Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Enabling accelerated networking on the FortiGate-VM

Azure supports SR-IOV, which accelerates networking by allowing VM NICs to bypass the hypervisor and go directly to the PCIe card underneath. FortiOS must understand when it is using SR-IOV and change networking to accommodate SR-IOV.

Azure refers to SR-IOV as Accelerated Networking. You can check if it is enabled by checking the NIC attached to the VM through the GUI or CLI.

This feature is available for FortiOS 6.2.1 and later versions.

To configure accelerated networking:
  1. You can enable accelerated networking when instantiating a new VM, or enable it after the VM has been created. Do one of the following:
    1. To enable accelerated networking in the Azure marketplace during VM creation, under Network and Instance Settings, for Accelerated Networking, select On.

    2. To enable accelerated networking using the GUI, create a new VM or select an existing VM. On the Networking tab, for Accelerated networking, select On.

    3. To enable accelerated networking using the CLI:

      root@mail:/home/azure/images# az network nic update -g <Resource group name> -n <NIC Name> --accelerated-networking true

      {

      "dnsSettings": {

      "appliedDnsServers": [],

      "dnsServers": [],

      "internalDnsNameLabel": null,

      "internalDomainNameSuffix": "k41kcrl04yeezbyeswqimbxshb.fx.internal.cloudapp.net",

      "internalFqdn": null

      },

      "enableAcceleratedNetworking": true,

    On the FortiOS side, a virtual interface is created in the format of sriovslv(number) for each NIC that has accelerated networking enabled:

    <VM name> # fnsysctl ifconfig

    port1 Link encap:Ethernet HWaddr 00:0D:3A:B4:87:70

    inet addr:172.29.0.4 Bcast:172.29.0.255 Mask:255.255.255.0

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:5689 errors:0 dropped:0 overruns:0 frame:0

    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:1000

    RX bytes:1548978 (1.5 MB) TX bytes:0 (0 Bytes)

    sriovslv0 Link encap:Ethernet HWaddr 00:0D:3A:B4:87:70

    UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1

    RX packets:35007 errors:0 dropped:0 overruns:0 frame:0

    TX packets:33674 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:1000

    RX bytes:34705194 (33.1 MB) TX bytes:10303956 (9.8 MB)

    The NIC shows the driver as hv_netvsc with accelerated networking enabled or disabled:

    <VM name> # diagnose hardware deviceinfo nic port1

    Name: port1

    Driver: hv_netvsc

    The FortiOS GUI does not display the virtual interface:

To check if accelerated networking is enabled using the GUI:
  1. In the Azure management console, go to the desired VM, then Networking.
  2. Select the desired NIC. In this example, accelerated networking is shown as enabled.

To check if accelerated networking is enabled using the CLI:

root@mail:/home/azure/images# az network nic show -g <Resource group name> -n <NIC name>

Check that the following displays as part of the output: "enableAcceleratedNetworking": true,

Resources

Enabling accelerated networking on the FortiGate-VM

Azure supports SR-IOV, which accelerates networking by allowing VM NICs to bypass the hypervisor and go directly to the PCIe card underneath. FortiOS must understand when it is using SR-IOV and change networking to accommodate SR-IOV.

Azure refers to SR-IOV as Accelerated Networking. You can check if it is enabled by checking the NIC attached to the VM through the GUI or CLI.

This feature is available for FortiOS 6.2.1 and later versions.

To configure accelerated networking:
  1. You can enable accelerated networking when instantiating a new VM, or enable it after the VM has been created. Do one of the following:
    1. To enable accelerated networking in the Azure marketplace during VM creation, under Network and Instance Settings, for Accelerated Networking, select On.

    2. To enable accelerated networking using the GUI, create a new VM or select an existing VM. On the Networking tab, for Accelerated networking, select On.

    3. To enable accelerated networking using the CLI:

      root@mail:/home/azure/images# az network nic update -g <Resource group name> -n <NIC Name> --accelerated-networking true

      {

      "dnsSettings": {

      "appliedDnsServers": [],

      "dnsServers": [],

      "internalDnsNameLabel": null,

      "internalDomainNameSuffix": "k41kcrl04yeezbyeswqimbxshb.fx.internal.cloudapp.net",

      "internalFqdn": null

      },

      "enableAcceleratedNetworking": true,

    On the FortiOS side, a virtual interface is created in the format of sriovslv(number) for each NIC that has accelerated networking enabled:

    <VM name> # fnsysctl ifconfig

    port1 Link encap:Ethernet HWaddr 00:0D:3A:B4:87:70

    inet addr:172.29.0.4 Bcast:172.29.0.255 Mask:255.255.255.0

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:5689 errors:0 dropped:0 overruns:0 frame:0

    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:1000

    RX bytes:1548978 (1.5 MB) TX bytes:0 (0 Bytes)

    sriovslv0 Link encap:Ethernet HWaddr 00:0D:3A:B4:87:70

    UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1

    RX packets:35007 errors:0 dropped:0 overruns:0 frame:0

    TX packets:33674 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:1000

    RX bytes:34705194 (33.1 MB) TX bytes:10303956 (9.8 MB)

    The NIC shows the driver as hv_netvsc with accelerated networking enabled or disabled:

    <VM name> # diagnose hardware deviceinfo nic port1

    Name: port1

    Driver: hv_netvsc

    The FortiOS GUI does not display the virtual interface:

To check if accelerated networking is enabled using the GUI:
  1. In the Azure management console, go to the desired VM, then Networking.
  2. Select the desired NIC. In this example, accelerated networking is shown as enabled.

To check if accelerated networking is enabled using the CLI:

root@mail:/home/azure/images# az network nic show -g <Resource group name> -n <NIC name>

Check that the following displays as part of the output: "enableAcceleratedNetworking": true,