some time ago I tried using Intel i350 with Debian Wheezy:
yyyy@xxxx:~/igb-22.214.171.124/src$ uname -a
Linux xxxx 3.2.0-4-amd64 # 1 SMP Debian 3.2.63-2+deb7u1 x86_64 GNU/Linux
yyyy@xxxx:/home/yyyy/igb-126.96.36.199/src# modinfo igb
description: Intel(R) Gigabit Ethernet Network Driver
yyyy@xxxx:/home/yyyy/igb-188.8.131.52/src# ip -V
ip utility, iproute2-ss140804
I was using bonding in 802.3ad mode for bonding with an Extreme-Networks switch. I had 2 similar servers, with identical configuration. Old one was using old e1000 interfaces with 802.3ad bonding, l3+l4 hash. New one was using I350-T2 dual port adapter with the same configuration. No Virtual Machines. Issue was on I350 around 20% packets to/from some random source/destination IPs were dropped. Servers were actually cloned so I'm certain there was no misconfiguration. I've tried disabling anti spoof check (/message/192668# 192668 https://communities.intel.com/message/192668# 192668) but no luck, it doesn't work on my iproute2 and kernel (has this been fixed yet?). Any hints how to compile driver without anti spoof? Did anyone experienced similar symptoms?
In the end the fix was not to use bonding at all. While using 2 separate ports on this I350-T2 adapter, with the same VLANs, the same IPs - everything works flawless. This is why I assume a problem with igb driver on I350-T2 using bonding (with VLANs).
UPDATE: actually I've found which confirms there's an issue with 802.3ad. Can anyone give me a hint how to compile igb driver without anti spoofing feature?
Wiadomość była edytowana przez: Bartek Krawczyk
hi Bartek_K, let me check your question related to compiling igb driver w/out anti spoofing feature, by the way, have you tried other version of igb driver posted in downloadcenter.intel.com
Actually I'm more interested in fixing the iproute2 functionality to disable anti spoofing completely Any news on that? /message/192668# 192668 https://communities.intel.com/message/192668# 192668 - here Patric says Intel is working on this. Also instead of requiring a specific iproute2 and kernel version from the users, wouldn't it be better and easier for everybody to add a module parameter to enable/disable anti spoofing filter?
By default Debian 7 comes with:
zzz@xxx:/home/zzz# modinfo igb
So I tried that, also without luck with 802.3ad bonding mode. Didn't try any other version, just grabbed the newest one available at the link you provided.
I'm a bit disappointed because this NIC is quite expensive and doesn't support 802.3ad currently even when not using SR-IOV at all. And looks like it's a known problem ( ).
PS. of course I'll gladly recompile the driver if you can point me how to disable the anti spoofing feature in it.
Please update your igb and igbvf drivers to the latest version and retest. Kindly blacklist the VF driver in the host OS as well. This is needed to prevent Host OS from loading VF driver and claiming the VFs. Add "blacklist igbvf" to /etc/modprobe.d/blacklist.conf file.
Igb driver version 5.2.18. (URL -http://sourceforge.net/projects/e1000/files/igb%20stable/5.2.18/ http://sourceforge.net/projects/e1000/files/igb%20stable/5.2.18/)
Igbvf driver version 184.108.40.206 (URL -http://sourceforge.net/projects/e1000/files/igbvf%20stable/220.127.116.11/ http://sourceforge.net/projects/e1000/files/igbvf%20stable/18.104.22.168/)
I don't have access to the machine now. It was half a year ago
At least can I have info how to compile the driver without spoof check? Or better - why don't you make it a module parameter during load? Also this was normal linux system, not a hypervisor with DomUs - igbvf wasn't loaded.
Hi Bartek, while we're still checking on the driver w/out spoof detection, please try out the steps below in order to address the issue.
1. Add "blacklist ixgbevf" to /etc/modprobe.d/blacklist.conf file.
2. Load ixgbe driver
3. Create VF using pci sysfs interface.
4. Assign VF to the VM
5. Boot VM
hope this help.
Vince, I'm not using any VMs at all. I just wanted to use both ethernet interfaces with LACP on a single server. The antispoofing behaviour of this NIC (and the fact that it can't be disabled) caused traffic drops.
It would be the best to add a module option to enable/disable antispoof during module load.