VFd

• manages configuration of VF and PF (att/vfd https://github.com/att/vfd/wiki, testpmd http://dpdk.org/doc/guides/howto/vfd.html)
• used with DPDK PF with DPDK VF (VFd features fails with kernel PF)
• services such as filtering, QoS, DPI can be offloaded on the host fast path

Neutron Equivalent functionality supported by VFd

• VLAN_FILTER | OVS Firewall – filters traffic based on a list of VLAN ID(s), this filter is applied on SR-IOV VF before passing the traffic to VM.
• VLAN_STRIP | vlan transparency – Enable to strip outer VLAN tag per VF
• INSERT_STAG | OVS does this already. – Enable to Insert outer VLAN tag per VF
• BROADCAST_ALLOW | traffic protection – Enable to allow broadcast per VF
• UNKNOWN_UNICAST_ALLOW | traffic protection – Enable to allow unicast per VF
• UNKNOWN_MULTICAST_ALLOW | traffic protection – Enable to allow multicast per VF
• MAC_FILTER | allowed address pairs – Directs outbound traffic based on a list of MAC address. This will allow a VM to transmit packets with specified source MAC address in addition to MAC which belongs to VM
• VLAN_ANTI_SPOOF_CHECK | port security – enable to ensure anti MAC spoof checks are done at the SR-IOV VF level to comply with security.

In development

• Network QoS: bandwidth allocation, prioritization, and rate limiting
• Packet mirroring from one VF to another
• Improved analytics interface to report basic packet level statistics on PF and VF

Cons

• high CPU overhead
• Does not work with kernel PF

SR-IOV HW offload

• -offload the OVS processing to a SmartNIC
• -implement the OVS datapath directly on the adapter
• -frees up additional cores to run more applications
• -North/South performance scales with the number of VNF VM

Cons

East/West SR-IOV performance does not seem to scale,due to increase in PCIe load

OVS hardware offload integration with openstack:

Representor:

representor port profile. https://review.openstack.org/#/c/483921/
Plug and unplug representor from OVS https://review.openstack.org/#/c/398277/

Scheduling
At present openstack does not differentiate between SRIOV hardware and OVS offload , so it would not be possible to use both on same host.nic feature based scheduling(enable-sriov-nic-features) might be used in future to solve the above issue, by scheduling using “capabilities” openstack port create –binding-profile ‘{“capabilities”: [“hw-tc-offload”]}’

https://specs.openstack.org/openstack/nova-specs/specs/pike/approved/enable-sriov-nic-features.html

OVS:
Regular OVS datapath is used for hw-offload.
.https://review.openstack.org/#/c/483459/

Nova support for OVS offload
Enable VIF_TYPE_OVS with vnic_type direct
https://review.openstack.org/#/c/398265/

Reference

https://github.com/Netronome/opencontrail-blueprints/blob/master/Hardware-Acceleration-Blueprint.md