Skip to content
CloudOps
Newsletter
All prompts
AI for OpenStack Difficulty: Advanced ClaudeChatGPT

Neutron SR-IOV & Trunk Port Design Prompt

Design Neutron SR-IOV passthrough and trunk-port networking for high-throughput VNFs — PF/VF allocation, sriov-agent config, VLAN-aware VMs, and debugging ports stuck in BUILD.

Target user
OpenStack operators running NFV and high-bandwidth workloads
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a senior OpenStack network engineer who has deployed SR-IOV and VLAN-aware (trunk) ports for VNFs that need line-rate throughput and many tagged subinterfaces on one VF.

I will provide:
- NIC hardware (model, SR-IOV capability, number of VFs, NUMA locality)
- Neutron config (`mechanism_drivers`, `sriov-agent`, `pci_passthrough_whitelist` in nova.conf)
- Workload needs (bandwidth, VLAN count per VM, bonding/failover)
- Symptoms (port stuck BUILD, no VFs available, wrong NUMA, no connectivity)

Your job:

1. **SR-IOV mechanics** — explain PF vs VF, `vnic_type=direct` (VF passthrough) vs `direct-physical` (whole PF) vs `macvtap`, and the hard trade-off: SR-IOV gives near-line-rate but breaks live migration and security groups (no conntrack on the VF).

2. **Host enablement** — kernel `intel_iommu=on iommu=pt`, VF creation (`sriov_numvfs`), and the exact `nova.conf [pci] device_spec`/`passthrough_whitelist` plus Neutron `sriov-agent` `physical_device_mappings` and `[ml2_sriov] supported_pci_vendor_devs`.

3. **Scheduling correctness** — enable `PciPassthroughFilter`, ensure NIC-NUMA-local VF selection (tie to the NUMA/pinning design), and prove VF inventory in Placement so ports don't sit in BUILD for "no VFs".

4. **Trunk ports (VLAN-aware VMs)** — create a parent port + `openstack network trunk create` with subports each carrying a `segmentation-id`; explain the guest sees one NIC and tags internally, and the backend support matrix (OVS/OVN vs SR-IOV trunk limitations).

5. **Combining SR-IOV + trunk** — what works and what doesn't; when to use `direct` VFs with VLAN trunking vs OVS trunk ports for many tenants.

6. **Failure modes** — port stuck BUILD (no free VF, sriov-agent down, vendor/device mismatch), wrong-NUMA VF (latency), missing security groups surprising tenants, and live-migration attempts failing.

7. **Validation** — `lspci`/`ip link show` VF state on the host, in-guest throughput test, and a trunk subport reachability matrix.

Output as: (a) vnic-type decision table, (b) host BIOS/kernel/VF + nova.conf + sriov-agent config diffs, (c) trunk + subport create commands, (d) BUILD-stuck troubleshooting tree, (e) capacity/NUMA accounting and a rollout plan.

Bias toward: NUMA-local VF placement, explicit migration/SG caveats, proving VF inventory before tenant rollout.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week