This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Supported SR-IOV for Palo Alto in WS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Supported SR-IOV for Palo Alto in WS

MarnieFellows
L0 Member

‎11-25-2020 11:57 AM - edited ‎11-28-2020 07:50 PM

Hello everybody,
I see that we have SR-IOV and DPDK modes supported for Palo Alto in AWS and understand that DPDK is proffered mode which provides fast processing. 192168101.com
so are there any specific situation where SR-IOV mode is preferred over DPDK?
are you know? 19216811.dev

0 Likes Likes
2 REPLIES 2

nanasin
L1 Bithead

‎11-29-2020 08:17 PM


SR-IOV and DPDK can be enabled simultaneously.

Slightly misleadingly, SR-IOV is assisted by the network card and DPDK is assisted by the CPU.
https://en.wikipedia.org/wiki/Data_Plane_Development_Kit
https://en.wikipedia.org/wiki/Single-root_input/output_virtualization


Enabling SR-IOV bypasses the hypervisor that exists between the PAN-OS(VM-Series) and physical NICs.

Enabling DPDK bypasses the PAN-OS (linux kernel) that resides between the NIC bypassed by SR-IOV and the pan_task (a process that represents the data plane).

DPDK is effective for simple processes such as just moving data from east to west, raising the limit from around 20 Gbps to around 100 Gbps.

I think DPDK probably won't be effective until Threat Prevention's throughput exceeds 30 Gbps, which is not very useful at the moment.
In other words, I don't think it's very useful at this time (the unconfigured defaults should be the most secure).

Where DPDK is useful is in eliminating most of the bottlenecks, even in configurations that connect via Open vSwitch (OVS).

Here are Intel's test results
https://builders.intel.com/docs/networkbuilders/demonstrating-data-plane-performance-improvements-us...

It should be possible to use OVS in AWS as well, but there should be little benefit to using it (although I did some research).

Therefore, I think it's enough to just enable SR-IOV, and I think it's safer to not change the default.

0 Likes Likes

Sidneyy
L0 Member

‎12-18-2020 02:10 AM

Supported SR-IOV for Palo Alto in WS. Hello everybody,I see that we have SR-IOV and DPDK modes supported for Palo Alto in AWS and understand that DPDK 

myaccountaccess login
0 Likes Likes
  • 3130 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks