[Touch-packages] [Bug 1800877] Re: iproute2/xenial: Add support for the VF Trust setting (fix IPv6 multicast under SR-IOV on Mellanox adapters)

Eric Desrochers Wed, 31 Oct 2018 18:01:28 -0700

** Description changed:

  [Impact]
  
-  * An VM's VF cannot receive IPv6 multicast traffic
-    from other VMs' VFs in the same Mellanox adapter
-    _if_ its VF trust setting is not enabled, and on
-    Xenial currently iproute2 _cannot_ enable it.
+  * An VM's VF cannot receive IPv6 multicast traffic
+    from other VMs' VFs in the same Mellanox adapter
+    _if_ its VF trust setting is not enabled, and on
+    Xenial currently iproute2 _cannot_ enable it.
  
-  * This breaks IPv6 NDP (Neighbor Discovery Protocol)
-    in that scenario.
+  * This breaks IPv6 NDP (Neighbor Discovery Protocol)
+    in that scenario.
  
-  * This upload adds three iproute2 upstream commits
-    to enable/disable the VF setting, which resolves
-    that problem/limitation.
+  * This upload adds three iproute2 upstream commits
+    to enable/disable the VF setting, which resolves
+    that problem/limitation.
  
  [Test Case]
  
-  * Check 'ip link help' for the 'trust' option:
+  * Check 'ip link help' for the 'trust' option:
  
-    Before:
+    Before:
  
-      # ip link help 2>&1 | grep trust
-      <nothing>
+      # ip link help 2>&1 | grep trust
+      <nothing>
  
-    After:
+    After:
  
-      # ip link help 2>&1 | grep trust
-      [ trust { on | off} ] ]
+      # ip link help 2>&1 | grep trust
+      [ trust { on | off} ] ]
  
-  * Check 'ip link show dev PF' for 'trust on|off' field in VFs.
+  * Check 'ip link show dev PF' for 'trust on|off' field in VFs.
  
-    Before: (trust field _is not_ present)
+    Before: (trust field _is not_ present)
  
-      # ip link show dev ens1f0
-      ...
-      vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
-      vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
+      # ip link show dev ens1f0
+      ...
+      vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
+      vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
  
-    After: (trust field _is_ present)
+    After: (trust field _is_ present)
  
-      # ip link show dev ens1f0
-      ...
-      vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
-      vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+      # ip link show dev ens1f0
+      ...
+      vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+      vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
  
-  * Set the VF trust on/off and check it:
+  * Set the VF trust on/off and check it:
  
-      Set VF 0 trust on:
+      Set VF 0 trust on:
  
-      # ip link set ens1f0 vf 0 trust on
-      # ip link show dev ens1f0 | grep trust
-      vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on
-      vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+      # ip link set ens1f0 vf 0 trust on
+      # ip link show dev ens1f0 | grep trust
+      vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on
+      vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
  
-      Set VF 0 trust off:
+      Set VF 0 trust off:
  
-      # ip link set ens1f0 vf 0 trust off
-      # ip link show dev ens1f0 | grep trust
-      vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
-      vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+      # ip link set ens1f0 vf 0 trust off
+      # ip link show dev ens1f0 | grep trust
+      vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+      vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
  
  [Regression Potential]
  
-  * Regression potential is low because the commits just add the
-    netlink attribute for the userspace-kernel interface and the
-    ways to set/clear it, and show the current value to the user.
+  * Regression potential is low because the commits just add the
+    netlink attribute for the userspace-kernel interface and the
+    ways to set/clear it, and show the current value to the user.
  
-  * Regressions could happen _if_ the user turns the setting on
-    (it's disabled by default) and there's a problem/bug likely
-    in _other_ component that depends on that setting (which is
-    something to fix on such component).
+  * Regressions could happen _if_ the user turns the setting on
+    (it's disabled by default) and there's a problem/bug likely
+    in _other_ component that depends on that setting (which is
+    something to fix on such component).
  
