Linux* Driver for Intel(R) Ethernet Adaptive Virtual Function ============================================================= June 8, 2020 Contents ======== - Overview - Building and Installation - Command Line Parameters - Additional Configurations - Performance Optimization - Known Issues - Support - License Overview ======== The virtual function (VF) driver supports virtual functions generated by the physical function (PF) driver, with one or more VFs enabled through sysfs. The associated PF drivers for this VF driver are: - ice - i40e SR-IOV requires the correct platform and OS support. The guest OS loading this driver must support MSI-X interrupts. For questions related to hardware requirements, refer to the documentation supplied with your Intel adapter. All hardware requirements listed apply to use with Linux. Driver information can be obtained using ethtool, lspci, and ifconfig. Instructions on updating ethtool can be found in the section Additional Configurations later in this document. Adaptive Virtual Function ------------------------- Adaptive Virtual Function (AVF) allows the virtual function driver, or VF, to adapt to changing feature sets of the physical function driver (PF) with which it is associated. This allows system administrators to update a PF without having to update all the VFs associated with it. All AVFs have a single common device ID and branding string. AVFs have a minimum set of features known as "base mode," but may provide additional features depending on what features are available in the PF with which the AVF is associated. The following are base mode features: - 4 Queue Pairs (QP) and associated Configuration Status Registers (CSRs) for Tx/Rx - iavf descriptors and ring format - Descriptor write-back completion - 1 control queue, with iavf descriptors, CSRs and ring format - 5 MSI-X interrupt vectors and corresponding iavf CSRs - 1 Interrupt Throttle Rate (ITR) index - 1 Virtual Station Interface (VSI) per VF - 1 Traffic Class (TC), TC0 - Receive Side Scaling (RSS) with 64 entry indirection table and key, configured through the PF - 1 unicast MAC address reserved per VF - 16 MAC address filters for each VF - Stateless offloads - non-tunneled checksums - AVF device ID - HW mailbox is used for VF to PF communications (including on Windows) Identifying Your Adapter ======================== For information on how to identify your adapter, and for the latest Intel network drivers, refer to the Intel Support website: http://www.intel.com/support Building and Installation ========================= To build a binary RPM package of this driver -------------------------------------------- Note: RPM functionality has only been tested in Red Hat distributions. 1. Run the following command, where <x.x.x> is the version number for the driver tar file. # rpmbuild -tb iavf-<x.x.x>.tar.gz NOTE: For the build to work properly, the currently running kernel MUST match the version and configuration of the installed kernel sources. If you have just recompiled the kernel, reboot the system before building. 2. After building the RPM, the last few lines of the tool output contain the location of the RPM file that was built. Install the RPM with one of the following commands, where <RPM> is the location of the RPM file: # rpm -Uvh <RPM> or # dnf/yum localinstall <RPM> NOTES: - To compile the driver on some kernel/arch combinations, you may need to install a package with the development version of libelf (e.g. libelf-dev, libelf-devel, elfutilsl-libelf-devel). - When compiling an out-of-tree driver, details will vary by distribution. However, you will usually need a kernel-devel RPM or some RPM that provides the kernel headers at a minimum. The RPM kernel-devel will usually fill in the link at /lib/modules/'uname -r'/build. To manually build the driver ---------------------------- 1. Move the virtual function driver tar file to the directory of your choice. For example, use '/home/username/iavf' or '/usr/local/src/iavf'. 2. Untar/unzip the archive, where <x.x.x> is the version number for the driver tar file: # tar zxf iavf-<x.x.x>.tar.gz 3. Change to the driver src directory, where <x.x.x> is the version number for the driver tar: # cd iavf-<x.x.x>/src/ 4. Compile the driver module: # make install The binary will be installed as: /lib/modules/<KERNEL VER>/updates/drivers/net/ethernet/intel/iavf/iavf.ko The install location listed above is the default location. This may differ for various Linux distributions. 5. Load the module using the modprobe command. To check the version of the driver and then load it: # modinfo iavf # modprobe iavf Alternately, make sure that any older iavf drivers are removed from the kernel before loading the new module: # rmmod iavf; modprobe iavf 6. Assign an IP address to the interface by entering the following, where <ethX> is the interface name that was shown in dmesg after modprobe: # ip address add <IP_address>/<netmask bits> dev <ethX> 7. Verify that the interface works. Enter the following, where IP_address is the IP address for another machine on the same subnet as the interface that is being tested: # ping <IP_address> Command Line Parameters ======================= The iavf driver does not support any command line parameters. Additional Features and Configurations ====================================== Viewing Link Messages --------------------- Link messages will not be displayed to the console if the distribution is restricting system messages. In order to see network driver link messages on your console, set dmesg to eight by entering the following: # dmesg -n 8 NOTE: This setting is not saved across reboots. ethtool ------- The driver utilizes the ethtool interface for driver configuration and diagnostics, as well as displaying statistical information. The latest ethtool version is required for this functionality. Download it at: https://kernel.org/pub/software/network/ethtool/ Setting VLAN Tag Stripping -------------------------- If you have applications that require Virtual Functions (VFs) to receive packets with VLAN tags, you can disable VLAN tag stripping for the VF. The Physical Function (PF) processes requests issued from the VF to enable or disable VLAN tag stripping. Note that if the PF has assigned a VLAN to a VF, then requests from that VF to set VLAN tag stripping will be ignored. To enable/disable VLAN tag stripping for a VF, issue the following command from inside the VM in which you are running the VF: # ethtool -K <ethX> rxvlan on/off or alternatively: # ethtool --offload <ethX> rxvlan on/off IEEE 802.1ad (QinQ) Support --------------------------- The IEEE 802.1ad standard, informally known as QinQ, allows for multiple VLAN IDs within a single Ethernet frame. VLAN IDs are sometimes referred to as "tags," and multiple VLAN IDs are thus referred to as a "tag stack." Tag stacks allow L2 tunneling and the ability to segregate traffic within a particular VLAN ID, among other uses. NOTES: - 802.1ad (QinQ) is supported in 3.19 and later kernels. - Receive checksum offloads, cloud filters, and VLAN acceleration are not supported for 802.1ad (QinQ) packets. - 0x88A8 traffic will not be received unless VLAN stripping is disabled with the following command: # ethool -K <ethX> rxvlan off - 0x88A8/0x8100 double VLANs cannot be used with 0x8100 or 0x8100/0x8100 VLANS configured on the same port. 0x88a8/0x8100 traffic will not be received if 0x8100 VLANs are configured. - The VF can only transmit 0x88A8/0x8100 (i.e., 802.1ad/802.1Q) traffic if: 1) The VF is not assigned a port VLAN. 2) spoofchk is disabled from the PF. If you enable spoofchk, the VF will not transmit 0x88A8/0x8100 traffic. The following are examples of how to configure 802.1ad (QinQ): # ip link add link eth0 eth0.24 type vlan proto 802.1ad id 24 # ip link add link eth0.24 eth0.24.371 type vlan proto 802.1Q id 371 Where "24" and "371" are example VLAN IDs. Application Device Queues (ADQ) ------------------------------- Application Device Queues (ADQ) allow you to dedicate one or more queues to a specific application. This can reduce latency for the specified application, and allow Tx traffic to be rate limited per application. Requirements: - Kernel version 4.15 or later - Depending on the underlying PF device, ADQ cannot be enabled when the following features are enabled: Data Center Bridging (DCB), Multiple Functions per Port (MFP), or Sideband Filters. - If another driver (for example, DPDK) has set cloud filters, you cannot enable ADQ. When ADQ is enabled: - You cannot change RSS parameters, the number of queues, or the MAC address in the PF or VF. Delete the ADQ configuration before changing these settings. - The driver supports subnet masks for IP addresses in the PF and VF. When you add a subnet mask filter, the driver forwards packets to the ADQ VSI instead of the main VSI. To create traffic classes (TCs) on the interface: NOTE: Run all TC commands from the ../iproute2/tc/ directory. 1. Use the tc command to create traffic classes. You can create a maximum of 16 TCs per interface on Intel(R) Ethernet Controller 800 Series devices and 8 TCs per interface on Intel(R) Ethernet Controller 700 Series devices. # tc qdisc add dev <ethX> root mqprio num_tc <tcs> map <priorities> queues <count1@offset1 ...> hw 1 mode channel shaper bw_rlimit min_rate <min_rate1 ...> max_rate <max_rate1 ...> Where: num_tc <tcs>: The number of TCs to use. map <priorities>: The map of priorities to TCs. You can map up to 16 priorities to TCs. queues <count1@offset1 ...>: For each TC, <num queues>@<offset>. The max total number of queues for all TCs is the number of cores. hw 1 mode channel: 'channel' with 'hw' set to 1 is a new hardware offload mode in mqprio that makes full use of the mqprio options, the TCs, the queue configurations, and the QoS parameters. shaper bw_rlimit: For each TC, sets the minimum and maximum bandwidth rates. The totals must be equal to or less than the port speed. This parameter is optional and is required only to set up the Tx rates. min_rate <min_rate1>: Sets the minimum bandwidth rate limit for each TC. max_rate <max_rate1 ...>: Sets the maximum bandwidth rate limit for each TC. You can set a min and max rate together. NOTE: See the mqprio man page and the examples below for more information. 2. Verify the bandwidth limit using network monitoring tools such as ifstat or sar -n DEV [interval] [number of samples] NOTE: Setting up channels via ethtool (ethtool -L) is not supported when the TCs are configured using mqprio. 3. Enable hardware TC offload on the interface: # ethtool -K <ethX> hw-tc-offload on 4. Apply TCs to ingress (Rx) flow of the interface: # tc qdisc add dev <ethX> ingress EXAMPLE: See the tc and tc-flower man pages for more information on traffic control and TC flower filters. - To set up two TCs (tc0 and tc1), with 16 queues each, priorities 0-3 for tc0 and 4-7 for tc1, and max Tx rate set to 1Gbit for tc0 and 3Gbit for tc1: # tc qdisc add dev ens4f0 root mqprio num_tc 2 map 0 0 0 0 1 1 1 1 queues 16@0 16@16 hw 1 mode channel shaper bw_rlimit max_rate 1Gbit 3Gbit Where: map 0 0 0 0 1 1 1 1: Sets priorities 0-3 to use tc0 and 4-7 to use tc1 queues 16@0 16@16: Assigns 16 queues to tc0 at offset 0 and 16 queues to tc1 at offset 16 SR-IOV Hypervisor Management Interface -------------------------------------- The sysfs file structure below supports the SR-IOV hypervisor management interface. /sys/class/net/<ethX>/device/sriov (see 1 below) +-- egress_mirror +-- ingress_mirror +-- tpid +-- qos | +-- apply +-- [VF-id, 0 .. 255] (see 2 below) | +-- trunk | +-- vlan_mirror | +-- egress_mirror | +-- ingress_mirror | +-- loopback | +-- mac | +-- mac_list | +-- promisc | +-- vlan_strip | +-- stats || +-- rx_bytes || +-- rx_packets || +-- rx_dropped || +-- tx_bytes || +-- tx_packets || +-- tx_dropped || +-- tx_errors | +-- reset_stats | +-- link_state | +-- max_tx_rate | +-- trust | +-- enable | +-- num_queues | +-- allow_untagged | +-- qos || +-- share *1: kobject started from "sriov" is not available from existing kernel sysfs, and it requires device driver to implement this interface. *2: maximum number of SR-IOV instances is 256. The actual number of instances created depends on the value set for /sys/bus/devices/<device pci address>/sriov_numvfs SR-IOV hypervisor functions: - egress_mirror Mirrors egress traffic from the PF to the specified