Ubuntu
iproute2 package

  1. Bug #1800877
  2. Comment #0

Comment 0 for bug 1800877

Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

[Impact]

 * An VM's VF cannot receive IPv6 multicast traffic
   from other VMs' VFs in the same Mellanox adapter
   _if_ its VF trust setting is not enabled, and on
   Xenial currently iproute2 _cannot_ enable it.

 * This breaks IPv6 NDP (Neighbor Discovery Protocol)
   in that scenario.

 * This upload adds three iproute2 upstream commits
   to enable/disable the VF setting, which resolves
   that problem/limitation.

[Test Case]

 * Check 'ip link help' for the 'trust' option:

   Before:

     # ip link help 2>&1 | grep trust
     <nothing>

   After:

     # ip link help 2>&1 | grep trust
     [ trust { on | off} ] ]

 * Check 'ip link show dev PF' for 'trust on|off' field in VFs.

   Before: (trust field _is not_ present)

     # ip link show dev ens1f0
     ...
     vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
     vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto

   After: (trust field _is_ present)

     # ip link show dev ens1f0
     ...
     vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
     vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off

 * Set the VF trust on/off and check it:

     Set VF 0 trust on:

     # ip link set ens1f0 vf 0 trust on
     # ip link show dev ens1f0 | grep trust
     vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on
     vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off

     Set VF 0 trust off:

     # ip link set ens1f0 vf 0 trust off
     # ip link show dev ens1f0 | grep trust
     vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
     vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off

[Regression Potential]

 * Regression potential is low because the commits just add the
   netlink attribute for the userspace-kernel interface and the
   ways to set/clear it, and show the current value to the user.

 * Regressions could happen _if_ the user turns the setting on
   (it's disabled by default) and there's a problem/bug likely
   in _other_ component that depends on that setting (which is
   something to fix on such component).

[Other Info]

 * The users that reported this problem have verified
   the test package with these changes, and confirmed
   that it now works correctly for IPv6 NDP/multicast.