sts-sponsors team mailing list archive

Thread
Date

[Bug 1800877] [NEW] iproute2/xenial: Add support for the VF Trust setting (fix IPv6 multicast under SR-IOV on Mellanox adapters)

To: sts-sponsors@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1800877@xxxxxxxxxxxxxxxxxx>
Date: Wed, 31 Oct 2018 16:40:15 -0000
Reply-to: Bug 1800877 <1800877@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug by Mauricio Faria de Oliveira (mfo):

[Impact]

 * An VM's VF cannot receive IPv6 multicast traffic
   from other VMs' VFs in the same Mellanox adapter
   _if_ its VF trust setting is not enabled, and on
   Xenial currently iproute2 _cannot_ enable it.

 * This breaks IPv6 NDP (Neighbor Discovery Protocol)
   in that scenario.

 * This upload adds three iproute2 upstream commits
   to enable/disable the VF setting, which resolves
   that problem/limitation.

[Test Case]

 * Check 'ip link help' for the 'trust' option:

   Before:

     # ip link help 2>&1 | grep trust
     <nothing>

   After:

     # ip link help 2>&1 | grep trust
     [ trust { on | off} ] ]

 * Check 'ip link show dev PF' for 'trust on|off' field in VFs.

   Before: (trust field _is not_ present)

     # ip link show dev ens1f0
     ...
     vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
     vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto

   After: (trust field _is_ present)

     # ip link show dev ens1f0
     ...
     vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
     vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off

 * Set the VF trust on/off and check it:

     Set VF 0 trust on:

     # ip link set ens1f0 vf 0 trust on
     # ip link show dev ens1f0 | grep trust
     vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on
     vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off

     Set VF 0 trust off:

     # ip link set ens1f0 vf 0 trust off
     # ip link show dev ens1f0 | grep trust
     vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
     vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off

[Regression Potential]

 * Regression potential is low because the commits just add the
   netlink attribute for the userspace-kernel interface and the
   ways to set/clear it, and show the current value to the user.

 * Regressions could happen _if_ the user turns the setting on
   (it's disabled by default) and there's a problem/bug likely
   in _other_ component that depends on that setting (which is
   something to fix on such component).

[Other Info]
 
 * The users that reported this problem have verified
   the test package with these changes, and confirmed
   that it now works correctly for IPv6 NDP/multicast.

** Affects: iproute2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
iproute2/xenial: Add support for the VF Trust setting (fix IPv6 multicast under SR-IOV on Mellanox adapters)
https://bugs.launchpad.net/bugs/1800877
You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report.