QoS被定義為保證某些網絡需求(如帶寬,延遲,抖動和可靠性)以滿足應用提供商與最終用戶之間的服務水平協議(SLA)的能力。
網絡設備(如交換機和路由器)可以標記流量,以便以更高的優先級處理流量,以滿足SLA下約定的QoS條件。在其他情況下,諸如IP語音(VoIP)和視頻流之類的某些網絡流量需要以最小的帶寬約束來傳送。在沒有網絡QoS管理的系統上,所有流量將以“盡力而為”的方式傳輸,使得不可能保證向客戶的服務傳遞。
QoS是一種高級服務插件。 QoS在多個級別上與OpenStack Networking代碼的其余部分分離,並且可以通過ml2擴展驅動程序獲得。
支持的QoS規則類型
任何插件或ml2機制驅動程序都可以通過提供一個名為supported_qos_rule_types的插件/驅動程序類屬性來聲明對某些QoS規則類型的支持,該屬性返回與QoS規則類型對應的字符串列表。
在最簡單的情況下,屬性可以通過在類上定義的簡單的Python列表來表示。
對於ml2插件,支持的QoS規則類型的列表被定義為所有活動機制驅動程序支持的規則的公共子集。
配置
要啟用該服務,請按照以下步驟操作:
在網絡節點上:
將QoS服務添加到/etc/neutron/neutron.conf中的service_plugins設置。 例如:
service_plugins = router,lbaasv2,neutron.services.qos.qos_plugin.QoSPlugin
在/etc/neutron/plugins/ml2/ml2_conf.ini中,在[ml2]部分的extension_drivers中添加qos。 例如:
[ml2]
extension_drivers = port_security, qos
在計算節點上:
1.在/etc/neutron/plugins/ml2/linuxbridge_agent.ini中,將qos添加到[agent]部分中的擴展設置。 例如:
[agent]
extensions = qos
添加policy.json
vim /etc/neutron/policy.json
#配置json策略文件 以下為官方文檔選項,此處只選用bandwidth limit
如果項目被信任在您的雲中管理自己的QoS策略,可以修改neutron的文件policy.json以允許這樣做。
修改/etc/neutron/policy.json策略條目,如下所示:
"get_policy": "rule:regular_user",
"create_policy": "rule:regular_user",
"update_policy": "rule:regular_user",
"delete_policy": "rule:regular_user",
啟用帶寬限制規則:
"get_policy_bandwidth_limit_rule": "rule:regular_user",
"create_policy_bandwidth_limit_rule": "rule:admin_only",
"delete_policy_bandwidth_limit_rule": "rule:admin_only",
"update_policy_bandwidth_limit_rule": "rule:admin_only",
"get_rule_type": "rule:regular_user",
啟用DSCP標記規則:
"get_policy_dscp_marking_rule": "rule:regular_user",
"create_dscp_marking_rule": "rule:admin_only",
"delete_dscp_marking_rule": "rule:admin_only",
"update_dscp_marking_rule": "rule:admin_only",
"get_rule_type": "rule:regular_user",
官方的policy.json配置,文件位置:https://github.com/openstack/neutron/blob/4b40a4c3231486898923cee70f9d70d6ad803769/etc/policy.json
{
"context_is_admin": "role:admin",
"owner": "tenant_id:%(tenant_id)s",
"admin_or_owner": "rule:context_is_admin or rule:owner",
"context_is_advsvc": "role:advsvc",
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
"admin_owner_or_network_owner": "rule:owner or rule:admin_or_network_owner",
"admin_only": "rule:context_is_admin",
"regular_user": "",
"admin_or_data_plane_int": "rule:context_is_admin or role:data_plane_integrator",
"shared": "field:networks:shared=True",
"shared_subnetpools": "field:subnetpools:shared=True",
"shared_address_scopes": "field:address_scopes:shared=True",
"external": "field:networks:router:external=True",
"default": "rule:admin_or_owner",
"admin_or_ext_parent_owner": "rule:context_is_admin or tenant_id:%(ext_parent:tenant_id)s",
"create_subnet": "rule:admin_or_network_owner",
"create_subnet:segment_id": "rule:admin_only",
"create_subnet:service_types": "rule:admin_only",
"get_subnet": "rule:admin_or_owner or rule:shared",
"get_subnet:segment_id": "rule:admin_only",
"update_subnet": "rule:admin_or_network_owner",
"update_subnet:service_types": "rule:admin_only",
"delete_subnet": "rule:admin_or_network_owner",
"create_subnetpool": "",
"create_subnetpool:shared": "rule:admin_only",
"create_subnetpool:is_default": "rule:admin_only",
"get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools",
"update_subnetpool": "rule:admin_or_owner",
"update_subnetpool:is_default": "rule:admin_only",
"delete_subnetpool": "rule:admin_or_owner",
"create_address_scope": "",
"create_address_scope:shared": "rule:admin_only",
"get_address_scope": "rule:admin_or_owner or rule:shared_address_scopes",
"update_address_scope": "rule:admin_or_owner",
"update_address_scope:shared": "rule:admin_only",
"delete_address_scope": "rule:admin_or_owner",
"create_network": "",
"create_network:shared": "rule:admin_only",
"create_network:router:external": "rule:admin_only",
"create_network:is_default": "rule:admin_only",
