From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) by dpdk.org (Postfix) with ESMTP id 3187FFE5 for ; Fri, 15 May 2015 14:54:24 +0200 (CEST) Received: from us70uusmtp3.zam.alcatel-lucent.com (unknown [135.5.2.65]) by Websense Email Security Gateway with ESMTPS id E501A4C525CFC; Fri, 15 May 2015 12:54:20 +0000 (GMT) Received: from US70TWXCHHUB04.zam.alcatel-lucent.com (us70twxchhub04.zam.alcatel-lucent.com [135.5.2.36]) by us70uusmtp3.zam.alcatel-lucent.com (GMO) with ESMTP id t4FCsLoi023157 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 15 May 2015 08:54:21 -0400 Received: from US70TWXCHMBA07.zam.alcatel-lucent.com ([169.254.1.180]) by US70TWXCHHUB04.zam.alcatel-lucent.com ([135.5.2.36]) with mapi id 14.03.0195.001; Fri, 15 May 2015 08:54:21 -0400 From: "Assaad, Sami (Sami)" To: Bruce Richardson , Stephen Hemminger Thread-Topic: [dpdk-dev] How do you setup a VM in Promiscuous Mode using PCI Pass-Through (SR-IOV)? Thread-Index: AdCOjk4sR+QxMfZpRpCFxRUJ6L7QSgAM4liAABRBm4AAAUvhwA== Date: Fri, 15 May 2015 12:54:19 +0000 Message-ID: <9478F0FB69DAA249AF0A9BDA1E6ED95218818129@US70TWXCHMBA07.zam.alcatel-lucent.com> References: <9478F0FB69DAA249AF0A9BDA1E6ED95218817AB9@US70TWXCHMBA07.zam.alcatel-lucent.com> <20150514164719.7b68b0ef@urahara> <20150515092719.GA1520@bricha3-MOBL3> In-Reply-To: <20150515092719.GA1520@bricha3-MOBL3> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.5.27.17] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "dev@dpdk.org" Subject: Re: [dpdk-dev] How do you setup a VM in Promiscuous Mode using PCI Pass-Through (SR-IOV)? X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2015 12:54:24 -0000 Thanks Bruce for your reply. Yes, your idea of bringing the PF into the VM looks like an option. However= , how do you configure the physical interfaces within the VM supporting SRI= OV? I always believed that the VM needed to be associated with a virtual/emulat= ed interface card. With your suggestion, I would actually configure the phy= sical interface card/non-emulated within the VM. If you could provide me some example configuration commands, it would be re= ally appreciated.=20 Thanks in advance. Best Regards, Sami. -----Original Message----- From: Bruce Richardson [mailto:bruce.richardson@intel.com]=20 Sent: Friday, May 15, 2015 5:27 AM To: Stephen Hemminger Cc: Assaad, Sami (Sami); dev@dpdk.org Subject: Re: [dpdk-dev] How do you setup a VM in Promiscuous Mode using PCI= Pass-Through (SR-IOV)? On Thu, May 14, 2015 at 04:47:19PM -0700, Stephen Hemminger wrote: > On Thu, 14 May 2015 21:38:24 +0000 > "Assaad, Sami (Sami)" wrote: >=20 > > Hello, > >=20 > > My Hardware consists of the following: > > - DL380 Gen 9 Server supporting two Haswell Processors (Xeon CPU E5-2= 680 v3 @ 2.50GHz) > > - An x540 Ethernet Controller Card supporting 2x10G ports. > >=20 > > Software: > > - CentOS 7 (3.10.0-229.1.2.el7.x86_64) > > - DPDK 1.8 > >=20 > > I want all the network traffic received on the two 10G ports to be tran= smitted to my VM. The issue is that the Virtual Function / Physical Functio= ns have setup the internal virtual switch to only route Ethernet packets wi= th destination MAC address matching the VM virtual interface MAC. How can I= configure my virtual environment to provide all network traffic to the VM.= ..i.e. set the virtual functions for both PCI devices in Promiscuous mode? > >=20 > > [ If a l2fwd-vf example exists, this would actually solve this=20 > > problem ... Is there a DPDK l2fwd-vf example available? ] > >=20 > >=20 > > Thanks in advance. > >=20 > > Best Regards, > > Sami Assaad. >=20 > This is a host side (not DPDK) issue. >=20 > Intel PF driver will not allow guest (VF) to go into promiscious mode=20 > since it would allow traffic stealing which is a security violation. Could you maybe try passing the PF directly into the VM, rather than a VF b= ased off it? Since you seem to want all traffic to go to the one VM, there = seems little point in creating a VF on the device, and should let the VM co= ntrol the whole NIC directly. Regards, /Bruce