bandwith limit on project for public traffic

asked 2020-04-08 14:15:47 -0500

anonymous user


Hello guys,

we have an Openstack implementation with Openstack Pike on a CentOS system.

We currently offer our multiple project and tenants users the ability to use an external Network that provides internet connectivity. We want to set up a bandwith limit QoS policy so that all projects have a certain limit on bandwith.

We are reading the documents and everything points to applying the policy at a port level, not at a project level. We don't have the tenant network or the internal networks that the users create limited on terms of what they can do. We want to have an internet connection consisting of a 1 GB uplink and limit the maximum bandwith each whole project can use to 100 Mb but only for internet access. We don't want to limit the internal traffic which can run at 40 GB.

Thank you so much in advance.



edit retag flag offensive close merge delete


You probably want Floating IP QoS, and that is only available from Queens on, as far as I know. See this spec:

Bernd Bausch gravatar imageBernd Bausch ( 2020-04-08 19:49:46 -0500 )edit

could be an option, however wouldn't meet the requirement. If a project allocates 10 Floating IP's, each one using 100 MB, 1 GB of traffic would be consumed and no traffic would be left for the remaining projects. If I divide 1 GB between all the Floating IP's VM Traffic could be too low per IP

cbravo gravatar imagecbravo ( 2020-04-08 20:09:56 -0500 )edit

Yes, it looks like it. I don't think that Neutron QoS policies can be applied to groups of ports or Floating IPs. Sounds like a reasonable enhancement request.

Bernd Bausch gravatar imageBernd Bausch ( 2020-04-09 01:19:06 -0500 )edit

as FIP QoS is not a guarantee but a limit this spec is exactly what you need. It does not make any sense to divide your 1gbit uplink by the number of FIPs. As you already mentioned that would result in very low bandwidth for each FIP. Setting a lolit of eg. 100mbits sounds reasonable to me.

engel75 gravatar imageengel75 ( 2020-04-09 07:24:29 -0500 )edit

but since FIP QoS sets a limit for each individual FIP, in an scenario where all your instances start to generate traffic to the max allowed allocation, some instances might suffer from congestion. That's why I would like to see a limit per project instead of per public IP.

cbravo gravatar imagecbravo ( 2020-04-10 17:24:33 -0500 )edit