Skip navigation

Malicious Driver Detection (MDD) Event - Resolved

 

How is this issue being addressed?

The Malicious Driver Detection issue that we are aware of is addressed in the 1.7.1 i40en driver release for ESXi 6.7 available for download here:  Link to Download

 

Note:  Drivers that address the MDD issue for ESXi 6.0 & ESXi 6.5 will be available in a future release.

 

Who was experiencing this issue?

Customers using Intel Ethernet 700 Series Network Adapters and using VMware ESXi and i40en driver 1.5.8

 

If after updating to 1.7.1 i40en driver on ESXi 6.7 you are still experiencing the MDD issue, please contact us via this Wired Community or via Customer Support

Using Intel Ethernet 700 Series Network Adapters in VMware ESXi 6.x

 

The Intel® Ethernet 700 Series (700 Series) is made up of several discrete controllers and a network connection that is part of the Intel® 620 Chipset:

  • Intel® Ethernet Controller XL710
  • Intel® Ethernet Controller XXV710
  • Intel® Ethernet Controller X710
  • Intel® Ethernet Connection X722

All devices in the series share the same architecture and the same set of drivers, with the exception that the Intel® Ethernet Connection X722 has up to four 10 GbE ports and is RDMA iWARP capable.

As with many network devices, there are currently two different API-based drivers that are available for the Network Adapters based on the 700 Series Controllers and Connection.

  1. The legacy VMKLinux API-based ESXi driver: i40e
  2. Native Mode API-based ESXi driver: i40en

Intel recommends using the Native Mode API-based ESXi drivers for all Intel Ethernet Network Adapters.  Native Mode API-based ESXi driver’s naming scheme ends with the letter “n”, as seen with the 700 Series Network Adapter Native Mode API-based ESXi driver is named “i40en”.  When selecting a driver from the VMware VCG site, ensure that you select the Native Mode API-based ESXi driver (i40en,) since the version number may be lower than the legacy (VMKLinux API-based) driver.

The following table shows examples of the recent retail versions of the 700 Series Network Adapters, and how they are mapped to controllers and VMware Native Mode API-based ESXi driver.

Driver

Controller / Connection

Adapter

i40en

Intel® Ethernet Controller XL710

Intel® Ethernet Converged Network Adapter XL710-QDA1

Intel® Ethernet Converged Network Adapter XL710-QDA2

Intel® Ethernet I/O Module XL710-Q1

Intel® Ethernet I/O Module XL710-Q2

Intel® Ethernet Controller X710

Intel® Ethernet Converged Network Adapter X710-DA2

Intel® Ethernet Converged Network Adapter X710-DA4

Intel® Ethernet Converged Network Adapter X710-T4

Intel® Ethernet Controller X710/X557-AT 10GBASE-T

Intel® Ethernet Controller XXV710

Intel® Ethernet Network Adapter XXV710-DA1

Intel® Ethernet Network Adapter XXV710-DA2

Intel® Ethernet Network Adapter XXV710 OCP

Intel® Ethernet Connection X722

Intel® Ethernet Connection X722 for 10GBASE-T

Intel® Ethernet Connection X722 for 10GbE backplane

Intel® Ethernet Connection X722 for 10GbE QSFP+

Intel® Ethernet Connection X722 for 10GbE SFP+

Intel® Ethernet Connection X722 for 1GbE

 

There are two different types for each of the drivers:

  • inbox driver - Version included by VMware in the ESXi ISO image.
  • async driver - Posted on the VMware driver support site and updates the inbox driver .

 

In some cases, the inbox driver is still the i40e legacy (VMKLinux API-based) ESXi driver and should be updated to the latest i40en (Native Mode API-based) ESXi driver.  In general, all the firmware versions should be at the same level, and the latest i40en driver should be used.  In some cases, firmware versions may be displayed as a family version, which is different than the actual firmware version number.  In this case, check the firmware readme or release notes for the actual firmware version.

