Intel® Ethernet Controller E810 eSwitch Switchdev Mode
Technology and Configuration Guide
Non-Tunnel Interface
The following steps outline how to configure hardware-offloaded TC-Flower rules on a non-tunnel interface:
- Enable hardware offload on the interface.
When a TC-Flower rule is added, the flower classifier determines the offload device, if any, of the flow. The rule is offloaded to hardware if the NETIF_F_HW_TC feature is supported and enabled on the PF and VF interfaces (PF and VF_PR). The hardware offload feature must be enabled through ethtool on the PF and VF (VF_PR).
ethtool -K $<PF1> hw-tc-offload on ethtool -K $<VF_PR> hw-tc-offload on - Enable the TC-Flower hardware/software offload flag.
Use skip_sw in the TC-Flower rule creation to enable hardware offload for the rule. Hardware offload is also controlled on a per-rule basis by using the flags skip_hw and skip_sw. These flags are mutually exclusive.
- skip_hw denotes that the rule is added to software but not hardware. An error is reported if the flow cannot be added to software. Do not process filter by hardware.
- skip_sw denotes that the rule is added to hardware but not software. An error is reported if the flow cannot be added to hardware. Do not process filter by software. If hardware has no offload support for this filter, or TC offload is not enabled for the interface, the operation fails.
- The default behavior is to try to add the rule to both hardware and software. No error is returned if the flow cannot be added to hardware, but an error is reported if the flow cannot be added to software. skip_hw does not use the fast path, so performance is limited.
The following configurations are with supported TC Match-Action fields:
- VLAN TC rule format
tc filter add dev <DEV> ingress [ priority <PRI> ] protocol { 802.1Q | 802.1ad } flower [ vlan_id <vlan_id>] [vlan_ethtype { 802.1Q | 802.1ad } ] [cvlan_id <cvlan_id>] [ skip_sw | skip_hw ] action { drop | mirred egress redirect dev <DEV> } - IPv4 TC rule format
tc filter add dev <DEV> ingress priority <PRI> protocol ip flower [ skip_sw | skip_hw ] [ src_ip <src_ip> ] [ dst_ip <dst_ip> ] [vlan_id <vlan_id>] [ src_mac <src_mac> ] [ dst_mac <dst_mac> ] [ip_tos <ToS>] [ip_ttl <TTL>] [ ip_proto [[{ tcp | udp } { src_port <src_port>| dst_port <dst_port> }] | [l2tp l2tpv3_sid <sess_id>] ]] action { drop | mirred egress redirect dev <DEV> } - IPv6 TC rule format
tc filter add dev <DEV> ingress [ priority <PRI> ] protocol ipv6 flower [skip_sw | skip_hw] [ src_ip <src_ip> | dst_ip <dst_ip> ] [vlan_id <vlan_id>] [ src_mac <src_mac> ] [ dst_mac <dst_mac> ] [ip_tos <Traffic Class>] [ ip_proto [[{ tcp | udp } { src_port <src_port> | dst_port <dst_port> }] | [l2tp l2tpv3_sid <sess_id>] ]] action { drop | mirred egress redirect dev <DEV> } - PPPoE TC rule format
tc filter add dev <DEV> ingress [ priority <PRI> ] protocol ppp_ses flower [skip_sw | skip_hw] ppp_proto ip [ src_ip <src_ip> | dst_ip <dst_ip> ] [vlan_id <vlan_id>] [cvlan_id <vlan_id>] [ src_mac <src_mac> ] [ dst_mac <dst_mac> ] [ ip_proto { tcp | udp } { src_port <src_port> | dst_port <dst_port> } ] action { drop | mirred egress redirect dev <DEV>}
The following configuration can be used to delete the configured TC rules, and all the rules with the same priority will be removed.
tc filter delete dev <DEV> ingress [ priority <PRI> ] Note:The IPv6 TC filter rule cannot have both source and destination IPv6 addresses. The TC filter rule hardware offload is not supported on PPPoE discovery (ethertype 0x8863) or L2TPv3 over UDP traffic. The IPv4 and IPv6 rule configuration supports mask. The following example uses the skip_sw parameter in the tc command line to add the rule to hardware but not software.
# tc qdisc add dev eth0 ingress # tc filter add dev eth0 ingress \ protocol ip \ flower skip_sw \ ip_proto tcp dst_port 1234 \ action drop - If using OVS: Enable hw_tc_offload and hardware/software offload flag.
TC offload must be enabled for skip_sw. The following commands show how to enable hw_tc_offload and how to set hardware/software offload policy. Make sure to follow the sequence. First you must enable hw_tc_offload, then set the TC offload flag for skip_hw or skip_sw.
ovs-vsctl set Open_vSwitch. other_config:hw-offload=true ovs-vsctl set Open_vSwitch. other_config:tc-policy=skip_sw - Verify the offloaded flow in hardware.
The tc command line tool makes use of two TCA CLS flags (TCA_CLS_FLAGS_IN_HW and TCA_CLS_FLAGS_NOT_IN_HW) that allows you to control and inspect the placement of rules in hardware and software. These flags allow the kernel to report the presence of a rule in hardware.
- Run the tc -s monitor command.
The in_hw field indicates that the flow is present in hardware.
# tc filter show dev eth0 ingress filter protocol ip pref 49152 flower chain 0 handle 0x1 eth_type ipv4 ip_proto tcp dst_port 1234 skip_sw in_hw - With OVS, execute OVS flow dump:
ovs-appctl dpctl/dump-flows -m In O/P, if the flag shows as
offloaded:yes, dp:tc , it means flows are on hardware.
- Run the tc -s monitor command.