How to Enable SR-IOV NIC Virtual Functions on a Kernel Zone With a Single anet Resource

How to Enable SR-IOV NIC Virtual Functions on a Kernel Zone With a Single `anet` Resource

Become a zone administrator.

For more information, see Using Rights Profiles to Install and Manage Zones in Creating and Using Oracle Solaris Zones.

Enable iov on an anet.

Using zonecfg, set the iov property on a selected anet resource.

$ pfbash zonecfg -z kernel-zone
zonecfg:kernel-zone> select anet id=id-number
zonecfg:kernel-zone:anet> set lower-link=network-interface
zonecfg:kernel-zone>set iov=iov-value
zonecfg:kernel-zone:anet> set iov=auto
zonecfg:kernel-zone:anet> end ; exit

The following example demonstrates enabling the iov property on an anet resource belonging to the kernel zone kzone1.

global$ pfbash zonecfg -z kzone1
zonecfg:kzone1> select anet id=0
zonecfg:kzone1:anet> set lower-link=net1
zonecfg:kzone1:anet> set iov=auto
zonecfg:kzone1:anet> end ; exit

Confirm that the iov property is set for the anet resource in the kernel zone configuration.

$ zonecfg -z kernel-zone info anet id=id-number

For example, on the system global and the anet resource with ID 0 of the kernel zone kzone1:

$ zonecfg -z kzone1 info anet id=0
anet:
        lower-link: net1
        configure-allowed-address: true
        iov: auto
        id: 0

Ensure that SR-IOV is enabled on the chosen network interface.

$ dladm show-linkprop -p iov network-interface

For example, on the system global and the network interface net1:

global$ dladm show-linkprop -p iov net1
LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
net1     iov             rw   on           on           auto      auto,on,off

Boot the kernel zone.
```
$ zoneadm -z kernel-zone boot
```
For example, to boot the kernel zone kzone1 on the system global:
```
global$ zoneadm -z kzone1 boot
```

Verify that the VF was successfully added.

$ zlogin kernel-zone
kernel-zone$ dladm show-phys -i

The output from this command varies depending on which version of Oracle Solaris is running in the global zone of the host system and in the kernel zone. The following is sample output for selected Oracle Solaris version combinations.

The global zone and the kernel zone are both running Oracle Solaris 11.4:

global$ pfexec zlogin kzone
kzone$ dladm show-phys -i
LINK              MEDIA          ID       DEVICE      ACTIVE     STANDBY
net0              Ethernet       anet:0   vnic1000    ixgbevf0   zvnet0

The global zone is running Oracle Solaris 11.4 and the kernel zone is running Oracle Solaris 11.3:

global$ pfexec zlogin kzone
kzone$ dladm show-phys -i
LINK         MEDIA        STATE     SPEED    DUPLEX      DEVICE
net0         Ethernet     down      0        unknown     ixgbevf0

The global zone is running Oracle Solaris 11.3 and the kernel zone is running Oracle Solaris 11.4:

global$ pfexec zlogin kzone
kzone$ dladm show-phys -i
LINK              MEDIA          ID       DEVICE      ACTIVE     STANDBY
net0              Ethernet       anet:0   vnic1000    ixgbevf0   --

Example 2-10 Confirming the zonecfg iov Value on an anet

The following example shows the iov value on anet 0. The value is set to auto. If set to the default value off, it would not be displayed.

global$ pfbash zonecfg -z kzone1
zonecfg:kzone1> select anet id=0
zonecfg:kzone1:anet> info
anet:
        lower-link: net1
        configure-allowed-address: true
        iov: auto
        id: 0

Example 2-11 Configuring SR-IOV and VLAN Tagging on an anet Resource

The following example shows how to explicitly set a VLAN ID to enable VLAN tagging on an anet resource, which allows untagged and potentially malicious frames to be dropped.

global$ pfbash zonecfg -z kzone1
zonecfg:kzone1> select anet id=0
zonecfg:kzone1:anet> set iov=auto
zonecfg:kzone1:anet> set vlan-id=11
zonecfg:kzone1:anet> end ; exit

For more information about setting VLAN IDs and VLAN tagging, see Configuring Virtual LANs in Kernel Zones.