1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on KVM
    5. VM-Series on KVM— Requirements and Prerequisites

    VM-Series on KVM— Requirements and Prerequisites

    VM-Series on KVM System Requirements
    Requirements
    Description
    Hardware Resources
    See VM-Series System Requirements for the minimum hardware requirements for your VM-Series model.
    Software Versions
    • Ubuntu:
      • 14.04 LTS (QEMU-KVM 2.0.0 and libvirt 1.2.2)
      • 16.04 LTS (QEMU-KVM 2.5.0 and libvirt 1.3.1)
    • CentOS/RedHat Enterprise Linux: 7.2 (QEMU-KVM 1.5.3 and libvirt 2.0.0)
    • CentOS: 7.5 (QEMU-KVM 1.5.3 and libvirt 3.9.0)
      With CentOS 7.5, only Packet MMap mode is supported. So you must disable DPDK with
      op-cmd-dpdk-pkt-io=off
      in the init-cfg.txt file used for bootstrapping or use the CLI command
      set system setting dpdk-pkt-io off
       after you deploy the firewall.
    Network Interfaces—Network Interface Cards and Software Bridges
    The VM-Series on KVM supports a total of 25 interfaces— 1 management interface and a maximum of 24 network interfaces for data traffic.
    VM-Series deployed on KVM supports software-based virtual switches such as the Linux bridge or the Open vSwitch bridge, and direct connectivity to PCI passthrough or an SR-IOV capable adapter.
    If you plan to establish connectivity using PCI-passthrough or SR-IOV, you cannot configure a vSwitch on the physical port used for SR-IOV or PCI-passthrough. To communicate with the host and other virtual machines on the network, the VM-Series firewall must have exclusive access to the physical port and associated virtual functions (VFs) on that interface.
    • On the Linux bridge and OVS, the e1000 and virtio drivers are supported; the default driver rtl8139 is not supported.
    • Open vSwitch version support:
      • Ubuntu 14.04 LTS: OVS 1.9.3 and OVS 2.3.1
      • Ubuntu 16.04 LTS: OVS 2.5.0
      • Ubuntu 16.04 LTS with OVS-DPDK: OVS 2.5.1
      • CentOS/RHEL 7.2: OVS 2.5.0
    • For PCI passthrough/SR-IOV support, the VM-Series firewall has been tested for the following network cards:
      • Intel 82576 based 1G NIC: SR-IOV support on all supported Linux distributions; PCI-passthrough support
      • Intel 82599 based 10G NIC: SR-IOV support on all supported Linux distributions; PCI-passthrough support
      • Broadcom 57112 and 578xx based 10G NIC: SR-IOV support on all supported Linux distributions; No PCI-passthrough support.
      • Drivers: igb; ixgbe; bnx2x
      • Drivers: igbvf; ixgbevf; bnx2x
        SR-IOV capable interfaces assigned to the VM-Series firewall, must be configured as Layer 3 interfaces or as HA interfaces.
    Data Plane Development Kit (DPDK) Support
    DPDK is enabled by default on VM-Series firewalls on KVM if one of the following NIC drivers is used:
    • Virtual Driver: virtio
    • NIC Drivers: ixgbe, ixgbevf, i40e, i40evf

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2020 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo