Community
cancel
Showing results for 
Search instead for 
Did you mean: 
idata
Community Manager
1,696 Views

Xeon-D 1541 SR-IOV VF in Promiscuous mode

Hi,

I am using a Xeon-D 1541, with (2) x552/x557 10G Ethernet cards. I am able to enable VFs and have the latest Linux Kernel/iproute2 (both v4.8.0). I am attempting to put a VF into "Promiscuous Mode" with a VLAN tag for a security monitoring container. I can enable "trust mode", which should allow promiscuous traffic, however I can only see packets that are destined for the VF MAC address or broadcast packets.

Does the x552/x557 support unicast/multicast promiscuous mode in VFs?

Some Specific configuration information:

[root@localhost ~]# modinfo ixgbe

filename: /lib/modules/3.10.0-514.el7.x86_64/kernel/drivers/net/ethernet/intel/ixgbe/ixgbe.ko

version: 4.4.0-k-rh7.3

license: GPL

description: Intel(R) 10 Gigabit PCI Express Network Driver

author: Intel Corporation, <</span>mailto:linux.nics@intel.com linux.nics@intel.com>

rhelversion: 7.3

srcversion: E85AB43E463B4B0083D9BE3

[root@localhost ~]# ip link show

5: eno4: mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000

link/ether 0c:c4:7a:c4:ad:7f brd ff:ff:ff:ff:ff:ff

vf 0 MAC 06:9f:fb:7b:1b:9f, vlan 1000, spoof checking off, link-state auto, trust on

vf 1 MAC 7e:12:a8:d2:59:76, vlan 2000, spoof checking off, link-state auto, trust on

[root@localhost ~]# ifconfig

eno4: flags=4419 mtu 1500

ether 0c:c4:7a:c4:ad:7f txqueuelen 1000 (Ethernet)

RX packets 22 bytes 6232 (6.0 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 0 bytes 0 (0.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp3s16f1: flags=4419 mtu 1500

inet6 fe80::49f:fbff:fe7b:1b9f prefixlen 64 scopeid 0x20

ether 06:9f:fb:7b:1b:9f txqueuelen 1000 (Ethernet)

RX packets 21 bytes 6126 (5.9 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 8 bytes 648 (648.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp3s16f3: flags=4419 mtu 1500

ether 7e:12:a8:d2:59:76 txqueuelen 1000 (Ethernet)

RX packets 1 bytes 78 (78.0 B)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 49 bytes 8310 (8.1 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

The physical interface (eno4) is able to see all packets, but the VF interface (enp3s16f1) is not able to show promiscuous packets.

Does the x552/x557 support unicast/multicast promiscuous mode in VFs? If so, is this a hardware, driver, kernel, or user error.

Thanks in advance!

0 Kudos
6 Replies
idata
Community Manager
68 Views

Hi esealing,

 

 

Thank you for the post,. I will need to further check.

 

 

rgds,

 

wb

 

idata
Community Manager
68 Views

Hi esealing,

 

 

Multicast promiscuous mode is supported as long as trust mode can be enabled for the VF from the host. Please check your virtual function loaded in the VF-enp3s16f1 by running either command :

 

 

ethtool -i (vf interface)

 

 

or

 

 

dmesg | grep ixgbevf

 

 

Please use ixgbevf version 3.2 or up.

 

 

In case your ixgbevf version is not updated, we have updated ixgbe and ixgbevf drivers available

 

in sourceforge link below:

 

 

version 4.5.4 ixgbe - https://sourceforge.net/projects/e1000/files/ixgbe%20stable/

 

version 3.3.1 ixgbevf - https://sourceforge.net/projects/e1000/files/ixgbevf%20st

 

 

Hope the above helps.

 

 

Rgds,

 

wb

 

idata
Community Manager
68 Views

Hi esealing,

 

 

Good day. Have you tried the command to verify the virtual function loaded? Please feel free to update.

 

 

rgds,

 

wb

 

idata
Community Manager
68 Views

Thank you.

I was able to get this working in X710/XL710 using trust mode... however it does not seem to work with the 10Gb ports in the Xeon-D 1541.

~Ed

idata
Community Manager
68 Views

Hi Ed,

Thank you for the update. can you help clarify regarding it does not seem to work with the (2) x552/x557 10G Ethernet card? can you provide more information? thanks.

Rgds,

 

wb

 

idata
Community Manager
68 Views

Hi Ed,

Please feel free to provide information on my previous post.

Rgds,

 

wb
Reply