SR-IOV FortiDDoS KVM Deployment
Before you begin:
- Have an SR-IOV-compatible network interface card (NIC) installed.
- Enable the Intel Virtualization Technology (VT-x) and VT-d features in BIOS of the KVM Host server.
- Make sure that the physical interface is in the UP state. Verify with
ifconfig <ethname>
. A minimum of 2 interfaces need to be in the UP state.
To deploy the SR-IOV FortiDDoS KVM:
- SSH to KVM host server with root.
- Activate Intel VT-d in the kernel by appending the
intel_iommu=on
parameter to theGRUB_CMDLINE_LINUX
entry in the/etc/default/grub
configuration file. This setting will allow you to assign SR-IOV VF to FortiDDoS VM. - Create VFs by writing an appropriate value to the
sriov_numvfs
parameter via the sysfs interface using the following format:echo 1 > /sys/class/net/enp27s0f2/device/sriov_numvfs
echo 1 > /sys/class/net/enp101s0f3/device/sriov_numvfs
echo 1 > /sys/class/net/enp27s0f0/device/sriov_numvfs
Note: Only 1 VF is supported per interface
- Verify that the VFs have been created using
lspci
, which lists all available Virtual Functions
- Set every VF as trusted and disable spoof checking.
Use the following command:
ip link set {interface name} vf 0 trust on spoof off
To assign PCI devices to the FortiDDoS VM:
- Close the FortiDDoS-VM and then Click VM Detail icon to edit.
- Delete the last 8 NICs.
- Click Add Hardware.
- Navigate to the PCI Host Device Details page. Select the VF based on the VF id in the output of
lspci
and then click Finish.
- Repeat to add the other VFs to the VM.
- Start the VM.
After FortiDDoS starts up, if the number data ports does not match the number of VFs you added in CLI
|