> -----Original Message----- > From: Assaad, Sami (Sami) [mailto:sami.assaad at alcatel-lucent.com] > Sent: Friday, May 15, 2015 2:00 PM > To: Ananyev, Konstantin; Richardson, Bruce; Stephen Hemminger > Cc: dev at dpdk.org > Subject: RE: [dpdk-dev] How do you setup a VM in Promiscuous Mode using PCI > Pass-Through (SR-IOV)? > > Thanks Konstantin for your reply. > > Konstantin, > > Would you be able in providing more details as to ixgbe VF mirroring? > Would you have any valuable URL's or documentation that explain this in > detail and/or provide examples?
I didn't use it much, but you can have a look at rte_eth_mirror_rule_set()/rte_eth_mirror_rule_reset(). Also you can use testpmd as a reference how to use these functions. Let say: 1. start testpmd with PF and 2 VFs on the same port: ./dpdk.org/x86_64-native-linuxapp-gcc/app/testpmd -l 6,7 -n 4 --socket-mem=1024,0 -w 07:00.1 -w 07:10.1 -w 07:10.3 -- -i --no-flush-rx testpmd> set verbose 9 testpmd> set fwd rxonly testpmd> start 2. Send a packet to the port and confirm that only PF/queue 0 received it. Should see something like that: port 0/queue 0: received 1 packets src=00:00:0A:00:0E:00 - dst=00:00:0A:00:0F:00 - type=0x0800 - length=60 - nb_segs=1 - Receive queue=0x0 PKT_RX_IPV4_HDR 3. configure 2 mirror rules, so each VF receive a copy: testpmd> set port 0 mirror-rule 1 uplink-mirror dst-pool 32 on testpmd> set port 0 mirror-rule 0 uplink-mirror dst-pool 33 on 4. Send another packet and confirm that PF and both VF received a copy port 0/queue 0: received 1 packets src=00:00:0A:00:0E:00 - dst=00:00:0A:00:0F:00 - type=0x0800 - length=60 - nb_segs=1 - Receive queue=0x0 PKT_RX_IPV4_HDR port 1/queue 0: received 1 packets src=00:00:0A:00:0E:00 - dst=00:00:0A:00:0F:00 - type=0x0800 - length=64 - nb_segs=1 - Receive queue=0x0 PKT_RX_IPV4_HDR port 2/queue 0: received 1 packets src=00:00:0A:00:0E:00 - dst=00:00:0A:00:0F:00 - type=0x0800 - length=64 - nb_segs=1 - Receive queue=0x0 PKT_RX_IPV4_HDR Konstantin > > Thanks in advance. > > Best Regards, > Sami. > > -----Original Message----- > From: Ananyev, Konstantin [mailto:konstantin.ananyev at intel.com] > Sent: Friday, May 15, 2015 5:31 AM > To: Richardson, Bruce; Stephen Hemminger > Cc: dev at dpdk.org; Assaad, Sami (Sami) > Subject: RE: [dpdk-dev] How do you setup a VM in Promiscuous Mode using PCI > Pass-Through (SR-IOV)? > > > > > -----Original Message----- > > From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Bruce Richardson > > Sent: Friday, May 15, 2015 10:27 AM > > To: Stephen Hemminger > > Cc: dev at dpdk.org; Assaad, Sami (Sami) > > Subject: Re: [dpdk-dev] How do you setup a VM in Promiscuous Mode using PCI > > Pass-Through (SR-IOV)? > > > > On Thu, May 14, 2015 at 04:47:19PM -0700, Stephen Hemminger wrote: > > > On Thu, 14 May 2015 21:38:24 +0000 > > > "Assaad, Sami (Sami)" <sami.assaad at alcatel-lucent.com> wrote: > > > > > > > Hello, > > > > > > > > My Hardware consists of the following: > > > > - DL380 Gen 9 Server supporting two Haswell Processors (Xeon CPU > > > > E5-2680 v3 @ 2.50GHz) > > > > - An x540 Ethernet Controller Card supporting 2x10G ports. > > > > > > > > Software: > > > > - CentOS 7 (3.10.0-229.1.2.el7.x86_64) > > > > - DPDK 1.8 > > > > > > > > I want all the network traffic received on the two 10G ports to be > > > > transmitted to my VM. The issue is that the Virtual Function / > > Physical Functions have setup the internal virtual switch to only > > route Ethernet packets with destination MAC address matching the VM > > virtual interface MAC. How can I configure my virtual environment to > > provide all network traffic to the VM...i.e. set the virtual > functions for both PCI devices in Promiscuous mode? > > > > > > > > [ If a l2fwd-vf example exists, this would actually solve this > > > > problem ... Is there a DPDK l2fwd-vf example available? ] > > > > > > > > > > > > Thanks in advance. > > > > > > > > Best Regards, > > > > Sami Assaad. > > > > > > This is a host side (not DPDK) issue. > > > > > > Intel PF driver will not allow guest (VF) to go into promiscious > > > mode since it would allow traffic stealing which is a security violation. > > > > Could you maybe try passing the PF directly into the VM, rather than a > > VF based off it? Since you seem to want all traffic to go to the one > > VM, there seems little point in creating a VF on the device, and > > should let the VM control the whole NIC directly. > > As I remember, with ixgbe it is possible to make one VF a mirror (receive a > copy of all traffic). > Konstantin > > > > > Regards, > > /Bruce
