From: Simon Horman [mailto:horms@verge.net.au]
Sent: Sunday, November 29, 2009 10:03 PM

quoted

The issue of which VF goes with which PF device can be deduced in
userspace via sysfs.

Does this mean that the configuration of filtering for a VF needs
to be done where the interface for the VF exists - e.g. in a KVM
guest/Xen domU?

No, all of the configuration is done through the PF device.  What I was saying was that, given a specific VF PCI device (which would be passed through to the VM), you can use sysfs to determine which PF owns it, and then run the ip command to tell the PF to configure the VF.

In terms of dealing with interfaces and the way that tools such as ip work
that makes a lot of sense. But I wonder if it actually makes more sense
from an administrative point of view to have this configuration go through
the PF - e.g. the KVM host/Xen domO.

From a policy and security standpoint, you can't allow the VM to handle its own hardware configuration. The host/hypervisor/VM Manager/boss has to handle this or you lose many of the advantages of virtualization (i.e. isolation, security, stability, etc).

-Mitch