Debian Wheezy with Intel I350-T2 bonding issue

BKraw · ‎11-24-2014

Hi,

some time ago I tried using Intel i350 with Debian Wheezy:

yyyy@xxxx:~/igb-5.2.9.4/src$ uname -a

Linux xxxx 3.2.0-4-amd64 # 1 SMP Debian 3.2.63-2+deb7u1 x86_64 GNU/Linux

yyyy@xxxx:/home/yyyy/igb-5.2.9.4/src# modinfo igb

filename: /lib/modules/3.2.0-4-amd64/kernel/drivers/net/igb/igb.ko

version: 5.2.9.4

license: GPL

description: Intel(R) Gigabit Ethernet Network Driver

author: Intel Corporation, <</span>mailto:e1000-devel@lists.sourceforge.net e1000-devel@lists.sourceforge.net>

srcversion: E377200391EBF74638FEDA2

yyyy@xxxx:/home/yyyy/igb-5.2.9.4/src# ip -V

ip utility, iproute2-ss140804

I was using bonding in 802.3ad mode for bonding with an Extreme-Networks switch. I had 2 similar servers, with identical configuration. Old one was using old e1000 interfaces with 802.3ad bonding, l3+l4 hash. New one was using I350-T2 dual port adapter with the same configuration. No Virtual Machines. Issue was on I350 around 20% packets to/from some random source/destination IPs were dropped. Servers were actually cloned so I'm certain there was no misconfiguration. I've tried disabling anti spoof check (/message/192668# 192668 https://communities.intel.com/message/192668# 192668) but no luck, it doesn't work on my iproute2 and kernel (has this been fixed yet?). Any hints how to compile driver without anti spoof? Did anyone experienced similar symptoms?

In the end the fix was not to use bonding at all. While using 2 separate ports on this I350-T2 adapter, with the same VLANs, the same IPs - everything works flawless. This is why I assume a problem with igb driver on I350-T2 using bonding (with VLANs).

UPDATE: actually I've found which confirms there's an issue with 802.3ad. Can anyone give me a hint how to compile igb driver without anti spoofing feature?

Regards,

Wiadomość była edytowana przez: Bartek Krawczyk

VincentT_T_Intel · ‎11-26-2014

hi Bartek_K, let me check your question related to compiling igb driver w/out anti spoofing feature, by the way, have you tried other version of igb driver posted in downloadcenter.intel.com

https://downloadcenter.intel.com/SearchResult.aspx?lang=eng&keyword=i350 https://downloadcenter.intel.com/SearchResult.aspx?lang=eng&keyword=i350

BKraw · ‎11-26-2014

Actually I'm more interested in fixing the iproute2 functionality to disable anti spoofing completely Any news on that? /message/192668# 192668 https://communities.intel.com/message/192668# 192668 - here Patric says Intel is working on this. Also instead of requiring a specific iproute2 and kernel version from the users, wouldn't it be better and easier for everybody to add a module parameter to enable/disable anti spoofing filter?

By default Debian 7 comes with:

zzz@xxx:/home/zzz# modinfo igb

filename: /lib/modules/3.2.0-4-amd64/kernel/drivers/net/ethernet/intel/igb/igb.ko

version: 5.0.5-k

So I tried that, also without luck with 802.3ad bonding mode. Didn't try any other version, just grabbed the newest one available at the link you provided.

I'm a bit disappointed because this NIC is quite expensive and doesn't support 802.3ad currently even when not using SR-IOV at all. And looks like it's a known problem ( ).

PS. of course I'll gladly recompile the driver if you can point me how to disable the anti spoofing feature in it.

Regards,

BKraw · ‎12-18-2014

@vince_intel, any news regarding building igb driver without anti spoof? Or module knob to turn it off?

Regards,

BKraw · ‎05-28-2015

Do any of you know how to compile the driver without anti spoof detection?

Regards,

st4 · ‎05-31-2015

Hi Bartek_K,

we will check on this.

rgds,

wb

VincentT_T_Intel · ‎06-10-2015

Hi Bartek_K,

Please update your igb and igbvf drivers to the latest version and retest. Kindly blacklist the VF driver in the host OS as well. This is needed to prevent Host OS from loading VF driver and claiming the VFs. Add "blacklist igbvf" to /etc/modprobe.d/blacklist.conf file.

Igb driver version 5.2.18. (URL -http://sourceforge.net/projects/e1000/files/igb%20stable/5.2.18/ http://sourceforge.net/projects/e1000/files/igb%20stable/5.2.18/)

Igbvf driver version 2.3.7.1 (URL -http://sourceforge.net/projects/e1000/files/igbvf%20stable/2.3.7.1/ http://sourceforge.net/projects/e1000/files/igbvf%20stable/2.3.7.1/)

regards,

Vince

BKraw · ‎06-10-2015

I don't have access to the machine now. It was half a year ago

At least can I have info how to compile the driver without spoof check? Or better - why don't you make it a module parameter during load? Also this was normal linux system, not a hypervisor with DomUs - igbvf wasn't loaded.

Regards,

VincentT_T_Intel · ‎06-11-2015

Hi Bartek, i'm currently checking on your question regarding compiling driver w/out spoof check or module parameter to turn this off during load. let me update this thread by mid next week on the development.

regards,

Vince

VincentT_T_Intel · ‎06-23-2015

Hi Bartek, while we're still checking on the driver w/out spoof detection, please try out the steps below in order to address the issue.

1. Add "blacklist ixgbevf" to /etc/modprobe.d/blacklist.conf file.

2. Load ixgbe driver

3. Create VF using pci sysfs interface.

4. Assign VF to the VM

5. Boot VM

hope this help.

regards,

Vince

BKraw · ‎11-27-2015

Vince, I'm not using any VMs at all. I just wanted to use both ethernet interfaces with LACP on a single server. The antispoofing behaviour of this NIC (and the fact that it can't be disabled) caused traffic drops.

It would be the best to add a module option to enable/disable antispoof during module load.