Since the features and configuration of the 700 Series use a combination of firmware and an OS driver that should be updated per the support matrix found in the Intel® Ethernet Controller X710/ XXV710/XL710 Feature Support Matrix document or Intel support site.

https://www.intel.com/content/dam/www/public/us/en/documents/release-notes/xl710-ethernet-controller-feature-matrix.pdf

The following information provides the recommended combinations of VMware ESXi* driver and NVM firmware versions for 700 Series Controllers, Network Adapters, and Connections to use in a VMware environment.

Intel® Ethernet 700 Series Network Adapters

Software Type and Compatible Versions

VMware Version

NVM Image

Driver Name

NIC Driver

CIM Provider

Note

ESXi 6.7

6.01

i40en

async driver: 1.7.1

  1. 3.6.0.14

1

ESXi 6.5

6.01

i40en

async driver: 1.5.8

  1. 3.6.0.14

1

ESXi 6.0

6.01

i40en

async driver: 1.5.8

  1. 3.6.0.14

1

Intel® Ethernet Connection X722

Software Type and Compatible Versions

VMware Version

NVM Image

Driver Name

NIC Driver

CIM Provider

Note

ESXi 6.7

3.51

i40en

async driver: 1.7.1

  1. 3.6.0.14

2

ESXi 6.5

3.51

i40en

async driver: 1.5.8

  1. 3.6.0.14

2

ESXi 6.0

3.51

i40en

async driver: 1.5.8

  1. 3.6.0.14

2

  1. NVM image version on the 700 Series Network Adapters might be version 5.04 or 6.01.  These versions are also compatible with the NIC driver associated on that same row above.
  2. NVM image version on the Intel Ethernet Connection X722 might be version 3.28 or 3.51.  These versions are also compatible with the NIC driver associated on that same row above.

 

Acronyms used in tables:

  • NVM = Refers to non-volatile memory (typically EEPROM, Serial EEPROM memory)
  • NIC = Network Interface Controller
  • CIM = Common Information Model
  • FW = Firmware

 

For a listing of all devices supported by VMware*, see VMware* Compatibility Guide: I/O Device Search.

  1. Go to VMware Compatibility Guide: I/O Device Search.
  2. Select Product Release Version: Pick the product version (optional).
  3. Select Brand Name: Intel.
  4. Select I/O Device Type: Network.
  5. In Keyword, enter part of the device or driver name in quotes. For example, “X710” or “i40en”.
  6. In Search Results, click the adapter name in the model column.
  7. In Model Release Details, view the list of all releases and compatible device drivers.
  8. For details on the release and driver, including a link to the driver download site, click + to expand the row.

 

GbE

Ports

Intel® Ethernet Product Name

Intel

DELL EMC*

HPE*

Lenovo*

Cisco*

Supermicro*

Huawei*

401Intel® Ethernet Converged Network Adapter XL710-QDA1XL710QDA1-P9J19A (3PO)--AOC-XL710QDA16310092
402Intel® Ethernet Converged Network Adapter XL710-QDA2XL710QDA2540-BBRF (FHB)
  540-BBRM (LPB)
-XL710QDA2G2P530-100132-01AOC-XL710QDA2-
251Intel® Ethernet Network Adapter XXV710-DA1XXV710DA1----AOC-XXV710DA1-
252Intel® Ethernet Network Adapter XXV710-DA2XXV710DA2540-BCDH (FHB)
540-BCCM (LPB)
870825-B21SN37A28059 (ThinkSystem)30-100202-01AOC-XXV710DA206310132
102Intel® Ethernet ConvergedNetwork Adapter X710-DA2X710DA2555-BCKN (LPB)727055-B2101DA901 (System X)
  SN30L21975 (ThinkSystem)
30-100173-01AOC-X710DA2-
102Intel® Ethernet Converged Network Adapter X710-DA2X710DA2BLK540-BBHP (FHB)----6310128
104Intel® Ethernet Converged Network Adapter X710-DA4X710DA4BLK---30-100131-01AOC-X710DA4-
104Intel® Ethernet Converged Network Adapter X710-DA4X710DA4FH540-BBHQ (FHB)869585-B21
Linux* only)
SN37A28055 (ThinkSystem)-AOC-X710DA4FH-
104Intel® Ethernet ConvergedNetwork Adapter X710-T4X710T4540-BBUX (FHB)
540-BBVO (LPB)
-SN37A18664 (ThinkSystem)30-100203-01AOC- X710T46310127

