From 0dcafcc505dccb9243c90c57a20295d4f0afce29 Mon Sep 17 00:00:00 2001 From: Benoît Ganne Date: Mon, 12 Aug 2019 11:44:20 +0200 Subject: rdma: add support for MAC changes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Type: feature Change-Id: I5803b52d12e56f2ccc1316e89ece6f1c5898810a Signed-off-by: Benoît Ganne --- src/plugins/rdma/rdma_doc.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'src/plugins/rdma/rdma_doc.md') diff --git a/src/plugins/rdma/rdma_doc.md b/src/plugins/rdma/rdma_doc.md index e41839eb595..3c79f9aefd3 100644 --- a/src/plugins/rdma/rdma_doc.md +++ b/src/plugins/rdma/rdma_doc.md @@ -49,3 +49,22 @@ It should work in containers as long as: - the `ib_uverbs` module is loaded - the device nodes `/dev/infiniband/uverbs[0-9]+` are usable from the container (but see [security considerations](#Security considerations)) + +### SR-IOV VFs support +It should work on SR-IOV VFs the same way it does with PFs. Because of VFs +security containment features, make sure the MAC address of the rdma VPP +interface matches the MAC address assigned to the underlying VF. +For example: +``` +host# echo 1 > /sys/class/infiniband/mlx5_0/device/sriov_numvfs +host# ip l set dev enp94s0f0 vf 0 mac 92:5d:f5:df:b1:6f spoof on trust off +host# ip l set dev enp94s0f2 up +vpp# create int rdma host-if enp94s0f2 name rdma-0 +vpp# set int mac address rdma-0 92:5d:f5:df:b1:6f +``` +If you plan to use L2 features such as switching, make sure the underlying +VF is configured in trusted mode and spoof-checking is disabled (of course, be +aware of the [security considerations](#Security considerations)): +``` +host# ip l set dev enp94s0f0 vf 0 spoof off trust on +``` -- cgit 1.2.3-korg