Intel® Ethernet Adapters and Devices User Guide

ID Date Version Classification
705831 11/28/2024 Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

Single Root I/O Virtualization (SR-IOV)

SR-IOV Overview

Single Root I/O Virtualization (SR-IOV) is a PCI SIG specification allowing PCI Express* devices to appear as multiple separate physical PCI Express devices. SR-IOV allows efficient sharing of PCI devices among Virtual Machines (VMs). It manages and transports data without the use of a hypervisor by providing independent memory space, interrupts, and DMA streams for each virtual machine.

../../_images/sriov-models.jpg

SR-IOV architecture includes two functions:

  • Physical Function (PF) is a full featured PCI Express function that can be discovered, managed, and configured like any other PCI Express device.

  • Virtual Function (VF) is similar to PF but cannot be configured and only has the ability to transfer data in and out. The VF is assigned to a Virtual Machine.

Configuring SR-IOV

SR-IOV lets a single network port appear to be several virtual functions in a virtualized environment. If you have an SR-IOV capable device, each port on that device can assign a virtual function to several guest partitions. The virtual functions bypass the Virtual Machine Manager (VMM), allowing packet data to move directly to a guest partition’s memory, resulting in higher throughput and lower CPU utilization. SR-IOV also allows you to move packet data directly to a guest partition’s memory. See your operating system documentation for system requirements.

For devices that support it, SR-IOV is enabled in the host partition. Some devices may need to have SR-IOV enabled in a preboot environment.

Note:
  • Configuring SR-IOV for improved network security: In a virtualized environment, on Intel® Server Adapters that support SR-IOV or Intel® Scalable I/O Virtualization (Intel® Scalable IOV), the virtual function (VF) may be subject to malicious behavior. Software-generated layer two frames, like IEEE 802.3x (link flow control), IEEE 802.1Qbb (priority based flow-control), and others of this type, are not expected and can throttle traffic between the host and the virtual switch, reducing performance. To resolve this issue, and to ensure isolation from unintended traffic streams, configure all SR-IOV or Intel Scalable IOV enabled ports for VLAN tagging from the administrative interface on the PF. This configuration allows unexpected, and potentially malicious, frames to be dropped.

  • SR-IOV must be enabled in the BIOS.

  • You must enable VMQ for SR-IOV to function.

  • For best performance, on the host use Set-VMNetworkAdapter -IovQueuePairsRequested 4 on the VF to allow the virtual network to use 4 queues (maximum supported value) and assign 4 or more virtual CPUs to the connected VM. In the VM, set “Maximum number of Receive Queues” in the VF’s adapter properties to 4.

  • Binding more than two virtual functions (VFs) to a virtual machine (VM) is not recommended. Binding more VFs to a VM may cause system instability.

  • SR-IOV is not supported with Intel ANS teams.

  • VMWare ESXi* does not support SR-IOV on 1Gbps ports.

Configuring SR-IOV in Windows*

Use Intel® PROSet to change this setting in Windows.

This setting is found on the Advanced tab of the device’s Device Manager property sheet or in the Adapter Settings panel in Intel® PROSet Adapter Configuration Utility (Intel® PROSet ACU).

To change this setting in Windows PowerShell*, use the Set-IntelNetAdapterSetting cmdlet. For example:

Set-IntelNetAdapterSetting -Name "<adapter_name>" -DisplayName "SR-IOV" -DisplayValue "Enabled"