Description
SR-IOV allows VMs to communicate directly with the PCIe devices to enable high speed IO with low delay, particularly for above 10Gbps NIC, if the hardware and system BIOS supports it.
It creates a virtual PCI device called VF and the VMs are mapped to the virtual interface.
When the VF is used for HA links for FortiGate-KVM, the permanent Hardware address is changed to the FGCP virtual address, causing HA OUT-OF-SYNC.
# diag hardware device nic port2
Name: port2
Driver: ixgbevf
Version: 4.0.3
FW version: N/A
Bus: 0000:00:05.0
Hwaddr: 00:09:0f:09:00:01
Permanent Hwaddr: 00:09:0f:09:00:01
On the server, mac address is changed as well.
# ip link show
vf 4 MAC 00:09:0f:09:00:01, vlan 1001, spoof checking off, link-state auto, trust on, query_rss off
Solution
With SRIOV, the only method for HA interface is to use unicast ha, not to change the mac address.
Further information is available here.
