Fortinet white logo
Fortinet white logo

Administration Guide

PF and VF SR-IOV driver and virtual SPU support

PF and VF SR-IOV driver and virtual SPU support

Physical Function (PF) and Virtual Function (VF) PCI Passthrough and SR-IOV drivers in FortiGate guest VM are supported.

PF provides the ability for PCI Passthrough, but requires an entire Network Interface Card (NIC) for a VM. It can usually achieve greater performance than a Virtual Function (VF) based SR-IOV. PF is also expensive. While VF allows one NIC to be shared among multiple guests VMs, PF is allocated to one port on a VM.

The supported driver versions are:

Driver

Version

Hypervisor

PCI-Passthrough/SR-IOV

vSPU (In-guest DPDK)

Note

ixgbe

5.6.5

ESXi, KVM

Yes

Yes

Ixgbevf

4.6.3

ESXi, KVM

Yes

i40e

2.10.19.82

ESXi, KVM

Yes

Yes

i40evf

3.6.15

ESXi, KVM

Yes

Yes

Available in FortiOS 6.4.0 and earlier versions.

Iavf

3.7.61.20

ESXi, KVM

Yes

Yes

Replaces i40evf in FortiOS 6.4.1 and later versions. Supports Intel E810-C 100G adapters.

Mlx5

4.6-1.0.1

ESXi, KVM

Yes

Yes

Supports Nvidia ConnectX-5 and ConnectX-6 100G adapters.

Bcxt_en

1.10.1-216.0.416.1

ESXi, KVM

Yes

Yes

Available in FortiOS 6.4.3 and later versions. Supports Broadcom P2100G 100G adapters.

Vmxnet3

1.4.a.0-k-NAPI

ESXi

Yes

The combination of VMware ESXi and NSX-T does not support virtual SPU (vSPU).

Note

Other hypervisors, such as Xen or Microsoft Hyper-V, may work with vSPU, although they are unverified.

Note

All tools and software utilities for UEFI 1.X have been removed from 6.2.0 and later releases. Update to UEFI 2.x to use the UEFI tools or software utilities.

You perform the configuration to use PF or VF on the hypervisor, and do not configure it on the FortiGate.

To check what driver is being used on the FortiGate:
# diagnose hardware deviceinfo nic port2
Name:        port2
Driver:      i40e
Version:     2.4.10
Bus:         0000:03:00.0
Hwaddr:      3c:fd:fe:1e:98:02
Permanent Hwaddr:3c:fd:fe:1e:98:02
State:       up
Link:        up
Mtu:         1500
Supported:   auto 1000full 10000full
Advertised:  auto 1000full 10000full
Auto:        disabled
Rx packets:      0
Rx bytes:        0
Rx compressed:       0
...

PF and VF SR-IOV driver and virtual SPU support

PF and VF SR-IOV driver and virtual SPU support

Physical Function (PF) and Virtual Function (VF) PCI Passthrough and SR-IOV drivers in FortiGate guest VM are supported.

PF provides the ability for PCI Passthrough, but requires an entire Network Interface Card (NIC) for a VM. It can usually achieve greater performance than a Virtual Function (VF) based SR-IOV. PF is also expensive. While VF allows one NIC to be shared among multiple guests VMs, PF is allocated to one port on a VM.

The supported driver versions are:

Driver

Version

Hypervisor

PCI-Passthrough/SR-IOV

vSPU (In-guest DPDK)

Note

ixgbe

5.6.5

ESXi, KVM

Yes

Yes

Ixgbevf

4.6.3

ESXi, KVM

Yes

i40e

2.10.19.82

ESXi, KVM

Yes

Yes

i40evf

3.6.15

ESXi, KVM

Yes

Yes

Available in FortiOS 6.4.0 and earlier versions.

Iavf

3.7.61.20

ESXi, KVM

Yes

Yes

Replaces i40evf in FortiOS 6.4.1 and later versions. Supports Intel E810-C 100G adapters.

Mlx5

4.6-1.0.1

ESXi, KVM

Yes

Yes

Supports Nvidia ConnectX-5 and ConnectX-6 100G adapters.

Bcxt_en

1.10.1-216.0.416.1

ESXi, KVM

Yes

Yes

Available in FortiOS 6.4.3 and later versions. Supports Broadcom P2100G 100G adapters.

Vmxnet3

1.4.a.0-k-NAPI

ESXi

Yes

The combination of VMware ESXi and NSX-T does not support virtual SPU (vSPU).

Note

Other hypervisors, such as Xen or Microsoft Hyper-V, may work with vSPU, although they are unverified.

Note

All tools and software utilities for UEFI 1.X have been removed from 6.2.0 and later releases. Update to UEFI 2.x to use the UEFI tools or software utilities.

You perform the configuration to use PF or VF on the hypervisor, and do not configure it on the FortiGate.

To check what driver is being used on the FortiGate:
# diagnose hardware deviceinfo nic port2
Name:        port2
Driver:      i40e
Version:     2.4.10
Bus:         0000:03:00.0
Hwaddr:      3c:fd:fe:1e:98:02
Permanent Hwaddr:3c:fd:fe:1e:98:02
State:       up
Link:        up
Mtu:         1500
Supported:   auto 1000full 10000full
Advertised:  auto 1000full 10000full
Auto:        disabled
Rx packets:      0
Rx bytes:        0
Rx compressed:       0
...