Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 10. Configuring Quality of Service (QoS) policies

With Red Hat OpenStack Platform network quality-of-service (QoS) policies, an OpenStack administrator can offer varying service levels by applying rate limits to egress traffic for instances. As a result of implementing a QoS policy, any traffic that exceeds the specified rate is consequently dropped.

10.1. QoS policy scope
Copier lien

You can apply QoS policies to individual ports, or to a particular tenant network, where ports with no specific policy attached inherit the policy.

10.2. Creating and applying a QoS policy and rule
Copier lien

To create a quality of service (QoS) policy and rule and apply the policy to a port, complete the following steps:

  1. If the qos extension is not already enabled for OpenStack Networking in /etc/neutron/plugins/ml2/<agent_name>_agent.ini, then follow these steps:

    1. Create a custom Heat environment file, and add the following lines: 

      parameter_defaults:
  NeutronSriovAgentExtensions: 'qos'
      Copy to Clipboard Toggle word wrap
      Important

      YAML files are extremely sensitive about where in the file a parameter is placed. Make sure that parameter_defaults: starts in the first column (no leading whitespace characters), and your parameter value pair starts in column three (the parameter has two whitespace characters in front of it).

    2. Run the Red Hat OpenStack Platform director command, openstack overcloud deploy and include all your current environment files and this custom new one.

      For more information, see "Modifying the overcloud environment" in the Director Installation and Usage guide.

  2. Review the list of tenants and determine the id of where you need to create QoS policy: 

    # openstack project list
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 4b0b98f8c6c040f38ba4f7146e8680f5 | auditors |
| 519e6344f82e4c079c8e2eabb690023b | services |
| 80bf5732752a41128e612fe615c886c6 | demo     |
| 98a2f53c20ce4d50a40dac4a38016c69 | admin    |
+----------------------------------+----------+
    Copy to Clipboard Toggle word wrap

  3. Create a QoS policy named bw-limiter in the admin tenant: 

    # openstack network qos policy create --project 98a2f53c20ce4d50a40dac4a38016c69 bw-limiter
    Copy to Clipboard Toggle word wrap

  4. Configure the policing rules for the bw-limiter policy: 

    # openstack network qos rule create --type bandwidth-limit --max-kbps 3000 --max-burst-kbits 30000 bw-limiter
    Copy to Clipboard Toggle word wrap

  5. Configure a neutron port to apply the bw-limiter policy: 

    # openstack port set --qos-policy bw-limiter port_name_or_id
    Copy to Clipboard Toggle word wrap

  6. Review the QoS rule. For example: 

    # openstack network qos policy show 9be535c3-daa2-4d7b-88ea-e8de16

+-------------------+---------------------------------+
| Field             | Value                           |
+-------------------+---------------------------------+
| id                | 9be535c3-daa2-4d7b-88ea-e8de16  |
| rule_type         | bandwidth_limit                 |
| description       |                                 |
| max_kbps          | 3000                            |
| max_burst_kbps    | 300                             |
+-------------------+---------------------------------+
    Copy to Clipboard Toggle word wrap

These values allow you to configure the policing algorithm accordingly:

  • max_kbps - the maximum rate (in Kbps) that the instance is allowed to send.
  • max_burst_kbps - the maximum amount of data (in kbits) that the port could send in a instant if the token buffer was full. The token buffer is replenished at a "max_kbps" rate.

10.3. DSCP marking for egress traffic
Copier lien

You can use differentiated services code point (DSCP) to implement quality-of-service (QoS) policies on your network by embedding relevant values in the IP headers. The Networking service (neutron) QoS policies can use DSCP marking to manage egress traffic on neutron ports and networks.

Procedure

  1. If you are:

    • using ML2/OVN, skip to step 2.
    • using ML2/OVS without a tunneling protocol, skip to step 2.

    • using ML2/OVS with a tunneling protocol (VXLAN and GRE), then perform the following steps:

      1. Log in to the undercloud host as the stack user. 

        $ source ~/stackrc
        Copy to Clipboard Toggle word wrap

      2. Create a custom YAML environment file.

        Example

        $ vi /home/stack/templates/my-neutron-environment.yaml
        Copy to Clipboard Toggle word wrap

      3. In the YAML environment file under parameter_defaults, add the following lines: 

        parameter_defaults:
    ControllerExtraConfig:
        neutron::config::server_config:
          agent/dscp_inherit:
            value: true
        Copy to Clipboard Toggle word wrap

        When dscp_inherit is true, the Networking service copies the DSCP value of the inner header to the outer header.

      4. Run the deployment command and include the core heat templates, environment files, and this new custom environment file.

        Important

        The order of the environment files is important as the parameters and resources defined in subsequent environment files take precedence.

        Example

        $ openstack overcloud deploy --templates \
-e [your-environment-files] \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/ \
neutron-ovs.yaml \
-e /home/stack/templates/my-neutron-environment.yaml
        Copy to Clipboard Toggle word wrap

  2. Source your credentials file.

    Example

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  3. Create a new QoS policy:

    Example

    openstack network qos policy create --project 98a2f53c20ce4d50a40dac4a38016c69 qos-web-servers
    Copy to Clipboard Toggle word wrap

  4. Create a DSCP rule and apply it to a policy.

    Example

    In this example, a DSCP rule is created using DSCP mark 18 and is applied to the qos-web-servers policy: 

    openstack network qos rule create --type dscp-marking --dscp-mark 18 qos-web-servers
    Copy to Clipboard Toggle word wrap

    Sample output

    Created a new dscp_marking_rule:
+-----------+--------------------------------------+
| Field     | Value                                |
+-----------+--------------------------------------+
| dscp_mark | 18                                   |
| id        | d7f976ec-7fab-4e60-af70-f59bf88198e6 |
+-----------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

  5. You can change the DSCP value assigned to a rule.

    Example

    openstack network qos rule set --dscp-mark 22 qos-web-servers d7f976ec-7fab-4e60-af70-f59bf88198e6
    Copy to Clipboard Toggle word wrap

  6. You can delete a DSCP rule.

    Example

    openstack network qos rule delete qos-web-servers d7f976ec-7fab-4e60-af70-f59bf88198e6
    Copy to Clipboard Toggle word wrap

Verification

  • Confirm that the DSCP rule (d7f976ec-7fab-4e60-af70-f59bf88198e6) is applied to the QoS policy (qos-web-servers).

    Example

    openstack network qos rule list qos-web-servers
    Copy to Clipboard Toggle word wrap

    Sample output

    +-----------+--------------------------------------+
| dscp_mark | id                                   |
+-----------+--------------------------------------+
|        18 | d7f976ec-7fab-4e60-af70-f59bf88198e6 |
+-----------+--------------------------------------+
    Copy to Clipboard Toggle word wrap

10.4. RBAC for QoS Policies
Copier lien

You can add a role-based access control (RBAC) for quality-of-service (QoS) policies. As a result, you can now make QoS policies available to certain projects.

For example, you can now create a QoS policy that allows for lower-priority network traffic, and have it only apply to certain projects. Run the following command to assign the bw-limiter policy to the project, demo: 

# openstack network rbac create --type qos_policy --target-project 80bf5732752a41128e612fe615c886c6 --action access_as_shared rbac_name
Copy to Clipboard Toggle word wrap
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat