Linux* Driver for Intel(R) Ethernet Virtual Function 700 Series ====================================================== December 1, 2017 ====================================================== Contents ======== - Overview - Building and Installation - Command Line Parameters - Additional Configurations - Known Issues - Support - License ================================================================================ Overview -------- This driver supports 700 Series-based virtual function devices with CONFIG_PCI_IOV enabled. SR-IOV requires the correct platform and OS support. The guest OS loading this driver must support MSI-X interrupts. For questions related to hardware requirements, refer to the documentation supplied with your Intel adapter. All hardware requirements listed apply to use with Linux. Driver information can be obtained using ethtool, lspci, and ifconfig. Instructions on updating ethtool can be found in the section Additional Configurations later in this document. The i40evf driver supports virtual functions generated by the i40e driver, with one or more VFs enabled through sysfs. Identifying Your Adapter ------------------------ The driver in this release is compatible with devices based on the following: * Intel(R) Ethernet Controller X710 * Intel(R) Ethernet Controller XL710 * Intel(R) Ethernet Network Connection X722 * Intel(R) Ethernet Controller XXV710 For the best performance, make sure the latest NVM/FW is installed on your device and that you are using the newest drivers. For information on how to identify your adapter, and for the latest NVM/FW images and Intel network drivers, refer to the Intel Support website: http://www.intel.com/support Building and Installation ------------------------- To build a binary RPM* package of this driver, run 'rpmbuild -tb i40evf-.tar.gz', where is the version number for the driver tar file. Note: For the build to work properly, the currently running kernel MUST match the version and configuration of the installed kernel sources. If you have just recompiled the kernel reboot the system before building. Note: RPM functionality has only been tested in Red Hat distributions. _lbank_line_ 1. Move the virtual function driver tar file to the directory of your choice. For example, use '/home/username/i40evf' or '/usr/local/src/i40evf'. 2. Untar/unzip the archive, where is the version number for the driver tar file: tar zxf i40evf-.tar.gz 3. Change to the driver src directory, where is the version number for the driver tar: cd i40evf-/src/ 4. Compile the driver module: # make install The binary will be installed as: /lib/modules//updates/drivers/net/ethernet/intel/i40evf/i40evf.ko The install location listed above is the default location. This may differ for various Linux distributions. NOTE: To gather and display additional statistics, use the I40E_ADD_PROBES pre-processor macro: #make CFLAGS_EXTRA=-DI40E_ADD_PROBES Please note that this additional statistics gathering can impact performance. 5. Load the module using the modprobe command: modprobe Make sure that any older i40evf drivers are removed from the kernel before loading the new module: rmmod i40evf; modprobe i40evf 6. Assign an IP address to the interface by entering the following, where ethX is the interface name that was shown in dmesg after modprobe: ip address add / dev ethX 7. Verify that the interface works. Enter the following, where IP_address is the IP address for another machine on the same subnet as the interface that is being tested: ping Note: For certain distributions like (but not limited to) RedHat Enterprise Linux 7 and Ubuntu, once the driver is installed the initrd/initramfs file may need to be updated to prevent the OS loading old versions of the i40evf driver. The dracut utility may be used on RedHat distributions: # dracut --force For Ubuntu: # update-initramfs -u Command Line Parameters ----------------------- The i40evf driver does not support any command line parameters. Additional Features and Configurations ------------------------------------------- Viewing Link Messages --------------------- Link messages will not be displayed to the console if the distribution is restricting system messages. In order to see network driver link messages on your console, set dmesg to eight by entering the following: dmesg -n 8 NOTE: This setting is not saved across reboots. ethtool ------- The driver utilizes the ethtool interface for driver configuration and diagnostics, as well as displaying statistical information. The latest ethtool version is required for this functionality. Download it at: http://ftp.kernel.org/pub/software/network/ethtool/ Setting VLAN Tag Stripping -------------------------- If you have applications that require Virtual Functions (VFs) to receive packets with VLAN tags, you can disable VLAN tag stripping for the VF. The Physical Function (PF) processes requests issued from the VF to enable or disable VLAN tag stripping. Note that if the PF has assigned a VLAN to a VF, then requests from that VF to set VLAN tag stripping will be ignored. To enable/disable VLAN tag stripping for a VF, issue the following command from inside the VM in which you are running the VF: ethtool -K rxvlan on/off or alternatively: ethtool --offload rxvlan on/off Adaptive Virtual Function ------------------------- Adaptive Virtual Function (AVF) allows the virtual function driver, or VF, to adapt to changing feature sets of the physical function driver (PF) with which it is associated. This allows system administrators to update a PF without having to update all the VFs associated with it. All AVFs have a single common device ID and branding string. AVFs have a minimum set of features known as "base mode," but may provide additional features depending on what features are available in the PF with which the AVF is associated. The following are base mode features: - 4 Queue Pairs (QP) and associated Configuration Status Registers (CSRs) for Tx/Rx. - i40e descriptors and ring format. - Descriptor write-back completion. - 1 control queue, with i40e descriptors, CSRs and ring format. - 5 MSI-X interrupt vectors and corresponding i40e CSRs. - 1 Interrupt Throttle Rate (ITR) index. - 1 Virtual Station Interface (VSI) per VF. - 1 Traffic Class (TC), TC0 - Receive Side Scaling (RSS) with 64 entry indirection table and key, configured through the PF. - 1 unicast MAC address reserved per VF. - 16 MAC address filters for each VF. - Stateless offloads - non-tunneled checksums. - AVF device ID. - HW mailbox is used for VF to PF communications (including on Windows). IEEE 802.1ad (QinQ) Support --------------------------- The IEEE 802.1ad standard, informally known as QinQ, allows for multiple VLAN IDs within a single Ethernet frame. VLAN IDs are sometimes referred to as "tags," and multiple VLAN IDs are thus referred to as a "tag stack." Tag stacks allow L2 tunneling and the ability to segregate traffic within a particular VLAN ID, among other uses. The following are examples of how to configure 802.1ad (QinQ): ip link add link eth0 eth0.24 type vlan proto 802.1ad id 24 ip link add link eth0.24 eth0.24.371 type vlan proto 802.1Q id 371 Where "24" and "371" are example VLAN IDs. NOTES: - 802.1ad (QinQ)is supported in 3.19 and later kernels. - Receive checksum offloads, cloud filters, and VLAN acceleration are not supported for 802.1ad (QinQ) packets. ================================================================================ Known Issues/Troubleshooting ---------------------------- Traffic Is Not Being Passed Between VM and Client ------------------------------------------------- You may not be able to pass traffic between a client system and a Virtual Machine (VM) running on a separate host if the Virtual Function (VF, or Virtual NIC) is not in trusted mode and spoof checking is enabled on the VF. Note that this situation can occur in any combination of client, host, and guest operating system. For information on how to set the VF to trusted mode, refer to the section "VLAN Tag Packet Steering" in this readme document. For information on setting spoof checking, refer to the section "MAC and VLAN anti-spoofing feature" in this readme document. Multiple log error messages on i40evf driver removal ---------------------------------------------------- If you have several VFs and you remove the i40evf driver, several instances of the following log errors are written to the log: Unable to send opcode 2 to PF, err I40E_ERR_QUEUE_EMPTY, aq_err ok Unable to send the message to VF 2 aq_err 12 ARQ Overflow Error detected Virtual machine does not get link --------------------------------- If the virtual machine has more than one virtual port assigned to it, and those virtual ports are bound to different physical ports, you may not get link on all of the virtual ports. The following command may work around the issue: ethtool -r Where is the PF interface in the host, for example: p5p1. You may need to run the command more than once to get link on all virtual ports. MAC address of Virtual Function changes unexpectedly ---------------------------------------------------- If a Virtual Function's MAC address is not assigned in the host, then the VF (virtual function) driver will use a random MAC address. This random MAC address may change each time the VF driver is reloaded. You can assign a static MAC address in the host machine. This static MAC address will survive a VF driver reload. Hardware Issues --------------- For known hardware and troubleshooting issues, either refer to the "Release Notes" in your User Guide, or for more detailed information, go to http://www.intel.com. In the search box enter your devices controller ID followed by "spec update" (i.e., XL710 spec update). The specification update file has complete information on known hardware issues. Software Issues --------------- NOTE: After installing the driver, if your Intel Ethernet Network Connection is not working, verify that you have installed the correct driver. Driver Buffer Overflow Fix -------------------------- The fix to resolve CVE-2016-8105, referenced in Intel SA-00069 , is included in this and future versions of the driver. Compiling the Driver -------------------- When trying to compile the driver by running make install, the following error may occur: "Linux kernel source not configured - missing version.h" To solve this issue, create the version.h file by going to the Linux source tree and entering: # make include/linux/version.h Multiple Interfaces on Same Ethernet Broadcast Network ------------------------------------------------------ Due to the default ARP behavior on Linux, it is not possible to have one system on two IP networks in the same Ethernet broadcast domain (non-partitioned switch) behave as expected. All Ethernet interfaces will respond to IP traffic for any IP address assigned to the system. This results in unbalanced receive traffic. If you have multiple interfaces in a server, either turn on ARP filtering by entering: echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter This only works if your kernel's version is higher than 2.4.5. NOTE: This setting is not saved across reboots. The configuration change can be made permanent by adding the following line to the file /etc/sysctl.conf: net.ipv4.conf.all.arp_filter = 1 Another alternative is to install the interfaces in separate broadcast domains (either in different switches or in a switch partitioned to VLANs). Rx Page Allocation Errors ------------------------- 'Page allocation failure. order:0' errors may occur under stress. with kernels 2.6.25 and newer. This is caused by the way the Linux kernel reports this stressed condition. Host May Reboot after Removing PF when VF is Active in Guest ------------------------------------------------------------ Using kernel versions earlier than 3.2, do not unload the PF driver with active VFs. Doing this will cause your VFs to stop working until you reload the PF driver and may cause a spontaneous reboot of your system. Prior to unloading the PF driver, you must first ensure that all VFs are no longer active. Do this by shutting down all VMs and unloading the VF driver. ================================================================================ Support ------- For general information, go to the Intel support website at: www.intel.com/support/ or the Intel Wired Networking project hosted by Sourceforge at: http://sourceforge.net/projects/e1000 If an issue is identified with the released source code on a supported kernel with a supported adapter, email the specific information related to the issue to e1000-devel@lists.sf.net. ================================================================================ License ------- This program is free software; you can redistribute it and/or modify it under the terms and conditions of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. The full GNU General Public License is included in this distribution in the file called "COPYING". Copyright(c) 2014-2017 Intel Corporation. ================================================================================ Trademarks ---------- Intel and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and/or other countries. * Other names and brands may be claimed as the property of others.