[v3] doc: add steps to configure VF interface as trusted
Checks
Commit Message
Trusted VF is needed to offload rules with rte_flow to a group
that is bigger than 0.
The configuration is done in two parts: driver and FW.
This patch adds the needed steps to configure a VF to be trusted.
Signed-off-by: Asaf Penso <asafp@nvidia.com>
Reviewed-by: Raslan Darawsheh <rasland@nvidia.com>
---
v3: cleanup the patches
v2: added new line at the end of the file - comment from Stephen Hemminger
---
doc/guides/nics/mlx5.rst | 50 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
Comments
Hi,
> -----Original Message-----
> From: Asaf Penso <asafp@nvidia.com>
> Sent: Monday, February 28, 2022 10:11 AM
> To: dev@dpdk.org
> Cc: NBU-Contact-Thomas Monjalon (EXTERNAL) <thomas@monjalon.net>;
> Slava Ovsiienko <viacheslavo@nvidia.com>; Matan Azrad
> <matan@nvidia.com>; Raslan Darawsheh <rasland@nvidia.com>
> Subject: [PATCH v3] doc: add steps to configure VF interface as trusted
>
> Trusted VF is needed to offload rules with rte_flow to a group that is bigger
> than 0.
> The configuration is done in two parts: driver and FW.
>
> This patch adds the needed steps to configure a VF to be trusted.
>
> Signed-off-by: Asaf Penso <asafp@nvidia.com>
> Reviewed-by: Raslan Darawsheh <rasland@nvidia.com>
> ---
> v3: cleanup the patches
> v2: added new line at the end of the file - comment from Stephen
> Hemminger
> ---
Sending the reply to the appropriate version,
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
@@ -1613,3 +1613,53 @@ both the meters in hierarchy on that flow.
add port meter policy 0 2 g_actions meter mtr_id M / end y_actions end r_actions drop / end
create port meter 0 N 2 2 yes 0xffff 1 0
flow create 0 ingress group 1 pattern eth / end actions meter mtr_id N / end
+
+How to configure a VF as trusted
+--------------------------------
+
+This section demonstrates how to configure a virtual function (VF) interface as trusted.
+Trusted VF is needed to offload rules with rte_flow to a group that is bigger than 0.
+The configuration is done in two parts: driver and FW.
+
+The procedure below is an example of using a ConnectX-5 adapter card (pf0) with 2 VFs:
+
+#. Create 2 VFs on the PF pf0 when in Legacy SR-IOV mode::
+
+ $ echo 2 > /sys/class/net/pf0/device/mlx5_num_vfs
+
+#. Verify the VFs are created:
+
+ .. code-block:: console
+
+ $ lspci | grep Mellanox
+ 82:00.0 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5]
+ 82:00.1 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5]
+ 82:00.2 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function]
+ 82:00.3 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function]
+
+#. Unbind all VFs. For each VF PCIe, using the following command to unbind the driver::
+
+ $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/unbind
+
+#. Set the VFs to be trusted for the kernel by using one of the methods below:
+ - Using sysfs file::
+
+ $ echo ON | tee /sys/class/net/pf0/device/sriov/0/trust
+ $ echo ON | tee /sys/class/net/pf0/device/sriov/1/trust
+
+ - Using “ip link” command::
+
+ $ ip link set p0 vf 0 trust on
+ $ ip link set p0 vf 1 trust on
+
+#. Configure all VFs using mlxreg::
+
+ $ mlxreg -d /dev/mst/mt4121_pciconf0 --reg_name VHCA_TRUST_LEVEL --yes --set "all_vhca=0x1,trust_level=0x1"
+
+ .. note::
+
+ Firmware version used must be >= xx.29.1016 and MFT >= 4.18
+
+#. For each VF PCIe, using the following command to bind the driver::
+
+ $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/bind