Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    SR-IOV and PCI Passthrough on KVM

    vSRX on KVM supports single-root I/O virtualization (SR-IOV) interface types. SR-IOV is a standard that allows a single physical NIC to present itself as multiple vNICs, or virtual functions (VFs), that a virtual machine (VM) can attach to. SR-IOV combines with other virtualization technologies, such as Intel VT-d, to improve the I/O performance of the VM. SR-IOV allows each VM to have direct access to packets queued up for the VFs attached to the VM. You use SR-IOV when you need I/O performance that approaches that of the physical bare metal interfaces.

    Note: SR-IOV in KVM does not remap interface numbers. The interface sequence in the vSRX VM XML file matches the interface sequence shown in the Junos OS CLI on the vSRX instance.

    Starting in Junos OS Release 15.1X49-D90 and Junos OS Release 17.3R1, a vSRX instance deployed on KVM supports the Peripheral Component Interconnect (PCI) passthrough virtualization technique on the Intel XL710 (see the vSRX Performance Scale Up discussion in Understanding vSRX with KVM).

    PCI passthrough enables PCI devices such as network interfaces to appear as if they were physically attached to the guest operating system, bypassing the KVM hypervisor and providing a high rate of data transfer. The physical network interfaces support the SR-IOV capability and can be connected to the VMs using PCI passthrough. PCI passthrough allows guests to have exclusive access to PCI devices for a range of tasks.

    With PCI passthrough, SR-IOV enables a single root function (for example, a single Ethernet port), to appear as multiple, separate, physical devices. A physical device with SR-IOV capabilities can be configured to appear in the PCI configuration space as multiple virtual functions (VFs), where each device has its own configuration space complete with Base Address Registers (BARs). One PCI function (slot, bus, function) is treated as a single device. The host can expose those PCI devices (VFs or PFs) to a VM for direct access.

    SR-IOV uses two PCI functions:

    • Physical Functions (PFs)—Full PCIe devices that include SR-IOV capabilities. Physical Functions are discovered, managed, and configured as normal PCI devices. Physical Functions configure and manage the SR-IOV functionality by assigning Virtual Functions. When SR-IOV is disabled, the host creates a single PF on one physical NIC.
    • Virtual Functions (VFs)—Simple PCIe functions that only process I/O. Each Virtual Function is derived from a Physical Function. The number of Virtual Functions a device may have is limited by the device hardware. A single Ethernet port, the Physical Device, may map to many Virtual Functions that can be shared to guests. When SR-IOV is enabled, the host creates a single PF and multiple VFs on one physical NIC. The number of VFs depends on the configuration and driver support.

    In a vSRX on KVM deployment, note the following function type support for SR-IOV and PCI passthrough:

    • PCI passthrough only uses PFs.
    • SR-IOV only uses VFs.

    Release History Table

    Release
    Description
    Starting in Junos OS Release 15.1X49-D90 and Junos OS Release 17.3R1, a vSRX instance deployed on KVM supports the Peripheral Component Interconnect (PCI) passthrough virtualization technique on the Intel XL710 (see the vSRX Performance Scale Up discussion in Understanding vSRX with KVM).

    Modified: 2017-12-12