Dell Broadcom NetXtreme Family of Adapters User Manual

Using Broadcom Advanced Control Suite 4: Broadcom NetXtreme II® Network Adapter User Guide

file:///C|/Users/Nalina_N_S/Documents/NetXtremeII/English/bacs.htm[9/5/2014 3:45:16 PM]

disables VLAN tagging.

Risk Assessment of VLAN Tagging through the NDIS Miniport Driver

Broadcom's NDIS 6.0 miniport driver provides the means to allow a system containing a Broadcom adapter to connect to a tagged
VLAN. On Windows XP systems, this support was only provided through the use of an intermediate driver (e.g., Broadcom
Advanced Server Program - BASP). Unlike BASP, however, the NDIS 6 driver's support for VLAN participation is only for a single
VLAN ID.

Also unlike BASP, the NDIS 6.0 driver only provides VLAN tagging of the outbound packet, but does not provide filtering of
incoming packets based on VLAN ID membership. This is the default behavior of all miniport drivers. While the lack of filtering
packets based on VLAN membership may present a security issue, the following provides a risk assessment based on this driver
limitation for an IPv4 network:

A properly configured network that has multiple VLANs should maintain separate IP segments for each VLAN. This is necessary
since outbound traffic relies on the routing table to identify which adapter (virtual or physical) to pass traffic through and does
not determine which adapter based on VLAN membership.

Since support for VLAN tagging on Broadcom's NDIS 6.0 driver is limited to transmit (Tx) traffic only, there is a risk of inbound
traffic (Rx) from a different VLAN being passed up to the operating system. However, based on the premise of a properly
configured network above, the IP segmentation and/or the switch VLAN configuration may provide additional filtration to limit
the risk.

In a back-to-back connection scenario, two computers on the same IP segment may be able to communicate regardless of
their VLAN configuration since no filtration of VLAN membership is occurring. However, this scenario assumes that the security
may already be breached since this connection type is not typical in a VLAN environment.

If the risk above is not desirable and filtering of VLAN ID membership is required, then support through an intermediate driver
would be necessary.

iSCSI Crash Dump

Crash dump is used to collect information on adapters that were booted remotely using iSCSI. To enable crash dump, set to Enable

and reboot the system. If you perform an upgrade of the device drivers, re-enable iSCSI Crash Dump. If iSCSI Boot is configured

to boot in the HBA path, then this parameter cannot be changed.

Number of Receive Descriptors

The number of receive descriptors with options of Default, Minimum, and Maximum. Receive descriptors are data segments that

allow the network adapter to allocate receive packets to memory.

Number of Transmit Descriptors

The number of transmit descriptors with value options from 100 to 600 with 200 being the default value. Transmit descriptors are

data segments that allow the network adapter to monitor transmit packets in the system memory.

RSS Queues

Allows configuring RSS queues from 1 to 4. Options are RSS 1 Queue, RSS 2 Queue, and RSS 4 Queue.

Interrupt Moderation

Enables interrupt moderation, which limits the rate of interrupt to the CPU during packet transmission and packet reception. The

disabled option allows one interrupt for every packet transmission and packet reception. Enable is the default option.

Number of RSS Queues

Allows configuring RSS queues. For 1 Gbps network adapters, the RSS queue options are Auto (default), 2, 4, and 8. For 10 Gbps

network adapters, the RSS queue options are Auto (default), 2, 4, 8, and 16.

Receive Buffers

The number of receive buffers. Receive buffers are data segments that allow the network adapter to allocate receive packets to

memory. For 1 Gbps adapters, the range of valid receive buffers is 50 to 5000 in increments of 1 with 750 receive buffers as the

default value.

Receive Buffers (0=Auto)

The number of receive buffers. Receive buffers are data segments that allow the network adapter to allocate receive packets to

memory. For 10 Gbps adapters, the range of valid receive buffers is 0 to 3000 in increments of 50 with 0 receive buffers as the