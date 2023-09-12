Created on Jun 27, 2022

This post describes the setup and configuration of SR-IOV in a ESXi 7.0 host using a NVIDIA ConnectX® -6 InfiniBand adapter card with a Native driver.

Note Note: Setting up a VM is out of the scope of this post.

Single Root IO Virtualization (SR-IOV) is a technology that allows a physical PCIe device to present itself multiple times through the PCIe bus. This technology enables multiple virtual instances of the device with separate resources. NVIDIA adapters are capable of exposing in ConnectX-6 adapter cards up to 128 virtual instances called Virtual Functions (VFs). These virtual functions can then be provisioned separately. Each VF can be seen as an additional device connected to the Physical Function. It shares the same resources with the Physical Function.

SR-IOV is commonly used in conjunction with an SR-IOV enabled hypervisor to provide Virtual Machines direct hardware access to network resources hence increasing its performance.

SR-IOV configuration includes the following:

Enables Virtualization (SR-IOV) in the BIOS (prerequisites)

Enables SR-IOV in the firmware

Enables SR-IOV in the MLNX_OFED Driver

Maps the Virtual Machine (VM) to the relevant port via SR-IOV

A server platform with an SR-IOV-capable motherboard BIOS

NVIDIA ConnectX®-6 adapter

Installer Privileges: The installation requires administrator privileges on the target machine

To set up an SR-IOV environment, the following is required:

Note Each server has a different BIOS configuration options for virtualization.

Warning The figures used in this section are for illustration purposes only. For further information, please refer to the appropriate BIOS User Manual.

Enable "SR-IOV" in the system BIOS. Enable "Intel Virtualization Technology".

Enable SSH Access to ESXi server. Log into the ESXi vSphere Command-Line Interface with root permissions. Enter Maintenance Mode the ESXi host. Run MFT and check the status. ESXi Console Collapse Source Copy Copied! # /opt/mellanox/bin/mst start Module mst is already loaded # /opt/mellanox/bin/mst status -vv PCI devices: ------------ DEVICE_TYPE MST PCI RDMA NET NUMA ConnectX6(rev:0) mt4123_pciconf1 37:00.0 ConnectX6(rev:0) mt4123_pciconf1.1 37:00.1 Query the status of the device. ESXi Console Collapse Source Copy Copied! # /opt/mellanox/bin/mlxconfig -d mt4123_pciconf1 q Device #1: ---------- Device type: ConnectX6 Name: MCX654106A-HCA_Ax Description: ConnectX-6 VPI adapter card; HDR IB (200Gb/s) and 200GbE; dual-port QSFP56; Socket Direct 2x PCIe3.0 x16; tall bracket; ROHS R6 Device: mt4123_pciconf1 Configurations: Next Boot ... NUM_OF_VFS 0 SRIOV_EN False(0) ... Set the link type of one or both ports to InfiniBand (default). ESXi Console Collapse Source Copy Copied! # /opt/mellanox/bin/mlxconfig -d mt4123_pciconf1 set LINK_TYPE_P1=1 Device #1: ---------- Device type: ConnectX6 Name: MCX654106A-HCA_Ax Description: ConnectX-6 VPI adapter card; HDR IB (200Gb/s) and 200GbE; dual-port QSFP56; Socket Direct 2x PCIe3.0 x16; tall bracket; ROHS R6 Device: mt4123_pciconf1 Configurations: Next Boot New LINK_TYPE_P1 ETH(2) IB(1) Apply new Configuration? (y/n) [n] : y Applying... Done! # /opt/mellanox/bin/mlxconfig -d mt4123_pciconf1 set LINK_TYPE_P2=1 Device #1: ---------- Device type: ConnectX6 Name: MCX654106A-HCA_Ax Description: ConnectX-6 VPI adapter card; HDR IB (200Gb/s) and 200GbE; dual-port QSFP56; Socket Direct 2x PCIe3.0 x16; tall bracket; ROHS R6 Device: mt4123_pciconf1 Configurations: Next Boot New LINK_TYPE_P2 ETH(2) IB(1) Apply new Configuration? (y/n) [n] : y Applying... Done! -I- Please reboot machine to load new configurations. Warning One InfiniBand port per subnet must be dedicated to running the Subnet Manager (SM). Since the SM can only run on PFs, that port must be passthrough to a VM. Enable Ethernet PCI subclass override. ESXi Console Collapse Source Copy Copied! # /opt/mellanox/bin/mlxconfig -d mt4123_pciconf1 set ADVANCED_PCI_SETTINGS=1 # /opt/mellanox/bin/mlxconfig -d mt4123_pciconf1 set FORCE_ETH_PCI_SUBCLASS=1 Reboot the server. Enable SR-IOV and set the desired number of Virtual Functions (VFs). SRIOV_EN=1 NUM_OF_VFS=16 ; This is an example with eight VFs per port. ESXi Console Collapse Source Copy Copied! # /opt/mellanox/bin/mlxconfig -d mt4123_pciconf1 s SRIOV_EN=1 NUM_OF_VFS=16 Device #1: ---------- Device type: ConnectX6 Name: MCX654106A-HCA_Ax Description: ConnectX-6 VPI adapter card; HDR IB (200Gb/s) and 200GbE; dual-port QSFP56; Socket Direct 2x PCIe3.0 x16; tall bracket; ROHS R6 Device: mt4123_pciconf1 Configurations: Next Boot New SRIOV_EN False(0) True(1) NUM_OF_VFS 0 16 Apply new Configuration? (y/n) [n] : y Applying... Done! -I- Please reboot machine to load new configurations. Note Note: mlxconfig must be performed for each PCI device (adapter). In parallel, in the driver the configuration is per module, which means that it will be applicable for all adapters installed on the server. Reboot the server. Note Note: At this point, the VFs are not seen when using "lspci". Only when SR-IOV is enabled on the driver will you be able to see them. Check if SR-IOV is enabled in the firmware. ESXi Console Collapse Source Copy Copied! # /opt/mellanox/bin/mlxconfig -d mt4123_pciconf1 q Device #1: ---------- Device type: ConnectX6 Name: MCX654106A-HCA_Ax Description: ConnectX-6 VPI adapter card; HDR IB (200Gb/s) and 200GbE; dual-port QSFP56; Socket Direct 2x PCIe3.0 x16; tall bracket; ROHS R6 Device: mt4123_pciconf1 Configurations: Current ... NUM_OF_VFS 16 SRIOV_EN True(1) ...

