[dpdk-dev] Reg: promiscuous mode on VF
bharath paulraj
bharathpaul at gmail.com
Tue Mar 22 08:33:44 CET 2016
Thanks a lot Michael. Finally i am able to see some light. I will try the
same in our setup and will post you the results.
Thanks,
Bharath
On Tue, Mar 22, 2016 at 12:09 PM, Qiu, Michael <michael.qiu at intel.com>
wrote:
> Yes, we could let ovs using 82599 VF to do rx/tx. I don't know what's
> your l2 bridge, but since ovs could work I think your bridge also could
> work. But I only tested with one VF.
>
> Make sure below two patches (bifurcate driver) are included in your kernel:
>
> _https://patchwork.ozlabs.org/patch/476511/_
> _https://patchwork.ozlabs.org/patch/476516/_
>
> Mostly, if your kernel version in 4.2 or newer, it should be included.
>
> After you create VF, before you passthrough the VF to guest:
>
> (vf +1) << 32 + queue-index,
>
>
> 1. where vf is the VF index starting from 0
> 2. the queue-index is 0 if multi-queue support is not turned on, and
> this value is [0,1] if multiple-queue is turned on
>
>
> echo 1 > /sys/bus/pci/devices/0000\:05\:00.0/sriov_numvfs
> ifconfig $(PF_INTF) up
> ifconfig $(VF0_INFT) up
> ip link set $(PF_INTF) promisc on
> ethtool -K $(PF_INTF) ntuple on
> ethtool -N $(PF_INTF) flow-type udp4 dst-port 4789 action 0x100000000
> (VF0 queue 0)
>
> Here we using flow director to all let packets according to the rules to
> the VF, But I don't know if it could let the packets to other VFs at the
> same time.
>
> Thanks,
> Michael
>
> On 3/17/2016 2:43 PM, bharath paulraj wrote:
> > Hi Lu, Helin, Greg,
> >
> > Many thanks for your response, which is really quick. Now, If I want
> > to implement L2 bridging with Intel virtualization technologies, using
> > 82599 controller, then Michael is my only hope, as getting the new
> > kernel versions and upstream support will take considerable amount of
> > time.
> >
> > Michael, Could you please share your experience on L2 bridging
> > using Intel virtualization technologies.
> >
> > Thanks,
> > Bharath
> >
> > On Wed, Mar 16, 2016 at 9:40 PM, Rose, Gregory V
> > <gregory.v.rose at intel.com <mailto:gregory.v.rose at intel.com>> wrote:
> >
> > Intel has not supported promiscuous mode for virtual functions due
> > to the security concerns mentioned below.
> >
> > There will be upstream support in an upcoming Linux kernel for
> > setting virtual functions as "trusted" and when that is available
> > then Intel will allow virtual functions to enter unicast
> > promiscuous mode on those Ethernet controllers that support
> > promiscuous mode for virtual functions in the HW/FW. Be aware
> > that not all Intel Ethernet controllers have support for unicast
> > promiscuous mode for virtual functions. The only currently
> > released product that does is the X710/XL710.
> >
> > The key take away is that unicast promiscuous mode for X710/XL710
> > virtual functions requires Linux kernel support, iproute2 package
> > support and driver support. Only when all three of these are in
> > place will the feature work.
> >
> > Thanks,
> >
> > - Greg
> >
> > -----Original Message-----
> > From: Zhang, Helin
> > Sent: Wednesday, March 16, 2016 9:04 AM
> > To: bharath paulraj <bharathpaul at gmail.com
> > <mailto:bharathpaul at gmail.com>>; Lu, Wenzhuo <wenzhuo.lu at intel.com
> > <mailto:wenzhuo.lu at intel.com>>; Rowden, Aaron F
> > <aaron.f.rowden at intel.com <mailto:aaron.f.rowden at intel.com>>;
> > Rose, Gregory V <gregory.v.rose at intel.com
> > <mailto:gregory.v.rose at intel.com>>
> > Cc: dev at dpdk.org <mailto:dev at dpdk.org>; Qiu, Michael
> > <michael.qiu at intel.com <mailto:michael.qiu at intel.com>>; Jayakumar,
> > Muthurajan <muthurajan.jayakumar at intel.com
> > <mailto:muthurajan.jayakumar at intel.com>>
> > Subject: RE: [dpdk-dev] Reg: promiscuous mode on VF
> >
> > Hi Bharath
> >
> > For your question of "why intel does not support unicast
> > promiscuos mode?", I'd ask Aaron or Greg to give answers.
> > Thank you very much!
> >
> > Regards,
> > Helin
> >
> > > -----Original Message-----
> > > From: dev [mailto:dev-bounces at dpdk.org
> > <mailto:dev-bounces at dpdk.org>] On Behalf Of bharath paulraj
> > > Sent: Wednesday, March 16, 2016 11:29 PM
> > > To: Lu, Wenzhuo
> > > Cc: dev at dpdk.org <mailto:dev at dpdk.org>
> > > Subject: Re: [dpdk-dev] Reg: promiscuous mode on VF
> > >
> > > Hi Lu,
> > >
> > > Many thanks for your response. Again I have few more queries.
> > > If VF unicast promiscuous mode is not supported then can't we
> > > implement a Layer 2 bridging functionality using intel
> > virtualization
> > > technologies? Or Is there any other way, say tweeking some hardware
> > > registers or drivers, which may help us in implementing Layer 2
> > bridging.
> > > Also I would like to know, why intel does not support unicast
> > promiscuos mode?
> > > It could have been optional register settings and user should
> > have had
> > > a previleage to set or unset it. Besides, security reasons, is
> there
> > > any other big reason why Intel does not support this?
> > >
> > > Thanks,
> > > Bharath Paulraj
> > >
> > > On Wed, Mar 16, 2016 at 6:15 AM, Lu, Wenzhuo
> > <wenzhuo.lu at intel.com <mailto:wenzhuo.lu at intel.com>>
> > > wrote:
> > >
> > > > Hi Bharath,
> > > >
> > > > > 2) Is the above supported for 82599 controller? If it is
> > > > > supported
> > > > in the NIC,
> > > > > please provide the steps to enable.
> > > > Talking about 82599, VF unicast promiscuous mode is not
> supported.
> > > > Only broadcast and multicast can be supported.
> > > >
> > > > >
> > > > > Thanks,
> > > > > Bharath Paulraj
> > > >
> > >
> > >
> > >
> > > --
> > > Regards,
> > > Bharath
> >
> >
> >
> >
> > --
> > Regards,
> > Bharath
>
>
--
Regards,
Bharath
More information about the dev
mailing list