Citrix ADC

Configure VPX instances to use single root I/O virtualization (SR-IOV) network interfaces

After you have installed and configured a Citrix ADC VPX instance on XenServer, you can configure the virtual appliance to use SR-IOV network interfaces.

The following NICs are supported:

  • Intel 82599 10G
  • Intel X710 10G
  • Intel XL710 40G

Limitations

XenServer does not support some features on SR-IOV interfaces. The limitations with Intel 82599, Intel X710, and Intel XL710 NICs are listed in the following sections.

Limitations for Intel 82599 NIC

Intel 82599 NIC does not support the following features:

  • L2 mode switching
  • Clustering
  • Admin partitioning [Shared VLAN mode]
  • High Availability [Active - Active mode]
  • Jumbo frames
  • IPv6 protocol in Cluster environment

Limitations for Intel X710 10G and Intel XL710 40G NICs

Intel X710 10G and Intel XL710 40G NICs have the following limitations:

  • L2 mode switching is not supported.
  • Admin partitioning (shared VLAN mode) is not supported.
  • In a cluster, Jumbo frames are not supported when the XL710 NIC is used as a data interface.
  • Interface list reorders when interfaces are disconnected and reconnected.
  • Interface parameter configurations such as speed, duplex, and auto negotiations are not supported.
  • For both Intel X710 10G and Intel XL710 40G NICs, the interface comes up as 40/x interface.
  • Up to only 16 Intel X710/XL710 SR-IOV interfaces can be supported on a VPX instance.

Note: For Intel X710 10G and Intel XL710 40G NICs to support IPv6, enable trust mode on the Virtual Functions (VFs) by typing the following command on the XenServer host:

# ip link set <PNIC> <VF> trust on

Example:

# ip link set ens785f1 vf 0 trust on

Prerequisites for Intel 82599 NIC

On the XenServer host, ensure that you:

  • Add the Intel 82599 NIC (NIC) to the host.
  • Block list the ixgbevf driver by adding the following entry to the /etc/modprobe.d/blacklist.conf file:

    blacklist ixgbevf

  • Enable SR-IOV Virtual Functions (VFs) by adding the following entry to the /etc/modprobe.d/ixgbe file:

    options ixgbe max_vfs=<number_of_VFs>

    where <number_VFs> is the number of SR-IOV VFs that you want to create.

  • Verify that SR-IOV is enabled in BIOS.

Note:

IXGBE driver version 3.22.3 is recommended.

Assign Intel 82599 SR-IOV VFs to the Citrix ADC VPX instance by using the XenServer host

To assign an Intel 82599 SR-IOV VFs to Citrix ADC VPX instance, follow these steps:

  1. On the XenServer host, use the following command to assign the SR-IOV VFs to the Citrix ADC VPX instance:

    xe host-call-plugin plugin=iovirt host-uuid=<Xen host UUID> fn=assign_free_vf args:uuid=<NetScaler VM UUID> args:ethdev=<interface name> args:mac=<Mac addr>

    Where:

    • <Xen host UUID> is the UUID of the XenServer host.

    • <NetScaler VM UUID> is the UUID of the Citrix ADC VPX instance.

    • <interface name> is the interface for the SR-IOV VFs.

    • <MAC address > is the MAC address of the SR-IOV VF.

    Note

    Specify the MAC address that you want use in the args:Mac= parameter, if not specified, the iovirt script randomly generates and assigns a MAC address. Also, if you want to use the SR-IOV VFs in Link Aggregation mode, make sure that you specify the MAC address as 00:00:00:00:00:00.

  2. Boot the Citrix ADC VPX instance.

Unassign Intel 82599 SR-IOV VFs to the ADC VPX instance by using the XenServer host

If you have assigned an incorrect SR-IOV VFs or if you want to modify an assigned SR-IOV VFs, you need to unassign and reassign the SR-IOV VFs to the Citrix ADC VPX instance.

To unassign SR-IOV network interface assigned to a Citrix ADC VPX instance, follow these steps:

  1. On the XenServer host, use the following command to assign the SR-IOV VFs to the Citrix ADC VPX instance and reboot the Citrix ADC VPX instance:

    xe host-call-plugin plugin=iovirt host-uuid=<Xen_host_UUID> fn=unassign_all args:uuid=<Netscaler_VM_UUID>

    Where:

    • <Xen_host_UUID> - The UUID of the XenServer host.

    • <Netscaler_VM_UUID> - The UUID of the Citrix ADC VPX instance

  2. Boot the Citrix ADC VPX instance.

Assign Intel X710/XL710 SR-IOV VFs to the Citrix ADC VPX instance by using the XenServer host

To assign an Intel X710/XL710 SR-IOV VF to the Citrix ADC VPX instance, follow these steps:

  1. Run the following command on the XenServer host to create a network.

    xe network-create name-label=<network-name>
    <!--NeedCopy-->
    

    Example:

    xe network-create name-label=SR-IOV-NIC-18 8ee59b73-7319-6998-cd69-b9fa3e8d7503
    <!--NeedCopy-->
    
  2. Determine the PIF Universal Unique Identifier (UUID) of the NIC on which the SR-IOV network is to be configured.

    xe pif-list
    
                uuid ( RO)  : e2874343-f1de-1fa7-8fef-98547c348783
                device ( RO): eth18
    currently-attached ( RO): true
                  VLAN ( RO): -1
          network-uuid ( RO): f865bd85-44dd-b865-ab65-dcd6ae28c16e
    <!--NeedCopy-->
    
  3. Configure the network as an SR-IOV network. The following command also returns the UUID of the newly created SR-IOV network:

    xe network-sriov-create network-uuid=<network-uuid> pif-uuid=<physical-pif-uuid>
    <!--NeedCopy-->
    

    Example:

    xe network-sriov-create network-uuid=8ee59b73-7319-6998-cd69-b9fa3e8d7503 pif-uuid=e2874343-f1de-1fa7-8fef-98547c3487831629b44f-832a-084e-d67d-5d6d314d5e0f
    <!--NeedCopy-->
    

    To get more information on the SR-IOV network parameters, run the following command:

    [root@citrix-XS82-TOPO ~]# xe network-sriov-param-list uuid=1629b44f-832a-084e-d67d-5d6d314d5e0f
    
                  uuid ( RO): 1629b44f-832a-084e-d67d-5d6d314d5e0f
          physical-PIF ( RO): e2874343-f1de-1fa7-8fef-98547c348783
           logical-PIF ( RO): 85d52771-5814-c62d-45fa-f37b536144ff
       requires-reboot ( RO): false
    remaining-capacity ( RO): 32
    <!--NeedCopy-->
    
  4. Create a virtual interface (VIF) and attach it to the target VM.

    xe vif-create device=0 mac=b2:61:fc:ae:00:1d network-uuid=8ee59b73-7319-6998-cd69-b9fa3e8d7503 vm-uuid=b507e8a6-f5ca-18eb-561d-308218a9dd68
    3e1e2e58-b2ad-6dc0-61d4-1d149c9c6466
    <!--NeedCopy-->
    

    NOTE: The NIC index number of the VM must start with 0.

    Use the following command to find the VM UUID:

    [root@citrix-XS82-TOPO ~]# xe vm-list
    uuid ( RO): b507e8a6-f5ca-18eb-561d-308218a9dd68
     name-label ( RW): sai-vpx-1
    power-state ( RO): halted
    <!--NeedCopy-->
    

Remove Intel X710/XL710 SR-IOV VFs from the Citrix ADC instance by using the XenServer host

To remove an Intel X710/XL710 SR-IOV VF from a Citrix ADC VPX instance, follow these steps:

  1. Copy the UUID for the VIF that you want to destroy.

  2. Run the following command on the XenServer host to destroy the VIF.

    xe vif-destroy uuid=<vif-uuid>
    <!--NeedCopy-->
    

    Example:

    [root@citrix-XS82-TOPO ~]# xe vif-destroy uuid=3e1e2e58-b2ad-6dc0-61d4-1d149c9c6466
    <!--NeedCopy-->
    

Configuring VLAN on the SR-IOV interface

Important

While you are assigning the SR-IOV VFs to the Citrix ADC VPX instance, make sure that you specify MAC address 00:00:00:00:00:00 for the VFs.

To use the SR-IOV virtual functions in link aggregation mode, you need to disable spoof checking for virtual functions that you have created. On the XenServer host, use the following command to disable spoof checking:

ip link set <interface_name> vf <VF_id> spoofchk off

Where:

  • <interface_name> is the interface name.
  • <VF_id> is the virtual function ID.

After disabling spoof checking for all the Virtual Function that you have created, restart the Citrix ADC VPX instance, and configure link aggregation. For instructions, see Configure link aggregation.

Configure VLAN on the SR-IOV interface

You can configure VLAN on the SR-IOV Virtual Functions, for instructions, see Configuring a VLAN.

Important

Make sure that the XenServer host does not contain VLAN settings for the VF interface.