xref: /linux/Documentation/networking/device_drivers/ethernet/intel/iavf.rst (revision b8265621f4888af9494e1d685620871ec81bc33d)
1.. SPDX-License-Identifier: GPL-2.0+
2
3=================================================================
4Linux Base Driver for Intel(R) Ethernet Adaptive Virtual Function
5=================================================================
6
7Intel Ethernet Adaptive Virtual Function Linux driver.
8Copyright(c) 2013-2018 Intel Corporation.
9
10Contents
11========
12
13- Overview
14- Identifying Your Adapter
15- Additional Configurations
16- Known Issues/Troubleshooting
17- Support
18
19Overview
20========
21
22This file describes the iavf Linux Base Driver. This driver was formerly
23called i40evf.
24
25The iavf driver supports the below mentioned virtual function devices and
26can only be activated on kernels running the i40e or newer Physical Function
27(PF) driver compiled with CONFIG_PCI_IOV.  The iavf driver requires
28CONFIG_PCI_MSI to be enabled.
29
30The guest OS loading the iavf driver must support MSI-X interrupts.
31
32Identifying Your Adapter
33========================
34
35The driver in this kernel is compatible with devices based on the following:
36 * Intel(R) XL710 X710 Virtual Function
37 * Intel(R) X722 Virtual Function
38 * Intel(R) XXV710 Virtual Function
39 * Intel(R) Ethernet Adaptive Virtual Function
40
41For the best performance, make sure the latest NVM/FW is installed on your
42device.
43
44For information on how to identify your adapter, and for the latest NVM/FW
45images and Intel network drivers, refer to the Intel Support website:
46http://www.intel.com/support
47
48
49Additional Features and Configurations
50======================================
51
52Viewing Link Messages
53---------------------
54Link messages will not be displayed to the console if the distribution is
55restricting system messages. In order to see network driver link messages on
56your console, set dmesg to eight by entering the following::
57
58    # dmesg -n 8
59
60NOTE:
61  This setting is not saved across reboots.
62
63ethtool
64-------
65The driver utilizes the ethtool interface for driver configuration and
66diagnostics, as well as displaying statistical information. The latest ethtool
67version is required for this functionality. Download it at:
68https://www.kernel.org/pub/software/network/ethtool/
69
70Setting VLAN Tag Stripping
71--------------------------
72If you have applications that require Virtual Functions (VFs) to receive
73packets with VLAN tags, you can disable VLAN tag stripping for the VF. The
74Physical Function (PF) processes requests issued from the VF to enable or
75disable VLAN tag stripping. Note that if the PF has assigned a VLAN to a VF,
76then requests from that VF to set VLAN tag stripping will be ignored.
77
78To enable/disable VLAN tag stripping for a VF, issue the following command
79from inside the VM in which you are running the VF::
80
81    # ethtool -K <if_name> rxvlan on/off
82
83or alternatively::
84
85    # ethtool --offload <if_name> rxvlan on/off
86
87Adaptive Virtual Function
88-------------------------
89Adaptive Virtual Function (AVF) allows the virtual function driver, or VF, to
90adapt to changing feature sets of the physical function driver (PF) with which
91it is associated. This allows system administrators to update a PF without
92having to update all the VFs associated with it. All AVFs have a single common
93device ID and branding string.
94
95AVFs have a minimum set of features known as "base mode," but may provide
96additional features depending on what features are available in the PF with
97which the AVF is associated. The following are base mode features:
98
99- 4 Queue Pairs (QP) and associated Configuration Status Registers (CSRs)
100  for Tx/Rx
101- i40e descriptors and ring format
102- Descriptor write-back completion
103- 1 control queue, with i40e descriptors, CSRs and ring format
104- 5 MSI-X interrupt vectors and corresponding i40e CSRs
105- 1 Interrupt Throttle Rate (ITR) index
106- 1 Virtual Station Interface (VSI) per VF
107- 1 Traffic Class (TC), TC0
108- Receive Side Scaling (RSS) with 64 entry indirection table and key,
109  configured through the PF
110- 1 unicast MAC address reserved per VF
111- 16 MAC address filters for each VF
112- Stateless offloads - non-tunneled checksums
113- AVF device ID
114- HW mailbox is used for VF to PF communications (including on Windows)
115
116IEEE 802.1ad (QinQ) Support
117---------------------------
118The IEEE 802.1ad standard, informally known as QinQ, allows for multiple VLAN
119IDs within a single Ethernet frame. VLAN IDs are sometimes referred to as
120"tags," and multiple VLAN IDs are thus referred to as a "tag stack." Tag stacks
121allow L2 tunneling and the ability to segregate traffic within a particular
122VLAN ID, among other uses.
