VMware Cloud Community
nirmalanand
Enthusiast
Enthusiast
‎09-06-2015 11:30 PM

Disabling Anit-MAC spoofing for SRIOV VF interfaces from FreeBSD or through ESX host

Hello experts,

I have a SRIOV VF interface [PF is Intel 82599] available in a FreeBSD 8.4 VM.

We are planning to add support for Static LA on the VM [aka NIC bonding], for this the Administrative MAC of the VF needs to be over-written with the LA mac.

Since Anit-mac spoofing is enabled by default in Intel 82599 NIC, we are getting the below error:

2015-09-07T10:04:21.369Z cpu3:33077)<4>ixgbe 0000:02:00.1: vmnic2: VF 0 attempted to set a new MAC address but it already has an administratively set MAC address  00: 0c:29:5c:64:af

2015-09-07T10:04:21.369Z cpu3:33077)<4>ixgbe 0000:02:00.1: vmnic2: Check the VF driver and if it is not using the correct MAC address you may need to reload the VF driver

2015-09-07T10:04:22.717Z cpu17:33238)<4>ixgbe 0000:02:00.1: vmnic2: 34 Spoofed packets detected

Intel 82599 NIC supports enable/disable of anti-mac spoofing configuration through ixgbe_netdev_features.

In the Linux world it is achieved through "ip link command"

Disabling anti-spoofing protection on a VF (NIC... | Intel Communities

For ESX 5.5/6.0 , is there an equivalent cli command that can be run to disable anti-mac spoofing for SRIOV VF interfaces?

Please let me know.

Regards,

Nirmal

0 Kudos
2 Replies
continuum
Immortal
Immortal
‎09-07-2015 05:56 AM

ethernet0.ignoreMACAddressConflict = "false"

I think this is another silent default - usually a Nic will not come up if the same Mac exists on the network.

ethernet0.noPromisc = "true"

This disables - well have a guess - yes , this disables promiscous-mode.
On Linux hosts you must be root to set nics into promiscous mode - read more

ethernet0.noForgedSrcAddr = "true"

This disables spoofing of Mac-address

ethernet0.reassignMAConResume = "true"

I guess this is another silent default - usually VMware tries to assign the same MAC after resume as it was used before resume.

ethernet0.checkMACAddress = "FALSE"

ESX and WS 6.5 - allows to set a MAC outside the usual range (experimental)

ethernet0.downWhenAddrMismatch = "false"

see knowledgebase


this vmx-parameters may help - set them to true or false depending on your needs


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
nirmalanand
Enthusiast
Enthusiast
‎09-16-2015 12:45 AM

I have added the below configuration parameters for all my interfaces (SRIOV VF interfaces):

ethernet1.noForgedSrcAddr True

ethernet2.noForgedSrcAddr True

----> Did not Work

Then tried..

pciPassthru0.noForgedSrcAddr True

pciPassthru1.noForgedSrcAddr True

---->Did not work

2015-09-16T12:39:54.290Z cpu3:32875)<4>ixgbe 0000:02:00.1: vmnic2: VF 0 attempted to set a new MAC address but it already has an administratively set MAC address  00: 0c:29:5c:64:af

2015-09-16T12:39:54.290Z cpu3:32875)<4>ixgbe 0000:02:00.1: vmnic2: Check the VF driver and if it is not using the correct MAC address you may need to reload the VF driver

2015-09-16T12:39:54.684Z cpu4:33143)<4>ixgbe 0000:02:00.1: vmnic2: 8 Spoofed packets detected

I get the above message in vmkernel.log

Question: Will it work for SRIOV VF interfaces? The VF interfaces are from Intel 82599 NIC

0 Kudos