Verify PCI-ID for Ordering of Network Interfaces on the VM-Series
Firewall
After deploying you VM-Series firewall, you must verify the ordering of network
interfaces on the VM-Series firewall.
| Where Can I Use This? | What Do I Need? |
|---|
Regardless of whether you use a virtual interfaces (Linux/OVS bridge) or PCI devices
(PCI-passthrough or SR-IOV capable adapter) for connectivity to the VM-Series
firewall, the VM-Series firewall treats the interface as a PCI device. The
assignment of an interface on the VM-Series firewall is based on PCI-ID, which
is a value that combines the bus, device or slot, and function of the interface. The
interfaces are ordered starting at the lowest PCI-ID, which means that the management
interface (eth0) of the firewall is assigned to the interface with the lowest PCI-ID.
Let's say you assign four interfaces to the VM-Series firewall, three virtual
interfaces of type Virtio and e1000 and the fourth is a PCI device. To view the PCI-ID for
each interface, enter the command virsh dumpxml $ domain <name of the
VM-Series firewall> on the Linux host to view the list of interfaces
attached to the VM-Series firewall. In the output, check for the following networking
configuration:
<interface type='bridge'>
<mac address='52:54:00:d7:91:52'/>
<source bridge='mgmt-br'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<interface type='bridge'>
<mac address='52:54:00:f4:62:13'/>
<source bridge='br8'/>
<model type='e1000'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x10' function='0x0'/>
</interface>
<interface type='bridge'>
<mac address='52:54:00:fe:8c:80'/>
<source bridge='br8'/>
<model type='e1000'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</interface>
<hostdev mode='subsystem' type='pci' managed='yes'>
<source>
<address domain='0x0000' bus='0x08' slot='0x10' function='0x1'/>
</source>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</hostdev> In this case, the PCI-ID of each interface is as follows:
First virtual interface PCI-ID is 00:03:00
Second virtual interface PCI-ID is 00:10:00
Third virtual interface PCI-ID is 00:06:00
Fourth interface PCI-ID is 00:07:00
Therefore, on the VM-Series firewall, the interface with PCI-ID
of 00:03:00 is assigned as eth0 (management interface), the interface
with PCI-ID 00:06:00 is assigned as eth1 (ethernet1/1), the interface
with PCI-ID 00:07:00 is eth2 (ethernet1/2) and the interface with
PCI-ID 00:10:00 is eth3 (ethernet1/3).