123
124The following are examples of how to configure 802.1ad (QinQ)::
125
126    # ip link add link eth0 eth0.24 type vlan proto 802.1ad id 24
127    # ip link add link eth0.24 eth0.24.371 type vlan proto 802.1Q id 371
128
129Where "24" and "371" are example VLAN IDs.
130
131NOTES:
132  Receive checksum offloads, cloud filters, and VLAN acceleration are not
133  supported for 802.1ad (QinQ) packets.
134
135Application Device Queues (ADq)
136-------------------------------
137Application Device Queues (ADq) allows you to dedicate one or more queues to a
138specific application. This can reduce latency for the specified application,
139and allow Tx traffic to be rate limited per application. Follow the steps below
140to set ADq.
141
142Requirements:
143
144- The sch_mqprio, act_mirred and cls_flower modules must be loaded
145- The latest version of iproute2
146- If another driver (for example, DPDK) has set cloud filters, you cannot
147  enable ADQ
148- Depending on the underlying PF device, ADQ cannot be enabled when the
149  following features are enabled:
150
151  + Data Center Bridging (DCB)
152  + Multiple Functions per Port (MFP)
153  + Sideband Filters
154
1551. Create traffic classes (TCs). Maximum of 8 TCs can be created per interface.
156The shaper bw_rlimit parameter is optional.
157
158Example: Sets up two tcs, tc0 and tc1, with 16 queues each and max tx rate set
159to 1Gbit for tc0 and 3Gbit for tc1.
160
161::
162
163    tc qdisc add dev <interface> root mqprio num_tc 2 map 0 0 0 0 1 1 1 1
164    queues 16@0 16@16 hw 1 mode channel shaper bw_rlimit min_rate 1Gbit 2Gbit
165    max_rate 1Gbit 3Gbit
166
167map: priority mapping for up to 16 priorities to tcs (e.g. map 0 0 0 0 1 1 1 1
168sets priorities 0-3 to use tc0 and 4-7 to use tc1)
169
170queues: for each tc, <num queues>@<offset> (e.g. queues 16@0 16@16 assigns
17116 queues to tc0 at offset 0 and 16 queues to tc1 at offset 16. Max total
172number of queues for all tcs is 64 or number of cores, whichever is lower.)
173
174hw 1 mode channel: ‘channel’ with ‘hw’ set to 1 is a new new hardware
175offload mode in mqprio that makes full use of the mqprio options, the
176TCs, the queue configurations, and the QoS parameters.
177
178shaper bw_rlimit: for each tc, sets minimum and maximum bandwidth rates.
179Totals must be equal or less than port speed.
180
181For example: min_rate 1Gbit 3Gbit: Verify bandwidth limit using network
182monitoring tools such as ifstat or sar –n DEV [interval] [number of samples]
183
184NOTE:
185  Setting up channels via ethtool (ethtool -L) is not supported when the
186  TCs are configured using mqprio.
187
1882. Enable HW TC offload on interface::
189
190    # ethtool -K <interface> hw-tc-offload on
191
1923. Apply TCs to ingress (RX) flow of interface::
193
194    # tc qdisc add dev <interface> ingress
195
196NOTES:
197 - Run all tc commands from the iproute2 <pathtoiproute2>/tc/ directory
198 - ADq is not compatible with cloud filters
199 - Setting up channels via ethtool (ethtool -L) is not supported when the TCs
200   are configured using mqprio
201 - You must have iproute2 latest version
202 - NVM version 6.01 or later is required
203 - ADq cannot be enabled when any the following features are enabled: Data
204   Center Bridging (DCB), Multiple Functions per Port (MFP), or Sideband Filters
205 - If another driver (for example, DPDK) has set cloud filters, you cannot
206   enable ADq
207 - Tunnel filters are not supported in ADq. If encapsulated packets do arrive
208   in non-tunnel mode, filtering will be done on the inner headers.  For example,
209   for VXLAN traffic in non-tunnel mode, PCTYPE is identified as a VXLAN
210   encapsulated packet, outer headers are ignored. Therefore, inner headers are
211   matched.
212 - If a TC filter on a PF matches traffic over a VF (on the PF), that traffic
213   will be routed to the appropriate queue of the PF, and will not be passed on
214   the VF. Such traffic will end up getting dropped higher up in the TCP/IP
215   stack as it does not match PF address data.
216 - If traffic matches multiple TC filters that point to different TCs, that
217   traffic will be duplicated and sent to all matching TC queues.  The hardware
218   switch mirrors the packet to a VSI list when multiple filters are matched.
