1.. SPDX-License-Identifier: GPL-2.0+ 2 3================================================================= 4Linux Base Driver for Intel(R) Ethernet Adaptive Virtual Function 5================================================================= 6 7Intel Ethernet Adaptive Virtual Function Linux driver. 8Copyright(c) 2013-2018 Intel Corporation. 9 10Contents 11======== 12 13- Overview 14- Identifying Your Adapter 15- Additional Configurations 16- Known Issues/Troubleshooting 17- Support 18 19Overview 20======== 21 22This file describes the iavf Linux Base Driver. This driver was formerly 23called i40evf. 24 25The iavf driver supports the below mentioned virtual function devices and 26can only be activated on kernels running the i40e or newer Physical Function 27(PF) driver compiled with CONFIG_PCI_IOV. The iavf driver requires 28CONFIG_PCI_MSI to be enabled. 29 30The guest OS loading the iavf driver must support MSI-X interrupts. 31 32Identifying Your Adapter 33======================== 34 35The driver in this kernel is compatible with devices based on the following: 36 * Intel(R) XL710 X710 Virtual Function 37 * Intel(R) X722 Virtual Function 38 * Intel(R) XXV710 Virtual Function 39 * Intel(R) Ethernet Adaptive Virtual Function 40 41For the best performance, make sure the latest NVM/FW is installed on your 42device. 43 44For information on how to identify your adapter, and for the latest NVM/FW 45images and Intel network drivers, refer to the Intel Support website: 46http://www.intel.com/support 47 48 49Additional Features and Configurations 50====================================== 51 52Viewing Link Messages 53--------------------- 54Link messages will not be displayed to the console if the distribution is 55restricting system messages. In order to see network driver link messages on 56your console, set dmesg to eight by entering the following:: 57 58 # dmesg -n 8 59 60NOTE: 61 This setting is not saved across reboots. 62 63ethtool 64------- 65The driver utilizes the ethtool interface for driver configuration and 66diagnostics, as well as displaying statistical information. The latest ethtool 67version is required for this functionality. Download it at: 68https://www.kernel.org/pub/software/network/ethtool/ 69 70Setting VLAN Tag Stripping 71-------------------------- 72If you have applications that require Virtual Functions (VFs) to receive 73packets with VLAN tags, you can disable VLAN tag stripping for the VF. The 74Physical Function (PF) processes requests issued from the VF to enable or 75disable VLAN tag stripping. Note that if the PF has assigned a VLAN to a VF, 76then requests from that VF to set VLAN tag stripping will be ignored. 77 78To enable/disable VLAN tag stripping for a VF, issue the following command 79from inside the VM in which you are running the VF:: 80 81 # ethtool -K <if_name> rxvlan on/off 82 83or alternatively:: 84 85 # ethtool --offload <if_name> rxvlan on/off 86 87Adaptive Virtual Function 88------------------------- 89Adaptive Virtual Function (AVF) allows the virtual function driver, or VF, to 90adapt to changing feature sets of the physical function driver (PF) with which 91it is associated. This allows system administrators to update a PF without 92having to update all the VFs associated with it. All AVFs have a single common 93device ID and branding string. 94 95AVFs have a minimum set of features known as "base mode," but may provide 96additional features depending on what features are available in the PF with 97which the AVF is associated. The following are base mode features: 98 99- 4 Queue Pairs (QP) and associated Configuration Status Registers (CSRs) 100 for Tx/Rx 101- i40e descriptors and ring format 102- Descriptor write-back completion 103- 1 control queue, with i40e descriptors, CSRs and ring format 104- 5 MSI-X interrupt vectors and corresponding i40e CSRs 105- 1 Interrupt Throttle Rate (ITR) index 106- 1 Virtual Station Interface (VSI) per VF 107- 1 Traffic Class (TC), TC0 108- Receive Side Scaling (RSS) with 64 entry indirection table and key, 109 configured through the PF 110- 1 unicast MAC address reserved per VF 111- 16 MAC address filters for each VF 112- Stateless offloads - non-tunneled checksums 113- AVF device ID 114- HW mailbox is used for VF to PF communications (including on Windows) 115 116IEEE 802.1ad (QinQ) Support 117--------------------------- 118The IEEE 802.1ad standard, informally known as QinQ, allows for multiple VLAN 119IDs within a single Ethernet frame. VLAN IDs are sometimes referred to as 120"tags," and multiple VLAN IDs are thus referred to as a "tag stack." Tag stacks 121allow L2 tunneling and the ability to segregate traffic within a particular 122VLAN ID, among other uses. 123 124The following are examples of how to configure 802.1ad (QinQ):: 125 126 # ip link add link eth0 eth0.24 type vlan proto 802.1ad id 24 127 # ip link add link eth0.24 eth0.24.371 type vlan proto 802.1Q id 371 128 129Where "24" and "371" are example VLAN IDs. 130 131NOTES: 132 Receive checksum offloads, cloud filters, and VLAN acceleration are not 133 supported for 802.1ad (QinQ) packets. 