Fortinet Document Library

Version:


Table of Contents

KVM Cookbook

Resources

Upgrade Path Tool
6.2.0
Download PDF
Copy Link

Enhancing FortiGate-VM Performance with DPDK and vNP offloading

DPDK and vNP enhance FortiGate-VM performance by offloading part of packet processing to user space while using a kernel bypass solution within the operating system. You must enable and configure DPDK with FortiOS CLI commands.

FortiOS 6.2.3 supports DPDK for KVM and VMware ESXi environments.

The current DPDK+vNP offloading-capable version of FortiOS only supports FortiGate instances with two or more vCPUs. Minimum required RAM sizes differ from those on regular FortiGate-VM models without offloading. It is recommended to allocate as much RAM size as the licensed limit for maximum performance, as shown below. See the 5.6 document for minimum size reference. FortiOS 6.2.2 and later versions do not restrict RAM size by license. Therefore, you can allocate as much memory as desired on 6.2-based DPDK-enabled FortiGate-VMs:

Model name

RAM size (licensed limit)

FG-VM02(v)

No restriction

FG-VM04(v)

No restriction

FG-VM08(v)

No restriction

FG-VM16(v)

No restriction

FG-VM32(v)

No restriction
Note

The current build does not support encrypted traffic. Support is planned for future versions. It is recommended to disable the DPDK option using the CLI or adopt regular FortiGate-VM builds when using IPsec and SSL VPN features.

Note

Enabling DPDK+vNP offloading may result in fewer concurrent sessions when under high load than when DPDK+vNP offloading is not enabled and the same FortiGate-VM license is used.

Resources

Enhancing FortiGate-VM Performance with DPDK and vNP offloading

DPDK and vNP enhance FortiGate-VM performance by offloading part of packet processing to user space while using a kernel bypass solution within the operating system. You must enable and configure DPDK with FortiOS CLI commands.

FortiOS 6.2.3 supports DPDK for KVM and VMware ESXi environments.

The current DPDK+vNP offloading-capable version of FortiOS only supports FortiGate instances with two or more vCPUs. Minimum required RAM sizes differ from those on regular FortiGate-VM models without offloading. It is recommended to allocate as much RAM size as the licensed limit for maximum performance, as shown below. See the 5.6 document for minimum size reference. FortiOS 6.2.2 and later versions do not restrict RAM size by license. Therefore, you can allocate as much memory as desired on 6.2-based DPDK-enabled FortiGate-VMs:

Model name

RAM size (licensed limit)

FG-VM02(v)

No restriction

FG-VM04(v)

No restriction

FG-VM08(v)

No restriction

FG-VM16(v)

No restriction

FG-VM32(v)

No restriction
Note

The current build does not support encrypted traffic. Support is planned for future versions. It is recommended to disable the DPDK option using the CLI or adopt regular FortiGate-VM builds when using IPsec and SSL VPN features.

Note

Enabling DPDK+vNP offloading may result in fewer concurrent sessions when under high load than when DPDK+vNP offloading is not enabled and the same FortiGate-VM license is used.