QoS被定义为保证某些网络需求(如带宽,延迟,抖动和可靠性)以满足应用提供商与最终用户之间的服务水平协议(SLA)的能力。
网络设备(如交换机和路由器)可以标记流量,以便以更高的优先级处理流量,以满足SLA下约定的QoS条件。在其他情况下,诸如IP语音(VoIP)和视频流之类的某些网络流量需要以最小的带宽约束来传送。在没有网络QoS管理的系统上,所有流量将以“尽力而为”的方式传输,使得不可能保证向客户的服务传递。
QoS是一种高级服务插件。 QoS在多个级别上与OpenStack Networking代码的其余部分分离,并且可以通过ml2扩展驱动程序获得。
支持的QoS规则类型
任何插件或ml2机制驱动程序都可以通过提供一个名为supported_qos_rule_types的插件/驱动程序类属性来声明对某些QoS规则类型的支持,该属性返回与QoS规则类型对应的字符串列表。
在最简单的情况下,属性可以通过在类上定义的简单的Python列表来表示。
对于ml2插件,支持的QoS规则类型的列表被定义为所有活动机制驱动程序支持的规则的公共子集。
配置
要启用该服务,请按照以下步骤操作:
在网络节点上:
将QoS服务添加到/etc/neutron/neutron.conf中的service_plugins设置。 例如:
service_plugins = router,lbaasv2,neutron.services.qos.qos_plugin.QoSPlugin
在/etc/neutron/plugins/ml2/ml2_conf.ini中,在[ml2]部分的extension_drivers中添加qos。 例如:
[ml2]
extension_drivers = port_security, qos
在计算节点上:
1.在/etc/neutron/plugins/ml2/linuxbridge_agent.ini中,将qos添加到[agent]部分中的扩展设置。 例如:
[agent]
extensions = qos
添加policy.json
vim /etc/neutron/policy.json
#配置json策略文件 以下为官方文档选项,此处只选用bandwidth limit
如果项目被信任在您的云中管理自己的QoS策略,可以修改neutron的文件policy.json以允许这样做。
修改/etc/neutron/policy.json策略条目,如下所示:
"get_policy": "rule:regular_user",
"create_policy": "rule:regular_user",
"update_policy": "rule:regular_user",
"delete_policy": "rule:regular_user",
启用带宽限制规则:
"get_policy_bandwidth_limit_rule": "rule:regular_user",
"create_policy_bandwidth_limit_rule": "rule:admin_only",
"delete_policy_bandwidth_limit_rule": "rule:admin_only",
"update_policy_bandwidth_limit_rule": "rule:admin_only",
"get_rule_type": "rule:regular_user",
启用DSCP标记规则:
"get_policy_dscp_marking_rule": "rule:regular_user",
"create_dscp_marking_rule": "rule:admin_only",
"delete_dscp_marking_rule": "rule:admin_only",
"update_dscp_marking_rule": "rule:admin_only",
"get_rule_type": "rule:regular_user",
官方的policy.json配置,文件位置:https://github.com/openstack/neutron/blob/4b40a4c3231486898923cee70f9d70d6ad803769/etc/policy.json
{
"context_is_admin": "role:admin",
"owner": "tenant_id:%(tenant_id)s",
"admin_or_owner": "rule:context_is_admin or rule:owner",
"context_is_advsvc": "role:advsvc",
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
"admin_owner_or_network_owner": "rule:owner or rule:admin_or_network_owner",
"admin_only": "rule:context_is_admin",
"regular_user": "",
"admin_or_data_plane_int": "rule:context_is_admin or role:data_plane_integrator",
"shared": "field:networks:shared=True",
"shared_subnetpools": "field:subnetpools:shared=True",
"shared_address_scopes": "field:address_scopes:shared=True",
"external": "field:networks:router:external=True",
"default": "rule:admin_or_owner",
"admin_or_ext_parent_owner": "rule:context_is_admin or tenant_id:%(ext_parent:tenant_id)s",
"create_subnet": "rule:admin_or_network_owner",
"create_subnet:segment_id": "rule:admin_only",
"create_subnet:service_types": "rule:admin_only",
"get_subnet": "rule:admin_or_owner or rule:shared",
"get_subnet:segment_id": "rule:admin_only",
"update_subnet": "rule:admin_or_network_owner",
"update_subnet:service_types": "rule:admin_only",
"delete_subnet": "rule:admin_or_network_owner",
"create_subnetpool": "",
"create_subnetpool:shared": "rule:admin_only",
"create_subnetpool:is_default": "rule:admin_only",
"get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools",
"update_subnetpool": "rule:admin_or_owner",
"update_subnetpool:is_default": "rule:admin_only",
"delete_subnetpool": "rule:admin_or_owner",
"create_address_scope": "",
"create_address_scope:shared": "rule:admin_only",
"get_address_scope": "rule:admin_or_owner or rule:shared_address_scopes",
"update_address_scope": "rule:admin_or_owner",
"update_address_scope:shared": "rule:admin_only",
"delete_address_scope": "rule:admin_or_owner",
"create_network": "",
"create_network:shared": "rule:admin_only",
"create_network:router:external": "rule:admin_only",
"create_network:is_default": "rule:admin_only",
