5.2. Virtual Network Interface Cards

5.2.1. vNIC Profile Overview

A Virtual Network Interface Card (vNIC) profile is a collection of settings that can be applied to individual virtual network interface cards in the Manager. A vNIC profile allows you to apply Network QoS profiles to a vNIC, enable or disable port mirroring, and add or remove custom properties. A vNIC profile also offers an added layer of administrative flexibility in that permission to use (consume) these profiles can be granted to specific users. In this way, you can control the quality of service that different users receive from a given network.

5.2.2. Creating or Editing a vNIC Profile

Create or edit a Virtual Network Interface Controller (vNIC) profile to regulate network bandwidth for users and groups.

Note

If you are enabling or disabling port mirroring, all virtual machines using the associated profile must be in a down state before editing.

Procedure 5.7. Creating or editing a vNIC Profile

  1. Click the Networks resource tab, and select a logical network in the results list.
  2. Select the vNIC Profiles tab in the details pane. If you selected the logical network in tree mode, you can select the vNIC Profiles tab in the results list.
  3. Click New or Edit to open the VM Interface Profile window.
    The VM Interface Profile window

    Figure 5.2. The VM Interface Profile window

  4. Enter the Name and Description of the profile.
  5. Select the relevant Quality of Service policy from the QoS list.
  6. Select the Passthrough check box to enable passthrough of the vNIC and allow direct device assignment of a virtual function. Enabling the passthrough property will disable QoS and port mirroring as these are not compatible. For more information on passthrough, see Section 5.2.4, “Enabling Passthrough on a vNIC Profile”.
  7. Use the Port Mirroring and Allow all users to use this Profile check boxes to toggle these options.
  8. Select a custom property from the custom properties list, which displays Please select a key... by default. Use the + and - buttons to add or remove custom properties.
  9. Click OK.
You have created a vNIC profile. Apply this profile to users and groups to regulate their network bandwidth. Note that if you edited a vNIC profile, you must either restart the virtual machine or hot unplug and then hot plug the vNIC.

Note

The guest operating system must support vNIC hot plug and hot unplug.

5.2.3. Explanation of Settings in the VM Interface Profile Window

Table 5.5. VM Interface Profile Window

Field Name
Description
Network
A drop-down menu of the available networks to apply the vNIC profile.
Name
The name of the vNIC profile. This must be a unique name with any combination of uppercase and lowercase letters, numbers, hyphens, and underscores between 1 and 50 characters.
Description
The description of the vNIC profile. This field is recommended but not mandatory.
QoS
A drop-down menu of the available Network Quality of Service policies to apply to the vNIC profile. QoS policies regulate inbound and outbound network traffic of the vNIC.
Passthrough
A check box to toggle the passthrough property. Passthrough allows a vNIC to connect directly to a virtual function of a host NIC. The passthrough property cannot be edited if the vNIC profile is attached to a virtual machine.
Both QoS and port mirroring are disabled in the vNIC profile if passthrough is enabled.
Port Mirroring
A check box to toggle port mirroring. Port mirroring copies layer 3 network traffic on the logical network to a virtual interface on a virtual machine. It it not selected by default. For further details, see Port Mirroring in the Technical Reference.
Device Custom Properties
A drop-down menu to select available custom properties to apply to the vNIC profile. Use the + and - buttons to add and remove properties respectively.
Allow all users to use this Profile
A check box to toggle the availability of the profile to all users in the environment. It is selected by default.

5.2.4. Enabling Passthrough on a vNIC Profile

The passthrough property of a vNIC profile enables a vNIC to be directly connected to a virtual function (VF) of an SR-IOV-enabled NIC. The vNIC will then bypass the software network virtualization and connect directly to the VF for direct device assignment.
The passthrough property cannot be enabled if the vNIC profile is already attached to a vNIC; this procedure creates a new profile to avoid this. If a vNIC profile has passthrough enabled, QoS and port mirroring are disabled for the profile.
For more information on SR-IOV, direct device assignment, and the hardware considerations for implementing these in Red Hat Enterprise Virtualization, see Hardware Considerations for Implementing SR-IOV.

Procedure 5.8. Enabling Passthrough

  1. Select a logical network from the Networks results list and click the vNIC Profiles tab in the details pane to list all vNIC profiles for that logical network.
  2. Click New to open the VM Interface Profile window.
  3. Enter the Name and Description of the profile.
  4. Select the Passthrough check box. This will disable QoS and Port Mirroring.
  5. If necessary, select a custom property from the custom properties list, which displays Please select a key... by default. Use the + and - buttons to add or remove custom properties.
  6. Click OK to save the profile and close the window.
The vNIC profile is now passthrough-capable. To use this profile to directly attach a virtual machine to a NIC or PCI VF, attach the logical network to the NIC and create a new vNIC on the desired virtual machine that uses the passthrough vNIC profile. For more information on these procedures respectively, see Section 5.5.2, “Editing Host Network Interfaces and Assigning Logical Networks to Hosts”, and Adding a New Network Interface in the Virtual Machine Management Guide.

