Fortinet black logo

Administration Guide

PF and VF SR-IOV driver and virtual SPU support

PF and VF SR-IOV driver and virtual SPU support

FortiGate guest VM supports physical function (PF) and virtual function (VF) PCI passthrough and SR-IOV drivers.

PF provides the ability for PCI Passthrough, but requires an entire Network Interface Card (NIC) for a VM. It can usually achieve greater performance than a VF-based SR-IOV. PF is also expensive. While VF allows multiple guests VMs to share one NIC, PF is allocated to one port on a VM.

The supported driver versions are:

Driver

Version

Hypervisor

PCI passthrough/SR-IOV

vSPU (in-guest DPDK)

Notes

ixgbe

5.6.5

VMware ESXi, KVM

Yes

Yes

Ixgbevf

4.6.3

VMware ESXi, KVM

Yes

i40e

2.10.19.82

VMware ESXi, KVM

Yes

Yes

i40evf

3.6.15

VMware ESXi, KVM

Yes

Yes

Available in FortiOS 6.4.0 and earlier versions.

Iavf

3.7.61.20

VMware ESXi, KVM

Yes

Yes

Replaces i40evf in FortiOS 6.4.1 and later versions. Supports Intel E810-C 100G adapters.

Mlx5

4.6-1.0.1

VMware ESXi, KVM

Yes

Yes

Supports Nvidia ConnectX-5 and ConnectX-6 100G adapters.

Bcxt_en

1.10.1-216.0.416.1

VMware ESXi, KVM

Yes

Yes

Available in FortiOS 6.4.3 and later versions. Supports Broadcom P2100G 100G adapters.

Vmxnet3

1.4.a.0-k-NAPI

VMware ESXi

Yes

The combination of VMware ESXi and NSX-T does not support virtual SPU (vSPU).

Note

Other hypervisors, such as Xen or Microsoft Hyper-V, may work with vSPU, although they are unverified.

Note

All tools and software utilities for UEFI 1.X have been removed from 6.2.0 and later releases. Update to UEFI 2.x to use the UEFI tools or software utilities.

You perform the configuration to use PF or VF on the hypervisor, and do not configure it on the FortiGate.

To check what driver is being used on the FortiGate:
# diagnose hardware deviceinfo nic port2
Name:        port2
Driver:      i40e
Version:     2.4.10
Bus:         0000:03:00.0
Hwaddr:      3c:fd:fe:1e:98:02
Permanent Hwaddr:3c:fd:fe:1e:98:02
State:       up
Link:        up
Mtu:         1500
Supported:   auto 1000full 10000full
Advertised:  auto 1000full 10000full
Auto:        disabled
Rx packets:      0
Rx bytes:        0
Rx compressed:       0
...

PF and VF SR-IOV driver and virtual SPU support

FortiGate guest VM supports physical function (PF) and virtual function (VF) PCI passthrough and SR-IOV drivers.

PF provides the ability for PCI Passthrough, but requires an entire Network Interface Card (NIC) for a VM. It can usually achieve greater performance than a VF-based SR-IOV. PF is also expensive. While VF allows multiple guests VMs to share one NIC, PF is allocated to one port on a VM.

The supported driver versions are:

Driver

Version

Hypervisor

PCI passthrough/SR-IOV

vSPU (in-guest DPDK)

Notes

ixgbe

5.6.5

VMware ESXi, KVM

Yes

Yes

Ixgbevf

4.6.3

VMware ESXi, KVM

Yes

i40e

2.10.19.82

VMware ESXi, KVM

Yes

Yes

i40evf

3.6.15

VMware ESXi, KVM

Yes

Yes

Available in FortiOS 6.4.0 and earlier versions.

Iavf

3.7.61.20

VMware ESXi, KVM

Yes

Yes

Replaces i40evf in FortiOS 6.4.1 and later versions. Supports Intel E810-C 100G adapters.

Mlx5

4.6-1.0.1

VMware ESXi, KVM

Yes

Yes

Supports Nvidia ConnectX-5 and ConnectX-6 100G adapters.

Bcxt_en

1.10.1-216.0.416.1

VMware ESXi, KVM

Yes

Yes

Available in FortiOS 6.4.3 and later versions. Supports Broadcom P2100G 100G adapters.

Vmxnet3

1.4.a.0-k-NAPI

VMware ESXi

Yes

The combination of VMware ESXi and NSX-T does not support virtual SPU (vSPU).

Note

Other hypervisors, such as Xen or Microsoft Hyper-V, may work with vSPU, although they are unverified.

Note

All tools and software utilities for UEFI 1.X have been removed from 6.2.0 and later releases. Update to UEFI 2.x to use the UEFI tools or software utilities.

You perform the configuration to use PF or VF on the hypervisor, and do not configure it on the FortiGate.

To check what driver is being used on the FortiGate:
# diagnose hardware deviceinfo nic port2
Name:        port2
Driver:      i40e
Version:     2.4.10
Bus:         0000:03:00.0
Hwaddr:      3c:fd:fe:1e:98:02
Permanent Hwaddr:3c:fd:fe:1e:98:02
State:       up
Link:        up
Mtu:         1500
Supported:   auto 1000full 10000full
Advertised:  auto 1000full 10000full
Auto:        disabled
Rx packets:      0
Rx bytes:        0
Rx compressed:       0
...