219
220
221Known Issues/Troubleshooting
222============================
223
224Bonding fails with VFs bound to an Intel(R) Ethernet Controller 700 series device
225---------------------------------------------------------------------------------
226If you bind Virtual Functions (VFs) to an Intel(R) Ethernet Controller 700
227series based device, the VF slaves may fail when they become the active slave.
228If the MAC address of the VF is set by the PF (Physical Function) of the
229device, when you add a slave, or change the active-backup slave, Linux bonding
230tries to sync the backup slave's MAC address to the same MAC address as the
231active slave. Linux bonding will fail at this point. This issue will not occur
232if the VF's MAC address is not set by the PF.
233
234Traffic Is Not Being Passed Between VM and Client
235-------------------------------------------------
236You may not be able to pass traffic between a client system and a
237Virtual Machine (VM) running on a separate host if the Virtual Function
238(VF, or Virtual NIC) is not in trusted mode and spoof checking is enabled
239on the VF. Note that this situation can occur in any combination of client,
240host, and guest operating system. For information on how to set the VF to
241trusted mode, refer to the section "VLAN Tag Packet Steering" in this
242readme document. For information on setting spoof checking, refer to the
243section "MAC and VLAN anti-spoofing feature" in this readme document.
244
245Do not unload port driver if VF with active VM is bound to it
246-------------------------------------------------------------
247Do not unload a port's driver if a Virtual Function (VF) with an active Virtual
248Machine (VM) is bound to it. Doing so will cause the port to appear to hang.
249Once the VM shuts down, or otherwise releases the VF, the command will complete.
250
251Using four traffic classes fails
252--------------------------------
253Do not try to reserve more than three traffic classes in the iavf driver. Doing
254so will fail to set any traffic classes and will cause the driver to write
255errors to stdout. Use a maximum of three queues to avoid this issue.
256
257Multiple log error messages on iavf driver removal
258--------------------------------------------------
259If you have several VFs and you remove the iavf driver, several instances of
260the following log errors are written to the log::
261
262    Unable to send opcode 2 to PF, err I40E_ERR_QUEUE_EMPTY, aq_err ok
263    Unable to send the message to VF 2 aq_err 12
264    ARQ Overflow Error detected
265
266Virtual machine does not get link
267---------------------------------
268If the virtual machine has more than one virtual port assigned to it, and those
269virtual ports are bound to different physical ports, you may not get link on
270all of the virtual ports. The following command may work around the issue::
271
272    # ethtool -r <PF>
273
274Where <PF> is the PF interface in the host, for example: p5p1. You may need to
275run the command more than once to get link on all virtual ports.
276
277MAC address of Virtual Function changes unexpectedly
278----------------------------------------------------
279If a Virtual Function's MAC address is not assigned in the host, then the VF
280(virtual function) driver will use a random MAC address. This random MAC
281address may change each time the VF driver is reloaded. You can assign a static
282MAC address in the host machine. This static MAC address will survive
283a VF driver reload.
284
285Driver Buffer Overflow Fix
286--------------------------
287The fix to resolve CVE-2016-8105, referenced in Intel SA-00069
288https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00069.html
289is included in this and future versions of the driver.
290
291Multiple Interfaces on Same Ethernet Broadcast Network
292------------------------------------------------------
293Due to the default ARP behavior on Linux, it is not possible to have one system
294on two IP networks in the same Ethernet broadcast domain (non-partitioned
295switch) behave as expected. All Ethernet interfaces will respond to IP traffic
296for any IP address assigned to the system. This results in unbalanced receive
297traffic.
298
299If you have multiple interfaces in a server, either turn on ARP filtering by
300entering::
301
302    # echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
303
304NOTE:
305  This setting is not saved across reboots. The configuration change can be
306  made permanent by adding the following line to the file /etc/sysctl.conf::
307
308    net.ipv4.conf.all.arp_filter = 1
309
310Another alternative is to install the interfaces in separate broadcast domains
311(either in different switches or in a switch partitioned to VLANs).
312
313Rx Page Allocation Errors
314-------------------------
315'Page allocation failure. order:0' errors may occur under stress.
316This is caused by the way the Linux kernel reports this stressed condition.
317
318
319Support
320=======
321For general information, go to the Intel support website at:
322
323https://support.intel.com
324
325or the Intel Wired Networking project hosted by Sourceforge at:
326
327https://sourceforge.net/projects/e1000
328
329If an issue is identified with the released source code on the supported kernel
330with a supported adapter, email the specific information related to the issue
331to e1000-devel@lists.sf.net
332