Configuring FIDPARM to support promiscuous mode on a VF

Edit online

6.18 LPAR modeDPM partition z/VM guest KVM guest

To set up a Linux bridge or Open vSwitch, the VF that underlies the NETH device must be allowed to enter promiscuous mode.

About this task

Set the least significant bit (bit 0) of the FIDPARM field in the hardware definition of the VF to 1 (FIDPARM = 0x01) in the IOCDS. This setting enables the VF to operate in promiscuous mode, which is required for traffic forwarding by the bridge or switch. See the HCD program documentation for how to create an IOCDS.

On DPM, select the Authorize check box for promiscuous mode when configuring the NIC.

A VF operating in promiscuous mode receives copies of all messages on the associated Network Express port that are not addressed to MAC addresses registered to other VFs on the same port. This behavior, also known as flooding, includes:
  • All outgoing messages
  • All messages destined for Open vSwitches or Linux bridges connected to other VFs on the same Network Express port.
Be aware of the potential security and performance implications of this configuration.

In Linux, a VF shows its ability to enter promiscuous mode in the fidparm sysfs attribute. The attribute shows 1 if set, if so you can use the VF for a bridge or Open vSwitch.

Procedure

  1. To check the FID parameter setting, read the fidparm sysfs attribute by issuing: 
    # cat /sys/bus/devices/001a:00:00.0/fidparm
0x01
    The example shows that 001a:00:00.0 has the FID parameter set, and can be used for a Linux bridge or Open vSwitch.
  2. Turn on promiscuous mode for the network interface.

    Kernel or user space software often turns on promiscuous mode for you, such as when creating a bridge, or defining an OVS.

    If you need to turn on promiscuous mode manually, use network configuration tools, such as ip or NetworkManager.