Re: [dpdk-dev] Reg: promiscuous mode on VF

["Qiu, Michael" <michael.qiu@intel.com>]

Yes, we could let ovs using 82599 VF to do rx/tx. I don't know what's
your l2 bridge, but since ovs could work I think your bridge also could
work. But I only tested with one VF.

Make sure below two patches (bifurcate driver) are included in your kernel:

_https://patchwork.ozlabs.org/patch/476511/_
_https://patchwork.ozlabs.org/patch/476516/_

Mostly, if your kernel version in 4.2 or newer, it should be included.

After you create VF, before you passthrough the VF to guest:

(vf +1) << 32 + queue-index,
 

 1. where vf is the VF index starting from 0
 2. the queue-index is 0 if multi-queue support is not turned on, and
    this value is [0,1] if multiple-queue is turned on

 
echo 1 > /sys/bus/pci/devices/0000\:05\:00.0/sriov_numvfs
ifconfig $(PF_INTF) up
ifconfig $(VF0_INFT) up
ip link set $(PF_INTF) promisc on
ethtool -K $(PF_INTF) ntuple on
ethtool -N $(PF_INTF) flow-type udp4 dst-port 4789 action 0x100000000  
(VF0 queue 0)

Here we using flow director to all let packets according to the rules to
the VF, But I don't know if it could let the packets to other VFs at the
same time.

Thanks,
Michael

On 3/17/2016 2:43 PM, bharath paulraj wrote:
> Hi Lu, Helin, Greg,
>
>   Many thanks for your response, which is really quick. Now, If I want
> to implement L2 bridging with Intel virtualization technologies, using
> 82599 controller, then Michael is my only hope, as getting the new
> kernel versions and upstream support will take considerable amount of
> time.
>
>    Michael, Could you please share your experience on L2 bridging
> using Intel virtualization technologies. 
>
> Thanks,
> Bharath
>
> On Wed, Mar 16, 2016 at 9:40 PM, Rose, Gregory V
> <gregory.v.rose@intel.com <mailto:gregory.v.rose@intel.com>> wrote:
>
>     Intel has not supported promiscuous mode for virtual functions due
>     to the security concerns mentioned below.
>
>     There will be upstream support in an upcoming Linux kernel for
>     setting virtual functions as "trusted" and when that is available
>     then Intel will allow virtual functions to enter unicast
>     promiscuous mode on those Ethernet controllers that support
>     promiscuous mode for virtual functions in the HW/FW.  Be aware
>     that not all Intel Ethernet controllers have support for unicast
>     promiscuous mode for virtual functions.  The only currently
>     released product that does is the X710/XL710.
>
>     The key take away is that unicast promiscuous mode for X710/XL710
>     virtual functions requires Linux kernel support, iproute2 package
>     support and driver support.  Only when all three of these are in
>     place will the feature work.
>
>     Thanks,
>
>     - Greg
>
>     -----Original Message-----
>     From: Zhang, Helin
>     Sent: Wednesday, March 16, 2016 9:04 AM
>     To: bharath paulraj <bharathpaul@gmail.com
>     <mailto:bharathpaul@gmail.com>>; Lu, Wenzhuo <wenzhuo.lu@intel.com
>     <mailto:wenzhuo.lu@intel.com>>; Rowden, Aaron F
>     <aaron.f.rowden@intel.com <mailto:aaron.f.rowden@intel.com>>;
>     Rose, Gregory V <gregory.v.rose@intel.com
>     <mailto:gregory.v.rose@intel.com>>
>     Cc: dev@dpdk.org <mailto:dev@dpdk.org>; Qiu, Michael
>     <michael.qiu@intel.com <mailto:michael.qiu@intel.com>>; Jayakumar,
>     Muthurajan <muthurajan.jayakumar@intel.com
>     <mailto:muthurajan.jayakumar@intel.com>>
>     Subject: RE: [dpdk-dev] Reg: promiscuous mode on VF
>
>     Hi Bharath
>
>     For your question of "why intel does not support unicast
>     promiscuos mode?", I'd ask Aaron or Greg to give answers.
>     Thank you very much!
>
>     Regards,
>     Helin
>
>     > -----Original Message-----
>     > From: dev [mailto:dev-bounces@dpdk.org
>     <mailto:dev-bounces@dpdk.org>] On Behalf Of bharath paulraj
>     > Sent: Wednesday, March 16, 2016 11:29 PM
>     > To: Lu, Wenzhuo
>     > Cc: dev@dpdk.org <mailto:dev@dpdk.org>
>     > Subject: Re: [dpdk-dev] Reg: promiscuous mode on VF
>     >
>     > Hi Lu,
>     >
>     > Many thanks for your response. Again I have few more queries.
>     > If VF unicast promiscuous mode is not supported then can't we
>     > implement a Layer 2 bridging functionality using intel
>     virtualization
>     > technologies? Or Is there any other way, say tweeking some hardware
>     > registers or drivers, which may help us in implementing Layer 2
>     bridging.
>     > Also I would like to know, why intel does not support unicast
>     promiscuos mode?
>     > It could have been optional register settings and user should
>     have had
>     > a previleage to set or unset it. Besides, security reasons, is there
>     > any other big reason why Intel does not support this?
>     >
>     > Thanks,
>     > Bharath Paulraj
>     >
>     > On Wed, Mar 16, 2016 at 6:15 AM, Lu, Wenzhuo
>     <wenzhuo.lu@intel.com <mailto:wenzhuo.lu@intel.com>>
>     > wrote:
>     >
>     > > Hi Bharath,
>     > >
>     > > >     2) Is the above supported for 82599 controller? If it is
>     > > > supported
>     > > in the NIC,
>     > > > please provide the steps to enable.
>     > > Talking about 82599, VF unicast promiscuous mode is not supported.
>     > > Only broadcast and multicast can be supported.
>     > >
>     > > >
>     > > > Thanks,
>     > > > Bharath Paulraj
>     > >
>     >
>     >
>     >
>     > --
>     > Regards,
>     > Bharath
>
>
>
>
> -- 
> Regards,
> Bharath