[dpdk-dev] SR-IOV - Spoofed packets detected on Intel Corporation 82599EB 2-port 10G NIC Card
Edison So
edison.so2 at gmail.com
Tue May 8 15:16:53 CEST 2018
Hello,
I have a question about disabling anti-MAC spoofing feature on Intel
82599EB 2-port 10G NIC Card.
Below is the description of the issue.
*DPDK Version*
17.02
*Background*
1. I installed ESXi 6.5 on a Dell PowerEdge R630 with a 2-port 82599EB
10G NIC.
2. I installed two CentOS 7 VMWare VMs with DPDK.
*DPDK Verification*
On each VM running DPDK, I checked:
./dpdk-devbind.py --status
Network devices using DPDK-compatible driver
============================================
*0000:0b:00.0 '82599 Ethernet Controller Virtual Function' drv=igb_uio
unused=*
Network devices using kernel driver
===================================
0000:13:00.0 'VMXNET3 Ethernet Controller' if=eno33559296 drv=vmxnet3
unused=igb_uio *Active*
Other network devices
=====================
<none>
Crypto devices using DPDK-compatible driver
===========================================
<none>
Crypto devices using kernel driver
==================================
<none>
Other crypto devices
====================
<none>
On the VM, I used testpmd to disable MAC anti-spoofing and got an error:
testpmd> set vf mac antispoof 0 0 off
function not implemented
testpmd>
*SR-IOV Configuration on ESXi for each VM*
1. I am using SR-IOV on the NIC ports. On each of the VM, I created a
new network adapter on the first VM as follows with *one* Virtual Function.
A. Network Adapter 1: *10G port group 1*
§ Adapter Type: *SR-IOV passthrough*
§ Physical function: *82599EB 10-Gigabit SFI/SFP+ Network Connection -
0000:82:00.0*
§ MAC Address: *Automatic*
§ Guest OS MTU Change: *Disallow*
2. On top of the creation of the new adapter, I also reserved some
memory as required by SR-IOV.
3. I did the same on the second VM.
B. Network Adapter 1: *10G port group 2*
§ Adapter Type: *SR-IOV passthrough*
§ Physical function: *82599EB 10-Gigabit SFI/SFP+ Network Connection -
0000:82:00.1*
§ MAC Address: *Automatic*
§ Guest OS MTU Change: *Disallow*
4. Of course, each 10G port group is linked to a standard virtual group
which in turn is linked to a 82599EB 10G port (Uplink Port)
*Traffic Generation*
1. I have a PCAP file which has packets with different MAC addresses
than the DPDK interface on the first VM.
2. I generated a constant traffic from the first VM to the second VM
using the PCAP file and none was received on the second VM.
3. I sshed to the ESXI host and ran *dmesg* and got the following error
messages repeatedly:
*2018-05-04T23:39:00.679Z cpu31:66145)<4>ixgbe 0000:82:00.0: vmnic4: 512
Spoofed packets detected*
4. I googled this error and somewhat have concluded that this error may
have something to do with the *MAC Spoofing* feature on the 82599EB 10G NIC
card. How do I disable it?
5. The 82599EB 10G NIC card using *esxcli* (on ESXi host) displays the
following information:
[root at vm:/vmfs/volumes/5acbc358-de2034d6-5472-90e2bac73ffc/VM1] *esxcli
network nic get -n vmnic4*
Advertised Auto Negotiation: true
Advertised Link Modes: 1000BaseT/Full, 10000BaseT/Full
Auto Negotiation: true
Cable Type: FIBRE
Current Message Level: 7
Driver Info:
Bus Info: 0000:82:00.0
Driver: ixgbe
Firmware Version: 0x61bd0001
Version: 3.7.13.7.14iov-NAPI
Link Detected: true
Link Status: Up
Name: vmnic4
PHYAddress: 0
Pause Autonegotiate: true
Pause RX: true
Pause TX: true
Supported Ports: FIBRE
Supports Auto Negotiation: true
Supports Pause: true
Supports Wakeon: false
Transceiver: external
Virtual Address: 00:50:56:55:91:0c
Wakeon: None
*Questions*
1. Is MAC anti-spoofing supported in DPDK version 17.02? If not, which
version supports MAC anti-spoofing? If supported, how can I disable it?
2. How do I determine the port id and vf id?
Your help is greatly appreciated.
More information about the dev
mailing list