VF on the same PF. Example 1: add egress traffic mirroring on PF p1p2 to VF 7. # echo add 7 > /sys/class/net/p1p2/device/sriov/egress_mirror Example 2: remove egress traffic mirroring on PF p1p2 to VF 7. # echo rem 7 > /sys/class/net/p1p2/device/sriov/egress_mirror - ingress_mirror Mirrors ingress traffic from the PF to the specified VF on the same PF. Example 1: add ingress traffic mirroring on PF p1p2 to VF 7. # echo add 7 > /sys/class/net/p1p2/device/sriov/ingress_mirror Example 2: remove ingress traffic mirroring on PF p1p2 to VF 7. # echo rem 7 > /sys/class/net/p1p2/device/sriov/inress_mirror - tpid Specifies the TPID of the outer VLAN tag (S-tag). Can be set to 0x88A8 or 0x8100. This setting affects all VFs configured on the specified PF. Note: This setting is not supported on Intel(R) Ethernet Network Connection X722 based devices. Example 1: set TPID to 0x88A8. # echo 0x88a8 > /sys/class/net/p1p2/device/sriov/tpid Example 2: show the configured value. # cat /sys/class/net/p1p2/device/sriov/tpid - qos/apply Applies the VF bandwidth configuration for the port. See "qos/share" below for more information. - trunk Supports two operations: add and rem. - add: adds one or more VLAN IDs into VF VLAN filtering. - rem: removes VLAN IDs from the VF VLAN filtering list. Example 1: add multiple VLAN tags, VLANs 2,4,5,10-20, by PF, p1p2, on a selected VF, 1, for filtering, with the sysfs support: # echo add 2,4,5,10-20 > /sys/class/net/p1p2/device/sriov/1/trunk Example 2: remove VLANs 5, 11-13 from PF p1p2 VF 1 with sysfs: # echo rem 5,11-13 > /sys/class/net/p1p2/device/sriov/1/trunk Note: for rem, if VLAN ID is not on the VLAN filtering list, the VLAN ID will be ignored. - vlan_mirror Supports both ingress and egress traffic mirroring. Example 1: mirror traffic based upon VLANs 2,4,6,18-22 to VF 3 of PF p1p1. # echo add 2,4,6,18-22 > /sys/class/net/p1p1/device/sriov/3/vlan_mirror Example 2: remove VLAN 4, 15-17 from traffic mirroring at destination VF 3. # echo rem 15-17 > /sys/class/net/p1p1/device/sriov/3/vlan_mirror Example 3: remove all VLANs from mirroring at VF 3. # echo rem 0 - 4095> /sys/class/net/p1p1/device/sriov/3/vlan_mirror - egress_mirror Supports egress traffic mirroring from this VF to the specified VF. Example 1: add egress traffic mirroring on PF p1p2 VF 1 to VF 7. # echo add 7 > /sys/class/net/p1p2/device/sriov/1/egress_mirror Example 2: remove egress traffic mirroring on PF p1p2 VF 1 to VF 7. # echo rem 7 > /sys/class/net/p1p2/device/sriov/1/egress_mirror - ingress_mirror Supports ingress traffic mirroring from this VF to the specified VF. Example 1: mirror ingress traffic on PF p1p2 VF 1 to VF 7. # echo add 7 > /sys/class/net/p1p2/device/sriov/1/ingress_mirror Example 2: show current ingress mirroring configuration for VF 1. # cat /sys/class/net/p1p2/device/sriov/1/ingress_mirror - loopback Supports Enable/Disable VEB/VEPA (Local loopback). Example 1: allow traffic switching between VFs on the same PF. # echo ON > /sys/class/net/p1p2/device/sriov/loopback Example 2: send Hairpin traffic to the switch to which the PF is connected. # echo OFF > /sys/class/net/p1p2/device/sriov/loopback Example 3: show loopback configuration. # cat /sys/class/net/p1p2/device/sriov/loopback - mac Supports setting default MAC address. If MAC address is set by this command, the PF will not allow VF to change it using an MBOX request. Example 1: set default MAC address to VF 1. # echo "00:11:22:33:44:55" > /sys/class/net/p1p2/device/sriov/1/mac Example 2: show default MAC address. # cat /sys/class/net/p1p2/device/sriov/1/mac - mac_list Supports adding additional MACs to the VF. The default MAC is taken from "ip link set p1p2 vf 1 mac 00:11:22:33:44:55" if configured. If not, a random address is assigned to the VF by the NIC. If the MAC is configured using the IP LINK command, the VF cannot change it via MBOX/AdminQ requests. Example 1: add mac 00:11:22:33:44:55 and 00:66:55:44:33:22 to PF p1p2 VF 1. # echo add "00:11:22:33:44:55,00:66:55:44:33:22" > /sys/class/net/p1p2/device/sriov/1/mac_list Example 2: delete mac 00:11:22:33:44:55 from above VF device. # echo rem 