Go to main content

Creating and Using Oracle® Solaris Kernel Zones

Exit Print View

Updated: December 2018
 
 

How to Enable SR-IOV NIC Virtual Functions on a Kernel Zone With a Single anet

  1. Become a zone administrator.

    You must also be assigned the Network Management rights profile to run the dladm command. The root role has all of these rights.

    For more information, see Assigning Rights to Non-Root Users to Manage Zones in Creating and Using Oracle Solaris Zones.

  2. Enable iov on an anet.

    Using zonecfg, enable iov on a selected anet. 

    $ zonecfg -z kernel-zone
zonecfg:kernel-zone> set lower-link=network-interface
zonecfg:kernel-zone> select anet id=id-number
zonecfg:kernel-zone:anet> set lower-link=network-interface
zonecfg:kernel-zone:anet> set iov=iov-value
zonecfg:kernel-zone:anet> end
zonecfg:kernel-zone exit

    The following example demonstrates enabling the iov property on an anet belonging to the kernel zone kzone1.

    global$ zonecfg -z kzone1
zonecfg:kzone1> select anet id=0
zonecfg:kzone1:anet> set lower-link=net1
zonecfg:kzone1:anet> set iov=auto
zonecfg:kzone1:anet> end
zonecfg:kzone1> exit
  3. (Optional) Confirm that the iov property is set for the anet in the kernel zone configuration. 
    $ zonecfg -z kernel-zone info anet id=id-number

    For example, on the system global and the anet 0 of kernel zone kzone1:

    $ zonecfg -z kzone1 info anet id=0
anet:
        lower-link: net1
        allowed-address not specified
        configure-allowed-address: true
        ...
        iov: auto
        lro: auto
        id: 0
  4. Use dladm(1M) to ensure that SR-IOV is enabled on the chosen network interface. 
    $ dladm show-linkprop -p iov network-interface

    For example, on the system global and the network interface net1:

    global$ dladm show-linkprop -p iov net1
LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
net1     iov             rw   on           on           auto      auto,on,off
  5. Boot the kernel zone. 
    $ zoneadm -z kernel-zone boot

    For example, to boot the kernel zone kzone1 on the system global:

    global$ zoneadm -z kzone1 boot
  6. Verify that the VF was successfully added. 
    $ zlogin kernel-zone
kernel-zone# dladm show-phys

    For example:

    global$ zlogin kzone1
kzone1# dladm show-phys
LINK    MEDIA       STATE    SPEED    DUPLEX    DEVICE
net0    Ethernet    down     0        unknown   ixgbevf0
Example 11  Confirming the zonecfg iov Value on an anet

The following example shows the iov value on anet 0. The value is set to off, the default value. 

global$ zonecfg -z kzone1
zonecfg:kzone1> select anet id=0
zonecfg:kzone1:anet> info
anet:
        lower-link: net1
        allowed-address not specified
        configure-allowed-address: true
        ...
        iov: off
        lro: auto
        id: 0
zonecfg:kzone1:anet> end
zonecfg:kzone1> exit
Example 12  Configuring iov and VLAN Tagging on an anet

This example shows how to explicitly set a VLAN ID to enable VLAN tagging on an anet, which allows untagged and potentially malicious frames to be dropped.

global$ zonecfg -z kzone1
zonecfg:kzone1> select anet id=0
zonecfg:kzone1:anet> set iov=auto
zonecfg:kzone1:anet> set vlan-id=11
zonecfg:kzone1:anet> end
zonecfg:kzone1> exit
Copyright © 2014, 2018, Oracle and/or its affiliates. All rights reserved. 
Previous
Next