"create_network:segments": "rule:admin_only",
"create_network:provider:network_type": "rule:admin_only",
"create_network:provider:physical_network": "rule:admin_only",
"create_network:provider:segmentation_id": "rule:admin_only",
"get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
"get_network:router:external": "rule:regular_user",
"get_network:segments": "rule:admin_only",
"get_network:provider:network_type": "rule:admin_only",
"get_network:provider:physical_network": "rule:admin_only",
"get_network:provider:segmentation_id": "rule:admin_only",
"get_network:queue_id": "rule:admin_only",
"get_network_ip_availabilities": "rule:admin_only",
"get_network_ip_availability": "rule:admin_only",
"update_network": "rule:admin_or_owner",
"update_network:segments": "rule:admin_only",
"update_network:shared": "rule:admin_only",
"update_network:provider:network_type": "rule:admin_only",
"update_network:provider:physical_network": "rule:admin_only",
"update_network:provider:segmentation_id": "rule:admin_only",
"update_network:router:external": "rule:admin_only",
"delete_network": "rule:admin_or_owner",
"create_segment": "rule:admin_only",
"get_segment": "rule:admin_only",
"update_segment": "rule:admin_only",
"delete_segment": "rule:admin_only",
"network_device": "field:port:device_owner=~^network:",
"create_port": "",
"create_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:mac_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
"create_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:binding:host_id": "rule:admin_only",
"create_port:binding:profile": "rule:admin_only",
"create_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:allowed_address_pairs": "rule:admin_or_network_owner",
"get_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
"get_port:queue_id": "rule:admin_only",
"get_port:binding:vif_type": "rule:admin_only",
"get_port:binding:vif_details": "rule:admin_only",
"get_port:binding:host_id": "rule:admin_only",
"get_port:binding:profile": "rule:admin_only",
"update_port": "rule:admin_or_owner or rule:context_is_advsvc",
"update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
"update_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
"update_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:binding:host_id": "rule:admin_only",
"update_port:binding:profile": "rule:admin_only",
"update_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:allowed_address_pairs": "rule:admin_or_network_owner",
"update_port:data_plane_status": "rule:admin_or_data_plane_int",
"delete_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
"create_router": "rule:regular_user",
"create_router:external_gateway_info": "rule:admin_or_owner",
"create_router:external_gateway_info:network_id": "rule:admin_or_owner",
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"create_router:distributed": "rule:admin_only",
"create_router:ha": "rule:admin_only",
"get_router": "rule:admin_or_owner",
"get_router:ha": "rule:admin_only",
"get_router:distributed": "rule:admin_only",
"update_router": "rule:admin_or_owner",
"update_router:external_gateway_info": "rule:admin_or_owner",
"update_router:external_gateway_info:network_id": "rule:admin_or_owner",
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"update_router:distributed": "rule:admin_only",
"update_router:ha": "rule:admin_only",
"delete_router": "rule:admin_or_owner",
"add_router_interface": "rule:admin_or_owner",
"remove_router_interface": "rule:admin_or_owner",
"create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only",
"get_agent": "rule:admin_only",
"update_agent": "rule:admin_only",
"delete_agent": "rule:admin_only",
"create_dhcp-network": "rule:admin_only",
"get_dhcp-networks": "rule:admin_only",
"delete_dhcp-network": "rule:admin_only",
"create_l3-router": "rule:admin_only",
"get_l3-routers": "rule:admin_only",
