Fortinet white logo
Fortinet white logo

Administration Guide

PF and VF SR-IOV driver and virtual SPU support

PF and VF SR-IOV driver and virtual SPU support

Physical Function (PF) and Virtual Function (VF) PCI Passthrough and SR-IOV drivers in FortiGate guest VM are supported.

PF provides the ability for PCI Passthrough, but requires an entire Network Interface Card (NIC) for a VM. It can usually achieve greater performance than a Virtual Function (VF) based SR-IOV. PF is also expensive. While VF allows one NIC to be shared among multiple guests VMs, PF is allocated to one port on a VM.

The supported driver versions are:

Driver

Version

Hypervisor

PCI-Passthrough/SR-IOV

vSPU (In-guest DPDK)

Note

ixgbe

5.3.7

ESXi, KVM

Yes

Yes

Ixgbevf

4.3.5

No

i40e

2.12.6

Yes

i40evf

3.6.15

Available in FortiOS 6.4.0 and earlier versions.

Iavf

4.5.3

Replaces i40evf in FortiOS 6.4.1 and later versions. Supports Intel E810-C 100G adapters.

Mlx5

5.8-1.1.2

Supports Nvidia ConnectX-5 and ConnectX-6 100G adapters.

Bnxt_en

1.10.1-216.0.416.1

Available in FortiOS 6.4.3 and later versions. Supports Broadcom P2100G 100G adapters.

Vmxnet3

1.4.16.0-k-NAPI

ESXi

The combination of VMware ESXi and NSX-T does not support virtual SPU (vSPU).

ICE

1.9.11

ESXi, KVM

Yes

No

Added support to Intel 25GbE E-810 card and its variants (E810-XXVDA2 and E810-XXVDA4)

Note

Other hypervisors, such as Xen or Microsoft Hyper-V, may work with vSPU, although they are unverified.

Note

All tools and software utilities for UEFI 1.X have been removed from 6.2.0 and later releases. Update to UEFI 2.x to use the UEFI tools or software utilities.

You perform the configuration to use PF or VF on the hypervisor, and do not configure it on the FortiGate.

To check what driver is being used on the FortiGate:
# diagnose hardware deviceinfo nic port2
Name:        port2
Driver:      i40e
Version:     2.4.10
Bus:         0000:03:00.0
Hwaddr:      3c:fd:fe:1e:98:02
Permanent Hwaddr:3c:fd:fe:1e:98:02
State:       up
Link:        up
Mtu:         1500
Supported:   auto 1000full 10000full
Advertised:  auto 1000full 10000full
Auto:        disabled
Rx packets:      0
Rx bytes:        0
Rx compressed:       0
...

PF and VF SR-IOV driver and virtual SPU support

PF and VF SR-IOV driver and virtual SPU support

Physical Function (PF) and Virtual Function (VF) PCI Passthrough and SR-IOV drivers in FortiGate guest VM are supported.

PF provides the ability for PCI Passthrough, but requires an entire Network Interface Card (NIC) for a VM. It can usually achieve greater performance than a Virtual Function (VF) based SR-IOV. PF is also expensive. While VF allows one NIC to be shared among multiple guests VMs, PF is allocated to one port on a VM.

The supported driver versions are:

Driver

Version

Hypervisor

PCI-Passthrough/SR-IOV

vSPU (In-guest DPDK)

Note

ixgbe

5.3.7

ESXi, KVM

Yes

Yes

Ixgbevf

4.3.5

No

i40e

2.12.6

Yes

i40evf

3.6.15

Available in FortiOS 6.4.0 and earlier versions.

Iavf

4.5.3

Replaces i40evf in FortiOS 6.4.1 and later versions. Supports Intel E810-C 100G adapters.

Mlx5

5.8-1.1.2

Supports Nvidia ConnectX-5 and ConnectX-6 100G adapters.

Bnxt_en

1.10.1-216.0.416.1

Available in FortiOS 6.4.3 and later versions. Supports Broadcom P2100G 100G adapters.

Vmxnet3

1.4.16.0-k-NAPI

ESXi

The combination of VMware ESXi and NSX-T does not support virtual SPU (vSPU).

ICE

1.9.11

ESXi, KVM

Yes

No

Added support to Intel 25GbE E-810 card and its variants (E810-XXVDA2 and E810-XXVDA4)

Note

Other hypervisors, such as Xen or Microsoft Hyper-V, may work with vSPU, although they are unverified.

Note

All tools and software utilities for UEFI 1.X have been removed from 6.2.0 and later releases. Update to UEFI 2.x to use the UEFI tools or software utilities.

You perform the configuration to use PF or VF on the hypervisor, and do not configure it on the FortiGate.

To check what driver is being used on the FortiGate:
# diagnose hardware deviceinfo nic port2
Name:        port2
Driver:      i40e
Version:     2.4.10
Bus:         0000:03:00.0
Hwaddr:      3c:fd:fe:1e:98:02
Permanent Hwaddr:3c:fd:fe:1e:98:02
State:       up
Link:        up
Mtu:         1500
Supported:   auto 1000full 10000full
Advertised:  auto 1000full 10000full
Auto:        disabled
Rx packets:      0
Rx bytes:        0
Rx compressed:       0
...