in Mitaka
# neutron rbac-create --target-tenant <tenant-uuid>
--action access_as_shared
--type qos-policy
<qos-policy-uuid>
# neutron qos-policy-create secret_policy
18. Future - Min Bandwidth guarantee
● Seems like a simple change
● Challenges
○ Support ‘borrowing’
○ Requires influencing VM placements
# neutron qos-bandwidth-limit-rule-create <policy name>
--max-kbps 3000 --max-burst-kbps 300
--min-kbps 1000
19. Min Bandwidth guarantee
● Seems like a simple change
● Challenges
○ Support ‘borrowing’
○ Requires influencing VM placements
# neutron qos-bandwidth-limit-rule-create <policy name>
--max-kbps 3000 --max-burst-kbps 300
--min-kbps 1000
comp1
10G
each
comp2
20. Min Bandwidth guarantee
● Seems like a simple change
● Challenges
○ Support ‘borrowing’
○ Requires influencing VM placements
# neutron qos-bandwidth-limit-rule-create <policy name>
--max-kbps 3000 --max-burst-kbps 300
--min-kbps 1000
comp1
10G
each
VM
1
comp2
min=7G
21. Min Bandwidth guarantee
● Seems like a simple change
● Challenges
○ Support ‘borrowing’
○ Requires influencing VM placements
# neutron qos-bandwidth-limit-rule-create <policy name>
--max-kbps 3000 --max-burst-kbps 300
--min-kbps 1000
comp1
10G
each
VM
1
comp2
min=7G
22. Min Bandwidth guarantee
● Seems like a simple change
● Challenges
○ Support ‘borrowing’
○ Requires influencing VM placements
# neutron qos-bandwidth-limit-rule-create <policy name>
--max-kbps 3000 --max-burst-kbps 300
--min-kbps 1000
comp1
10G
eachcomp2
VM
1
min=7G
23. Min Bandwidth guarantee
● Seems like a simple change
● Challenges
○ Support ‘borrowing’
○ Requires influencing VM placements
# neutron qos-bandwidth-limit-rule-create <policy name>
--max-kbps 3000 --max-burst-kbps 300
--min-kbps 1000
comp1
10G
each
VM
2
comp2
min=5G
VM
1
min=7G
24. Min Bandwidth guarantee
● Seems like a simple change
● Challenges
○ Support ‘borrowing’
○ Requires influencing VM placements
# neutron qos-bandwidth-limit-rule-create <policy name>
--max-kbps 3000 --max-burst-kbps 300
--min-kbps 1000
comp1
10G
each
VM
2
comp2
min=5G
VM
1
min=7G
25. Min Bandwidth guarantee
● Seems like a simple change
● Challenges
○ Support ‘borrowing’
○ Requires influencing VM placements
# neutron qos-bandwidth-limit-rule-create <policy name>
--max-kbps 3000 --max-burst-kbps 300
--min-kbps 1000
comp1 comp2
VM
1
VM
2
min=7G min=5G
10G
each
26. Min Bandwidth guarantee
● Nova scheduler
○ Resource Provider Framework =>
○ Bandwidth modeled as a resource
○ Reported to Nova generic resource pool API
resource-classes
resource-providers
compute-node-inventory
resource-providers-allocations
27. Traffic Classification
● Traffic classifiers
○ Apply rules to specific traffic flows
○ Use cases: Prioritize certain traffic, like control, realtime data, etc.
● Optional model
Policy
Rule Rule Rule
Traffic
Classifie
Traffic
Classifier
SSH HTTP
28. Additional Future Work
● Default policy per Tenant
● Shaping incoming traffic
● QoS VLAN 802.1p Support
● Many other ideas and requests - https://bugs.launchpad.
net/neutron/+bugs?field.tag=qos
32. QoS in Neutron - Liberty
● Adding generic infrastructure that would be
extensible for additional use cases
● Scope
○ Traffic within the hypervisor
○ Only traffic that leaves the VM (VM-egress)
○ No integration with Nova scheduler