5.2.5. Removing a vNIC Profile

Remove a vNIC profile to delete it from your virtualized environment.

Procedure 5.9. Removing a vNIC Profile

  1. Click the Networks resource tab, and select a logical network in the results list.
  2. Select the Profiles tab in the details pane to display available vNIC profiles. If you selected the logical network in tree mode, you can select the VNIC Profiles tab in the results list.
  3. Select one or more profiles and click Remove to open the Remove VM Interface Profile(s) window.
  4. Click OK to remove the profile and close the window.

5.2.6. Assigning Security Groups to vNIC Profiles

Note

This feature is only available for users who are integrating with OpenStack Neutron. Security groups cannot be created with Red Hat Enterprise Virtualization Manager. You must create security groups within OpenStack. For more information, see the Red Hat Enterprise Linux OpenStack Platform Administration Guide, available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/.
You can assign security groups to the vNIC profile of networks that have been imported from an OpenStack Networking instance and that use the Open vSwitch plug-in. A security group is a collection of strictly enforced rules that allow you to filter inbound and outbound traffic over a network interface. The following procedure outlines how to attach a security group to a vNIC profile.

Note

A security group is identified using the ID of that security group as registered in the OpenStack Networking instance. You can find the IDs of security groups for a given tenant by running the following command on the system on which OpenStack Networking is installed:
# neutron security-group-list

Procedure 5.10. Assigning Security Groups to vNIC Profiles

  1. Click the Networks tab and select a logical network from the results list.
  2. Click the vNIC Profiles tab in the details pane.
  3. Click New, or select an existing vNIC profile and click Edit, to open the VM Interface Profile window.
  4. From the custom properties drop-down list, select SecurityGroups. Leaving the custom property drop-down blank applies the default security settings, which permit all outbound traffic and intercommunication but deny all inbound traffic from outside of the default security group. Note that removing the SecurityGroups property later will not affect the applied security group.
  5. In the text field, enter the ID of the security group to attach to the vNIC profile.
  6. Click OK.
You have attached a security group to the vNIC profile. All traffic through the logical network to which that profile is attached will be filtered in accordance with the rules defined for that security group.

5.2.7. User Permissions for vNIC Profiles

Configure user permissions to assign users to certain vNIC profiles. Assign the VnicProfileUser role to a user to enable them to use the profile. Restrict users from certain profiles by removing their permission for that profile.

Procedure 5.11. User Permissions for vNIC Profiles

  1. Click the Networks tab and select a logical network from the results list.
  2. Select the vNIC Profiles resource tab to display the vNIC profiles.
  3. Select the Permissions tab in the details pane to show the current user permissions for the profile.
  4. Use the Add button to open the Add Permission to User window, and the Remove button to open the Remove Permission window, to affect user permissions for the vNIC profile.
You have configured user permissions for a vNIC profile.

5.2.8. Configuring vNIC Profiles for UCS Integration

Cisco's Unified Computing System (UCS) is used to manage datacenter aspects such as computing, networking and storage resources.
The vdsm-hook-vmfex-dev hook allows virtual machines to connect to Cisco's UCS-defined port profiles by configuring the vNIC profile. The UCS-defined port profiles contain the properties and settings used to configure virtual interfaces in UCS. The vdsm-hook-vmfex-dev hook is installed by default with VDSM. See Appendix A, VDSM and Hooks for more information.
When a virtual machine that uses the vNIC profile is created, it will use the Cisco vNIC.
The procedure to configure the vNIC profile for UCS integration involves first configuring a custom device property. When configuring the custom device property, any existing value it contained is overwritten. When combining new and existing custom properties, include all of the custom properties in the command used to set the key's value. Multiple custom properties are separated by a semi-colon.

Note

A UCS port profile must be configured in Cisco UCS before configuring the vNIC profile.

Procedure 5.12. Configuring the Custom Device Property

  1. On the Red Hat Enterprise Virtualization Manager, configure the vmfex custom property and set the cluster compatibility level using --cver.
    # engine-config -s CustomDeviceProperties='{type=interface;prop={vmfex=^[a-zA-Z0-9_.-]{2,32}$}}' --cver=3.6
    
  2. Verify that the vmfex custom device property was added.
    # engine-config -g CustomDeviceProperties
    
  3. Restart the engine.
    # service ovirt-engine restart
    
The vNIC profile to configure can belong to a new or existing logical network. See Section 5.1.2, “Creating a New Logical Network in a Data Center or Cluster” for instructions to configure a new logical network.

Procedure 5.13. Configuring a vNIC Profile for UCS Integration

  1. Click the Networks resource tab, and select a logical network in the results list.
  2. Select the vNIC Profiles tab in the details pane. If you selected the logical network in tree mode, you can select the vNIC Profiles tab in the results list.
  3. Click New or Edit to open the VM Interface Profile window.
  4. Enter the Name and Description of the profile.
  5. Select the vmfex custom property from the custom properties list and enter the UCS port profile name.
  6. Click OK.