00:11:22:33:44:55 > /sys/class/net/p1p2/device/sriov/1/mac_list Example 3: display a VF MAC address list. # cat /sys/class/net/p1p2/device/sriov/1/mac_lis - promisc Supports setting/unsetting VF device unicast promiscuous mode and multicast promiscuous mode. Example 1: set MCAST promiscuous on PF p1p2 VF 1. # echo add mcast > /sys/class/net/p1p2/device/sriov/1/promisc Example 2: set UCAST promiscuous on PF p1p2 VF 1. # echo add ucast > /sys/class/net/p1p2/device/sriov/1/promisc Example 3: unset MCAST promiscuous on PF p1p2 VF 1. # echo rem mcast > /sys/class/net/p1p2/device/sriov/1/promisc Example 4: show current promiscuous mode configuration. # cat /sys/class/net/p1p2/device/sriov/1/promisc NOTE: VFs set to promiscuous via this sysfs interface may not receive packets addressed to another VF on the same port. For another VF to receive the packets, you must enable VF true promiscuous mode via ethtool. See "Trusted VFs and VF Promiscuous Mode" in this README for more information on enabling true promiscuous mode. - vlan_strip Supports enabling/disabling VF device outer VLAN stripping. Example 1: enable VLAN strip on VF 3. # echo ON > /sys/class/net/p1p1/device/sriov/3/vlan_strip Example 2: disable VLAN striping VF 3. # echo OFF > /sys/class/net/p1p1/device/sriov/3/vlan_strip - stats Supports getting VF statistics: rx_bytes rx_dropped rx_packets tx_bytes tx_dropped tx_packets tx_errors Example 1: display anti-spoofing violations counter for VF 1. # cat /sys/class/net/p1p2/device/sriov/1/stats/tx_error - reset_stats Resets the VF's stats counters. Example 1: reset stats for VF 1. # echo 1 > /sys/class/net/p1p2/device/sriov/1/stats/reset_stats - link_state Sets/displays link status. Example 1: display link status on link speed. # cat /sys/class/net/p1p2/device/sriov/1/link_state Example 2: set VF 1 to track status of PF link. # echo auto > /sys/class/net/p1p2/device/sriov/1/link_state Example 3: disable VF 1. # echo disable > /sys/class/net/p1p2/device/sriov/1/link_state - enable Enables or disables the VF device. Notes: - Enabling a VF will trigger a VF reset. - Enabling a VF does not start any queues in the hardware. - Disabling a VF will forcibly stop the queues and may lead to Tx timeouts on the VF or VM. - This feature is not designed to manage traffic flow. It's intended to help prevent or handle error conditions. Example 1: enable VF 3. # echo on > /sys/class/net/p1p1/device/sriov/3/enable Example 2: disable VF 3. # echo off > /sys/class/net/p1p1/device/sriov/3/enable Example 3: show VF 3 enable state. # cat /sys/class/net/p1p1/device/sriov/3/enable - num_queues Sets the number of queues allocated for the VF. To change the number of queues, queue_type must be RSS. Note: Changing this value will trigger a VF reset, which may disrupt traffic. We recommend configuring this setting before traffic starts, not during runtime. Example 1: set 8 queues for VF 5 if queue_type is RSS. # echo 8 > /sys/class/net/p1p1/device/sriov/5/num_queues Example 2: show VF 5 number of queues for VF 5 type. # cat /sys/class/net/p1p1/device/sriov/5/num_queues - qos/share Sets the share of bandwidth for the specified VF(s). Note: This feature is limited to TC0 only. You cannot revert the share back to 0 once it has been set. You need to apply a change to hardware using the related sysfs node qos/apply. Example 1: allocate 10% of bandwidth to VF 0, 20% to VF 1, and the remaining 70% of bandwidth shared equally among the other VFs plus PF. Note: For all the unspecified VFs (or PFs), the default value for "share" is 0. # echo 10 > /sys/class/net/p1p1/device/sriov/0/qos/share # echo 20 > /sys/class/net/p1p1/device/sriov/1/qos/share # echo 1 > /sys/class/net/p1p1/device/sriov/qos/apply (kicks off a recalculation based upon bandwidth distribution parameters specified through qos/share sysfs) Example 2: display current bandwidth allocation for each VF. # cat /sys/class/net/p1p1/device/sriov/0/qos/share (return 10) # cat /sys/class/net/p1p1/device/sriov/1/qos/share (return 20) Performance Optimization ======================== Driver defaults are meant to fit a wide variety of workloads, but