Wondering if the 82576 HW and Linux driver (kernel version and open source version) supports the following user cases:
1. Create 4 VF from one 82576 interface. Assign 2 VF to one VM and other 2 to another VM. Both VM could send out traffic through both VF and the host will use PF for the traffic. Is there a way to isolate 2 VF (one from each VM) from outside so that any traffic on those 2 VF won't be sent out on the wire. And no external traffic will be sent to those 2 VF. But these 2 VF can still communicate to each other.
2. Create 2 VF from one 82576 interface. Each VF is assigned to a separated VM. However, this physical 82576 interface is not connected to anywhere. Can those 2 VF communicate to each other? I tried on my setup. Once the cable is removed, the communication between VFs are down also. Is there a way to still keep VF up and communicate even if the cable is removed?
Thank you in advance for your insight knowledge.
For question # 1, the answer is yes as long as the VF's are on the same PF. In this case the internal hardware in the PF will see that the desitnation MAC address is another VF and will move the data to the VF, without going out the physical wire. This does not prevent that VF from talking to the outside world however. You can accomplish this by assigning VLANs to the VF on each VM you want to isolate.
For the 2nd question - you need to have a physical link for VF to VF communication, as the physical link status of the PF is replicated to the VF.
Thx for the answers.
For 1), even if I assign different VLAN to different VM, the traffic will still be sent out on wire. If there is another server/VM connected to the wire w/ the same VLAN, they will still talk to each other. I am looking at the possible to completely isolate traffic from a set of VF. Do you know if the embeded switch the the 82576 can be configured in this way, even if the current driver does not implement it?
For 2), How about loopback internally? The current driver does some kind of loopback test when "ethtool -t" is invoked. Will that same loopback setup func work for my purpose? Will any traffic sent by a VF be received back by that VF (multicast for example) if using that loopback setup code?
If you have 2 VF's on the same PF the traffic gong back and forth should not go out the physical port if it is directed traffic(not broadcast or multicast). If it is going outside, something may not be configured correctly.
The loopback (where you loop traffic back to the VF it came in on) is not enabled within the driver as it is considered a debug feature. This is not to say that you could not go modify the PF driver to enable it. I believe I have some recommendations on that in the SR-IOV Toolkit: /community/wired/blog/2010/06/09/announcing-the-intel-ethernet-sr-iov-toolkit-v11 http://communities.intel.com/community/wired/blog/2010/06/09/announcing-the-intel-ethernet-sr-iov-to...
Been doing some searches over the forum regarding SR-IOV + Multicasting, I seem not to be able to send/receive any multicast traffic through any VM using a VF, I have everything working fine and BIOS got all dependant parameters enabled for SR-IOV, CPU is an E5-2620 0 @ 2.00GHz and I have the 82599 controller.
Hope you can shed some light!
If you can provide some additional information, it will help me to better understand your situation: