Red Hat SummitChapter 10. Configure Quality-of-Service (QoS)
Red Hat OpenStack Platform 11 introduces support for network quality-of-service (QoS) policies. These policies allow OpenStack administrators to offer varying service levels by applying rate limits to egress traffic for instances. As a result of implementing a QoS policy, any traffic that exceeds the specified rate is consequently dropped.
10.1. QoS Policy Scope
QoS policies are applied to individual ports, or to a particular tenant network, where ports with no specific policy attached will inherit the policy.
10.2. QoS Policy Management
QoS policies can be dynamically applied, modified, or removed. This example manually creates a bandwidth limiting rule and applies it to a port.
Review the list of tenants and determine the id of where you need to create QoS policy:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a QoS policy named
bw-limiterin theadmintenant:neutron qos-policy-create 'bw-limiter' --tenant-id 98a2f53c20ce4d50a40dac4a38016c69
# neutron qos-policy-create 'bw-limiter' --tenant-id 98a2f53c20ce4d50a40dac4a38016c69Copy to Clipboard Copied! Toggle word wrap Toggle overflow Configure the policing rules for the
bw-limiterpolicy:neutron qos-bandwidth-limit-rule-create bw-limiter --max_kbps 3000 --max_burst_kbps 3000
# neutron qos-bandwidth-limit-rule-create bw-limiter --max_kbps 3000 --max_burst_kbps 3000Copy to Clipboard Copied! Toggle word wrap Toggle overflow Configure a neutron port to apply the
bw-limiterpolicy:neutron port-update <port id> --qos-policy bw-limiter
# neutron port-update <port id> --qos-policy bw-limiterCopy to Clipboard Copied! Toggle word wrap Toggle overflow Review the QoS rule. For example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
These values allow you to configure the policing algorithm accordingly:
-
max_kbps- the maximum rate (in Kbps) that the instance is allowed to send. -
max_burst_kbps- the maximum amount of data (in kbits) that the port could send in a instant if the token buffer was full. The token buffer is replenished at a "max_kbps" rate.
10.3. DSCP Marking for Egress Traffic
Differentiated Services Code Point (DSCP) allows you to to implement QoS on your network by embedding relevant values in the IP headers. OpenStack Networking (neutron) QoS policies can now use DSCP marking to manage egress traffic on neutron ports and networks. At present, DSCP is only available for VLAN and flat provider networks using Open vSwitch (OVS); support for VXLAN is expected to follow.
In this implementation, a policy is first created, then DSCP rules are defined and applied to the policy. These rules use the --dscp-mark parameter, which specifies the decimal value of a DSCP mark. For example:
1. Create a new QoS policy:
neutron qos-policy-create qos-web-servers --tenant-id 98a2f53c20ce4d50a40dac4a38016c69
neutron qos-policy-create qos-web-servers --tenant-id 98a2f53c20ce4d50a40dac4a38016c69
2. Create a DSCP rule and apply it to the qos-web-servers policy, using DSCP mark 18:
3. View the DSCP rules for QoS policy qos-web-servers:
4. View the details of the DSCP rule assigned to policy qos-web-servers:
5. Change the DSCP value assigned to a rule:
neutron qos-dscp-marking-rule-update d7f976ec-7fab-4e60-af70-f59bf88198e6 qos-web-servers --dscp-mark 22 Updated dscp_marking_rule: d7f976ec-7fab-4e60-af70-f59bf88198e6
neutron qos-dscp-marking-rule-update d7f976ec-7fab-4e60-af70-f59bf88198e6 qos-web-servers --dscp-mark 22
Updated dscp_marking_rule: d7f976ec-7fab-4e60-af70-f59bf88198e66. Delete a DSCP rule:
neutron qos-dscp-marking-rule-delete d7f976ec-7fab-4e60-af70-f59bf88198e6 qos-web-servers Deleted dscp_marking_rule(s): d7f976ec-7fab-4e60-af70-f59bf88198e6
neutron qos-dscp-marking-rule-delete d7f976ec-7fab-4e60-af70-f59bf88198e6 qos-web-servers
Deleted dscp_marking_rule(s): d7f976ec-7fab-4e60-af70-f59bf88198e610.4. RBAC for QoS Policies
Red Hat OpenStack Platform 11 adds Role-based Access Control (RBAC) for QoS policies. As a result, you can now make QoS policies available to certain projects.
For example, you can now create a QoS policy that allows for lower-priority network traffic, and have it only apply to certain projects. In the following command below, the bw-limiter policy created previously is assigned to the demo tenant:
neutron rbac-create 'bw-limiter' --type qos-policy --target-tenant 80bf5732752a41128e612fe615c886c6 --action access_as_shared
# neutron rbac-create 'bw-limiter' --type qos-policy --target-tenant 80bf5732752a41128e612fe615c886c6 --action access_as_shared
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}