Managing Single-Root I/O NIC Virtualization on Kernel Zones

You can create and administer single root I/O (SR-IOV) NIC virtual functions (VF) on kernel zones by using the iov property of the zonecfg anet resource type. SR-IOV enables the efficient sharing of Peripheral Component Interconnect Express (PCIe) devices among virtual machines and is implemented in the system hardware to achieve I/O performance that is comparable to bare metal performance.

SR-IOV must be enabled on the datalink in the global zone in order to enable it on the anet resource in a kernel zone. For information about using SR-IOV in Oracle Solaris, see Using Single Root I/O Virtualization With VNICs in Managing Network Virtualization and Network Resources in Oracle Solaris 11.4.

The iov property is only supported on kernel zones and native (solaris) zones.

When you enable the iov property, the ability to suspend and resume the kernel zone and migrate it using warm or live migration is limited to host systems and zones running Oracle Solaris 11.4. See About Migration of Kernel Zones with SR-IOV-Enabled anet Resources for more information.

See Zone Global Properties in Oracle Solaris Zones Configuration Resources for information about how to enable and configure the iov property of the anet resource type.

Tip:

When using some Intel network adapters that support SR-IOV, a virtual function might be the target of malicious behavior. Unexpected software-generated frames can slow traffic between the host system and the virtual switch, which might negatively affect performance. You can work around this issue by configuring all SR-IOV-enabled ports to use VLAN tagging to drop unexpected and potentially malicious frames, See Configuring SR-IOV and VLAN Tagging on an anet Resource for an example.