Thanx for bringing your question to our blog site.
What you are experiencing is a challenge with SR-IOV. Basically it comes down to the fact that the hardware in the Intel NIC filters traffic going to a VF based upon MAC address and/or VLAN tag. So in your case, VM1 goes to transmit data, and the MAC address for VM2 and VM3 are unknown to the Intel NIC (because they are handled by the bridge), and as such it transmits it out on the wire.
This is why VM1 can communicate with Ph1. Also is why VM2 and VM3 can send data to VM1 – because when the packets reach the Intel NIC, it recognizes the destination MAC address and sends it to the VF.
There is something you can do about this, though it does require some work (until somebody decides to add more support in the kernel to do it in a more automated fashion).
Below are the steps to make VM1 (VF assigned) communicate with VM2 and VM3 (VM2 & VM3 are connected to BR0).
- Make sure latest Linux distribution is being used. We tested this setup on Fedora 19 64-bit using Intel X520 adapter.
- Make sure you are using NIC controller drivers that are included in your Linux
distribution. - Assuming eth2 is the port that has VFs. VF from eth2 is assigned to VM1.
- “brctl addif br0 eth2” ( this will assign eth2 to br0. )
- “bridge fdb add ‘insert mac address for VM2 here’ device eth2 self”
- “bridge fdb add ‘insert mac address for VM3 here’ device eth2 self”
- Now you should be able to ping to and from VM1 to VM2 & VM3.
Hope this helps,
Patrick
