VM-Series - SRIOV and DPDK Drivers Support

These two drivers communicate with each other. So they need to be compatible. A Physical Function (PF) driver talks to the NIC, and doesn't include vf in its name (for example, i40e). When using SR-IOV with VM-Series, the host uses its PF to talk to the NIC, and then VM-Series uses a VF to talk to the PF. To give an example, let's consider a NIC that uses the i40e driver. When using SR-IOV, the customer would install an i40e driver (PF) on the host-side to talk to the NIC, and then VM-Series would use its in-built i40evf (VF) driver to talk with the PF.
So why does VM-Series have in-built PF drivers? When using PCI-Passthrough, the NIC is reserved entirely for VM-Series. The host doesn't see the NIC! As such, VM-Series will use its in-built PF driver (for example, the i40e) to directly communicate with the NIC.
 

The below link lists the in-built drivers of VM-Series. To determine which driver version to install on the host, please install a PF higher than VM-Series' in-built PF (yes, PF) driver.

https://docs.paloaltonetworks.com/compatibility-matrix/vm-series-firewalls/sr-iov-and-dpdk-drivers.html

In regards to DPDK, please keep in mind PAN-OS has two packet processing modes, MMAP and DPDK (Default). And they have different in-built drivers. So within PAN-OS, there are two versions of any driver. one for DPDK and one for MMAP. For example, if the customer is using i40e driver on the Hypervisor, then PAN-OS has two i40evf driver versions one for DPDK and one for MMAP. It depends on the mode enabled on the VM-Series, the respective driver will be loaded.

As an aside, there are two types of DPDK: host-side DPDK, and VM-Series (guest-side) DPDK. Enabling both yields the best results. Compiling OVS with DPDK would be part of enabling Host-side DPDK. VM-Series DPDK is enabling DPDK within VM-Series and does not need host-side DPDK to be enabled.