ixl(4) bhyve(8) SR-IOV with Transparent VLAN associated w/ VF's
Hey all, Strange one here. Not much on the internet that I could find. I'm assigning VF's to bhyve with pci passthru. Doing this allows the bhyve instance maintainer to set their own vlan and I'd like that not to be the case for various reasons. One being I don't need/want their traffic to potentially hit/sniff other traffic on any other vlan than the one assigned to them. Given this, I figured the best option would be to set the VLAN on the VF on the host prior to handing it off to the bhyve instance effectively enabling transparent vlans. Unless I misreading ixl(4) which is a real possibility, it supports 'VLAN tag insertion/extraction'. Has anyone done this? Does anyone have any pointers to accomplish this? Thanks, Paul -- __ :(){ :|:& };:
Re: ixl(4) bhyve(8) SR-IOV with Transparent VLAN associated w/ VF's
Paul Procacci: > I'm assigning VF's to bhyve with pci passthru. [...] > Given this, I figured the best option would be to set the VLAN on the VF on > the host prior to handing it off to the bhyve instance effectively enabling > transparent vlans. [...] > Has anyone done this? Does anyone have any pointers to accomplish this? i looked into this a while ago and concluded that it's not supported, at least on Intel cards. my recollection is that someone was working on this at one point, but never finished it -- unfortunately, i can't remember who that was... you may be able to work around this by running vlan(4) on the VF on the host instead of passing the interface to the guest, but then you lose most of the benefits of using SR-IOV to begin with. i have run into some odd bugs with both SR-IOV and vlan(4) on ixgbe cards and would definitely recommend testing that thoroughly before deploying it. signature.asc Description: PGP signature
Re: ixl(4) bhyve(8) SR-IOV with Transparent VLAN associated w/ VF's
On Wed, Apr 17, 2024 at 10:04 PM Lexi Winter wrote: > Paul Procacci: > > I'm assigning VF's to bhyve with pci passthru. > [...] > > Given this, I figured the best option would be to set the VLAN on the VF > on > > the host prior to handing it off to the bhyve instance effectively > enabling > > transparent vlans. > [...] > > Has anyone done this? Does anyone have any pointers to accomplish this? > > i looked into this a while ago and concluded that it's not supported, at > least on Intel cards. > > my recollection is that someone was working on this at one point, but > never finished it -- unfortunately, i can't remember who that was... > > you may be able to work around this by running vlan(4) on the VF on the > host instead of passing the interface to the guest, but then you lose > most of the benefits of using SR-IOV to begin with. i have run into > some odd bugs with both SR-IOV and vlan(4) on ixgbe cards and would > definitely recommend testing that thoroughly before deploying it. > That's a real bummer. You'd think this would be kinda a thing considering the security implications. Welp, Thanks for writing back Lexi! ~Paul -- __ :(){ :|:& };: