- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am using a Xeon-D 1541, with (2) x552/x557 10G Ethernet cards. I am able to enable VFs and have the latest Linux Kernel/iproute2 (both v4.8.0). I am attempting to put a VF into "Promiscuous Mode" with a VLAN tag for a security monitoring container. I can enable "trust mode", which should allow promiscuous traffic, however I can only see packets that are destined for the VF MAC address or broadcast packets.
Does the x552/x557 support unicast/multicast promiscuous mode in VFs?
Some Specific configuration information:
[root@localhost ~]# modinfo ixgbe
filename: /lib/modules/3.10.0-514.el7.x86_64/kernel/drivers/net/ethernet/intel/ixgbe/ixgbe.ko
version: 4.4.0-k-rh7.3
license: GPL
description: Intel(R) 10 Gigabit PCI Express Network Driver
author: Intel Corporation, <</span>mailto:linux.nics@intel.com linux.nics@intel.com>
rhelversion: 7.3
srcversion: E85AB43E463B4B0083D9BE3
[root@localhost ~]# ip link show
5: eno4: mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
link/ether 0c:c4:7a:c4:ad:7f brd ff:ff:ff:ff:ff:ff
vf 0 MAC 06:9f:fb:7b:1b:9f, vlan 1000, spoof checking off, link-state auto, trust on
vf 1 MAC 7e:12:a8:d2:59:76, vlan 2000, spoof checking off, link-state auto, trust on
[root@localhost ~]# ifconfig
eno4: flags=4419 mtu 1500
ether 0c:c4:7a:c4:ad:7f txqueuelen 1000 (Ethernet)
RX packets 22 bytes 6232 (6.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp3s16f1: flags=4419 mtu 1500
inet6 fe80::49f:fbff:fe7b:1b9f prefixlen 64 scopeid 0x20
ether 06:9f:fb:7b:1b:9f txqueuelen 1000 (Ethernet)
RX packets 21 bytes 6126 (5.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp3s16f3: flags=4419 mtu 1500
ether 7e:12:a8:d2:59:76 txqueuelen 1000 (Ethernet)
RX packets 1 bytes 78 (78.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 49 bytes 8310 (8.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The physical interface (eno4) is able to see all packets, but the VF interface (enp3s16f1) is not able to show promiscuous packets.
Does the x552/x557 support unicast/multicast promiscuous mode in VFs? If so, is this a hardware, driver, kernel, or user error.
Thanks in advance!
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi esealing,
Thank you for the post,. I will need to further check.
rgds,
wb
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi esealing,
Multicast promiscuous mode is supported as long as trust mode can be enabled for the VF from the host. Please check your virtual function loaded in the VF-enp3s16f1 by running either command :
ethtool -i (vf interface)
or
dmesg | grep ixgbevf
Please use ixgbevf version 3.2 or up.
In case your ixgbevf version is not updated, we have updated ixgbe and ixgbevf drivers available
in sourceforge link below:
version 4.5.4 ixgbe - https://sourceforge.net/projects/e1000/files/ixgbe%20stable/
version 3.3.1 ixgbevf - https://sourceforge.net/projects/e1000/files/ixgbevf%20st
Hope the above helps.
Rgds,
wb
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi esealing,
Good day. Have you tried the command to verify the virtual function loaded? Please feel free to update.
rgds,
wb
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you.
I was able to get this working in X710/XL710 using trust mode... however it does not seem to work with the 10Gb ports in the Xeon-D 1541.
~Ed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ed,
Thank you for the update. can you help clarify regarding it does not seem to work with the (2) x552/x557 10G Ethernet card? can you provide more information? thanks.
Rgds,
wb
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ed,
Please feel free to provide information on my previous post.
Rgds,
wb
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page