[libvirt] [PATCH 3/4] virnetdevvportprofile: Changes to support portprofiles for hostdevs

Laine Stump laine at laine.org
Fri Mar 2 15:52:07 UTC 2012


On 03/02/2012 09:12 AM, Gerhard Stenzel wrote:
> On Thu, 2012-03-01 at 13:02 -0500, Laine Stump wrote:
>> In the case of hostdev though, there is not necessarily any netdev
>> driver at all in the host (and thus no "linkdev" to attach a macvtap
>> to), certainly not after it's attached to the guest - control of the
>> PCI
>> device is given over to the guest.
>>
>> So is the problem here that 802.1QbX stuff can only work if there's an
>> associated macvtap device? Although it might be possible to
>> temporarily
>> create a macvtap device and attach it to the PCI device's netdev
>> driver
>> prior to passing it through, that would only work if a netdev driver
>> was
>> bound to the PCI device (which isn't always the case, especially for
>> SRIOV VFs), yet that netdev driver would then immediately need to be
>> unbound prior to assigning the device to the guest, and most likely
>> that
>> would kill the macvtap device; even if the setup done using that
>> macvtap
>> device wasn't undone in the process, would it be possible to undo it
>> later when the guest terminates (or the device is detached from the
>> guest)? 
> I wondered how the complete XML fragment for Qbh would look like and
> came up with the following:
>
> <interface type='hostdev'>
>     <source dev='eth0' mode='private'/>

1) Currently it requires a PCI address (although I plan to add the
ability to accept a netdev name and automatically convert it to a PCI
address):

   <source>
     <address type='pci' domain='0' bus='0' slot='6' function='0'/>
   </source>

2) I guess I have been misunderestimating the level of symbiosis between
macvtap and 802.1QbX. I had thought that the private vs. vepa thing was
related to whether or not macvtap could (or couldn't) share the physical
device and (when sharing was allowed) whether or not it allowed multiple
macvtap devices connected to the same physical to see traffic from each
other. This assumption led me to believe that in the case of a PCI
passthrough device, where there is obviously no sharing (or macvtap
device), these different modes were irrelevant, and all that was needed
was the information in <virtualport>.

What I *think* I'm understanding from this discussion is that 1) in
order for a virtual port association to happen, a macvtap interface must
exist, and the association is done wrt that macvtap device *not* the
physical device, or even the VF, and 2) knowing the information in
<virtualport> (along with knowing that the physical device is not being
shared) is not enough information to properly perform an associate
operation.

Is this correct?

If that's the case, then there are some basic assumptions made here that
are incorrect, and we will need to either change the lower level code to
somehow accomplish a port associate without a macvtap interface, or we
will need to pull some kind of trickery, possibly adding a macvtap
interface to the PF to be used as a proxy to do the ASSOCIATE for the VF
(will that even work? In particular, will it work if multiple VFs need
to operate in one of the "exclusive" modes where no sharing of physical
device is permitted?)

Or maybe I'm still not understanding...


>     <mac address='52:54:00:8b:c9:51'>
>     <virtualport type='802.1Qbh'>
>         <parameters profileid='finance'/>
>     </virtualport>
> </interface>
>
> Can someone confirm?
>
> For Qbg, we would need then something like this:
>
> <interface type='hostdev'>
>     <source dev='eth0' mode='vepa'/>
>     <mac address='52:54:00:8b:c9:51'>
>     <virtualport type="802.1Qbg">
>         <parameters managerid="11" typeid="1193047" typeidversion="2" instanceid="09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f" vlanid="2"/>
>     </virtualport>
> </interface>
>
> to be of any use.

Again, my knowledge is insufficient to understand - why was a vlanid not
necessary before when we were dealing with a hostside macvtap tied to a
guest-side emulated netdev, and why is it necessary now that we want to
just passthrough the PCI device to the guest?

>  Note the additional vlanid attribute. The semantic
> would be that the host establishes a Qbg association for 
> (managerid, typeid, typeidversion, instanceid, vlanid)
> and that the VM would need to add the correct VLAN tag in order to be
> able to communicate.

So adding the VLAN tag has in the past been done by the macvtap
interface? Where did it learn the vlanid from?

Definitely if the packets need to leave the host with a VLAN tag, in PCI
passthrough mode that will need to be done by the guest OS, since the
host will be unable to get its hands on the packets. Once that's the
case, does it maybe make more sense to just leave *everything* up to the
guest OS - do a PCI passthrough of the device (maybe setting the MAC
address) and let the guest do the port associate etc. too? (Another way
of saying this - at this point, shouldn't we just admit that transparent
hostside support of VEPA (or any other protocol that requires data
packets to be modified) using PCI passthrough by definition is not
possible, and therefore isn't supported?)

Or am I just misunderstanding again?

>
> Does that make sense?

Not yet, but I'm slowly learning more and more :-)





More information about the libvir-list mailing list