Below is a video demonstrating packet processing for an Intel Ethernet card that supports SR-IOV.
Interesting slides showing the concept from the video and reference links:
- After the frame enters the physical port on the NIC the low level driver/firmware (supporting the SR-IOV) distributes the packet (based on header classifications/hash value/etc) to separate virtual queues
- Each virtual queue is assigned directly to a virtual device
- Once the packet is in the queue it can be deliver to the VM DIRECTLY without the usual software hypervisor overhead
- Packets don't have to be copied from physical port buffer(s) to OS RAM and than from OS RAM to VM OS buffers. The data can be sent directly from the physical port to VM OS buffers. That way the hypervisor processing overhead can be minimised.
- Critical part for the technology is CPU and chipset virtualization support
- As access to physical RAM need to be protected between hypervisor and VMs as well as VMs themselves the virtual memory address is translated to the physical location by the north chipset
- For the DMA request to copy the packets the address translation between the hypervisor address space and the VM address space is transparent (north chip take care of it)
- Another view how the packet is delivered from physical port to the VM