134 135Application Device Queues (ADq) 136------------------------------- 137Application Device Queues (ADq) allows you to dedicate one or more queues to a 138specific application. This can reduce latency for the specified application, 139and allow Tx traffic to be rate limited per application. Follow the steps below 140to set ADq. 141 142Requirements: 143 144- The sch_mqprio, act_mirred and cls_flower modules must be loaded 145- The latest version of iproute2 146- If another driver (for example, DPDK) has set cloud filters, you cannot 147 enable ADQ 148- Depending on the underlying PF device, ADQ cannot be enabled when the 149 following features are enabled: 150 151 + Data Center Bridging (DCB) 152 + Multiple Functions per Port (MFP) 153 + Sideband Filters 154 1551. Create traffic classes (TCs). Maximum of 8 TCs can be created per interface. 156The shaper bw_rlimit parameter is optional. 157 158Example: Sets up two tcs, tc0 and tc1, with 16 queues each and max tx rate set 159to 1Gbit for tc0 and 3Gbit for tc1. 160 161:: 162 163 tc qdisc add dev <interface> root mqprio num_tc 2 map 0 0 0 0 1 1 1 1 164 queues 16@0 16@16 hw 1 mode channel shaper bw_rlimit min_rate 1Gbit 2Gbit 165 max_rate 1Gbit 3Gbit 166 167map: priority mapping for up to 16 priorities to tcs (e.g. map 0 0 0 0 1 1 1 1 168sets priorities 0-3 to use tc0 and 4-7 to use tc1) 169 170queues: for each tc, <num queues>@<offset> (e.g. queues 16@0 16@16 assigns 17116 queues to tc0 at offset 0 and 16 queues to tc1 at offset 16. Max total 172number of queues for all tcs is 64 or number of cores, whichever is lower.) 173 174hw 1 mode channel: ‘channel’ with ‘hw’ set to 1 is a new new hardware 175offload mode in mqprio that makes full use of the mqprio options, the 176TCs, the queue configurations, and the QoS parameters. 177 178shaper bw_rlimit: for each tc, sets minimum and maximum bandwidth rates. 179Totals must be equal or less than port speed. 180 181For example: min_rate 1Gbit 3Gbit: Verify bandwidth limit using network 182monitoring tools such as ifstat or sar –n DEV [interval] [number of samples] 183 184NOTE: 185 Setting up channels via ethtool (ethtool -L) is not supported when the 186 TCs are configured using mqprio. 187 1882. Enable HW TC offload on interface:: 189 190 # ethtool -K <interface> hw-tc-offload on 191 1923. Apply TCs to ingress (RX) flow of interface:: 193 194 # tc qdisc add dev <interface> ingress 195 196NOTES: 197 - Run all tc commands from the iproute2 <pathtoiproute2>/tc/ directory 198 - ADq is not compatible with cloud filters 199 - Setting up channels via ethtool (ethtool -L) is not supported when the TCs 200 are configured using mqprio 201 - You must have iproute2 latest version 202 - NVM version 6.01 or later is required 203 - ADq cannot be enabled when any the following features are enabled: Data 204 Center Bridging (DCB), Multiple Functions per Port (MFP), or Sideband Filters 205 - If another driver (for example, DPDK) has set cloud filters, you cannot 206 enable ADq 207 - Tunnel filters are not supported in ADq. If encapsulated packets do arrive 208 in non-tunnel mode, filtering will be done on the inner headers. For example, 209 for VXLAN traffic in non-tunnel mode, PCTYPE is identified as a VXLAN 210 encapsulated packet, outer headers are ignored. Therefore, inner headers are 211 matched. 212 - If a TC filter on a PF matches traffic over a VF (on the PF), that traffic 213 will be routed to the appropriate queue of the PF, and will not be passed on 214 the VF. Such traffic will end up getting dropped higher up in the TCP/IP 215 stack as it does not match PF address data. 216 - If traffic matches multiple TC filters that point to different TCs, that 217 traffic will be duplicated and sent to all matching TC queues. The hardware 218 switch mirrors the packet to a VSI list when multiple filters are matched. 219 220 221Known Issues/Troubleshooting 222============================ 223 224Bonding fails with VFs bound to an Intel(R) Ethernet Controller 700 series device 225--------------------------------------------------------------------------------- 226If you bind Virtual Functions (VFs) to an Intel(R) Ethernet Controller 700 227series based device, the VF slaves may fail when they become the active slave. 