1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on KVM
    5. VM-Series on KVM— Requirements and Prerequisites

    VM-Series on KVM— Requirements and Prerequisites

    VM-Series on KVM System Requirements
    Requirements
    Description
    Hardware Resources
    See VM-Series System Requirements for the minimum hardware requirements for your VM-Series model.
    Software Versions
    See the Compatibility Matrix for supported KVM software versions.
    Network Interfaces—Network Interface Cards and Software Bridges
    The VM-Series on KVM supports a total of 25 interfaces— 1 management interface and a maximum of 24 network interfaces for data traffic.
    VM-Series deployed on KVM supports software-based virtual switches such as the Linux bridge or the Open vSwitch bridge, and direct connectivity to PCI passthrough or an SR-IOV capable adapter.
    If you plan to establish connectivity using PCI-passthrough or SR-IOV, you cannot configure a vSwitch on the physical port used for SR-IOV or PCI-passthrough. To communicate with the host and other virtual machines on the network, the VM-Series firewall must have exclusive access to the physical port and associated virtual functions (VFs) on that interface.
    • On the Linux bridge and OVS, the e1000 and virtio drivers are supported; the default driver rtl8139 is not supported.
    • Open vSwitch version support:
      • Ubuntu 14.04 LTS: OVS 1.9.3 and OVS 2.3.1
      • Ubuntu 16.04 LTS: OVS 2.5.0
      • Ubuntu 16.04 LTS with OVS-DPDK: OVS 2.5.1
      • CentOS/RHEL 7.2: OVS 2.5.0
    • For PCI passthrough/SR-IOV support, the VM-Series firewall has been tested for the following network cards:
      • Intel 82576 based 1G NIC: SR-IOV support on all supported Linux distributions; PCI-passthrough support
      • Intel 82599 based 10G NIC: SR-IOV support on all supported Linux distributions; PCI-passthrough support
      • Broadcom 57112 and 578xx based 10G NIC: SR-IOV support on all supported Linux distributions; No PCI-passthrough support.
      • Drivers: igb; ixgbe; bnx2x
      • Drivers: igbvf; ixgbevf; bnx2x
        SR-IOV capable interfaces assigned to the VM-Series firewall, must be configured as Layer 3 interfaces or as HA interfaces.
    Data Plane Development Kit (DPDK) Support
    DPDK is enabled by default on VM-Series firewalls on KVM if one of the following NIC drivers is used:
    • Virtual Driver: virtio
    • NIC Drivers: ixgbe, ixgbevf, i40e, i40evf

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo