From nobody Sat Apr 20 04:21:37 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VLyyS4HJkz5GxN7 for ; Sat, 20 Apr 2024 04:21:52 +0000 (UTC) (envelope-from pprocacci@gmail.com) Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VLyyS024rz51kw for ; Sat, 20 Apr 2024 04:21:51 +0000 (UTC) (envelope-from pprocacci@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b="C/bxgIYK"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of pprocacci@gmail.com designates 2a00:1450:4864:20::235 as permitted sender) smtp.mailfrom=pprocacci@gmail.com Received: by mail-lj1-x235.google.com with SMTP id 38308e7fff4ca-2d8a24f8a3cso32235651fa.1 for ; Fri, 19 Apr 2024 21:21:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713586908; x=1714191708; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=hjThOmZn38Lxg5pq1ucyiCyiBwospFo6FLfWhiY05Ao=; b=C/bxgIYKIq2tATHLefwsk/jJzRuA7ecPifF0rDBAmbp1S/9uchAW5gKl3h2F+kOms6 iVLrID6TiZjAp9/ZEs74dE+aA7HeAg4sWJtqJ8zVOU4nEbpXQrbPLbuEvJwpLnEZvQin dsMHYhhWWfF/9BkWr8ii7wTFnS+9WlPWg5GmlKOHWhn5sx1r/rPqBip8VXIQygSASUVu sf+TEzC7CpZntkm7j6JYKPZIzAlX7A37R6tXBsH/c0v4BuIY2jqbDq68eNkKB88Mm2Ay P6Q1n2ZIcgCF5zjmBLqKbz2JgJ9zSQG1S5IsJbRUyaI1J+qx/t0UXWobrGddZAFbzzgq N6QA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713586908; x=1714191708; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hjThOmZn38Lxg5pq1ucyiCyiBwospFo6FLfWhiY05Ao=; b=Ho6RTuQs6jIbzRPQssdjLgJFk86TPyJa7tfibCWNvWS3MphqdESkryZzjxDpvv8HYX 5EBC/rD4Laya8IGfqCQ9SNPkTQS0J7HTUs4ryrIvqgu47MCkU7dun3ZylwxNDiutB6in tZoHZnFRnz65IhqcDeJIvLAmMFLTpMYsWfij/8KmuJ1FaiL6iTp4EiE42+T4DbgcGuSF kTRtwJ3E94cByDoA01LOXsxVgdPDu9C6kHdb0T8UcUFRtZnBZSuMjFuM4QqBMJgp4NCt 98HP22xmA7NMWgeFMM43JWt4CPoq2BEfzBcx/K+4LZNyDtt2eeKpqXaVhh6njWV04qER eLLw== X-Gm-Message-State: AOJu0YyfW4anaE2bV7lSmDFzYwd/aEIx40b+PGlhpnrmM1SO0IwxppHt 9Y8IGBojw5qJxszwwmYtMYXXCeOiy2iWnAiwKcoe3OzamdbpoJoeonMJKi1eiIE0pHLTGZ4hYDL onJw9BwhzUzl8dwnoJOESbZTw7wCLPd0= X-Google-Smtp-Source: AGHT+IFb8ud+4OtNnoC+AYxCfZuvpRL9cCxRK4gfzC+cN3gzA7qwJdHDED0lLz0paR7ieVRkZ4bK7tnJ8DTEcYLd+rE= X-Received: by 2002:a2e:87d5:0:b0:2da:7cac:a75e with SMTP id v21-20020a2e87d5000000b002da7caca75emr2312032ljj.22.1713586907897; Fri, 19 Apr 2024 21:21:47 -0700 (PDT) List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Paul Procacci Date: Sat, 20 Apr 2024 00:21:37 -0400 Message-ID: Subject: Re: ixl(4) bhyve(8) SR-IOV with Transparent VLAN associated w/ VF's To: Lexi Winter Cc: freebsd-net@freebsd.org Content-Type: multipart/alternative; boundary="000000000000efee1906167f8a9a" X-Spamd-Bar: --- X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; FROM_HAS_DN(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MISSING_XM_UA(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::235:from] X-Rspamd-Queue-Id: 4VLyyS024rz51kw --000000000000efee1906167f8a9a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Apr 17, 2024 at 10:04=E2=80=AFPM Lexi Winter wrot= e: > Paul Procacci: > > I'm assigning VF's to bhyve with pci passthru. > [...] > > Given this, I figured the best option would be to set the VLAN on the V= F > on > > the host prior to handing it off to the bhyve instance effectively > enabling > > transparent vlans. > [...] > > Has anyone done this? Does anyone have any pointers to accomplish this= ? > > i looked into this a while ago and concluded that it's not supported, at > least on Intel cards. > > my recollection is that someone was working on this at one point, but > never finished it -- unfortunately, i can't remember who that was... > > you may be able to work around this by running vlan(4) on the VF on the > host instead of passing the interface to the guest, but then you lose > most of the benefits of using SR-IOV to begin with. i have run into > some odd bugs with both SR-IOV and vlan(4) on ixgbe cards and would > definitely recommend testing that thoroughly before deploying it. > That's a real bummer. You'd think this would be kinda a thing considering the security implications. Welp, Thanks for writing back Lexi! ~Paul --=20 __________________ :(){ :|:& };: --000000000000efee1906167f8a9a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Wed, Apr 17, 2024 at 10:04=E2= =80=AFPM Lexi Winter <lexi@le-fay.org= > wrote:
= Paul Procacci:
> I'm assigning VF's to bhyve with pci passthru.
[...]
> Given this, I figured the best option would be to set the VLAN on the = VF on
> the host prior to handing it off to the bhyve instance effectively ena= bling
> transparent vlans.
[...]
> Has anyone done this?=C2=A0 Does anyone have any pointers to accomplis= h this?

i looked into this a while ago and concluded that it's not supported, a= t
least on Intel cards.

my recollection is that someone was working on this at one point, but
never finished it -- unfortunately, i can't remember who that was...
you may be able to work around this by running vlan(4) on the VF on the
host instead of passing the interface to the guest, but then you lose
most of the benefits of using SR-IOV to begin with.=C2=A0 i have run into some odd bugs with both SR-IOV and vlan(4) on ixgbe cards and would
definitely recommend testing that thoroughly before deploying it.

That's a real bummer.=C2=A0=C2=A0 You'd think this would be kinda a= thing considering the security implications.

Welp, Thank= s for writing back Lexi!

~Paul

--
__________________

:(){ :|:& };:
--000000000000efee1906167f8a9a--