For Network Security, AWS EC2 uses VLAN.
* VLAN ID is tagged or untagged by NIC offloading.
* TOR Switch sends packets with VLAN tags, we cannot see other traffic except my VLAN.
VLAN Offload features
root@choonho-dev:~/vpp/src/plugins/dpdk/device# ethtool -k ens3
Features for ens3:
...
rx-vlan-offload: on [fixed]
tx-vlan-offload: on [fixed]
...
rx-vlan-filter: on [fixed]
Detailed information using DPDK
PF driver sends rte_eth_dev_info
rx_offload_capa = 15, ==> 0x0000,1111
tx_offload_capa = 63, ==> 0x0011,1111
DBGvpp# show hardware-interfaces detail
Name Idx Link Hardware
VirtualFunctionEthernet0/4/0 1 up VirtualFunctionEthernet0/4/0
Ethernet address 02:f8:f6:ae:24:88
Intel 82599 VF
carrier up full duplex speed 10000 mtu 9216
pci id: device 8086:10ed subsystem 0000:0000
pci address: 0000:00:04.00
max rx packet len: 9728
max num of queues: rx 2 tx 2
promiscuous: unicast off all-multicast on
vlan offload: strip off filter off qinq off
rx offload caps: vlan-strip ipv4-cksum udp-cksum tcp-cksum
tx offload caps: vlan-insert ipv4-cksum udp-cksum tcp-cksum sctp-cksum
tcp-tso
rss active: ipv4-tcp ipv6-tcp-ex ipv6-tcp ipv6-udp ipv6-ex
rss supported: none
rx queues 1, rx desc 1024, tx queues 1, tx desc 1024
cpu socket 0