228If the MAC address of the VF is set by the PF (Physical Function) of the 229device, when you add a slave, or change the active-backup slave, Linux bonding 230tries to sync the backup slave's MAC address to the same MAC address as the 231active slave. Linux bonding will fail at this point. This issue will not occur 232if the VF's MAC address is not set by the PF. 233 234Traffic Is Not Being Passed Between VM and Client 235------------------------------------------------- 236You may not be able to pass traffic between a client system and a 237Virtual Machine (VM) running on a separate host if the Virtual Function 238(VF, or Virtual NIC) is not in trusted mode and spoof checking is enabled 239on the VF. Note that this situation can occur in any combination of client, 240host, and guest operating system. For information on how to set the VF to 241trusted mode, refer to the section "VLAN Tag Packet Steering" in this 242readme document. For information on setting spoof checking, refer to the 243section "MAC and VLAN anti-spoofing feature" in this readme document. 244 245Do not unload port driver if VF with active VM is bound to it 246------------------------------------------------------------- 247Do not unload a port's driver if a Virtual Function (VF) with an active Virtual 248Machine (VM) is bound to it. Doing so will cause the port to appear to hang. 249Once the VM shuts down, or otherwise releases the VF, the command will complete. 250 251Using four traffic classes fails 252-------------------------------- 253Do not try to reserve more than three traffic classes in the iavf driver. Doing 254so will fail to set any traffic classes and will cause the driver to write 255errors to stdout. Use a maximum of three queues to avoid this issue. 256 257Multiple log error messages on iavf driver removal 258-------------------------------------------------- 259If you have several VFs and you remove the iavf driver, several instances of 260the following log errors are written to the log:: 261 262 Unable to send opcode 2 to PF, err I40E_ERR_QUEUE_EMPTY, aq_err ok 263 Unable to send the message to VF 2 aq_err 12 264 ARQ Overflow Error detected 265 266Virtual machine does not get link 267--------------------------------- 268If the virtual machine has more than one virtual port assigned to it, and those 269virtual ports are bound to different physical ports, you may not get link on 270all of the virtual ports. The following command may work around the issue:: 271 272 # ethtool -r <PF> 273 274Where <PF> is the PF interface in the host, for example: p5p1. You may need to 275run the command more than once to get link on all virtual ports. 276 277MAC address of Virtual Function changes unexpectedly 278---------------------------------------------------- 279If a Virtual Function's MAC address is not assigned in the host, then the VF 280(virtual function) driver will use a random MAC address. This random MAC 281address may change each time the VF driver is reloaded. You can assign a static 282MAC address in the host machine. This static MAC address will survive 283a VF driver reload. 284 285Driver Buffer Overflow Fix 286-------------------------- 287The fix to resolve CVE-2016-8105, referenced in Intel SA-00069 288https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00069.html 289is included in this and future versions of the driver. 290 291Multiple Interfaces on Same Ethernet Broadcast Network 292------------------------------------------------------ 293Due to the default ARP behavior on Linux, it is not possible to have one system 294on two IP networks in the same Ethernet broadcast domain (non-partitioned 295switch) behave as expected. All Ethernet interfaces will respond to IP traffic 296for any IP address assigned to the system. This results in unbalanced receive 297traffic. 298 299If you have multiple interfaces in a server, either turn on ARP filtering by 300entering:: 301 302 # echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter 303 304NOTE: 305 This setting is not saved across reboots. The configuration change can be 306 made permanent by adding the following line to the file /etc/sysctl.conf:: 307 308 net.ipv4.conf.all.arp_filter = 1 309 310Another alternative is to install the interfaces in separate broadcast domains 311(either in different switches or in a switch partitioned to VLANs). 312 313Rx Page Allocation Errors 314------------------------- 315'Page allocation failure. order:0' errors may occur under stress. 316This is caused by the way the Linux kernel reports this stressed condition. 317 318 319Support 320======= 321For general information, go to the Intel support website at: 322 323https://support.intel.com 324 325or the Intel Wired Networking project hosted by Sourceforge at: 326 327https://sourceforge.net/projects/e1000 328 329If an issue is identified with the released source code on the supported kernel 330with a supported adapter, email the specific information related to the issue 331to e1000-devel@lists.sf.net 332