Enabling accelerated networking on the FortiGate-VM
Azure supports SR-IOV, which accelerates networking by allowing VM NICs to bypass the hypervisor and go directly to the PCIe card underneath. FortiOS must understand when it is using SR-IOV and change networking to accommodate SR-IOV.
Azure refers to SR-IOV as Accelerated Networking. You can check if it is enabled by checking the NIC attached to the VM through the GUI or CLI.
This feature is available for FortiOS 6.2.1 and later versions.
To configure accelerated networking:
- You can enable accelerated networking when instantiating a new VM, or enable it after the VM has been created. Do one of the following:
- To enable accelerated networking using the GUI, create a new VM or select an existing VM. On the Networking tab, for Accelerated networking, select On.
- To enable accelerated networking using the CLI:
root@mail:/home/azure/images# az network nic update -g <Resource group name> -n <NIC Name> --accelerated-networking true
{
"dnsSettings": {
"appliedDnsServers": [],
"dnsServers": [],
"internalDnsNameLabel": null,
"internalDomainNameSuffix": "k41kcrl04yeezbyeswqimbxshb.fx.internal.cloudapp.net",
"internalFqdn": null
},
"enableAcceleratedNetworking": true,
On the FortiOS side, a virtual interface is created in the format of sriovslv(number) for each NIC that has accelerated networking enabled:
<VM name> # fnsysctl ifconfig
port1 Link encap:Ethernet HWaddr 00:0D:3A:B4:87:70
inet addr:172.29.0.4 Bcast:172.29.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5689 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1548978 (1.5 MB) TX bytes:0 (0 Bytes)
sriovslv0 Link encap:Ethernet HWaddr 00:0D:3A:B4:87:70
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:35007 errors:0 dropped:0 overruns:0 frame:0
TX packets:33674 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34705194 (33.1 MB) TX bytes:10303956 (9.8 MB)
The NIC shows the driver as
hv_netvsc
with accelerated networking enabled or disabled:<VM name> # diagnose hardware deviceinfo nic port1
Name: port1
Driver: hv_netvsc
The FortiOS GUI does not display the virtual interface:
To check if accelerated networking is enabled using the GUI:
- In the Azure management console, go to the desired VM, then Networking.
- Select the desired NIC. In this example, accelerated networking is shown as enabled.
To check if accelerated networking is enabled using the CLI:
root@mail:/home/azure/images# az network nic show -g <Resource group name> -n <NIC name>
Check that the following displays as part of the output: "enableAcceleratedNetworking": true,