 

While some use the same version of the firmware and drivers as their Intel-branded counterpart, other OEM network adapters do have specific firmware and OS drivers, and are managed via the OEM’s configuration and update tools.  In the case where a server is using a combination of OEM -branded and Intel-branded retail network adapters, it may be necessary to use more than one firmware update tool.  For example, use the Intel update tool to update the Intel-branded network adapters, and the OEM update tools to update the OEM-branded network adapters.  It is also important to follow the server configuration and supported hardware requirements that can vary from server to server.

Link to Intel® Ethernet NVM Update Tool Quick Usage Guide for VMware ESX:

https://www.intel.com/content/www/us/en/embedded/products/networking/nvm-update-tool-vmware-esx-quick-usage-guide.html

Link to Non-Volatile Memory (NVM) Update Utility for Intel® Ethernet 700 Series Network Adapter download:

https://downloadcenter.intel.com/download/24769

 
Example Update and Output:

[root@localhost:/vmfs/volumes/datastore(1)/XL710/ESXi_x64] ./nvmupdaten64e

Intel(R) Ethernet NVM Update Tool

NVMUpdate version 1.30.2.0

Copyright (C) 2013 - 2017 Intel Corporation.

 

WARNING: To avoid damage to your device, do not stop the update or reboot or power off the

system during this update.

Inventory in progress. Please wait [..+*******]

 

Num Description                                 Device-Id B:D   Adapter Status

=== ======================================      ========= ===== ====================

01) Intel(R) Ethernet 10G 4P X710/I350 rNDC     8086-1572 01:00 Update not available

02) Intel(R) Ethernet Converged Network Ad      8086-1572 03:00 Update available

03) Intel(R) Ethernet Converged Network Ad      8086-1572 05:00 Up to date

 

Options: Adapter Index List (comma-separated), [A]ll, e[X]it

Enter selection: 2

Would you like to back up the NVM images? [Y]es/[N]o: y

Update in progress. This operation may take several minutes.

[...*******]

Please Power Cycle your system now and run the NVM update utility again to complete the

update. Failure to do so will result in an incomplete NVM update.

Tool execution completed with the following status: All operations completed successfully.

Press any key to exit.

 

There are several ways to determine which firmware update tool is required.

  • Search on the server OEM’s support site for the latest firmware update tool. If all the network devices are listed as up-to-date or show that an update is available, only the OEM update tool is needed.
  • If the OEM update tools reports back a lower firmware version then the latest, but the status shows “Update not available”, try running the Intel firmware update tool found on the Intel support site.

 

How do I find 700 Series Network Adapters or OEM-branded version drivers in the VMware Compatibility Guide?

  1. Go to VMware Compatibility Guide: I/O Device Search.
  2. Select Product Release Version: Pick the product version (optional).
  3. Select Brand Name: Intel or OEM name.
  4. Select I/O Device Type: Network.
  5. In Keyword, enter part of the device or driver name in quotes. For example, “X710” or “i40en”.
  6. Optional for SR-IOV: In Features, select SR-IOV.
  7. In Search Results, click the adapter name in the model column.
  8. In Model Release Details, view the list of all releases and compatible device drivers.
    NOTE: Select the i40en (Native Driver).
  9. For details on the release and driver, including a link to the driver download site, click + to expand the row.

Filter Blog

By date: By tag: