9 Replies Latest reply on Jul 18, 2017 9:15 PM by Intel Corporation

    SR-IOV with IXGBE - Vlan packets getting spoofed

    pratikmaru

      Hi All,

       

      I am using RHEL7.3 with Intel-82599ES nic cards to launch VMs with SRIOV enabled nic cards. I am using configuring only one VF per PF. I am configuring this VF with vlan, trust mode on and disabling spoof chk.

      But, when I am sending vlan tagged packets from Guest VM, I can see the "spoofed packet detected" message in dmesg for this PF card.

      We have also disabled the rx/tx vlan offload using ethtool command.

       

      Here are setup details:

      Kernel version

      # uname -r

      3.10.0-514.el7.x86_64

       

      PF/VF configuration:

      # ip link show eth2

      4: eth2: <BROADCAST,MULTICAST,ALLMULTI,PROMISC,UP,LOWER_UP> mtu 9192 qdisc mq state UP mode DEFAULT qlen 1000

          link/ether 90:e2:ba:a5:98:7c brd ff:ff:ff:ff:ff:ff

          vf 0 MAC fa:16:3e:73:12:6c, vlan 1500, spoof checking off, link-state auto, trust on

       

      IXGBE version

      # ethtool -i eth2

      driver: ixgbe

      version: 4.4.0-k-rh7.3

      firmware-version: 0x61bd0001

      expansion-rom-version:

      bus-info: 0000:81:00.0

      supports-statistics: yes

      supports-test: yes

      supports-eeprom-access: yes

      supports-register-dump: yes

      supports-priv-flags: no

       

      Messages from dmesg

      [441100.018278] ixgbe 0000:81:00.0 eth2: 3 Spoofed packets detected

      [441102.022383] ixgbe 0000:81:00.0 eth2: 2 Spoofed packets detected

      [441104.026460] ixgbe 0000:81:00.0 eth2: 3 Spoofed packets detected

      [441106.030516] ixgbe 0000:81:00.0 eth2: 2 Spoofed packets detected

       

       

      LSPCI output

      # lspci -nn | grep Ether | grep 82599

      81:00.0 Ethernet controller [0200]: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection [8086:10fb] (rev 01)

      81:00.1 Ethernet controller [0200]: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection [8086:10fb] (rev 01)

      81:10.0 Ethernet controller [0200]: Intel Corporation 82599 Ethernet Controller Virtual Function [8086:10ed] (rev 01)

       

       

      Ethtool -k output

      # ethtool -k eth2 | grep vlan

      rx-vlan-offload: off

      tx-vlan-offload: off

      rx-vlan-filter: on

      vlan-challenged: off [fixed]

      tx-vlan-stag-hw-insert: off [fixed]

      rx-vlan-stag-hw-parse: off [fixed]

      rx-vlan-stag-filter: off [fixed]

       

      Please let me know, if you any need any other information.

       

      Regards

      Pratik