"create_network:segments": "rule:admin_only",
"create_network:provider:network_type": "rule:admin_only",
"create_network:provider:physical_network": "rule:admin_only",
"create_network:provider:segmentation_id": "rule:admin_only",
"get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
"get_network:router:external": "rule:regular_user",
"get_network:segments": "rule:admin_only",
"get_network:provider:network_type": "rule:admin_only",
"get_network:provider:physical_network": "rule:admin_only",
"get_network:provider:segmentation_id": "rule:admin_only",
"get_network:queue_id": "rule:admin_only",
"get_network_ip_availabilities": "rule:admin_only",
"get_network_ip_availability": "rule:admin_only",
"update_network": "rule:admin_or_owner",
"update_network:segments": "rule:admin_only",
"update_network:shared": "rule:admin_only",
"update_network:provider:network_type": "rule:admin_only",
"update_network:provider:physical_network": "rule:admin_only",
"update_network:provider:segmentation_id": "rule:admin_only",
"update_network:router:external": "rule:admin_only",
"delete_network": "rule:admin_or_owner",
"create_segment": "rule:admin_only",
"get_segment": "rule:admin_only",
"update_segment": "rule:admin_only",
"delete_segment": "rule:admin_only",
"network_device": "field:port:device_owner=~^network:",
"create_port": "",
"create_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:mac_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
"create_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:binding:host_id": "rule:admin_only",
"create_port:binding:profile": "rule:admin_only",
"create_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:allowed_address_pairs": "rule:admin_or_network_owner",
"get_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
"get_port:queue_id": "rule:admin_only",
"get_port:binding:vif_type": "rule:admin_only",
"get_port:binding:vif_details": "rule:admin_only",
"get_port:binding:host_id": "rule:admin_only",
"get_port:binding:profile": "rule:admin_only",
"update_port": "rule:admin_or_owner or rule:context_is_advsvc",
"update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
"update_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
"update_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:binding:host_id": "rule:admin_only",
"update_port:binding:profile": "rule:admin_only",
"update_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:allowed_address_pairs": "rule:admin_or_network_owner",
"update_port:data_plane_status": "rule:admin_or_data_plane_int",
"delete_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
"create_router": "rule:regular_user",
"create_router:external_gateway_info": "rule:admin_or_owner",
"create_router:external_gateway_info:network_id": "rule:admin_or_owner",
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"create_router:distributed": "rule:admin_only",
"create_router:ha": "rule:admin_only",
"get_router": "rule:admin_or_owner",
"get_router:ha": "rule:admin_only",
"get_router:distributed": "rule:admin_only",
"update_router": "rule:admin_or_owner",
"update_router:external_gateway_info": "rule:admin_or_owner",
"update_router:external_gateway_info:network_id": "rule:admin_or_owner",
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"update_router:distributed": "rule:admin_only",
"update_router:ha": "rule:admin_only",
"delete_router": "rule:admin_or_owner",
"add_router_interface": "rule:admin_or_owner",
"remove_router_interface": "rule:admin_or_owner",
"create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only",
"get_agent": "rule:admin_only",
"update_agent": "rule:admin_only",
"delete_agent": "rule:admin_only",
"create_dhcp-network": "rule:admin_only",
"get_dhcp-networks": "rule:admin_only",
"delete_dhcp-network": "rule:admin_only",
"create_l3-router": "rule:admin_only",
"get_l3-routers": "rule:admin_only",
"delete_l3-router": "rule:admin_only",
"get_dhcp-agents": "rule:admin_only",
"get_l3-agents": "rule:admin_only",
"get_loadbalancer-agent": "rule:admin_only",
"get_loadbalancer-pools": "rule:admin_only",
"get_agent-loadbalancers": "rule:admin_only",
"get_loadbalancer-hosting-agent": "rule:admin_only",
"create_floatingip": "rule:regular_user",
"create_floatingip:floating_ip_address": "rule:admin_only",
"get_floatingip": "rule:admin_or_owner",
"get_floatingip_pool": "rule:regular_user",
"update_floatingip": "rule:admin_or_owner",
"delete_floatingip": "rule:admin_or_owner",
"create_network_profile": "rule:admin_only",
"get_network_profiles": "",
"get_network_profile": "",
"update_network_profile": "rule:admin_only",
"delete_network_profile": "rule:admin_only",
"get_policy_profiles": "",
"get_policy_profile": "",
"update_policy_profiles": "rule:admin_only",
"create_metering_label": "rule:admin_only",
"get_metering_label": "rule:admin_only",
"delete_metering_label": "rule:admin_only",
"create_metering_label_rule": "rule:admin_only",
"get_metering_label_rule": "rule:admin_only",
"delete_metering_label_rule": "rule:admin_only",
"create_lsn": "rule:admin_only",
"get_lsn": "rule:admin_only",
"get_service_provider": "rule:regular_user",
"create_flavor": "rule:admin_only",
"get_flavors": "rule:regular_user",
"get_flavor": "rule:regular_user",
"update_flavor": "rule:admin_only",
"delete_flavor": "rule:admin_only",
"create_service_profile": "rule:admin_only",
"get_service_profiles": "rule:admin_only",
"get_service_profile": "rule:admin_only",
"update_service_profile": "rule:admin_only",
"delete_service_profile": "rule:admin_only",
"create_policy": "rule:admin_only",
"get_policy": "rule:regular_user",
"update_policy": "rule:admin_only",
"delete_policy": "rule:admin_only",
"create_policy_bandwidth_limit_rule": "rule:admin_only",
"get_policy_bandwidth_limit_rule": "rule:regular_user",
"update_policy_bandwidth_limit_rule": "rule:admin_only",
"delete_policy_bandwidth_limit_rule": "rule:admin_only",
"create_policy_dscp_marking_rule": "rule:admin_only",
"get_policy_dscp_marking_rule": "rule:regular_user",
"update_policy_dscp_marking_rule": "rule:admin_only",
"delete_policy_dscp_marking_rule": "rule:admin_only",
"get_rule_type": "rule:regular_user",
"create_policy_minimum_bandwidth_rule": "rule:admin_only",
"get_policy_minimum_bandwidth_rule": "rule:regular_user",
"update_policy_minimum_bandwidth_rule": "rule:admin_only",
"delete_policy_minimum_bandwidth_rule": "rule:admin_only",
"restrict_wildcard": "(not field:rbac_policy:target_tenant=*) or rule:admin_only",
"create_rbac_policy": "",
"create_rbac_policy:target_tenant": "rule:restrict_wildcard",
"get_rbac_policy": "rule:admin_or_owner",
"update_rbac_policy": "rule:admin_or_owner",
"update_rbac_policy:target_tenant": "rule:restrict_wildcard and rule:admin_or_owner",
"delete_rbac_policy": "rule:admin_or_owner",
"create_flavor_service_profile": "rule:admin_only",
"get_flavor_service_profile": "rule:regular_user",
"delete_flavor_service_profile": "rule:admin_only",
"get_auto_allocated_topology": "rule:admin_or_owner",
"delete_auto_allocated_topology": "rule:admin_or_owner",
"create_trunk": "rule:regular_user",
"get_trunk": "rule:admin_or_owner",
"delete_trunk": "rule:admin_or_owner",
"add_subports": "rule:admin_or_owner",
"get_subports": "",
"remove_subports": "rule:admin_or_owner",
"create_security_group": "rule:admin_or_owner",
"get_security_groups": "rule:admin_or_owner",
"get_security_group": "rule:admin_or_owner",
"update_security_group": "rule:admin_or_owner",
"delete_security_group": "rule:admin_or_owner",
"create_security_group_rule": "rule:admin_or_owner",
"get_security_group_rules": "rule:admin_or_owner",
"get_security_group_rule": "rule:admin_or_owner",
"delete_security_group_rule": "rule:admin_or_owner",
"get_loggable_resources": "rule:admin_only",
"create_log": "rule:admin_only",
"get_log": "rule:admin_only",
"get_logs": "rule:admin_only",
"update_log": "rule:admin_only",
"delete_log": "rule:admin_only",
"create_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner",
"get_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner",
"get_floatingip_port_forwardings": "rule:admin_or_ext_parent_owner",
"update_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner",
"delete_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner"
}
创建一个policy
neutron qos-policy-create 100M
Created a new policy:
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| created_at | 2021-08-16T06:39:29Z |
| description | |
| id | dab6ab4d-d934-4e23-bfd4-573501341283 |
| is_default | False |
| name | 100M |
| project_id | bb780174db4d4c94883c9a083d91463d |
| revision_number | 0 |
| rules | |
| shared | False |
| tags | |
| tenant_id | bb780174db4d4c94883c9a083d91463d |
| updated_at | 2021-08-16T06:39:29Z |
+-----------------+--------------------------------------+
添加限速rule
neutron qos-bandwidth-limit-rule-create 100M --max-kbps 102400 --max-burst-kbps 10240
Created a new bandwidth_limit_rule:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| direction | egress |
| id | b94e6512-13e3-4880-bd46-7ef5f9f0ce40 |
| max_burst_kbps | 10240 |
| max_kbps | 102400 |
+----------------+--------------------------------------+
注:egress为出口,即上行;ingress为入口,即下行。默认创建的策略都是egress。#--max-burst-kbps为突发值
绑定Port
neutron port-list | grep 110.38
| 45549e8b-e45a-4d03-831f-0bf9615b6a38 | bb780174db4d4c94883c9a083d91463d | fa:16:3e:9c:bf:ad | {"subnet_id": "016bcbe0-407e-4615-bcd5-f0b8d42aaac8", "ip_address": "10.2.110.38"} |
neutron port-update 45549e8b-e45a-4d03-831f-0bf9615b6a38 --qos-policy 100M
neutron port-show 45549e8b-e45a-4d03-831f-0bf9615b6a38
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | kshq-computer-164 |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true} |
| binding:vif_type | bridge |
| binding:vnic_type | normal |
| created_at | 2021-06-25T06:44:52Z |
| description | |
| device_id | 62ad35b2-e68b-40a2-b9f3-b19a190dda60 |
| device_owner | compute:High Clock Speed AZ |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "016bcbe0-407e-4615-bcd5-f0b8d42aaac8", "ip_address": "10.2.110.38"} |
| id | 45549e8b-e45a-4d03-831f-0bf9615b6a38 |
| mac_address | fa:16:3e:9c:bf:ad |
| name | |
| network_id | 0530e38d-2fa9-45fb-8ccc-89b9150a931e |
| port_security_enabled | True |
| project_id | bb780174db4d4c94883c9a083d91463d |
| qos_policy_id | c637c6c3-a07f-419d-8172-a95dd261f8c8 |
| resource_request | |
| revision_number | 52 |
| security_groups | 3710bb50-bcfa-4a10-a043-4b381f9fe4ee |
| status | ACTIVE |
| tags | |
| tenant_id | bb780174db4d4c94883c9a083d91463d |
| updated_at | 2021-08-16T07:07:03Z |
+-----------------------+------------------------------------------------------------------------------------+
下图为生产限速100M变更为1G带宽的截图
为了将端口从QoS策略中分离,只需再次更新端口配置。
neutron port-update 45549e8b-e45a-4d03-831f-0bf9615b6a38 --no-qos-policy
绑定Network
neutron net-update <network_id> --qos-policy <qos_policy_id>
neutron net-update 0530e38d-2fa9-45fb-8ccc-89b9150a931e --qos-policy 100M
neutron net-list --fit-width
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------------------------------------+----------------------------------+-----------------------------------------+
| id | name | tenant_id | subnets |
+--------------------------------------+----------------------------------------+----------------------------------+-----------------------------------------+
| 0530e38d-2fa9-45fb-8ccc-89b9150a931e | VLAN 110 | bb780174db4d4c94883c9a083d91463d | 016bcbe0-407e-4615-bcd5-f0b8d42aaac8 |
| | | | 10.2.110.0/24
作者:Dexter_Wang 工作岗位:某互联网公司资深Linux架构师 联系邮箱:993852246@qq.com