Apply QoS policy on network:router_gateway

All router ports (internal and external) used to be excluded from QoS
policies applied on network. This patch excludes only internal router
ports from network QoS policies.
This allows cloud administrators to set an egress QoS policy to a
public/external network and have the QoS policy applied on all external
router ports (DVR or not). To the tenant this is also egress traffic so
no confusion compared to QoS policies applied to VM ports.

DocImpact

Update networking-guide/config-qos, User workflow section:
- Replace "Network owned ports" with "Internal network owned ports"

Change-Id: I2428c2466f41a022196576f4b14526752543da7a
Closes-Bug: #1659265
Related-Bug: #1486039

neutron/objects/qos/rule.py

@@ -85,12 +85,18 @@ class QosRule(base.NeutronDbObject):
         is_network_device_port = any(port['device_owner'].startswith(prefix)
                                      for prefix
                                      in constants.DEVICE_OWNER_PREFIXES)
+        # NOTE(miouge): Network QoS policies should apply to ext routers ports:
+        # - DEVICE_OWNER_AGENT_GW for DVR routers
+        # - DEVICE_OWNER_ROUTER_GW for normal neutron routers
+        is_router_gw = any(port['device_owner'].startswith(prefix)
+                           for prefix in [constants.DEVICE_OWNER_AGENT_GW,
+                                          constants.DEVICE_OWNER_ROUTER_GW])
         # NOTE(ralonsoh): return True if:
         #    - Is a port QoS policy (not a network QoS policy)
-        #    - Is not a network device (e.g. router) and is a network QoS
-        #      policy and there is no port QoS policy
-        return (is_port_policy or
-                (not is_network_device_port and is_network_policy_only))
+        #    - Is not an internal network device (e.g. router) and is a network
+        #      QoS policy and there is no port QoS policy
+        return (is_port_policy or ((is_router_gw or not is_network_device_port)
+                                   and is_network_policy_only))
 
 
 @obj_base.VersionedObjectRegistry.register

neutron/tests/unit/objects/qos/test_rule.py

@@ -79,6 +79,34 @@ class QosRuleObjectTestCase(neutron_test_base.BaseTestCase):
             device_owner=DEVICE_OWNER_COMPUTE,
             expected_result=True)
 
+    def test_should_apply_to_port_with_router_gw_port_and_net_policy(self):
+        self._test_should_apply_to_port(
+            rule_policy_id=POLICY_ID_B,
+            port_policy_id=POLICY_ID_A,
+            device_owner=constants.DEVICE_OWNER_ROUTER_GW,
+            expected_result=False)
+
+    def test_should_apply_to_port_with_router_gw_port_and_port_policy(self):
+        self._test_should_apply_to_port(
+            rule_policy_id=POLICY_ID_A,
+            port_policy_id=POLICY_ID_A,
+            device_owner=constants.DEVICE_OWNER_ROUTER_GW,
+            expected_result=True)
+
+    def test_should_apply_to_port_with_agent_gw_port_and_net_policy(self):
+        self._test_should_apply_to_port(
+            rule_policy_id=POLICY_ID_B,
+            port_policy_id=POLICY_ID_A,
+            device_owner=constants.DEVICE_OWNER_AGENT_GW,
+            expected_result=False)
+
+    def test_should_apply_to_port_with_agent_gw_port_and_port_policy(self):
+        self._test_should_apply_to_port(
+            rule_policy_id=POLICY_ID_A,
+            port_policy_id=POLICY_ID_A,
+            device_owner=constants.DEVICE_OWNER_AGENT_GW,
+            expected_result=True)
+
 
 class QosBandwidthLimitRuleObjectTestCase(test_base.BaseObjectIfaceTestCase):
 

releasenotes/notes/qos-for-router-gateway-02340f7aa8be3b0d.yaml

@@ -0,0 +1,6 @@
+prelude: >
+    Network QoS policies are now supported for network:router_gateway ports.
+features:
+  - |
+    Neutron QoS policies set on an external network now apply to external
+    router ports (DVR or not).