Fortinet black logo

KVM Deployment Guide

Home FortiDDoS-F 6.1.2 KVM Deployment Guide

SR-IOV FortiDDoS KVM Deployment

6.1.2
6.1.2
Copy Link
Copy Doc ID e77d7df5-b36d-11eb-b70b-00505692583a:870256
Download PDF

SR-IOV FortiDDoS KVM Deployment

Before you begin:
  • Have an SR-IOV-compatible network interface card (NIC) installed.
  • Enable the Intel Virtualization Technology (VT-x) and VT-d features in BIOS of the KVM Host server.
  • Make sure that the physical interface is in the UP state. Verify with ifconfig <ethname>. A minimum of 2 interfaces need to be in the UP state.

To deploy the SR-IOV FortiDDoS KVM:

  1. SSH to KVM host server with root.
  2. Activate Intel VT-d in the kernel by appending the intel_iommu=on parameter to the GRUB_CMDLINE_LINUX entry in the /etc/default/grub configuration file. This setting will allow you to assign SR-IOV VF to FortiDDoS VM.
  3. Create VFs by writing an appropriate value to the sriov_numvfs parameter via the sysfs interface using the following format:

    echo 1 > /sys/class/net/enp27s0f2/device/sriov_numvfs

    echo 1 > /sys/class/net/enp101s0f3/device/sriov_numvfs

    echo 1 > /sys/class/net/enp27s0f0/device/sriov_numvfs

    Note: Only 1 VF is supported per interface

  4. Verify that the VFs have been created using lspci, which lists all available Virtual Functions
  5. Set every VF as trusted and disable spoof checking.

    Use the following command: ip link set {interface name} vf 0 trust on spoof off

To assign PCI devices to the FortiDDoS VM:

  1. Close the FortiDDoS-VM and then Click VM Detail icon to edit.
  2. Delete the last 8 NICs.
  3. Click Add Hardware.
  4. Navigate to the PCI Host Device Details page. Select the VF based on the VF id in the output of lspci and then click Finish.
  5. Repeat to add the other VFs to the VM.
  6. Start the VM.
Tooltip

After FortiDDoS starts up, if the number data ports does not match the number of VFs you added in CLI execute dataplane show interfaces, please execute the following command:

execute port-remap

Previous
Next

SR-IOV FortiDDoS KVM Deployment

Before you begin:
  • Have an SR-IOV-compatible network interface card (NIC) installed.
  • Enable the Intel Virtualization Technology (VT-x) and VT-d features in BIOS of the KVM Host server.
  • Make sure that the physical interface is in the UP state. Verify with ifconfig <ethname>. A minimum of 2 interfaces need to be in the UP state.

To deploy the SR-IOV FortiDDoS KVM:

  1. SSH to KVM host server with root.
  2. Activate Intel VT-d in the kernel by appending the intel_iommu=on parameter to the GRUB_CMDLINE_LINUX entry in the /etc/default/grub configuration file. This setting will allow you to assign SR-IOV VF to FortiDDoS VM.
  3. Create VFs by writing an appropriate value to the sriov_numvfs parameter via the sysfs interface using the following format:

    echo 1 > /sys/class/net/enp27s0f2/device/sriov_numvfs

    echo 1 > /sys/class/net/enp101s0f3/device/sriov_numvfs

    echo 1 > /sys/class/net/enp27s0f0/device/sriov_numvfs

    Note: Only 1 VF is supported per interface

  4. Verify that the VFs have been created using lspci, which lists all available Virtual Functions
  5. Set every VF as trusted and disable spoof checking.

    Use the following command: ip link set {interface name} vf 0 trust on spoof off

To assign PCI devices to the FortiDDoS VM:

  1. Close the FortiDDoS-VM and then Click VM Detail icon to edit.
  2. Delete the last 8 NICs.
  3. Click Add Hardware.
  4. Navigate to the PCI Host Device Details page. Select the VF based on the VF id in the output of lspci and then click Finish.
  5. Repeat to add the other VFs to the VM.
  6. Start the VM.
Tooltip

After FortiDDoS starts up, if the number data ports does not match the number of VFs you added in CLI execute dataplane show interfaces, please execute the following command:

execute port-remap

Previous
Next