From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Qiu, Michael" Subject: Re: Reg: promiscuous mode on VF Date: Tue, 22 Mar 2016 06:39:40 +0000 Message-ID: <533710CFB86FA344BFBF2D6802E6028622F71044@SHSMSX101.ccr.corp.intel.com> References: <6A0DE07E22DDAD4C9103DF62FEBC09090343BA89@shsmsx102.ccr.corp.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Cc: "Zhang, Helin" , "Lu, Wenzhuo" , "Rowden, Aaron F" , "dev@dpdk.org" , "Jayakumar, Muthurajan" To: bharath paulraj , "Rose, Gregory V" Return-path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 8A94E902 for ; Tue, 22 Mar 2016 07:39:45 +0100 (CET) Content-Language: en-US List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Yes, we could let ovs using 82599 VF to do rx/tx. I don't know what's=0A= your l2 bridge, but since ovs could work I think your bridge also could=0A= work. But I only tested with one VF.=0A= =0A= Make sure below two patches (bifurcate driver) are included in your kernel:= =0A= =0A= _https://patchwork.ozlabs.org/patch/476511/_=0A= _https://patchwork.ozlabs.org/patch/476516/_=0A= =0A= Mostly, if your kernel version in 4.2 or newer, it should be included.=0A= =0A= After you create VF, before you passthrough the VF to guest:=0A= =0A= (vf +1) << 32 + queue-index,=0A= =0A= =0A= 1. where vf is the VF index starting from 0=0A= 2. the queue-index is 0 if multi-queue support is not turned on, and=0A= this value is [0,1] if multiple-queue is turned on=0A= =0A= =0A= echo 1 > /sys/bus/pci/devices/0000\:05\:00.0/sriov_numvfs=0A= ifconfig $(PF_INTF) up=0A= ifconfig $(VF0_INFT) up=0A= ip link set $(PF_INTF) promisc on=0A= ethtool -K $(PF_INTF) ntuple on=0A= ethtool -N $(PF_INTF) flow-type udp4 dst-port 4789 action 0x100000000 =0A= (VF0 queue 0)=0A= =0A= Here we using flow director to all let packets according to the rules to=0A= the VF, But I don't know if it could let the packets to other VFs at the=0A= same time.=0A= =0A= Thanks,=0A= Michael=0A= =0A= On 3/17/2016 2:43 PM, bharath paulraj wrote:=0A= > Hi Lu, Helin, Greg,=0A= >=0A= > Many thanks for your response, which is really quick. Now, If I want=0A= > to implement L2 bridging with Intel virtualization technologies, using=0A= > 82599 controller, then Michael is my only hope, as getting the new=0A= > kernel versions and upstream support will take considerable amount of=0A= > time.=0A= >=0A= > Michael, Could you please share your experience on L2 bridging=0A= > using Intel virtualization technologies. =0A= >=0A= > Thanks,=0A= > Bharath=0A= >=0A= > On Wed, Mar 16, 2016 at 9:40 PM, Rose, Gregory V=0A= > > wrote:=0A= >=0A= > Intel has not supported promiscuous mode for virtual functions due=0A= > to the security concerns mentioned below.=0A= >=0A= > There will be upstream support in an upcoming Linux kernel for=0A= > setting virtual functions as "trusted" and when that is available=0A= > then Intel will allow virtual functions to enter unicast=0A= > promiscuous mode on those Ethernet controllers that support=0A= > promiscuous mode for virtual functions in the HW/FW. Be aware=0A= > that not all Intel Ethernet controllers have support for unicast=0A= > promiscuous mode for virtual functions. The only currently=0A= > released product that does is the X710/XL710.=0A= >=0A= > The key take away is that unicast promiscuous mode for X710/XL710=0A= > virtual functions requires Linux kernel support, iproute2 package=0A= > support and driver support. Only when all three of these are in=0A= > place will the feature work.=0A= >=0A= > Thanks,=0A= >=0A= > - Greg=0A= >=0A= > -----Original Message-----=0A= > From: Zhang, Helin=0A= > Sent: Wednesday, March 16, 2016 9:04 AM=0A= > To: bharath paulraj >; Lu, Wenzhuo >; Rowden, Aaron F=0A= > >;=0A= > Rose, Gregory V >=0A= > Cc: dev@dpdk.org ; Qiu, Michael=0A= > >; Jayakumar,=0A= > Muthurajan >=0A= > Subject: RE: [dpdk-dev] Reg: promiscuous mode on VF=0A= >=0A= > Hi Bharath=0A= >=0A= > For your question of "why intel does not support unicast=0A= > promiscuos mode?", I'd ask Aaron or Greg to give answers.=0A= > Thank you very much!=0A= >=0A= > Regards,=0A= > Helin=0A= >=0A= > > -----Original Message-----=0A= > > From: dev [mailto:dev-bounces@dpdk.org=0A= > ] On Behalf Of bharath paulraj=0A= > > Sent: Wednesday, March 16, 2016 11:29 PM=0A= > > To: Lu, Wenzhuo=0A= > > Cc: dev@dpdk.org =0A= > > Subject: Re: [dpdk-dev] Reg: promiscuous mode on VF=0A= > >=0A= > > Hi Lu,=0A= > >=0A= > > Many thanks for your response. Again I have few more queries.=0A= > > If VF unicast promiscuous mode is not supported then can't we=0A= > > implement a Layer 2 bridging functionality using intel=0A= > virtualization=0A= > > technologies? Or Is there any other way, say tweeking some hardware= =0A= > > registers or drivers, which may help us in implementing Layer 2=0A= > bridging.=0A= > > Also I would like to know, why intel does not support unicast=0A= > promiscuos mode?=0A= > > It could have been optional register settings and user should=0A= > have had=0A= > > a previleage to set or unset it. Besides, security reasons, is ther= e=0A= > > any other big reason why Intel does not support this?=0A= > >=0A= > > Thanks,=0A= > > Bharath Paulraj=0A= > >=0A= > > On Wed, Mar 16, 2016 at 6:15 AM, Lu, Wenzhuo=0A= > >=0A= > > wrote:=0A= > >=0A= > > > Hi Bharath,=0A= > > >=0A= > > > > 2) Is the above supported for 82599 controller? If it is=0A= > > > > supported=0A= > > > in the NIC,=0A= > > > > please provide the steps to enable.=0A= > > > Talking about 82599, VF unicast promiscuous mode is not supported= .=0A= > > > Only broadcast and multicast can be supported.=0A= > > >=0A= > > > >=0A= > > > > Thanks,=0A= > > > > Bharath Paulraj=0A= > > >=0A= > >=0A= > >=0A= > >=0A= > > --=0A= > > Regards,=0A= > > Bharath=0A= >=0A= >=0A= >=0A= >=0A= > -- =0A= > Regards,=0A= > Bharath=0A= =0A=