VMware Cloud Community
edisonso
Contributor
Contributor
‎05-07-2018 10:01 AM

ESXi 6.5 - Spoofed packets detected using SR-IOV

I am new to ESXi and therefore may not be familiar with most of the VMWARE terminology. Please correct me if I am wrong because it is how I would learn.

Background

  1. I installed ESXi 6.5 on a Dell PowerEdge R630 with a 2-port 82599EB 10G NIC.
  2. I installed two CentOS 7 VMs with DPDK.

SR-IOV Configuration

  1. I am using SR-IOV on the NIC ports. On each of the VM, I created a new network adapter on the first VM as follows with one Virtual Function.
    1. Network Adapter 1: 10G port group 1
      • Adapter Type: SR-IOV passthrough
      • Physical function: 82599EB 10-Gigabit SFI/SFP+ Network Connection - 0000:82:00.0
      • MAC Address: Automatic
      • Guest OS MTU Change: Disallow
  2. On top of the creation of the new adapter, I also reserved some memory as required by SR-IOV.
  3. I did the same on the second VM.
    1. Network Adapter 1: 10G port group 2
      • Adapter Type: SR-IOV passthrough
      • Physical function: 82599EB 10-Gigabit SFI/SFP+ Network Connection - 0000:82:00.1
      • MAC Address: Automatic
      • Guest OS MTU Change: Disallow
  4. Of course, each 10G port group is linked to a standard virtual group which in turn is linked to a 82599EB 10G port (Uplink Port)

Traffic Generation

  1. I have a PCAP file which has packets with different MAC addresses than the DPDK interface on the first VM.
  2. I generated a constant traffic from the first VM to the second VM using the PCAP file and none was received on the second VM.
  3. I sshed to the ESXI host and ran dmesg and got the following error messages repeatedly:

     2018-05-04T23:39:00.679Z cpu31:66145)<4>ixgbe 0000:82:00.0: vmnic4: 512 Spoofed packets detected

  1. I googled this error and somewhat have concluded that this error may have something to do with the MAC Spoofing feature on the 82599EB 10G NIC card. How do I disable it?
  2. The 82599EB 10G NIC card using esxcli displays the following information:

         

[root@vm:/vmfs/volumes/5acbc358-de2034d6-5472-90e2bac73ffc/VM1] esxcli network nic get -n vmnic4

   Advertised Auto Negotiation: true

   Advertised Link Modes: 1000BaseT/Full, 10000BaseT/Full

   Auto Negotiation: true

   Cable Type: FIBRE

   Current Message Level: 7

   Driver Info:

         Bus Info: 0000:82:00.0

         Driver: ixgbe

         Firmware Version: 0x61bd0001

         Version: 3.7.13.7.14iov-NAPI

   Link Detected: true

   Link Status: Up

   Name: vmnic4

   PHYAddress: 0

   Pause Autonegotiate: true

   Pause RX: true

   Pause TX: true

   Supported Ports: FIBRE

   Supports Auto Negotiation: true

   Supports Pause: true

   Supports Wakeon: false

   Transceiver: external

   Virtual Address: 00:50:56:55:91:0c

   Wakeon: None

Questions

  1. Is it possible to disable the anti-spoofing feature on the 10G NIC card on ESXi?
  2. Or is it the DPDK question and I should talk to dpdk.org instead?
2 Replies
edisonso
Contributor
Contributor
‎05-08-2018 10:46 AM

The running version of DPDK is 17.02.

0 Kudos
onyx4
Contributor
Contributor
‎11-01-2018 09:19 AM

I have the same issue trying to run a DPDK application which wants to use a custom MAC address, the ixgbe driver doesn't allow it by default.   Has anyone found an answer to this issue?

If this was a regular Linux box, we would simply enable the trust mode ON and spoof check OFF on the SRIOV VF and it would work.   We need to find the ESX system setting that would allow this change by the driver. 

I would have assumed that because I already set "permit" for all settings on the port group that the SRIOV is bound to, that VMware would adjust the permission on the VF accordingly, but it doesn't.

0 Kudos