ixgbeVLAN+macvlan VF with different MAC results in incorrect spoofchk message at PF
- Communication is not working between two VFs from the same PF in the virtualized environment.
- Setup as follows:
- VF1 is attached to VM1.
- VF2 was attached to an old VM which ran a container. The container had a macvlan interface on top of the VM interface. This container VM required trust enabled on VF2 in the hypervisor. That old container VM is gone now.
- VF2 is now attached to VM2.
- VF1 has a VLAN interface inside (eg:
eth0.100) and VF2 tags the VLAN on the VF.
- The old container VM, its macvlan interface, and VM2 have different MAC addresses for the VF.
- Assign the IP address for both VFs inside VMs.
- Try to ping either VM1 to VM2 or VM2 to VM1. Communication won't work.
- Spoofed packet message logged in hypervisor, eg:
kernel: ixgbe 0000:xx:xx.x ethX: 2 Spoofed packets detected
- Red Hat Enterprise Linux 7
- Intel 82599 or similar NIC with
- SR-IOV VF to KVM VM
- VF uses VLAN and trust mode for macvlan filters
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.