From: Shahaf Shuler <shahafs@mellanox.com>
To: Jerin Jacob <jerinjacobk@gmail.com>,
Thomas Monjalon <thomas@monjalon.net>
Cc: dpdk-dev <dev@dpdk.org>,
Stephen Hemminger <stephen@networkplumber.org>,
Andrew Rybchenko <arybchenko@solarflare.com>,
Ferruh Yigit <ferruh.yigit@intel.com>
Subject: Re: [dpdk-dev] [PATCH v2 0/3] ethdev: configure SR-IOV VF from host
Date: Sun, 3 Nov 2019 06:31:07 +0000 [thread overview]
Message-ID: <AM0PR0502MB3795EEC6B5C67AC1A9B15347C37C0@AM0PR0502MB3795.eurprd05.prod.outlook.com> (raw)
In-Reply-To: <CALBAE1MfvofDkeCqDBCfx+Ww+AW+-F3cW_6o58jpOaPW1cT6hQ@mail.gmail.com>
Friday, November 1, 2019 3:25 PM, Jerin Jacob:
> Subject: Re: [dpdk-dev] [PATCH v2 0/3] ethdev: configure SR-IOV VF from
> host
>
> On Fri, Nov 1, 2019 at 6:03 AM Thomas Monjalon <thomas@monjalon.net>
> wrote:
> >
> > 30/10/2019 10:15, Jerin Jacob:
> > > On Wed, Oct 30, 2019 at 2:26 PM Thomas Monjalon
> <thomas@monjalon.net> wrote:
> > > >
> > > > 30/10/2019 05:08, Jerin Jacob:
> > > > > On Wed, Oct 30, 2019 at 12:21 AM Thomas Monjalon
> <thomas@monjalon.net> wrote:
> > > > > >
> > > > > > In a virtual environment, the network controller may have to
> > > > > > configure some SR-IOV VF parameters for security reasons.
> > > > >
> > > > > Just to understand, Could you explain more details/examples for
> > > > > security reasons?
> > > >
> > > > Examples are setting the MAC address or the promiscuous mode.
> > > > These settings should be decided by the hypervisor, and not freely
> > > > set by the VM.
> > >
> > > What is hypervisor here, rte_flow based DPDK application over using
> > > port representor?
> >
> > Yes, something like that. An example is OpenStack/OVS.
>
> So it is more of an orchestration primitive. Not the security primitive as
> mentioned above,
Yes this feature is to support deployment w/ OpenStack and DPDK vSwitch using switchdev (representors).
One must configure the guest VF permanent MAC. w/ OVS kernel this is not an issue as all drivers bind to their kernel module.
w/ DPDK standard API is needed.
w/ Switchdev, even though the VF are promisc, all traffic is validated by the vSwitch running on the HV. Only after flow validation vSwitch will insert rule for device to directly fwd the packet to its target location.
Because in case the kernel will approve the data set from
> the guest. Right?
The exact behavior is device specific. But the kernel/user space driver on the HV is required to listen to events of recv mode change from VF and act upon.
All recv mode modification by guest should be validated by kernel, however this is a completely diff issue than what discussed here.
next prev parent reply other threads:[~2019-11-03 6:31 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-15 15:06 [dpdk-dev] [RFC] " Thomas Monjalon
2019-08-15 15:34 ` Jerin Jacob Kollanukkaran
2019-08-15 17:59 ` Thomas Monjalon
2019-08-29 15:02 ` Iremonger, Bernard
2019-09-04 8:23 ` Thomas Monjalon
2019-10-29 18:50 ` [dpdk-dev] [PATCH v2 0/3] " Thomas Monjalon
2019-10-29 18:50 ` [dpdk-dev] [PATCH v2 1/3] ethdev: identify " Thomas Monjalon
2019-10-29 18:50 ` [dpdk-dev] [PATCH v2 2/3] ethdev: set VF MAC address " Thomas Monjalon
2019-11-01 0:18 ` [dpdk-dev] [RFC PATCH] net/i[xgb|40]e: " Thomas Monjalon
2019-10-29 18:50 ` [dpdk-dev] [PATCH v2 3/3] net/mlx5: " Thomas Monjalon
2019-10-30 4:08 ` [dpdk-dev] [PATCH v2 0/3] ethdev: configure SR-IOV VF " Jerin Jacob
2019-10-30 7:22 ` Shahaf Shuler
2019-10-30 9:24 ` Jerin Jacob
2019-11-01 0:24 ` Thomas Monjalon
2019-11-01 9:06 ` Ilya Maximets
2019-11-01 9:56 ` Ilya Maximets
2019-10-30 8:56 ` Thomas Monjalon
2019-10-30 9:15 ` Jerin Jacob
2019-11-01 0:33 ` Thomas Monjalon
2019-11-01 11:01 ` Jerin Jacob
2019-11-01 13:25 ` Jerin Jacob
2019-11-03 6:31 ` Shahaf Shuler [this message]
2019-10-30 15:07 ` Ilya Maximets
2019-10-30 15:49 ` Thomas Monjalon
2019-10-30 16:09 ` Ilya Maximets
2019-10-30 21:42 ` Thomas Monjalon
2019-11-01 9:32 ` Ilya Maximets
2019-11-03 6:48 ` Shahaf Shuler
2019-11-03 15:27 ` Ananyev, Konstantin
2019-11-03 22:09 ` Thomas Monjalon
2019-11-07 14:44 ` Thomas Monjalon
2019-11-04 10:28 ` Ilya Maximets
2019-11-04 14:30 ` Asaf Penso
2019-11-04 14:58 ` Ilya Maximets
2019-11-04 20:33 ` Shahaf Shuler
2019-11-05 12:15 ` Ilya Maximets
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AM0PR0502MB3795EEC6B5C67AC1A9B15347C37C0@AM0PR0502MB3795.eurprd05.prod.outlook.com \
--to=shahafs@mellanox.com \
--cc=arybchenko@solarflare.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=jerinjacobk@gmail.com \
--cc=stephen@networkplumber.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).