A network interface controller (NIC) is a device that manages and transfers communications between a host computer (referred to alternatively simply as a “host”) and a network, such as a local area network or switch fabric. The NIC directs packets from the network to their destination in the computer, for example by placing the packets in a buffer of a destination application in the computer memory, and directs outgoing packets, for example sending them either to the network or to a loopback port.
When a host computer supports multiple virtual machines (VMs), different approaches may be taken by the NIC in handling incoming and outgoing packets. In one approach, all packets are directed to a virtual machine monitor (VMM, also known as a hypervisor) running on the host, and the VMM directs the packets to the specific destination virtual machine. More recently, however, NICs have been developed with the capability of exposing multiple virtual NICs (vNICs) to software running on the host. In a model that is known as single-root I/O virtualization (SR-IOV), each VM interacts with its own corresponding vNIC, which appears to the VM to be a dedicated hardware NIC. The vNIC links the VM to other machines (virtual and/or physical) on a network, possibly including other virtual machines running on the same host. In this regard, the NIC acts as a virtual switch, connecting each of the virtual machines to a network while allowing multiple vNICs to share the same physical network port.
A variety of NICs that support the SR-IOV model are known in the art. For example, U.S. Patent Application Publication 2014/0185616, which is assigned to the assignee of the present patent application and whose disclosure is incorporated herein by reference, describes a NIC that supports multiple virtualized (tenant) networks overlaid on a data network. Upon receiving a work item submitted by a virtual machine running on a host processor, the NIC identifies the tenant network over which the virtual machine is authorized to communicate, generates a data packet containing an encapsulation header that is associated with the tenant network, and transmits the data packet over the network.