Get the module parameter list as follows: ESXi Console Collapse Source Copy Copied! # esxcli system module parameters list -m nmlx5_core Name Type Value Description ... max_vfs array of uint Number of PCI VFs to initialize Values : Array of 'uint' of range 0-128, May be limited by device, 0 - disabled Default: 0 ... Enable SR-IOV in the driver and set the max_vfs module parameter. ESXi Console Collapse Source Copy Copied! # esxcli system module parameters set -m nmlx5_core -p "max_vfs=16,16" Or, if your card second NVIDIA card. Sample: ESXi Console Collapse Source Copy Copied! # esxcli system module parameters set -m nmlx5_core -p "max_vfs=0,0,16,16" Warning Note 1: Allow at least one more VF to be configured on the firmware ( num_of_vfs ) than on the driver. In our example we had eight VFs configured on the firmware while four is configured on the driver (max_vfs). Note 2: mlxconfig must be performed for each PCI device (adapter). In parallel, in the driver the configuration is per module, which means that it will be applicable for all adapters installed on the server. Note 3: Changing the number of VFs is persistent. Reboot the server. Exit Maintenance Mode on the ESXi host. Check the PCI bus and verify that you see the VFs (with the same number of VFs on each port). ESXi Console Collapse Source Copy Copied! # lspci -d | grep Mellanox 0000:37:00.0 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6] [vmnic4] 0000:37:00.1 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6] [vmnic5] 0000:37:00.2 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_0] 0000:37:00.3 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_1] 0000:37:00.4 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_2] 0000:37:00.5 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_3] 0000:37:00.6 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_4] 0000:37:00.7 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_5] 0000:37:01.0 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_6] 0000:37:01.1 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_7] 0000:37:01.2 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_8] 0000:37:01.3 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_9] 0000:37:01.4 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_10] 0000:37:01.5 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_11] 0000:37:01.6 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_12] 0000:37:01.7 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_13] 0000:37:02.0 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_14] 0000:37:02.1 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.0_VF_15] 0000:37:02.2 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_0] 0000:37:02.3 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_1] 0000:37:02.4 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_2] 0000:37:02.5 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_3] 0000:37:02.6 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_4] 0000:37:02.7 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_5] 0000:37:03.0 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_6] 0000:37:03.1 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_7] 0000:37:03.2 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_8] 0000:37:03.3 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_9] 0000:37:03.4 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_10] 0000:37:03.5 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_11] 0000:37:03.6 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_12] 0000:37:03.7 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_13] 0000:37:04.0 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_14] 0000:37:04.1 Ethernet controller: Mellanox Technologies MT28908 Family [ConnectX-6 Virtual Function] [PF_0.55.1_VF_15]

At this point you can see 16 VFs and one Physical Function (PF).

Warning Note 1: Make sure the VM version is Rel. 10 or above, and upgrade it if needed by accessing the Compatibility section (otherwise SR-IOV will not appear as an option in the network adapter selection). Note 2: Before you start, power off the VM.

After you enable the Virtual Functions on the host, each of them becomes available as a PCI device.

To assign Virtual Function to a Virtual Machine in the vSphere Web Client:

Locate the Virtual Machine in the vSphere Web Client. Select a data center, folder, cluster, resource pool, or host and click the Related Objects tab. Click Virtual Machines and select the virtual machine from the list. Power off the Virtual Machine. Select the VM and Go to "Edit Settings". Click on Add Network adapter. Under Adapter Type select the SR-IOV passthrough connectivity option. Check the Reserve all guest memory (All locked) checkbox.

I/O memory management unit (IOMMU) must reach all Virtual Machine memory so that the passthrough device can access the memory by using direct memory access (DMA). Expand the New Network section and connect the Virtual Machine to the SRIOV net port group from the combo box at the bottom of the screen.

The virtual NIC does not use this port group for data traffic. The port group is used to extract the networking properties, for example VLAN tagging, to apply on the data traffic.

Warning MAC Address and MTU Considerations Note 1: You can leave the automatic generated MAC address (this is the default), or change it manually. Note 2: The Hypervisor MTU should be higher or equal to the Guest VM, otherwise, the packets may be dropped. You may modify “Set Guest OS MTU change” to allow changing MTU from guest. This step is applicable only if this feature is supported by the driver. Power on the VM Open the VM command line and make sure that you have the interface connected.

On the guest VM install the OS NVIDIA driver (OFED, WinOF ...).

Configure the IP Address and check Network connectivity.

Done !