Intel® Ethernet Controller E810 eSwitch Switchdev Mode

Technology and Configuration Guide

ID Date Version Classification
645272 12/31/2023 1.3 Public
Document Table of Contents
Document Table of Contents
Notices and Disclaimers Revision History Known Issues - Read First Introduction Hardware and Software Requirements eSwitch Mode (Switchdev and Legacy) eSwitch Configuration Appendices
Notices and Disclaimers
Revision History
Known Issues - Read First
Introduction
Hardware and Software Requirements
eSwitch Mode (Switchdev and Legacy)
eSwitch Mode (Switchdev and Legacy) Technical Details: eSwitch Legacy Mode Technical Details: eSwitch Switchdev Mode Technical Details: Switchdev Mode and TC-Flower
Technical Details: eSwitch Legacy Mode
Technical Details: eSwitch Switchdev Mode
Technical Details: eSwitch Switchdev Mode Default/Exception/Slow Path Bridge-Based Slow Data Path
Default/Exception/Slow Path
Bridge-Based Slow Data Path
Technical Details: Switchdev Mode and TC-Flower
Technical Details: Switchdev Mode and TC-Flower Switchdev Mode TC-Flower Hardware Offloads
Switchdev Mode TC-Flower Hardware Offloads
eSwitch Configuration
eSwitch Configuration eSwitch Mode Configuration Between Legacy/Switchdev Limitations and Troubleshooting TC-Flower Rule Hardware Offload Configuration
eSwitch Mode Configuration Between Legacy/Switchdev
eSwitch Mode Configuration Between Legacy/Switchdev Variable Definitions Configuration Steps
Variable Definitions
Configuration Steps
Limitations and Troubleshooting
TC-Flower Rule Hardware Offload Configuration
TC-Flower Rule Hardware Offload Configuration Non-Tunnel Interface Tunnel Interface
Non-Tunnel Interface
Tunnel Interface
Appendices
Sample Scripts Glossary and Acronyms
Sample Scripts
Sample Scripts Script A: Switchdev Mode with Linux Bridge Configuration Script B: Switchdev Mode with OVS Configuration Script C: Switchdev Mode with VXLAN/GRETAP/GENEVE/GTP Linux Bridge Configuration
Script A: Switchdev Mode with Linux Bridge Configuration
Script B: Switchdev Mode with OVS Configuration
Script C: Switchdev Mode with VXLAN/GRETAP/GENEVE/GTP Linux Bridge Configuration
Glossary and Acronyms

Non-Tunnel Interface

The following steps outline how to configure hardware-offloaded TC-Flower rules on a non-tunnel interface:

  1. Enable hardware offload on the interface.

    When a TC-Flower rule is added, the flower classifier determines the offload device, if any, of the flow. The rule is offloaded to hardware if the NETIF_​F_​HW_​TC feature is supported and enabled on the PF and VF interfaces (PF and VF_​PR). The hardware offload feature must be enabled through ethtool on the PF and VF (VF_​PR).

    ethtool -K $<PF1> hw-tc-offload on ethtool -K $<VF_PR> hw-tc-offload on
  2. Enable the TC-Flower hardware/software offload flag.

    Use skip_​sw in the TC-Flower rule creation to enable hardware offload for the rule. Hardware offload is also controlled on a per-rule basis by using the flags skip_​hw and skip_​sw. These flags are mutually exclusive.

    • skip_​hw denotes that the rule is added to software but not hardware. An error is reported if the flow cannot be added to software. Do not process filter by hardware.
    • skip_​sw denotes that the rule is added to hardware but not software. An error is reported if the flow cannot be added to hardware. Do not process filter by software. If hardware has no offload support for this filter, or TC offload is not enabled for the interface, the operation fails.
    • The default behavior is to try to add the rule to both hardware and software. No error is returned if the flow cannot be added to hardware, but an error is reported if the flow cannot be added to software. skip_​hw does not use the fast path, so performance is limited.

