Quad port network adapter passthrough issues with VMs, PLEASE HELP


Recommended Posts

Hi all

 

I dont know what I am doing wrong here and I hope someone can help me out. I need to isolate a windows VM with its own network interface for security reasons. I have followed spaceinvaders guide on how to pass through 

 

However, when I assign a network port to the VM, it does not start and gives me this issue.

 

 

My system devices are all in an attachment as well as the flash drive settings with the vfio.

 

What have I done wrong here?

 

The VM works when I remove the dedicated network port but not without. Is there a quick fix on this?

 

 

Untitledss.png

6722b4a3-85d9-46cf-bc22-9f5f51d67043.jpg

8da0a787-1ffe-451f-8c0b-32b3637f98c5.jpg

Link to comment

Hello.

 

Not an expert, not even close, but found my self in a similar pickle, and again, spaceinvaderone was there to the rescue.

 

My assumption is you need to further split the IOMMU groups in regards to the quad network adapter, as shown in the picture, they are all responding with the same xxxx:xxxx pci identifier.

 

I see you tried to append the kernel, no luck im guessing?

I see one entry... shouldn't there be 4? One for each of the NICs on the card?

 

Similar thread here. 

 

 

 

Link to comment
6 hours ago, tbonedude420 said:

Hello.

 

Not an expert, not even close, but found my self in a similar pickle, and again, spaceinvaderone was there to the rescue.

 

My assumption is you need to further split the IOMMU groups in regards to the quad network adapter, as shown in the picture, they are all responding with the same xxxx:xxxx pci identifier.

 

I see you tried to append the kernel, no luck im guessing?

I see one entry... shouldn't there be 4? One for each of the NICs on the card?

 

Similar thread here. 

 

 

 

Thank you for taking the time to respond to me. I did look at this video and also the other thread. 

 

I tried ACS downstream, multifunction and also tried to just use the PCIE identifier in ACS, all didnt really work.


What both the thread or the video doesnt show is how to split a nic which has the same pcie ID across the 4 ports. In the devices, I can see 4 with their individual addresses 

 

[8086:10c9] 25:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)

[8086:10c9] 25:00.1 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)

[8086:10c9] 26:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)

[8086:10c9] 26:00.1 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)

 

These 4 ports are what I want to see available in "other devices". I want to assign 1 port to each VM I am going to run. 

I dont know what to put in the kernel to make these 4 ports isolated from unraid and available only to VMs. 


Any help is much appreciated.

 

 

Link to comment

I was finally able to do split out all the iommu groups and then isolate each port by doing what this post said: 

This allowed me to then assign a port to a VM. Nothing else worked for me. I tried about 20 suggestions but this one was the one for me

 

 

 

 

 

Link to comment

@alitech You have an 82756 - if you don't want to restrict the card to solely being used in that one VM, I finally finished up this guide that might be helpful:

 

If you end up trying it out, I'd appreciate any feedback on issues you have, as I don't have an i350 at home to validate with (and can't get to mine right now thanks to this freakin pandemic :(

Edited by BVD
Link to comment
26 minutes ago, BVD said:

@alitech You have an 82756 - if you don't want to restrict the card to solely being used in that one VM, I finally finished up this guide that might be helpful:

 

If you end up trying it out, I'd appreciate any feedback on issues you have, as I don't have an i350 at home to validate with (and can't get to mine right now thanks to this freakin pandemic :(

Very comprehensive write up. I am wondering if you could do a video for this and showcase how the mics can be split up and how they become available to VMs. 

 

I am also unsure if the method you warn about to try at my own risk is actually needed or not or will I get everything I need up to that point? 

 

Currently I have broken up all the iommu groups and I am seeing a warning there, I am guessing your method has nothing to do with iommu groups. 

 

Thanks for making this guide, I just need to ensure what the benefits are before I attempt this. I am not an expert and Linux is the equivalent of rocket science to me right now so I dont want to do anything that might permanently break my setup. I have a lot of data I stand to lose otherwise. 

Link to comment

Nah, you don't have to care about IOMMU groups for either one of the methods. You do need to add to your syslinux though:

Quote

intel_iommu=pt

 

I guess I (incorrectly) assumed everyone would've already had that, I'll get it added to the guide once I have time.

 

I've got the device specific recommendations coming up once I find the time to get them formatted properly (already have the comment reserved and content created, just need to make it into the forum format. The first post has the benefits and details on SR-IOV, why it exists, etc, within both my comments, as well as reference information in a few of the links at the bottom (the YT video would be particularly helpful if you're new to it all). Don't want to hijack this thread (keep the searchability easier), so feel free to comment there with anything further related to SR-IOV if you would.

 

Thanks!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.