I searched for the topic, but I haven't found a thread for it. Therefore I'd like to start a discussion/knowledge collection about the new fastpath feature.
My XG shows the following console output:
console> system firewall-acceleration show
Firewall Acceleration is Enabled. Fastpath Load Failed.
Is this related to the new fast path feature?
What could be the reason for the failure?
Is the fast path feature available to SW appliances / virtual machines / home users etc.?
Thanks and Best Regards
Hi Dom Nik,
Thanks for your feedback. Please find the answer inline.
Is this related to the new fast-path feature?
Yes, This issue already identified and tracked using Jira id NC-51957 which is fixed in upcoming next v18 release.
Your XG firewall ethernet driver is not supported fast-path feature.Please share ethtool -i <your interface name> output.
Is the fast path feature available to SW appliances / virtual machines/home users etc.?
It depends on the ethernet interface driver.
I'm using the virtio-net drivers:
SFVH_SO01_SFOS 18.0.0 EAP3-Refresh1# ethtool -i Port1driver: virtio_net_nmversion: 1.0.0firmware-version: expansion-rom-version: bus-info: 0000:00:12.0supports-statistics: nosupports-test: nosupports-eeprom-access: nosupports-register-dump: nosupports-priv-flags: no
Please let me know if there is a better solution for KVM. :-)
We are using VM with ESX6.7 and it is working.
Sophos Firmware Version SFOS 18.0.0 EAP3-Refresh1console> system firewall-acceleration showFirewall Acceleration is Enabled.console>
Can you try to change driver to e1000 in your network configuration?
Currently fastpath supports the following NIC drivers: i40e, e1000, e1000e, igb, ixgbe, vmxnet3. If fastpath is enabled when system has no supported NICs, fastpath load will fail but system will still be fully functional without the performance enhancements provided by fastpath
We are investigating the support for virtio_net in NC-51957 (Edit: and NC-54940)
I checked it with the following results:
Using e1000 on kvm:
Fast Path error is gone, but the CPU load is almost twice compared to virtio, while softirq is consuming 40% more per cpu core with a 200mbit/s test. (tso and gso are both disabled in XG by default.)
Using vmxnet3 on kvm:
Fast Path error is gone, but CPU load is 30-50% higher than virtio, while softirq is consuming 10-20% more per cpu core with a 200mbit/s test. (tso and gso are both disabled in XG by default.)
Therefore I think that fastpath wouldn't bring a benefit while the other adapter types in kvm will lower the performance signifcantly.
We are currently investigating the issue with the virtio driver and tracking this in NC-54940