配置SR-IOV网卡的VF权限

可以使用 ip-link(8) 工具对SR-IOV网卡的VF进行权限配置,命令组:ip link set用于改变设备的权限。

1. 设置VF的mac地址:

ip link set dev p5p1 vf 0 mac aa:bb:cc:dd:ee:00

2. 对指定的VF添加信任:

 ip link set dev p5p1 vf 0 trust on

This command enables trust on for Virtual Function 0 on Physical Device 'p5p1' and allows the VM to change the MAC address and enable multicast promiscuous mode on the VF.

This feature is useful in below scenarios:

(1). SR-IOV bonding configurations inside guests with VLANs on the interfaces. For example, when the bond shifts from active slave to standby slave, the bond interface carries the MAC of the original active. This MAC needs to be configured down on the VF else all tx packets will be dropped due MAC spoof checking. This can be also achieved if we set fail_over_mac as active which changes the bond MAC on port switchover. But with VLANs on top of bond there will be issues if the bond MAC changes as the MAC of the VLAN interfaces will still have the old MACs.

(2). Currently only a list of 30 multicast addresses can be supported per VF. This restricts the number of IPv6 IPs which can be used/interfaces, as for each IP there will be a different multicast MAC allocated by the kernel. This in turn also restricts the number of VLAN than can created while using IPv6.

3. 对指定的VF是否开启packet spoof检测:

ip link set dev p5p1  vf 0  spoof checking off

4. 还有一些常用配置如下:

mac LLADDRESS: change the station address for the specified VF. Thevfparameter must be specified.

vlan VLANIDchange the assigned VLAN for the specified VF. When specified, all trafficsent from the VF will be tagged with the specified VLAN ID. Incoming trafficwill be filtered for the specified VLAN ID, and will have all VLAN tagsstripped before being passed to the VF. Setting this parameter to 0 disablesVLAN tagging and filtering. Thevfparameter must be specified.

qos VLAN-QOSassign VLAN QOS (priority) bits for the VLAN tag. When specified, all VLANtags transmitted by the VF will include the specified priority bits in theVLAN tag. If not specified, the value is assumed to be 0. Both thevfandvlanparameters must be specified. Setting bothvlanandqosas 0 disables VLAN tagging and filtering for the VF.

rate TXRATEchange the allowed transmit bandwidth, in Mbps, for the specified VF.Setting this parameter to 0 disables rate limiting.vfparameter must be specified.Please use new APImax_tx_rateoption instead.

max_tx_rate TXRATEchange the allowed maximum transmit bandwidth, in Mbps, for the specified VF.vfparameter must be specified.

min_tx_rate TXRATEchange the allowed minimum transmit bandwidth, in Mbps, for the specified VF.Minimum TXRATE should be always <= Maximum TXRATE.vfparameter must be specified.

state auto|enable|disable: set the virtual link state as seen by the specified VF. Setting to auto means areflection of the PF link state, enable lets the VF to communicate with other VFs onthis host even if the PF link state is down, disable causes the HW to drop any packetssent by the VF.



参考文献:

[1]. http://rpm.pbone.net/index.php3/stat/45/idpl/30443980/numer/8/nazwa/ip-link

[2]. Enable trust control for SR-IOV ports

你可能感兴趣的:(Xen,虚拟化技术)