Hello,
I have been testing SR-IOV on two different Proxmox nodes and found a significant difference in behavior between Intel NICs. I would like to share my findings and ask if there is a solution for the X552/82599.
---
Hardware Setup:
Node 1 - pve (Supermicro X10SDV-16C-TLN2F):
- Intel X552/X557-AT 10GbE (ixgbe driver)
- Intel 82599ES X520 SFP+ (ixgbe driver)
- Proxmox 9.x, Kernel 6.17.13-11-pve
Node 2 - pve2 (Protectli VP6650):
- Intel X710 10GbE SFP+ (i40e driver)
- Proxmox 9.x, Kernel 7.0.6-2-pve
---
Results:
X710 (pve2) - SR-IOV WORKS perfectly:
- VFs created successfully
- Kernel driver: iavf
- LXC container with VF passthrough gets IP via DHCP
- Full connectivity from host, LAN, and other VMs
- ping works perfectly
X552/82599 (pve) - SR-IOV DOES NOT work with bridge:
- VFs created successfully
- After blacklisting ixgbevf: Kernel driver: vfio-pci
- VM gets IP via DHCP on VF
- BUT: VM cannot ping host, gateway, or any other device on the same bridge
- ARP shows: (incomplete)
- tcpdump on PF shows ICMP requests arriving but no replies
Steps already tried:
1. Blacklisted ixgbevf
2. Set spoofchk off and trust on for VFs
3. bridge fdb add with static MAC
4. hookscript to add MAC to FDB post-start
5. unbind VF and rebind to vfio-pci manually
6. options ixgbe max_vfs=4 in modprobe
None of these solved the issue.
---
Root Cause (as I understand it):
The X552/82599 uses a static hardware switching table. When SR-IOV is enabled, the NIC does not automatically learn MAC addresses of devices connected to the Linux bridge on the PF. This means the VF VM is isolated from the bridge.
This issue is referenced in this thread:
---
Question:
Is there any known solution or workaround to get SR-IOV working on Intel X552/82599 (ixgbe driver) with a Linux bridge on the same NIC in Proxmox?
Or is this a fundamental hardware limitation with no fix?
Thank you for any help!
I have been testing SR-IOV on two different Proxmox nodes and found a significant difference in behavior between Intel NICs. I would like to share my findings and ask if there is a solution for the X552/82599.
---
Hardware Setup:
Node 1 - pve (Supermicro X10SDV-16C-TLN2F):
- Intel X552/X557-AT 10GbE (ixgbe driver)
- Intel 82599ES X520 SFP+ (ixgbe driver)
- Proxmox 9.x, Kernel 6.17.13-11-pve
Node 2 - pve2 (Protectli VP6650):
- Intel X710 10GbE SFP+ (i40e driver)
- Proxmox 9.x, Kernel 7.0.6-2-pve
---
Results:
X710 (pve2) - SR-IOV WORKS perfectly:
- VFs created successfully
- Kernel driver: iavf
- LXC container with VF passthrough gets IP via DHCP
- Full connectivity from host, LAN, and other VMs
- ping works perfectly
X552/82599 (pve) - SR-IOV DOES NOT work with bridge:
- VFs created successfully
- After blacklisting ixgbevf: Kernel driver: vfio-pci
- VM gets IP via DHCP on VF
- BUT: VM cannot ping host, gateway, or any other device on the same bridge
- ARP shows: (incomplete)
- tcpdump on PF shows ICMP requests arriving but no replies
Steps already tried:
1. Blacklisted ixgbevf
2. Set spoofchk off and trust on for VFs
3. bridge fdb add with static MAC
4. hookscript to add MAC to FDB post-start
5. unbind VF and rebind to vfio-pci manually
6. options ixgbe max_vfs=4 in modprobe
None of these solved the issue.
---
Root Cause (as I understand it):
The X552/82599 uses a static hardware switching table. When SR-IOV is enabled, the NIC does not automatically learn MAC addresses of devices connected to the Linux bridge on the PF. This means the VF VM is isolated from the bridge.
This issue is referenced in this thread:
---
Question:
Is there any known solution or workaround to get SR-IOV working on Intel X552/82599 (ixgbe driver) with a Linux bridge on the same NIC in Proxmox?
Or is this a fundamental hardware limitation with no fix?
Thank you for any help!