NIC versions

NICs generally have three components to consider when considering SR-IOV:

• Firmware (or NVM)
• PF driver
• VF driver

Care should be taken to ensure the drivers and firmware/non-volatile memory image are aligned as per manufacturer’s recommendations. For example, the Intel X700 series recommendations are detailed in the Feature Support Matrix.

The VF driver is part of the FortiGate-VM instance. The driver versions are documented here. There is only one VF driver version per FortiOS version. This offers the least flexibility when aligning versions, making it the starting point.

As an example, the system used in this document has Intel XL710 NIC cards and is running FortiOS 7.0.2. Consulting the two resources above:

• VF driver: IAVF 4.1.1

  

• Software Release Version: 26.2
• PF driver: i40e 2.15.9
• NVM version: 8.30

Any deviation from this alignment would need to be diligently tested and may still cause later supportability issues.

Instructions for Mellanox public repositories can be found at Mellanox Technologies Ltd. Public Repository. You can find firmware update instructions at Firmware Update Instructions.

Having said that, the example system in this document breaks this rule. As it is not carrying production traffic, then it allows future versions to be considered without any negative impact. The example prints are based upon Intel’s Software Release Version 26.6 which importantly contains some fixes for issues observed on other hypervisors.

[root@rhel-tiger-14-6 ~]# ethtool -i ens5f0
driver: i40e
version: 2.17.4
firmware-version: 8.50 0x8000b6c7 1.3082.0expansion-rom-version:
bus-info: 0000:86:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: yes

RHEL 8 packages the i40e kernel module and reports the kernel version as the driver version. This may not be helpful, as if the above command is run before installing the desired i40e driver, the version reported is the kernel version.

Search, download, and transfer to the versions desired to the server:

• Google: intel xl710 driver 2.17.4

• Google: intel xl710 nvm 8.50

Compile and install the driver, following the vendor's instructions:

[root@rhel-tiger-14-6 src]# yum -y install make kernel-devel gcc elfutils-libelf-devel
<output omitted for brevity>

[root@rhel-tiger-14-6 fortinet]# tar xzf i40e-2.17.4.tar.gz 
<output omitted for brevity>

[root@rhel-tiger-14-6 fortinet]# cd i40e-2.17.4/src/

[root@rhel-tiger-14-6 src]# make install
<output omitted for brevity>

[root@rhel-tiger-14-6 src]# reboot

Upgrade the firmware, following the vendor's instructions:

[root@rhel-tiger-14-6 fortinet]# yum -y install unzip
<output omitted for brevity>

[root@rhel-tiger-14-6 fortinet]# unzip 700Series_NVMUpdatePackage_v8_50.zip
Archive:  700Series_NVMUpdatePackage_v8_50.zip
  inflating: 700Series_NVMUpdatePackage_v8_50_EFI.zip  
  inflating: 700Series_NVMUpdatePackage_v8_50_ESX.tar.gz  
  inflating: 700Series_NVMUpdatePackage_v8_50_FreeBSD.tar.gz  
  inflating: 700Series_NVMUpdatePackage_v8_50_Linux.tar.gz
  inflating: 700Series_NVMUpdatePackage_v8_50_Windows.zip

[root@rhel-tiger-14-6 fortinet]# tar xzf 700Series_NVMUpdatePackage_v8_50_Linux.tar.gz
<output omitted for brevity>

[root@rhel-tiger-14-6 fortinet]# cd 700Series/Linux_x64/

[root@rhel-tiger-14-6 Linux_x64]# ./nvmupdate64e
<output omitted for brevity>

[root@rhel-tiger-14-6 src]# reboot

You can check the results via the previous ethtool command and/or modinfo:

[root@rhel-tiger-14-6 ~]# modinfo i40e
filename:       /lib/modules/4.18.0-305.25.1.el8_4.x86_64/updates/drivers/net/ethernet/intel/i40e/i40e.ko
version:        2.17.4
license:        GPL
description:    Intel(R) 40-10 Gigabit Ethernet Connection Network Driver
author:         Intel Corporation, <e1000-devel@lists.sourceforge.net>
rhelversion:    8.4
srcversion:     5941E76EE679E4C3E0A7AEF
alias:          pci:v00008086d0000158Bsv sdbcsci*
alias:          pci:v00008086d0000158Asv sdbcsci*
alias:          pci:v00008086d000037D3sv sdbcsci*
alias:          pci:v00008086d000037D2sv sdbcsci*
alias:          pci:v00008086d000037D1sv sdbcsci*
alias:          pci:v00008086d000037D0sv sdbcsci*
alias:          pci:v00008086d000037CFsv sdbcsci*
alias:          pci:v00008086d000037CEsv sdbcsci*
alias:          pci:v00008086d00000D58sv sdbcsci*
alias:          pci:v00008086d00000CF8sv sdbcsci*
alias:          pci:v00008086d00001588sv sdbcsci*
alias:          pci:v00008086d00001587sv sdbcsci*
alias:          pci:v00008086d0000104Fsv sdbcsci*
alias:          pci:v00008086d0000104Esv sdbcsci*
alias:          pci:v00008086d000015FFsv sdbcsci*
alias:          pci:v00008086d00001589sv sdbcsci*
alias:          pci:v00008086d00001586sv sdbcsci*
alias:          pci:v00008086d0000101Fsv sdbcsci*
alias:          pci:v00008086d00001585sv sdbcsci*
alias:          pci:v00008086d00001584sv sdbcsci*
alias:          pci:v00008086d00001583sv sdbcsci*
alias:          pci:v00008086d00001581sv sdbcsci*
alias:          pci:v00008086d00001580sv sdbcsci*
alias:          pci:v00008086d00001574sv sdbcsci*
alias:          pci:v00008086d00001572sv sdbcsci*
depends:        
name:           i40e
vermagic:       4.18.0-305.25.1.el8_4.x86_64 SMP mod_unload modversions
parm:           debug:Debug level (0=none,...,16=all) (int)
parm:           l4mode:L4 cloud filter mode: 0=UDP,1=TCP,2=Both,-1=Disabled(default) (int)

The kernel uses vermagic to ensure that the module is compiled against the running kernel. This reiterates the importance to fully control and test OS updates prior to releasing in production.