"delete_l3-router": "rule:admin_only",
"get_dhcp-agents": "rule:admin_only",
"get_l3-agents": "rule:admin_only",
"get_loadbalancer-agent": "rule:admin_only",
"get_loadbalancer-pools": "rule:admin_only",
"get_agent-loadbalancers": "rule:admin_only",
"get_loadbalancer-hosting-agent": "rule:admin_only",
"create_floatingip": "rule:regular_user",
"create_floatingip:floating_ip_address": "rule:admin_only",
"get_floatingip": "rule:admin_or_owner",
"get_floatingip_pool": "rule:regular_user",
"update_floatingip": "rule:admin_or_owner",
"delete_floatingip": "rule:admin_or_owner",
"create_network_profile": "rule:admin_only",
"get_network_profiles": "",
"get_network_profile": "",
"update_network_profile": "rule:admin_only",
"delete_network_profile": "rule:admin_only",
"get_policy_profiles": "",
"get_policy_profile": "",
"update_policy_profiles": "rule:admin_only",
"create_metering_label": "rule:admin_only",
"get_metering_label": "rule:admin_only",
"delete_metering_label": "rule:admin_only",
"create_metering_label_rule": "rule:admin_only",
"get_metering_label_rule": "rule:admin_only",
"delete_metering_label_rule": "rule:admin_only",
"create_lsn": "rule:admin_only",
"get_lsn": "rule:admin_only",
"get_service_provider": "rule:regular_user",
"create_flavor": "rule:admin_only",
"get_flavors": "rule:regular_user",
"get_flavor": "rule:regular_user",
"update_flavor": "rule:admin_only",
"delete_flavor": "rule:admin_only",
"create_service_profile": "rule:admin_only",
"get_service_profiles": "rule:admin_only",
"get_service_profile": "rule:admin_only",
"update_service_profile": "rule:admin_only",
"delete_service_profile": "rule:admin_only",
"create_policy": "rule:admin_only",
"get_policy": "rule:regular_user",
"update_policy": "rule:admin_only",
"delete_policy": "rule:admin_only",
"create_policy_bandwidth_limit_rule": "rule:admin_only",
"get_policy_bandwidth_limit_rule": "rule:regular_user",
"update_policy_bandwidth_limit_rule": "rule:admin_only",
"delete_policy_bandwidth_limit_rule": "rule:admin_only",
"create_policy_dscp_marking_rule": "rule:admin_only",
"get_policy_dscp_marking_rule": "rule:regular_user",
"update_policy_dscp_marking_rule": "rule:admin_only",
"delete_policy_dscp_marking_rule": "rule:admin_only",
"get_rule_type": "rule:regular_user",
"create_policy_minimum_bandwidth_rule": "rule:admin_only",
"get_policy_minimum_bandwidth_rule": "rule:regular_user",
"update_policy_minimum_bandwidth_rule": "rule:admin_only",
"delete_policy_minimum_bandwidth_rule": "rule:admin_only",
"restrict_wildcard": "(not field:rbac_policy:target_tenant=*) or rule:admin_only",
"create_rbac_policy": "",
"create_rbac_policy:target_tenant": "rule:restrict_wildcard",
"get_rbac_policy": "rule:admin_or_owner",
"update_rbac_policy": "rule:admin_or_owner",
"update_rbac_policy:target_tenant": "rule:restrict_wildcard and rule:admin_or_owner",
"delete_rbac_policy": "rule:admin_or_owner",
"create_flavor_service_profile": "rule:admin_only",
"get_flavor_service_profile": "rule:regular_user",
"delete_flavor_service_profile": "rule:admin_only",
"get_auto_allocated_topology": "rule:admin_or_owner",
"delete_auto_allocated_topology": "rule:admin_or_owner",
"create_trunk": "rule:regular_user",
"get_trunk": "rule:admin_or_owner",
"delete_trunk": "rule:admin_or_owner",
"add_subports": "rule:admin_or_owner",
"get_subports": "",
"remove_subports": "rule:admin_or_owner",
"create_security_group": "rule:admin_or_owner",
"get_security_groups": "rule:admin_or_owner",
"get_security_group": "rule:admin_or_owner",
"update_security_group": "rule:admin_or_owner",
"delete_security_group": "rule:admin_or_owner",
"create_security_group_rule": "rule:admin_or_owner",
"get_security_group_rules": "rule:admin_or_owner",
"get_security_group_rule": "rule:admin_or_owner",
"delete_security_group_rule": "rule:admin_or_owner",
