Chapter 10. Configuring Quality of Service (QoS) policies
With Red Hat OpenStack Platform network quality-of-service (QoS) policies, an OpenStack administrator can offer varying service levels by applying rate limits to egress traffic for instances. As a result of implementing a QoS policy, any traffic that exceeds the specified rate is consequently dropped.
10.1. QoS policy scope
You can apply QoS policies to individual ports, or to a particular tenant network, where ports with no specific policy attached inherit the policy.
10.2. QoS policy management
You can apply, modify, or remove quality-of-service (QoS) policies dynamically. Complete the steps in this example procedure to create a bandwidth limiting rule manually and apply the rule to a port:
If the
qos
extension is not already enabled for OpenStack Networking in /etc/neutron/plugins/ml2/<agent_name>_agent.ini, then follow these steps:Create a custom Heat environment file, and add the following lines:
parameter_defaults: NeutronSriovAgentExtensions: 'qos'
ImportantYAML files are extremely sensitive about where in the file a parameter is placed. Make sure that
parameter_defaults:
starts in the first column (no leading whitespace characters), and your parameter value pair starts in column three (the parameter has two whitespace characters in front of it).Run the Red Hat OpenStack Platform director command,
openstack overcloud deploy
and include all your current environment files and this custom new one.For more information, see "Modifying the overcloud environment" in the Director Installation and Usage guide.
Review the list of tenants and determine the id of where you need to create QoS policy:
# openstack project list +----------------------------------+----------+ | ID | Name | +----------------------------------+----------+ | 4b0b98f8c6c040f38ba4f7146e8680f5 | auditors | | 519e6344f82e4c079c8e2eabb690023b | services | | 80bf5732752a41128e612fe615c886c6 | demo | | 98a2f53c20ce4d50a40dac4a38016c69 | admin | +----------------------------------+----------+
Create a QoS policy named
bw-limiter
in theadmin
tenant:# openstack network qos policy create --project 98a2f53c20ce4d50a40dac4a38016c69 bw-limiter
Configure the policing rules for the
bw-limiter
policy:# openstack network qos rule create --type bandwidth-limit --max-kbps 3000 --max-burst-kbits 30000 bw-limiter
Configure a neutron port to apply the
bw-limiter
policy:# openstack port set --qos-policy bw-limiter port_name_or_id
Review the QoS rule. For example:
# openstack network qos policy show 9be535c3-daa2-4d7b-88ea-e8de16 +-------------------+---------------------------------+ | Field | Value | +-------------------+---------------------------------+ | id | 9be535c3-daa2-4d7b-88ea-e8de16 | | rule_type | bandwidth_limit | | description | | | max_kbps | 3000 | | max_burst_kbps | 300 | +-------------------+---------------------------------+
These values allow you to configure the policing algorithm accordingly:
-
max_kbps
- the maximum rate (in Kbps) that the instance is allowed to send. -
max_burst_kbps
- the maximum amount of data (in kbits) that the port could send in a instant if the token buffer was full. The token buffer is replenished at a "max_kbps" rate.
10.3. DSCP marking for egress traffic
You can use differentiated services code point (DSCP) to implement quality-of-service (QoS) policies on your network by embedding relevant values in the IP headers. OpenStack Networking (neutron) QoS policies can use DSCP marking to manage egress traffic on neutron ports and networks. At present, DSCP is available only for VLAN and flat provider networks using Open vSwitch (OVS).
Complete the steps in this example procedure to create a policy, define DSCP rules, and apply the rules to the policy. These rules use the --dscp-mark
parameter, which specifies the decimal value of a DSCP mark.
Create a new QoS policy:
openstack network qos policy create --project 98a2f53c20ce4d50a40dac4a38016c69 qos_policy_name
Create a DSCP rule and apply it to the
qos-web-servers
policy, using DSCP mark18
:openstack network qos rule create --type dscp-marking --dscp-mark 18 qos_policy_name Created a new dscp_marking_rule: +-----------+--------------------------------------+ | Field | Value | +-----------+--------------------------------------+ | dscp_mark | 18 | | id | d7f976ec-7fab-4e60-af70-f59bf88198e6 | +-----------+--------------------------------------+
View the DSCP rules for QoS policy,
qos-web-servers
:openstack network qos rule list qos-web-servers +-----------+--------------------------------------+ | dscp_mark | id | +-----------+--------------------------------------+ | 18 | d7f976ec-7fab-4e60-af70-f59bf88198e6 | +-----------+--------------------------------------+
View the details of the DSCP rule assigned to policy,
qos-web-servers
:openstack network qos rule show qos-web-servers d7f976ec-7fab-4e60-af70-f59bf88198e6 +-----------+--------------------------------------+ | Field | Value | +-----------+--------------------------------------+ | dscp_mark | 18 | | id | d7f976ec-7fab-4e60-af70-f59bf88198e6 | +-----------+--------------------------------------+
Change the DSCP value assigned to a rule:
openstack network qos rule set --dscp-mark 22 qos-web-servers d7f976ec-7fab-4e60-af70-f59bf88198e6
Delete a DSCP rule:
openstack network qos rule delete qos-web-servers d7f976ec-7fab-4e60-af70-f59bf88198e6
10.4. RBAC for QoS Policies
You can add a role-based access control (RBAC) for quality-of-service (QoS) policies. As a result, you can now make QoS policies available to certain projects.
For example, you can now create a QoS policy that allows for lower-priority network traffic, and have it only apply to certain projects. Run the following command to assign the bw-limiter
policy to the tenant, demo
:
# openstack network rbac create --type qos_policy --target-project 80bf5732752a41128e612fe615c886c6 --action access_as_shared rbac_name