Users Guide
Table Of Contents
- Table of Contents
- 1 Regulatory and Safety Approvals
- 2 Functional Description
- 3 Network Link and Activity Indication
- 4 Features
- 4.1 Software and Hardware Features
- 4.2 Virtualization Features
- 4.3 VXLAN
- 4.4 NVGRE/GRE/IP-in-IP/Geneve
- 4.5 Stateless Offloads
- 4.6 Priority Flow Control
- 4.7 Virtualization Offload
- 4.8 SR-IOV
- 4.9 Network Partitioning (NPAR)
- 4.10 Security
- 4.11 RDMA over Converged Ethernet – RoCE
- 4.12 VMWare Enhanced Networking Stack (ENS)
- 4.13 Supported Combinations
- 4.14 Unsupported Combinations
- 5 Installing the Hardware
- 6 Software Packages and Installation
- 7 Updating the Firmware
- 8 Link Aggregation
- 9 System-Level Configuration
- 10 PXE Boot
- 11 SR-IOV – Configuration and Use Case Examples
- 12 NPAR – Configuration and Use Case Example
- 13 Tunneling Configuration Examples
- 14 RoCE – Configuration and Use Case Examples
- 15 DCBX – Data Center Bridging
- 16 DPDK – Configuration and Use Case Examples
- Revision History
Broadcom NetXtreme-E-UG304-2CS
37
NetXtreme-E User Guide User Guide for Dell Platforms
4.8.1 SR-IOV Configuration Support Matrix
Table 18 provides a SR-IOV support matrix.
4.9 Network Partitioning (NPAR)
The Network Partitioning (NPAR) feature allows a single physical network interface port to appear to the system as multiple
network device functions. When NPAR mode is enabled, the NetXtreme-E device is enumerated as multiple PCIe physical
functions (PF). Each PF or partition is assigned a separate PCIe function ID on initial power on. The original PCIe definition
allowed for eight PFs per device. For Alternative Routing-ID (ARI) capable systems, Broadcom NetXtreme-E adapters
support up to 16 PFs per device. Each partition is assigned its own configuration space, BAR address, and MAC address
allowing it to operate independently. Partitions support direct assignment to VMs, VLANs, and so on, just as any other
physical interface.
4.10 Security
The BCM575XX TruTrust™ technology is capable of secure boot meaning it only executes boot images authenticated by
the secure boot loader (SBL). Secure boot functionality is the cornerstone of a security enabled system since it is the root
of trust from which all subsequent applications are run. The secure boot capability provides the following functionality:
Secure boot Core Root of Trust – The Secure Boot Loader is based in device ROM, and outside the scope of
modification. It functions as the Core Root of Trust for software, meaning that the system is in a trusted state from reset
to when a secure image has been authenticated.
Boot Image Authentication – Only Images authenticated by the SBL are executed by the system.
Boot Image Integrity – The SBL cryptographically validates the integrity of the Secure Boot Image before it is executed
to ensure that it has not been tampered with maliciously or errantly.
Boot Image Confidentiality – The secure processor has the hardware support to execute encrypted images which
ensures that device images are never in the clear and protected from reverse engineering or used in device cloning.
Secure devices are delivered to the customer in a state pending final customization. This customization step is executed by
the customer, and once complete, only customer signed images execute on the device. Customization provides the following
capabilities:
Customer takes responsibility for the creation and management of keys used in signing their code. This allows the
customer to apply their own security policies in managing their keys and ensures that no code can be signed for their
devices by a third party.
Only code signed by the customer runs on their customized device. This ensures that device code cannot be tampered
with in the field and verifies the authenticity of the image.
Table 18: SR-IOV Support Matrix
SR-IOV Support Guest OS – VF
Host OS Win2k16 Win2k19 RH7.3+ RH8.x SLES12.2+ SLES15.x
Windows 2016 Yes Yes Yes Yes Yes Yes
Windows 2019 Yes Yes Yes Yes Yes Yes
RH7.8+ Yes Yes Yes Yes Yes Yes
RH8.x Yes Yes Yes Yes Yes Yes
SLES15.x Yes Yes Yes Yes Yes Yes
ESX6.7+ Yes Yes Yes Yes Yes Yes
ESX7.x Yes Yes Yes Yes Yes Yes