On 06/16/2015 09:39 AM, Pavel Odintsov wrote: > Hello, folks! > > I'm working with wire speed traffic capture every day and some time > ago I got idea about traffic mirroring between VFs. > > Then, I send ticket to Intel folks about it: > https://sourceforge.net/p/e1000/bugs/480/ and they rejected my idea. > > Well, it's really sad but we have nice Community and I ask for some help > there.
Unfortunately based on the tone of this email it seems like you are asking the community to implement this feature for you. Typically the way one would approach something like this is to get started on the code themselves and begin submitting patches for feedback and guidance on how to approach this. I would suggest you start down that path. If you would like to see this feature maybe you should start exploring what is needed to implement it within a driver yourself, and as you encounter obstacles you could then see about getting help from the community on how to solve the issues. > Why you need this? So much cases, really! > > 0) Run network analyzers on same NIC where Linux network stack are > working (some images here > https://cloud.githubusercontent.com/assets/2744166/8169983/f7e4bc16-13b5-11e5-906a-4ed3f468dda0.jpg) > 1) Traffic capture from virtual machines for investigation complex > network issues This makes sense as a use case, but it is mostly for debug. Though it seems like you could probably get it up and running with just a small bit of register poking. > 2) Run multiple 10GE wire speed-aware applications on single physical NIC Depends on your workload. For small packets you will effectively reduce the NIC's througput by 1/N where N is the number of mirrored ports you have running. You have to keep in mind that the PCIe bandwidth is still limited and by mirroring you are effectively multiplying the PCIe bandwidth used per packet. > 3) Replace costly switch port mirroring with cheap hardware implementation? I don't really see this. It is just port mirroring per VF pool. > What libraries could use this feature? > - PF_RING > - Netmap > - DPDK If DPDK can use this why not just run this through the DPDK maintainers since they have their own poll mode driver? > What software could rely on this feature? > - Suricata > - Bro > - Snort > - FastNetMon (my open ddos detection toolkit) I could see this as a debug feature, but not something that would be useful in production. Like I said it will kill the performance if you start to get hammered with small packets. > Fortunately, we have reference implementation of this feature in > SnabbSwitch: > https://github.com/SnabbCo/snabbswitch/blob/master/src/apps/intel/intel10g.lua#L987 Yes, and the documentation is there for the 82599 and x540. You can go get those datasheets from intel.com. The register configuration for it doesn't look that complex. > And I have really well tested netmap enabled driver ixgbe version > here: https://github.com/pavel-odintsov/ixgbe-linux-netmap > > Any help very appreciate! Let's add ixgbe mirror support in off-tree driver! > :) You are aware that Intel is the one that maintains/owns the off-tree driver aren't you? The only real option is to submit patches for the in-kernel driver if you are wanting to get this feature accepted anywhere. The off-tree or out-of-tree driver that Intel maintains is only ever updated by Intel with occasional feature updates to match upstream. - Alex ------------------------------------------------------------------------------ _______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