"get_loggable_resources": "rule:admin_only",
"create_log": "rule:admin_only",
"get_log": "rule:admin_only",
"get_logs": "rule:admin_only",
"update_log": "rule:admin_only",
"delete_log": "rule:admin_only",
"create_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner",
"get_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner",
"get_floatingip_port_forwardings": "rule:admin_or_ext_parent_owner",
"update_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner",
"delete_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner"
}
創建一個policy
neutron qos-policy-create 100M
Created a new policy:
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| created_at | 2021-08-16T06:39:29Z |
| description | |
| id | dab6ab4d-d934-4e23-bfd4-573501341283 |
| is_default | False |
| name | 100M |
| project_id | bb780174db4d4c94883c9a083d91463d |
| revision_number | 0 |
| rules | |
| shared | False |
| tags | |
| tenant_id | bb780174db4d4c94883c9a083d91463d |
| updated_at | 2021-08-16T06:39:29Z |
+-----------------+--------------------------------------+
添加限速rule
neutron qos-bandwidth-limit-rule-create 100M --max-kbps 102400 --max-burst-kbps 10240
Created a new bandwidth_limit_rule:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| direction | egress |
| id | b94e6512-13e3-4880-bd46-7ef5f9f0ce40 |
| max_burst_kbps | 10240 |
| max_kbps | 102400 |
+----------------+--------------------------------------+
注:egress為出口,即上行;ingress為入口,即下行。默認創建的策略都是egress。#--max-burst-kbps為突發值
綁定Port
neutron port-list | grep 110.38
| 45549e8b-e45a-4d03-831f-0bf9615b6a38 | bb780174db4d4c94883c9a083d91463d | fa:16:3e:9c:bf:ad | {"subnet_id": "016bcbe0-407e-4615-bcd5-f0b8d42aaac8", "ip_address": "10.2.110.38"} |
neutron port-update 45549e8b-e45a-4d03-831f-0bf9615b6a38 --qos-policy 100M
neutron port-show 45549e8b-e45a-4d03-831f-0bf9615b6a38
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | kshq-computer-164 |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true} |
| binding:vif_type | bridge |
| binding:vnic_type | normal |
| created_at | 2021-06-25T06:44:52Z |
| description | |
| device_id | 62ad35b2-e68b-40a2-b9f3-b19a190dda60 |
| device_owner | compute:High Clock Speed AZ |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "016bcbe0-407e-4615-bcd5-f0b8d42aaac8", "ip_address": "10.2.110.38"} |
| id | 45549e8b-e45a-4d03-831f-0bf9615b6a38 |
| mac_address | fa:16:3e:9c:bf:ad |
| name | |
| network_id | 0530e38d-2fa9-45fb-8ccc-89b9150a931e |
| port_security_enabled | True |
| project_id | bb780174db4d4c94883c9a083d91463d |
| qos_policy_id | c637c6c3-a07f-419d-8172-a95dd261f8c8 |
| resource_request | |
| revision_number | 52 |
| security_groups | 3710bb50-bcfa-4a10-a043-4b381f9fe4ee |
| status | ACTIVE |
| tags | |
| tenant_id | bb780174db4d4c94883c9a083d91463d |
| updated_at | 2021-08-16T07:07:03Z |
+-----------------------+------------------------------------------------------------------------------------+
下圖為生產限速100M變更為1G帶寬的截圖
為了將端口從QoS策略中分離,只需再次更新端口配置。
neutron port-update 45549e8b-e45a-4d03-831f-0bf9615b6a38 --no-qos-policy
綁定Network
neutron net-update <network_id> --qos-policy <qos_policy_id>
neutron net-update 0530e38d-2fa9-45fb-8ccc-89b9150a931e --qos-policy 100M
neutron net-list --fit-width
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------------------------------------+----------------------------------+-----------------------------------------+
| id | name | tenant_id | subnets |
+--------------------------------------+----------------------------------------+----------------------------------+-----------------------------------------+
| 0530e38d-2fa9-45fb-8ccc-89b9150a931e | VLAN 110 | bb780174db4d4c94883c9a083d91463d | 016bcbe0-407e-4615-bcd5-f0b8d42aaac8 |
| | | | 10.2.110.0/24
作者:Dexter_Wang 工作崗位:某互聯網公司資深Linux架構師 聯系郵箱:993852246@qq.com