* SR-IOV - Spoofed packets detected on Intel Corporation 82599EB 2-port 10G NIC Card
@ 2018-05-08 13:16 Edison So
0 siblings, 0 replies; only message in thread
From: Edison So @ 2018-05-08 13:16 UTC (permalink / raw)
To: dev
Hello,
I have a question about disabling anti-MAC spoofing feature on Intel
82599EB 2-port 10G NIC Card.
Below is the description of the issue.
*DPDK Version*
17.02
*Background*
1. I installed ESXi 6.5 on a Dell PowerEdge R630 with a 2-port 82599EB
10G NIC.
2. I installed two CentOS 7 VMWare VMs with DPDK.
*DPDK Verification*
On each VM running DPDK, I checked:
./dpdk-devbind.py --status
Network devices using DPDK-compatible driver
============================================
*0000:0b:00.0 '82599 Ethernet Controller Virtual Function' drv=igb_uio
unused=*
Network devices using kernel driver
===================================
0000:13:00.0 'VMXNET3 Ethernet Controller' if=eno33559296 drv=vmxnet3
unused=igb_uio *Active*
Other network devices
=====================
<none>
Crypto devices using DPDK-compatible driver
===========================================
<none>
Crypto devices using kernel driver
==================================
<none>
Other crypto devices
====================
<none>
On the VM, I used testpmd to disable MAC anti-spoofing and got an error:
testpmd> set vf mac antispoof 0 0 off
function not implemented
testpmd>
*SR-IOV Configuration on ESXi for each VM*
1. I am using SR-IOV on the NIC ports. On each of the VM, I created a
new network adapter on the first VM as follows with *one* Virtual Function.
A. Network Adapter 1: *10G port group 1*
§ Adapter Type: *SR-IOV passthrough*
§ Physical function: *82599EB 10-Gigabit SFI/SFP+ Network Connection -
0000:82:00.0*
§ MAC Address: *Automatic*
§ Guest OS MTU Change: *Disallow*
2. On top of the creation of the new adapter, I also reserved some
memory as required by SR-IOV.
3. I did the same on the second VM.
B. Network Adapter 1: *10G port group 2*
§ Adapter Type: *SR-IOV passthrough*
§ Physical function: *82599EB 10-Gigabit SFI/SFP+ Network Connection -
0000:82:00.1*
§ MAC Address: *Automatic*
§ Guest OS MTU Change: *Disallow*
4. Of course, each 10G port group is linked to a standard virtual group
which in turn is linked to a 82599EB 10G port (Uplink Port)
*Traffic Generation*
1. I have a PCAP file which has packets with different MAC addresses
than the DPDK interface on the first VM.
2. I generated a constant traffic from the first VM to the second VM
using the PCAP file and none was received on the second VM.
3. I sshed to the ESXI host and ran *dmesg* and got the following error
messages repeatedly:
*2018-05-04T23:39:00.679Z cpu31:66145)<4>ixgbe 0000:82:00.0: vmnic4: 512
Spoofed packets detected*
4. I googled this error and somewhat have concluded that this error may
have something to do with the *MAC Spoofing* feature on the 82599EB 10G NIC
card. How do I disable it?
5. The 82599EB 10G NIC card using *esxcli* (on ESXi host) displays the
following information:
[root@vm:/vmfs/volumes/5acbc358-de2034d6-5472-90e2bac73ffc/VM1] *esxcli
network nic get -n vmnic4*
Advertised Auto Negotiation: true
Advertised Link Modes: 1000BaseT/Full, 10000BaseT/Full
Auto Negotiation: true
Cable Type: FIBRE
Current Message Level: 7
Driver Info:
Bus Info: 0000:82:00.0
Driver: ixgbe
Firmware Version: 0x61bd0001
Version: 3.7.13.7.14iov-NAPI
Link Detected: true
Link Status: Up
Name: vmnic4
PHYAddress: 0
Pause Autonegotiate: true
Pause RX: true
Pause TX: true
Supported Ports: FIBRE
Supports Auto Negotiation: true
Supports Pause: true
Supports Wakeon: false
Transceiver: external
Virtual Address: 00:50:56:55:91:0c
Wakeon: None
*Questions*
1. Is MAC anti-spoofing supported in DPDK version 17.02? If not, which
version supports MAC anti-spoofing? If supported, how can I disable it?
2. How do I determine the port id and vf id?
Your help is greatly appreciated.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-05-08 13:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-08 13:16 SR-IOV - Spoofed packets detected on Intel Corporation 82599EB 2-port 10G NIC Card Edison So
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.