Hi, I have started playing around with an Intel 10 Gigabit controller. The full model name is the following: Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2
I have configured the NIC card to run in SR-IOV mode, and been trying to send some packets between two VM guests. I have stumbled upon, what I believe is a limitation of the current ixgbe driver. Notably, the fact that the ixgbe driver does not allow promiscuous mode between two VF interfaces. If I were to run, say a VNF inside a VM that requires reading all packets, I would not able to achieve this using the current ixgbe driver. By looking into the Intel x540 datasheet [1], it seems that the Intel NIC supports this behavior. The restriction is in the driver, which does not expose a way to configure promiscuous mode for a VF. I would like to discuss the possibility of adding support for at least allowing a person having administrative rights to the hypervisor to alter the existing behavior. My idea revolves around using the IFLA_VF_TRUST on the host, in order to dictate if a VF should be trusted or not. This has been integrated upstream by Hiroshi Shimamoto's patch series recently [2]. An administrator will go to the hypervisor, and set the specific VF to be in trusted mode E.g: ip/ip link set enp5s0f0 vf 1 trust on >From the guest VM, another user will set the IFF_PROMISC flag for the VF >interface E.g: ifconfig eth1 promisc At this point, the ixgbevf driver will send a request through the internal Mailbox mechanism to the ixgbe driver, which will, in turn configure the VMOLR register, so that the VF can receive the required packets. It will only do so, if the VF is trusted by the administrator handling the hypervisor. I am attaching the patch set to this mail thread [1] http://www.intel.com/content/www/us/en/embedded/products/networking/ethernet-x540-datasheet.html [2] http://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20150518/000647.html Regards, Tudor
0001-ixgbevf-allow-receiving-all-packets-in-VF-when-IFF_P.patch
Description: 0001-ixgbevf-allow-receiving-all-packets-in-VF-when-IFF_P.patch
iproute2-4.4.0-config-trust-for-vf.patch
Description: iproute2-4.4.0-config-trust-for-vf.patch
kernel-4.4.1-config-promisc-mode-for-vf.patch
Description: kernel-4.4.1-config-promisc-mode-for-vf.patch
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