    The following configurations are with supported TC Match-Action fields:

    • VLAN TC rule format tc filter add dev <DEV> ingress [ priority <PRI> ] protocol { 802.1Q | 802.1ad } flower [ vlan_id <vlan_id>] [vlan_ethtype { 802.1Q | 802.1ad } ] [cvlan_id <cvlan_id>] [ skip_sw | skip_hw ] action { drop | mirred egress redirect dev <DEV> }
    • IPv4 TC rule format tc filter add dev <DEV> ingress priority <PRI> protocol ip flower [ skip_sw | skip_hw ] [ src_ip <src_ip> ] [ dst_ip <dst_ip> ] [vlan_id <vlan_id>] [ src_mac <src_mac> ] [ dst_mac <dst_mac> ] [ip_tos <ToS>] [ip_ttl <TTL>] [ ip_proto [[{ tcp | udp } { src_port <src_port>| dst_port <dst_port> }] | [l2tp l2tpv3_sid <sess_id>] ]] action { drop | mirred egress redirect dev <DEV> }
    • IPv6 TC rule format tc filter add dev <DEV> ingress [ priority <PRI> ] protocol ipv6 flower [skip_sw | skip_hw] [ src_ip <src_ip> | dst_ip <dst_ip> ] [vlan_id <vlan_id>] [ src_mac <src_mac> ] [ dst_mac <dst_mac> ] [ip_tos <Traffic Class>] [ ip_proto [[{ tcp | udp } { src_port <src_port> | dst_port <dst_port> }] | [l2tp l2tpv3_sid <sess_id>] ]] action { drop | mirred egress redirect dev <DEV> }
    • PPPoE TC rule format tc filter add dev <DEV> ingress [ priority <PRI> ] protocol ppp_ses flower [skip_sw | skip_hw] ppp_proto ip [ src_ip <src_ip> | dst_ip <dst_ip> ] [vlan_id <vlan_id>] [cvlan_id <vlan_id>] [ src_mac <src_mac> ] [ dst_mac <dst_mac> ] [ ip_proto { tcp | udp } { src_port <src_port> | dst_port <dst_port> } ] action { drop | mirred egress redirect dev <DEV>}

    The following configuration can be used to delete the configured TC rules, and all the rules with the same priority will be removed. tc filter delete dev <DEV> ingress [ priority <PRI> ]

    Note:The IPv6 TC filter rule cannot have both source and destination IPv6 addresses. The TC filter rule hardware offload is not supported on PPPoE discovery (ethertype 0x8863) or L2TPv3 over UDP traffic. The IPv4 and IPv6 rule configuration supports mask.

    The following example uses the skip_​sw parameter in the tc command line to add the rule to hardware but not software.

    # tc qdisc add dev eth0 ingress # tc filter add dev eth0 ingress \ protocol ip \ flower skip_sw \ ip_proto tcp dst_port 1234 \ action drop
  3. If using OVS: Enable hw_​tc_​offload and hardware/software offload flag.

    TC offload must be enabled for skip_​sw. The following commands show how to enable hw_​tc_​offload and how to set hardware/software offload policy. Make sure to follow the sequence. First you must enable hw_​tc_​offload, then set the TC offload flag for skip_​hw or skip_​sw.

    ovs-vsctl set Open_vSwitch. other_config:hw-offload=true ovs-vsctl set Open_vSwitch. other_config:tc-policy=skip_sw
  4. Verify the offloaded flow in hardware.

    The tc command line tool makes use of two TCA CLS flags (TCA_​CLS_​FLAGS_​IN_​HW and TCA_​CLS_​FLAGS_​NOT_​IN_​HW) that allows you to control and inspect the placement of rules in hardware and software. These flags allow the kernel to report the presence of a rule in hardware.

    1. Run the tc -s monitor command.

      The in_​hw field indicates that the flow is present in hardware.

      # tc filter show dev eth0 ingress filter protocol ip pref 49152 flower chain 0 handle 0x1 eth_type ipv4 ip_proto tcp dst_port 1234 skip_sw in_hw
    2. With OVS, execute OVS flow dump: ovs-appctl dpctl/dump-flows -m

      In O/P, if the flag shows as offloaded:yes, dp:tc, it means flows are on hardware.

Tunnel Interface