  [Other Info]
-  
-  * The users that reported this problem have verified
-    the test package with these changes, and confirmed
-    that it now works correctly for IPv6 NDP/multicast.
+ 
+  * The users that reported this problem have verified
+    the test package with these changes, and confirmed
+    that it now works correctly for IPv6 NDP/multicast.
+ 
+  * Upstream commits:
+  
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=dddf1b44126e
+ 
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=fe9322781e63
+ 
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=b6d77d9ee312
+ 
+  * Only affect Xenial release :
+ 
+  # rmadison iproute2
+  iproute2 | 4.3.0-1ubuntu3.16.04.3 | xenial-updates
+  iproute2 | 4.15.0-2ubuntu1        | bionic         
+  iproute2 | 4.18.0-1ubuntu2        | cosmic        
+  iproute2 | 4.18.0-1ubuntu2        | disco  
+ 
+  # iproute2 upstream vcs
+ 
+  $ git describe --contains dddf1b44126e
+  v4.4.0~67
+ 
+  $ git describe --contains b6d77d9ee312
+  v4.5.0~47
+ 
+  $ git describe --contains fe9322781e63
+  v4.6.0~32


-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iproute2 in Ubuntu.
https://bugs.launchpad.net/bugs/1800877

Title:
  iproute2/xenial: Add support for the VF Trust setting (fix IPv6
  multicast under SR-IOV on Mellanox adapters)

Status in iproute2 package in Ubuntu:
  Fix Released
Status in iproute2 source package in Xenial:
  In Progress

Bug description:
  [Impact]

   * An VM's VF cannot receive IPv6 multicast traffic
     from other VMs' VFs in the same Mellanox adapter
     _if_ its VF trust setting is not enabled, and on
     Xenial currently iproute2 _cannot_ enable it.

   * This breaks IPv6 NDP (Neighbor Discovery Protocol)
     in that scenario.

   * This upload adds three iproute2 upstream commits
     to enable/disable the VF setting, which resolves
     that problem/limitation.

  [Test Case]

   * Check 'ip link help' for the 'trust' option:

     Before:

       # ip link help 2>&1 | grep trust
       <nothing>

     After:

       # ip link help 2>&1 | grep trust
       [ trust { on | off} ] ]

   * Check 'ip link show dev PF' for 'trust on|off' field in VFs.

     Before: (trust field _is not_ present)

       # ip link show dev ens1f0
       ...
       vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
       vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto

     After: (trust field _is_ present)

       # ip link show dev ens1f0
       ...
       vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
       vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off

   * Set the VF trust on/off and check it:

       Set VF 0 trust on:

       # ip link set ens1f0 vf 0 trust on
       # ip link show dev ens1f0 | grep trust
       vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on
       vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off

       Set VF 0 trust off:

       # ip link set ens1f0 vf 0 trust off
       # ip link show dev ens1f0 | grep trust
       vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
       vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off

  [Regression Potential]

   * Regression potential is low because the commits just add the
     netlink attribute for the userspace-kernel interface and the
     ways to set/clear it, and show the current value to the user.

   * Regressions could happen _if_ the user turns the setting on
     (it's disabled by default) and there's a problem/bug likely
     in _other_ component that depends on that setting (which is
     something to fix on such component).

  [Other Info]

   * The users that reported this problem have verified
     the test package with these changes, and confirmed
     that it now works correctly for IPv6 NDP/multicast.

   * Upstream commits:
   
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=dddf1b44126e
  
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=fe9322781e63
  
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=b6d77d9ee312

   * Only affect Xenial release :

   # rmadison iproute2
   iproute2 | 4.3.0-1ubuntu3.16.04.3 | xenial-updates
   iproute2 | 4.15.0-2ubuntu1        | bionic         
   iproute2 | 4.18.0-1ubuntu2        | cosmic        
   iproute2 | 4.18.0-1ubuntu2        | disco  

   # iproute2 upstream vcs

   $ git describe --contains dddf1b44126e
   v4.4.0~67

   $ git describe --contains b6d77d9ee312
   v4.5.0~47

   $ git describe --contains fe9322781e63
   v4.6.0~32

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1800877/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1800877] Re: iproute2/xenial: Add support for the VF Trust setting (fix IPv6 multicast under SR-IOV on Mellanox adapters)

Reply via email to