Reusing ixgbe VLAN+macvlan VF with different MAC results in incorrect spoofchk message at PF

Solution Unverified - Updated -

Issue

  • Reusing ixgbe VLAN+macvlan VF with different MAC results in incorrect spoofchk message at PF
  • Communication is not working between two VFs from the same PF in the virtualized environment.
  • Setup as follows:
    • VF1 is attached to VM1.
    • VF2 was attached to an old VM which ran a container. The container had a macvlan interface on top of the VM interface. This container VM required trust enabled on VF2 in the hypervisor. That old container VM is gone now.
    • VF2 is now attached to VM2.
    • VF1 has a VLAN interface inside (eg: eth0.100) and VF2 tags the VLAN on the VF.
    • The old container VM, its macvlan interface, and VM2 have different MAC addresses for the VF.
    • Assign the IP address for both VFs inside VMs.
    • Try to ping either VM1 to VM2 or VM2 to VM1. Communication won't work.
  • Spoofed packet message logged in hypervisor, eg:
kernel: ixgbe 0000:xx:xx.x ethX: 2 Spoofed packets detected

Environment

  • Red Hat Enterprise Linux 7
  • Intel 82599 or similar NIC with ixgbe driver
  • SR-IOV VF to KVM VM
  • VF uses VLAN and trust mode for macvlan filters

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content