Enabling accelerated networking on the FortiGate-VM
Azure supports SR-IOV, which accelerates networking by allowing VM NICs to bypass the hypervisor and go directly to the PCIe card underneath. FortiOS must understand when it is using SR-IOV and change networking to accommodate SR-IOV.
Azure refers to SR-IOV as Accelerated Networking. You can check if it is enabled by checking the NIC attached to the VM through the GUI or CLI.
To configure accelerated networking:
- You can enable accelerated networking when instantiating a new VM, or enable it after the VM has been created. Do one of the following:
- To enable accelerated networking using the GUI, create a new VM or select an existing VM. On the Networking tab, for Accelerated networking, select On.
- To enable accelerated networking using the CLI, run the following commands:
root@mail:/home/azure/images# az network nic update -g <Resource group name> -n <NIC name> --accelerated-networking true
{
"dnsSettings": {
"appliedDnsServers": [],
"dnsServers": [],
"internalDnsNameLabel": null,
"internalDomainNameSuffix": "k41kcrl04yeezbyeswqimbxshb.fx.internal.cloudapp.net",
"internalFqdn": null
},
"enableAcceleratedNetworking": true,
On the FortiOS side, a virtual interface is created in the format of sriovslv(number) for each NIC that has accelerated networking enabled:
<VM name> # fnsysctl ifconfig
port1 Link encap:Ethernet HWaddr 00:0D:3A:B4:87:70
inet addr:172.29.0.4 Bcast:172.29.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5689 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1548978 (1.5 MB) TX bytes:0 (0 Bytes)
sriovslv0 Link encap:Ethernet HWaddr 00:0D:3A:B4:87:70
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:35007 errors:0 dropped:0 overruns:0 frame:0
TX packets:33674 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34705194 (33.1 MB) TX bytes:10303956 (9.8 MB)
The NIC shows the driver as
hv_netvsc
with accelerated networking enabled or disabled:<VM name> # diagnose hardware deviceinfo nic port1
Name: port1
Driver: hv_netvsc
The FortiOS GUI does not display the virtual interface in Network > Interfaces.
To check if accelerated networking is enabled using the GUI:
- In the Azure management console, go to the desired VM, then Networking.
- Select the desired NIC. In this example, accelerated networking is shown as enabled.
To check if accelerated networking is enabled using the CLI:
root@mail:/home/azure/images# az network nic show -g <Resource group name> -n <NIC name>
Check that the following displays as part of the output: "enableAcceleratedNetworking": true,