Questions about the FastPath Feature

Hi Dom Nik,

      Thanks for your feedback. Please find the answer inline.

Is this related to the new fast-path feature?

Yes, This issue already identified and tracked using Jira id NC-51957 which is fixed in upcoming next v18 release.

What could be the reason for the failure?

Your XG firewall ethernet driver is not supported fast-path feature.Please share ethtool -i <your interface name> output.

Is the fast path feature available to SW appliances / virtual machines/home users etc.?

It depends on the ethernet interface driver.

Hi Dom Nik,

      Thanks for your feedback. Please find the answer inline.

Is this related to the new fast-path feature?

Yes, This issue already identified and tracked using Jira id NC-51957 which is fixed in upcoming next v18 release.

What could be the reason for the failure?

Your XG firewall ethernet driver is not supported fast-path feature.Please share ethtool -i <your interface name> output.

Is the fast path feature available to SW appliances / virtual machines/home users etc.?

It depends on the ethernet interface driver.

Hi Apurv,

I'm using the virtio-net drivers:

SFVH_SO01_SFOS 18.0.0 EAP3-Refresh1# ethtool -i Port1
driver: virtio_net_nm
version: 1.0.0
firmware-version:
expansion-rom-version:
bus-info: 0000:00:12.0
supports-statistics: no
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no

Please let me know if there is a better solution for KVM. :-)

Thanks and Best Regards

Dom

Dear

We are using VM with ESX6.7 and it is working.

Sophos Firmware Version SFOS 18.0.0 EAP3-Refresh1

console> system firewall-acceleration show
Firewall Acceleration is Enabled.
console>

Can you try to change driver to e1000 in your network configuration?

Currently fastpath supports the following NIC drivers: i40e, e1000, e1000e, igb, ixgbe, vmxnet3.  If fastpath is enabled when system has no supported NICs, fastpath load will fail but system will still be fully functional without the performance enhancements provided by fastpath

We are investigating the support for virtio_net in NC-51957 (Edit: and NC-54940)

Stuart

Hi together,

I checked it with the following results:

Using e1000 on kvm:

Fast Path error is gone, but the CPU load is almost twice compared to virtio, while softirq is consuming 40% more per cpu core with a 200mbit/s test. (tso and gso are both disabled in XG by default.)

Using vmxnet3 on kvm:

Fast Path error is gone, but CPU load is 30-50% higher than virtio, while softirq is consuming 10-20% more per cpu core with a 200mbit/s test. (tso and gso are both disabled in XG by default.)

Therefore I think that fastpath wouldn't bring a benefit while the other adapter types in kvm will lower the performance signifcantly.

Best Regards

Dom

We are currently investigating the issue with the virtio driver and tracking this in NC-54940

Hi Apurv,

I am getting this also from my software firewall, but this time not virtual. here is the output from the ethtool

SFVH_SO01_SFOS 18.0.0 EAP3-Refresh1# ethtool -i Port2
driver: r8168
version: 8.046.00-NAPI
firmware-version:
expansion-rom-version:
bus-info: 0000:03:00.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: yes
supports-priv-flags: no

is this going to be supported?

Hi Argo,

the Realtek series on NIC are not high performance devices, they rely on off loading to the CPU so creating a fastpath driver for them would not seem logical or practical.

All the realtech devices are not used in commercial devices only home and low end PCs etc.

Ian

good to know, anyone know of a good NUC or mini pc that has high perf NICs for FastPath?

Hi Argo,

try this one

https://www.aliexpress.com/item/4000492465406.html?spm=a2g0o.detail.1000023.6.3d0c44c0v4uiBr

The Intel NUCs are usually based around the unsupported i219 series NICs, so check the specifications carefully.

There a number of threads in the normal XG forum about mini pcs, please search.

Ian