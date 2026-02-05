This section provides instructions on how to run and configure the newly created xlio-image Docker image, detailing both the required and some of the optional configurations for running the container.

When running the container with docker run , the following configurations must be specified to ensure proper functionality:

--ulimit memlock=-1 : This option allows you to set unlimited memory lock for the container. For more details, refer to the ULIMIT Considerations section below.

--device=/dev/infiniband : This option grants the container access to available InfiniBand devices. Note : Instead of granting access to all available IB devices, you can grant access to specific InfiniBand devices by running: Copy Copied! --device=/dev/infiniband/rdma_cm --device=/dev/infiniband/uverbs0 Note : Make sure to use the correct uverbsX in case you have multiple InfiniBand devices.

--cap-add=NET_RAW NET_ADMIN : This capability provides the ability to configure and manage network interfaces, in addition to Raw Socket processing.

XLIO can take advantage of Huge Pages to optimize memory allocation and takes full advantage of the performance benefits of Huge Pages.

Huge Pages are allocated by the host. Once configured, the container can access and use them from the host's memory pool.

To check the current Huge Page configuration settings: Copy Copied! #(host) cat /proc/meminfo | grep HugePages

To allocate a sufficient amount of Huge Pages (preferably a total of 2GB memory): Copy Copied! #(host) echo <number_of_hugepages> | sudo tee /proc/sys/vm/nr_hugepages To allocate a total of approximately 2GB of huge pages, determine the size of your system's hugepages (usually 2MB) and calculate the required number. For example, if your system uses 2MB huge pages, you would need to allocate 1024 huge pages to reach a total of 2GB.



Use the host's network stack, which directly connects the container to the host's networking environment:

Run The Container ( xlio-image ):

Copy Copied! #(host) docker run -it --net=host --cap-add=NET_RAW --cap-add=NET_ADMIN --ulimit memlock=- 1 --device=/dev/infiniband xlio-image /bin/bash





To run the container in a separate network namespace from the host, you can use a custom Docker network.

NVIDIA provides an SR-IOV Docker plugin that facilitates the creation and management of such networks by automatically allocating and assigning a Virtual Function (VF) to the container.

Ensure that the SR-IOV Prerequisites listed above have been met.

Limitations:

NVIDIA Docker SR-IOV plugin is supported ONLY on Linux environment on x86_64 and ppc64le platforms. Using a separate network namespace limits access to some /proc/sys net.core parameters fetched by XLIO, causing it to fall back on hardcoded default values and push a warning. SR-IOV Plugin ONLY works with ConnectX and BlueField series in NIC mode.

QuickStart instructions for creating a custom Docker network with SR-IOV plugin:



a. Ensure you are using Docker 1.9 or later.

b. Pull the SR-IOV plugin (Mellanox/docker-sriov-plugin):

Copy Copied! #(host) docker pull rdma/sriov-plugin

c. Run the plugin:

Copy Copied! #(host) docker run -v /run/docker/plugins:/run/docker/plugins -v /etc/docker:/etc/docker -v /var/run:/var/run --net=host --privileged rdma/sriov-plugin

d. Create a new Docker Network using the SR-IOV plugin as driver. For example, using the ens2f0 PF-based net device (must be a PF-based interface):

Copy Copied! #(host) docker network create --driver sriov --subnet=<subnet> --gateway=< default -gateway-ip> -o netdevice=ens2f0 -o privileged= 1 mynet

Notes:

If the custom network subnet has a default gateway, use it as <default-gateway-ip> ; it will provide external connectivity. Otherwise, ignore the --gateway option. It is important to create the SR-IOV Docker network after the SR-IOV plugin is already running.

Run The Container ( xlio-image ): Copy Copied! #(host) docker run -it --net=mynet --ip=<picked-VF- interface -IP> --cap-add=NET_RAW --cap-add=NET_ADMIN --ulimit memlock=- 1 --device=/dev/infiniband xlio-image /bin/bash Note: Ensure that the IP address you assign with --ip is a free IP address in the subnet to avoid conflicts within the subnet.

3. Verify Successfully Assigned VF network interface within the container:

Copy Copied! #(container) ip addr show





If the custom SR-IOV network does not have a default gateway and you need access to external networks, you can connect the container to an additional Docker network (e.g. second SR-IOV network or default bridge network) to provide external access.

Identify the container ID and connect xlio-image container to the bridge network: Copy Copied! #(host) docker ps -a #(host) docker network connect bridge <container-id> Verify that the container gained a new network interface to the bridge network: Copy Copied! #(container) ip addr show Verify that the default route uses the bridge network: Copy Copied! #(container) ip route