: VM-Series on KVM—Requirements and Prerequisites
Focus
Focus

VM-Series on KVM—Requirements and Prerequisites

Table of Contents

VM-Series on KVM—Requirements and Prerequisites

VM-Series on KVM System Requirements
Requirements
Description
Hardware Resources
See VM-Series System Requirements for the minimum hardware requirements for your VM-Series model.
Software Versions
See the supported KVM software versions in the Compatibility Matrix.
VM-Series firewall now supports ARM based instances on KVM hypervisor for private clouds. All features that were available in x86 environments are now extended to ARM based instances including Hypervisor support, DPDK that provide better performance, while reducing the operational (OPEX) costs, power consumption, and footprints. ARM architecture support is currently available on KVM as Software NGFW credits
SR-IOV Drivers See PacketMMAP Driver Versions drivers in the Compatibility Matrix.
DPDK Drivers See DPDK Driver Versions in the Compatibility Matrix.
If you use one of the supported NIC drivers on VM-Series on KVM, DPDK is enabled by default.
Network Interfaces—Network Interface Cards and Software Bridges
The VM-Series on KVM supports a total of 25 interfaces — 1 management interface and a maximum of 24 network interfaces for data traffic.
VM-Series deployed on KVM supports software-based virtual switches such as the Linux bridge or the Open vSwitch bridge, and direct connectivity to PCI passthrough or an SR-IOV capable adapter.
If you plan to establish connectivity using PCI-passthrough or SR-IOV, you cannot configure a vSwitch on the physical port used for SR-IOV or PCI-passthrough. To communicate with the host and other virtual machines on the network, the VM-Series firewall must have exclusive access to the physical port and associated virtual functions (VFs) on that interface.
  • On the Linux bridge and OVS, the e1000 and Virtio drivers are supported; the default driver rtl8139 is not supported.
  • For PCI passthrough/SR-IOV support, the VM-Series firewall has been tested for the following network cards:
    • Intel 82576 based 1G NIC: SR-IOV support on all supported Linux distributions; PCI-passthrough support.
    • Intel 82599 based 10G NIC: SR-IOV support on all supported Linux distributions; PCI-passthrough support.
    • Intel X710 10G NIC: SR-IOV support on all supported Linux distributions; PCI-passthrough support
    • Intel X722 10G NIC: SR-IOV support on all supported Linux distributions; PCI-passthrough support
    • Intel E810 NIC: SR-IOV support on all supported Linux distributions; DPDK support, PCI-passthrough support
      SR-IOV with Packet MMAP is not supported.
    • Broadcom 57112 and 578xx based 10G NIC: SR-IOV support on all supported Linux distributions; No PCI-passthrough support.
    • Mellanox ConnectX5 10G/25G/50G/100G NIC: SR-IOV support on all supported Linux distributions.
    • Mellanox ConnectX6 10G/25G/50G/100G NIC: SR-IOV support on all supported Linux distributions.
    • Refer to PacketMMAP Driver Versions in the Compatibility Matrix
      SR-IOV capable interfaces assigned to the VM-Series firewall, must be configured as Layer 3 interfaces or as HA interfaces.
  • For ARM, the VM-Series firewall has been tested for Mellanox, Intel I350 Gigabit NIC, X710, 10G and 40G network cards.