We're tripling down on acronyms, by using the VFIO driver, with IOMMU and SR-IOV.

Boot parameters

intel_iommu=on iommu=pt default_hugepagesz=1G hugepagesz=1G hugepages=16

Enable hugepages

echo 4096 | sudo tee /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages
mkdir -p /tmp/mnt/huge
mount -t hugetlbfs nodev /tmp/mnt/huge
chown zeek: /tmp/mnt/huge

Enable SR-IOV

echo 1 | sudo tee /sys/module/vfio_pci/parameters/enable_sriov

Bind the NIC to the correct driver

sudo dpdk-devbind.py -b vfio-pci 02:00.0
chown zeek: /dev/vfio/vfio /dev/vfio/52

Set limits

/etc/security/limit.d/24-memlock.conf:

# memlock unit: KiB
zeek hard memlock 16777216
zeek soft memlock 1048576

Then, as the Zeek user: ulimit -l 16777216

grigorescu/steps.md

Boot parameters

Enable hugepages

Enable SR-IOV

Bind the NIC to the correct driver

Set limits