if further optimization is required, we recommend experimenting with the following settings. Rx Descriptor Ring Size ----------------------- To reduce the number of Rx packet discards, increase the number of Rx descriptors for each Rx ring using ethtool. - Check if the interface is dropping Rx packets due to buffers being full (rx_dropped.nic can mean that there is no PCIe bandwidth): # ethtool -S <ethX> | grep "rx_dropped" - If the previous command shows drops on queues, it may help to increase the number of descriptors using 'ethtool -G': # ethtool -G <ethX> rx <N> Where <N> is the desired number of ring entries/descriptors This can provide temporary buffering for issues that create latency while the CPUs process descriptors. NOTE: When you are handling a large number of connections in a VF, we recommend setting the number of Rx descriptors to 1024 or above. For example: # ethtool -G <ethX> rx 2048 Known Issues/Troubleshooting ============================ Software Issues --------------- NOTE: After installing the driver, if your Intel Ethernet Network Connection is not working, verify that you have installed the correct driver. Linux bonding fails with Virtual Functions bound to an Intel(R) Ethernet Controller 700 series based device ------------------------------------------------------------------------ If you bind Virtual Functions (VFs) to an Intel(R) Ethernet Controller 700 series based device, the VF slaves may fail when they become the active slave. If the MAC address of the VF is set by the PF (Physical Function) of the device, when you add a slave, or change the active-backup slave, Linux bonding tries to sync the backup slave's MAC address to the same MAC address as the active slave. Linux bonding will fail at this point. This issue will not occur if the VF's MAC address is not set by the PF. Traffic Is Not Being Passed Between VM and Client ------------------------------------------------- You may not be able to pass traffic between a client system and a Virtual Machine (VM) running on a separate host if the Virtual Function (VF, or Virtual NIC) is not in trusted mode and spoof checking is enabled on the VF. Note that this situation can occur in any combination of client, host, and guest operating system. See the readme for the PF driver for information on spoof checking and how to set the VF to trusted mode. Using four traffic classes fails -------------------------------- Do not try to reserve more than three traffic classes in the iavf driver. Doing so will fail to set any traffic classes and will cause the driver to write errors to stdout. Use a maximum of three queues to avoid this issue. Unexpected errors in dmesg when adding TCP filters on the VF ------------------------------------------------------------ When ADQ is configured and the VF is not in trusted mode, you may see unexpected error messages in dmesg on the host when you try to add TCP filters on the VF. This is due to the asynchronous design of the iavf driver. The VF does not know whether it is trusted and appears to set the filter, while the PF blocks the request and reports an error. See the dmesg log in the host OS for details about the error. Multiple log error messages on iavf driver removal ---------------------------------------------------- If you have several VFs and you remove the iavf driver, several instances of the following log errors are written to the log: Unable to send opcode 2 to PF, err I40E_ERR_QUEUE_EMPTY, aq_err ok Unable to send the message to VF 2 aq_err 12 ARQ Overflow Error detected MAC address of Virtual Function changes unexpectedly ---------------------------------------------------- If a Virtual Function's MAC address is not assigned in the host, then the VF (virtual function) driver will use a random MAC address. This random MAC address may change each time the VF driver is reloaded. You can assign a static MAC address in the host machine. This static MAC address will survive a VF driver reload. Driver Buffer Overflow Fix -------------------------- The fix to resolve CVE-2016-8105, referenced in Intel SA-00069 <https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00069&language id=en-fr>, is included in this and future versions of the driver. Compiling the Driver -------------------- When trying to compile the driver by running make install, the following error may occur: "Linux kernel source not configured - missing version.h" To solve this issue, create the version.h file by going to the Linux source tree and entering: # make include/linux/version.h Multiple Interfaces on Same Ethernet Broadcast Network ------------------------------------------------------ Due to the default ARP behavior on Linux, it is not possible to have one system on two IP networks in the same Ethernet broadcast domain (non-partitioned switch) behave as expected. All Ethernet interfaces will respond to IP traffic for any IP address assigned to the system. This results in unbalanced receive traffic. If you have multiple interfaces in a server, either turn on ARP filtering by entering the following: # echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter This only works if your kernel's version is higher than 2.4.5. NOTE: This setting is not saved across reboots. The configuration change can be made permanent by adding the following line to the file /etc/sysctl.conf: net.ipv4.conf.all.arp_filter = 1 Another alternative is to install the interfaces in separate broadcast domains (either in different switches or in a switch partitioned to VLANs). Rx Page Allocation Errors ------------------------- 'Page allocation failure. order:0' errors may occur under stress with kernels 2.6.25 and newer. This is caused by the way the Linux kernel reports this stressed condition. Host May Reboot after Removing PF when VF is Active in Guest ------------------------------------------------------------ Using kernel versions earlier than 3.2, do not unload the PF driver with active VFs. Doing this will cause your VFs to stop working until you reload the PF driver and may cause a spontaneous reboot of your system. Prior to unloading the PF driver, you must first ensure that all VFs are no longer active. Do this by shutting down all VMs and unloading the VF driver. Older VF drivers on Intel Ethernet Controller 800 Series based adapters ----------------------------------------------------------------------- Some Windows* VF drivers from Release 22.9 or older may encounter errors when loaded on a PF based on the Intel Ethernet Controller 800 Series on Linux KVM. You may see errors and the VF may not load. This issue does not occur starting with the following Windows VF drivers: - v40e64, v40e65: Version 1.5.65.0 and newer To resolve this issue, download and install the latest iavf driver. SR-IOV virtual functions have identical MAC addresses ----------------------------------------------------- When you create multiple SR-IOV virtual functions, the VFs may have identical MAC addresses. Only one VF will pass traffic, and all traffic on other VFs with identical MAC addresses will fail. This is related to the "MACAddressPolicy=persistent" setting in /usr/lib/systemd/network/99-default.link. To resolve this issue, edit the /usr/lib/systemd/network/99-default.link file and change the MACAddressPolicy line to "MACAddressPolicy=none". For more information, see the systemd.link man page. Support ======= For general information, go to the Intel support website at: http://www.intel.com/support/ or the Intel Wired Networking project hosted by Sourceforge at: http://sourceforge.net/projects/e1000 If an issue is identified with the released source code on a supported kernel with a supported adapter, email the specific information related to the issue to e1000-devel@lists.sf.net. License ======= This program is free software; you can redistribute it and/or modify it under the terms and conditions of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. The full GNU General Public License is included in this distribution in the file called "COPYING". Copyright(c) 2018 - 2020 Intel Corporation. Trademarks ========== Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and/or other countries. * Other names and brands may be claimed as the property of others.