OpenStack Compute (nova)

Trusted Virtual Functions

Registered by Sahid Orentino

A new kernel feature allows Virtual Functions to become "trusted" by
the Physical Function and perform some privileged operations, such as
enabling VF promiscuous mode and changing VF MAC address within the
guest. The inability to modify mac addresses in the guest prevents the
users from being able to easily setup up two VFs in a fail-over bond
in a guest. This spec aims to suggest a way for users to boot
instances with trusted VFs.

Blueprint information

Status:
Complete
Approver:
Matt Riedemann
Priority:
Medium
Drafter:
Sahid Orentino
Direction:
Approved
Assignee:
Sahid Orentino
Definition:
Approved
Series goal:
Accepted for rocky
Implementation:
Implemented
Milestone target:
milestone icon rocky-2
Started by
Matt Riedemann
Completed by
Matt Riedemann

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/sriov-trusted-vfs,n,z

Addressed by: https://review.openstack.org/397932
    Allow instances to be booted with trusted virtual function

Addressed by: https://review.openstack.org/458513
    network: add command to configure trusted mode for VFs

Addressed by: https://review.openstack.org/458514
    libvirt: configure trust mode for vfs

Addressed by: https://review.openstack.org/458820
    network: update pci request spec to handle trusted tags

Addressed by: https://review.openstack.org/485522
    virt: allow instances to be booted with trusted VFs

Approved for Rocky. -- mriedem 20180323

Addressed by: https://review.openstack.org/565808
    pci: don't consider case when match tags specs

Addressed by: https://review.openstack.org/566343
    libvirt: add vf_trusted field for network metadata

Addressed by: https://review.openstack.org/566344
    metadata: add vf_trusted field to device metadata

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.