SR-IOV is a mechanism for passing hardware virtualized network functions (VF) or full physical function (PF) directly to KVM instances; the OpenStack charms should be updated to support this capability.
Using Open vSwitch and the chain of bridges, veth pairs and tap devices incurs an overhead on network throughput and latency that is not acceptable in some use cases for OpenStack.
SR-IOV allows part of (a VF) or a full (a PF) SR-IOV enabled network card to be connected directly to a KVM instance via the virtualization layer provided by libvirt.
Support for both of these types of passthrough was implemented in full in the Mitaka release.
Supporting SR-IOV will require changes in three charms; specifcally:
SR-IOV will be enabled using a configuration option on the neutron-api charm 'enable-sriov'; The nova-cloud-controller charm will be notified of the state of this option via the relation between the nova-cloud-controller charm and the neutron-api charm.
In the first implementation, a pci-device-whitelist configuration option will be provided by the nova-compute charm to allow allocation of specific PCI devices to compute instances. This is a direct pass through to a Nova configuration option. Later revisions of this feature may use as-yet unimplemented features in Juju to manage PCI device allocation at the unit level.
Initial SR-IOV support will be agent-less (i.e. not using the neutron-sriov-agent).
Flat and VLAN networking modes will be supported.
Use Gerrit topic "sriov-support" for all patches related to this spec.
No new git repositories required.
Updates to the README's in the impacted charms will be made as part of this change.
No additional security concerns.
Code changes will be covered by unit tests; functional testing will be done using a Mojo specification.