Currently neutron API can return what rules are supported, in the context of ML2: by returning the minimum subset of rules supported by all mechanism drivers.
Mechanism drivers in ML2 plugin can specify a list of QoS rule types which are supported. For example openvswitch mech_driver will report "bandwidth_limit_rule" (which is only for egress traffic in fact) and "dscp_marking" rule.
There are two problems with such simple check:
- if rules are created or policy is applied to port there is no validation at all. It means that for example policy with dscp_marking rule can be applied to port bound with linuxbridge or sriov mech_drivers without any errors.
- there is no possibility that mechanism driver will support some rules only with specific parameters. For example bandwidth_limit_rule could have parameter "direction" with values "ingress" and "egress" and some of mechanism drivers could only supports bandwidth limit with direction=egress.
We propose changes to how supported rule types are calculated and how validation works.
Incompatible configurations or settings should be spotted as soon as possible, and stopped at API level with a clear explanation of what's going on. On corner cases where this can't be determined until bind time, binding should fail so the administrator won't have the wrong perception of the all the policy rules being applied, where it's not the case. Such Validation of rules should be made during events like:
* port_update
* network_update
* policy_update
* rule_create
* rule_update
there will be called method from neutron.services.qos.notification_drivers.qos_base:QosServiceNotificationDriverBase.validate_policy_for_{port,network} which will raise exception if policy can't be applied on port or one of ports.
For ML2 plugin it will raise exception if policy will contain any rule which is not supported by mechanism driver used for port binding or by mechanism drivers used by specific binding:vnic_type if port is unbound.
Related fix proposed to branch: master /review. openstack. org/323474
Review: https:/