I've also tested with SR-IOV when I added the feature to pass vnet interfaces to jails to
sysutils/iocell (not present in the port, this and other pull requests are pending since half a year - I'm preparing a new port/fork).
With Intel X5xx I could never get SR-IOV to work - as soon as a VF is passed to a jail, the whole NIC goes dark and needs a complete reset (i.e. reboot) to come back to life. This was regardless of any BIOS-settings an tested on at least 2 different Supermicro boards and one Atom C3758 appliance. If not enabled in BIOS, you can't even create VFs, so that part seems to work, but I suspect there's something broken in the firmware and/or how the FreeBSD implementation interacts with it when passing the VF to a jail (or VM).
With Mellanox CX3 the VFs were sucessfully passed to the jail, I could attach an address and send/receive traffic. I never fiddled around with firmware on those cards - AFAIK that's only a linux thing where you need to change the mode (ethernet/infiniband) in the firmware because their driver still isn't capable of doing that. On FreeBSD you just load the appropriate driver (
mlx4en(4) or
mlx4ib(4)) and it 'just works'™
Apart from some testing during the implementation in iocell and setting up an experimental gateway with VFs instead of epairs, I never ran SR-IOV/vnet jails for longer than a few days/weeks. For the sake of easy migration/recovery I keep jail configuration consistent across all hosts and hardware-agnostic - i.e. everything is connected to bridges which are identically named across hosts (e.g. br-dmz, br-wan, br-mgmt, etc...).
Although I do have 6 hosts at hand with CX3 (40G) NICs, all of them are production hosts so I can't really test with stuff that might interrupt anything. However, I also have a Cx3 in my server at home with which I could perform some more testing and another single-port CX3 for my desktop machine, but I have yet to find the full-size pci bracket which I have "put somewhere where it won't get lost" to be able to install it...
Regarding the 25G Chelsios:
Phishfry could you point me in the right direction as to where they (T6225-CR?) can be found for less than ~200-300EUR (+ shipping and import into the EU, because they don't seem to be common at all here...)? There don't seem to be any 'white-box' variants of chelsios beyond the T520...
Given that one can easily find CX4s (which can be easily cross-flashed between the 10G and 25G variant) for 25-30EUR and sometimes even cheaper, the chelsio doesn't look very "bargain-y" at 10x that price point.
Especially if one counts in the fact that 25G capable ("proper") switches are either still relatively expensive or very power hungry. I've had an eye on the Nexus N9K-C92160YC-X for a while, as this seems to be the cheapest option to go beyond 10G that doesn't consume several hundred watts - but they are still ~800-1000eur (with fans/PSUs) here in germany - so what 25G capable nexus can be found for only 125$??[/port][/port]
EDIT:
I just wanted to re-check on my home server and found that
/dev/iov now only contains the ix entries of the X540 interfaces on the riser. The mlxen interfaces are gone... same goes for the hosts with the 40G CX3 I just checked. So SR-IOV *does* seem to be broken now for those cards?
The commit for the vnet.interface feature in iocell is from july last year - so all my testing was then on 13.3-RELEASE, that regression must (might) have been introduced with 13.4-RELEASE or some patch or driver update since ~7/2024...
