|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * networking/hardware_networks/configuring-sriov-device.adoc |
| 4 | + |
| 5 | +[id="nw-sriov-nic-mlx-secure-boot_{context}"] |
| 6 | += MLX Secure Boot |
| 7 | + |
| 8 | +In some cases, you might want to split virtual functions (VFs) from the same physical function (PF) into multiple resource pools. |
| 9 | +For example, you might want some of the VFs to load with the default driver and the remaining VFs load with the `vfio-pci` driver. |
| 10 | +In such a deployment, the `pfNames` selector in your SriovNetworkNodePolicy custom resource (CR) can be used to specify a range of VFs for a pool using the following format: `<pfname>#<first_vf>-<last_vf>`. |
| 11 | + |
| 12 | +For example, the following YAML shows the selector for an interface named `netpf0` with VF `2` through `7`: |
| 13 | + |
| 14 | +[source,yaml] |
| 15 | +---- |
| 16 | +pfNames: ["netpf0#2-7"] |
| 17 | +---- |
| 18 | + |
| 19 | +* `netpf0` is the PF interface name. |
| 20 | +* `2` is the first VF index (0-based) that is included in the range. |
| 21 | +* `7` is the last VF index (0-based) that is included in the range. |
| 22 | + |
| 23 | +You can select VFs from the same PF by using different policy CRs if the following requirements are met: |
| 24 | + |
| 25 | +* The `numVfs` value must be identical for policies that select the same PF. |
| 26 | +* The VF index must be in the range of `0` to `<numVfs>-1`. For example, if you have a policy with `numVfs` set to `8`, then the `<first_vf>` value must not be smaller than `0`, and the `<last_vf>` must not be larger than `7`. |
| 27 | +* The VFs ranges in different policies must not overlap. |
| 28 | +* The `<first_vf>` must not be larger than the `<last_vf>`. |
| 29 | + |
| 30 | +The following example illustrates NIC partitioning for an SR-IOV device. |
| 31 | + |
| 32 | +The policy `policy-net-1` defines a resource pool `net-1` that contains the VF `0` of PF `netpf0` with the default VF driver. |
| 33 | +The policy `policy-net-1-dpdk` defines a resource pool `net-1-dpdk` that contains the VF `8` to `15` of PF `netpf0` with the `vfio` VF driver. |
| 34 | + |
| 35 | +Policy `policy-net-1`: |
| 36 | + |
| 37 | +[source,yaml] |
| 38 | +---- |
| 39 | +apiVersion: sriovnetwork.openshift.io/v1 |
| 40 | +kind: SriovNetworkNodePolicy |
| 41 | +metadata: |
| 42 | + name: policy-net-1 |
| 43 | + namespace: openshift-sriov-network-operator |
| 44 | +spec: |
| 45 | + resourceName: net1 |
| 46 | + nodeSelector: |
| 47 | + feature.node.kubernetes.io/network-sriov.capable: "true" |
| 48 | + numVfs: 16 |
| 49 | + nicSelector: |
| 50 | + pfNames: ["netpf0#0-0"] |
| 51 | + deviceType: netdevice |
| 52 | +---- |
| 53 | + |
| 54 | +Policy `policy-net-1-dpdk`: |
| 55 | + |
| 56 | +[source,yaml] |
| 57 | +---- |
| 58 | +apiVersion: sriovnetwork.openshift.io/v1 |
| 59 | +kind: SriovNetworkNodePolicy |
| 60 | +metadata: |
| 61 | + name: policy-net-1-dpdk |
| 62 | + namespace: openshift-sriov-network-operator |
| 63 | +spec: |
| 64 | + resourceName: net1dpdk |
| 65 | + nodeSelector: |
| 66 | + feature.node.kubernetes.io/network-sriov.capable: "true" |
| 67 | + numVfs: 16 |
| 68 | + nicSelector: |
| 69 | + pfNames: ["netpf0#8-15"] |
| 70 | + deviceType: vfio-pci |
| 71 | +---- |
| 72 | + |
| 73 | +.Verifying that the interface is successfully partitioned |
| 74 | +Confirm that the interface partitioned to virtual functions (VFs) for the SR-IOV device by running the following command. |
| 75 | + |
| 76 | +[source,terminal] |
| 77 | +---- |
| 78 | +$ ip link show <interface> <1> |
| 79 | +---- |
| 80 | + |
| 81 | +<1> Replace `<interface>` with the interface that you specified when partitioning to VFs for the SR-IOV device, for example, `ens3f1`. |
| 82 | + |
| 83 | +.Example output |
| 84 | +[source,terminal] |
| 85 | +---- |
| 86 | +5: ens3f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 |
| 87 | +link/ether 3c:fd:fe:d1:bc:01 brd ff:ff:ff:ff:ff:ff |
| 88 | +
|
| 89 | +vf 0 link/ether 5a:e7:88:25:ea:a0 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off |
| 90 | +vf 1 link/ether 3e:1d:36:d7:3d:49 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off |
| 91 | +vf 2 link/ether ce:09:56:97:df:f9 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off |
| 92 | +vf 3 link/ether 5e:91:cf:88:d1:38 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off |
| 93 | +vf 4 link/ether e6:06:a1:96:2f:de brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off |
| 94 | +---- |
0 commit comments