PF and VF SR-IOV driver and virtual SPU support
Physical Function (PF) and Virtual Function (VF) PCI Passthrough and SR-IOV drivers in FortiGate guest VM are supported.
PF provides the ability for PCI Passthrough, but requires an entire Network Interface Card (NIC) for a VM. It can usually achieve greater performance than a Virtual Function (VF) based SR-IOV. PF is also expensive. While VF allows one NIC to be shared among multiple guests VMs, PF is allocated to one port on a VM.
The supported driver versions are:
Driver |
Version |
Hypervisor |
PCI-Passthrough/SR-IOV |
vSPU (In-guest DPDK) |
Note |
---|---|---|---|---|---|
ixgbe |
5.6.5 |
ESXi, KVM |
Yes |
Yes |
|
Ixgbevf |
4.6.3 |
ESXi, KVM |
Yes |
|
|
i40e |
2.10.19.82 |
ESXi, KVM |
Yes |
Yes |
|
i40evf
|
3.6.15 |
ESXi, KVM |
Yes |
Yes |
Available in FortiOS 6.4.0 and earlier versions. |
Iavf
|
3.7.61.20
|
ESXi, KVM |
Yes |
Yes |
Replaces i40evf in FortiOS 6.4.1 and later versions. Supports Intel E810-C 100G adapters. |
Mlx5 |
4.6-1.0.1 |
ESXi, KVM |
Yes |
Yes |
Supports Nvidia ConnectX-5 and ConnectX-6 100G adapters. |
Bcxt_en
|
1.10.1-216.0.416.1 |
ESXi, KVM |
Yes |
Yes |
Available in FortiOS 6.4.3 and later versions. Supports Broadcom P2100G 100G adapters. |
Vmxnet3 |
1.4.a.0-k-NAPI |
ESXi |
|
Yes |
The combination of VMware ESXi and NSX-T does not support virtual SPU (vSPU). |
Other hypervisors, such as Xen or Microsoft Hyper-V, may work with vSPU, although they are unverified. |
All tools and software utilities for UEFI 1.X have been removed from 6.2.0 and later releases. Update to UEFI 2.x to use the UEFI tools or software utilities. |
You perform the configuration to use PF or VF on the hypervisor, and do not configure it on the FortiGate.
To check what driver is being used on the FortiGate:
# diagnose hardware deviceinfo nic port2 Name: port2 Driver: i40e Version: 2.4.10 Bus: 0000:03:00.0 Hwaddr: 3c:fd:fe:1e:98:02 Permanent Hwaddr:3c:fd:fe:1e:98:02 State: up Link: up Mtu: 1500 Supported: auto 1000full 10000full Advertised: auto 1000full 10000full Auto: disabled Rx packets: 0 Rx bytes: 0 Rx compressed: 0 ...