Netgate SG-1000 microFirewall

Author Topic: IMPORTANT: Xen/KVM networking will not work using default hypervisor settings!  (Read 41339 times)

0 Members and 1 Guest are viewing this topic.

Offline webdawg

  • Full Member
  • ***
  • Posts: 118
  • Karma: +3/-1
    • View Profile
Anyone know how to make a wiki account we should get some xen keywords in some of these wiki posts.

Offline ednc

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Quote
It actually does:

https://doc.pfsense.org/index.php/VirtIO_Driver_Support
https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear
https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox

Thanks for pointing these out. I was looking for the specific Xen/KVM page on the Wiki. The "Lost Traffic" page is not in the Virtualisation category so I have never even seen that. Proxmox is not what I'm using and it has no mention of ethtool etc. As to VirtIO page, I never got around to that as it never downed on me that that's the root of my issue. I'm not complaining, just pointing out that having a separate Xen/KVM page on the Wiki could be beneficial.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 831
  • Karma: +59/-1
    • View Profile
Quote
It actually does:

https://doc.pfsense.org/index.php/VirtIO_Driver_Support
https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear
https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox

Thanks for pointing these out. I was looking for the specific Xen/KVM page on the Wiki. The "Lost Traffic" page is not in the Virtualisation category so I have never even seen that. Proxmox is not what I'm using and it has no mention of ethtool etc. As to VirtIO page, I never got around to that as it never downed on me that that's the root of my issue. I'm not complaining, just pointing out that having a separate Xen/KVM page on the Wiki could be beneficial.

Yeah, someone with Wiki access should probably add Xen-specific keywords in there.

Offline fohdeesha

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +13/-1
    • View Profile
those pages also incorrectly advise (at least incorrect for xen) to disable checksum offloading IN pfsense - which does nothing and sometimes makes performance worse. it must be done at the hypervisor level. I'd be willing to nicely format this complete xen guide into a wiki page/guide for Xen/Xenserver specifically if I had wiki permissions - https://forum.pfsense.org/index.php?topic=109253.msg608562#msg608562

also why is this even still necessary? Wasn't this fixed upstream in freebsd like 2 major versions ago? I swore the 2.4 snapshots used this version and this wasn't required, or maybe my memory is broken (quite possible)

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 831
  • Karma: +59/-1
    • View Profile
those pages also incorrectly advise (at least incorrect for xen) to disable checksum offloading IN pfsense - which does nothing and sometimes makes performance worse. it must be done at the hypervisor level. I'd be willing to nicely format this complete xen guide into a wiki page/guide for Xen/Xenserver specifically if I had wiki permissions - https://forum.pfsense.org/index.php?topic=109253.msg608562#msg608562

also why is this even still necessary? Wasn't this fixed upstream in freebsd like 2 major versions ago? I swore the 2.4 snapshots used this version and this wasn't required, or maybe my memory is broken (quite possible)

Nope, VirtIO + pf is still broken afaik in FreeBSD.

Offline jolebole

  • Jr. Member
  • **
  • Posts: 37
  • Karma: +2/-0
    • View Profile
VirtIO driver is still broken in pfSense as a guest VM in KVM . I recently had an issue with L3 bandwidth on a new pfSense VM install and could not fix the problem until I found out about this issue and switched from VirtIO to Intel driver. I have a 50/50 fiber link and I was getting 50M down but only 0.5M up with the VirtIO driver.

I hope this will get a resolution soon. Its been a while. The bug is open since 2012. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165059

Offline lftiv

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
  • Every job is easy when you have the right tool.
    • View Profile
Using ATT Uverse consumer grade, doing dmz plus on residential gateway to 5 port netgear gbit sw, then to a 10 dollar HiRo Gbe Nic I picked up open box at microcenter.

The nic is installed in a used HP DL360 running Xenserver 7.3 off of a Microcenter store brand 64GB USB flash drive.

PfSense is a guest with the Hiro as WAN and Xen is providing the Vlaning, pF seeing only virtual nics, Xen itself has the 4 realtek Gbe ports bonded.

Connection often out performs business class fiber at customer sites down town.

Given I'm not paying for the speeds to its not always this good, but 90% of the time I can break 100Mbit both ways.

This is my home setup everything is shoe string as possible.
Did I mention the HP is in my attic subject to whatever the outside temp is?
I'm doing plenty wrong, but what is it I'm doing right?




The first principle is that you must not fool yourself and you are the easiest person to fool.
     -Richard Phillips Feynman

Offline webdawg

  • Full Member
  • ***
  • Posts: 118
  • Karma: +3/-1
    • View Profile
I have asked for wiki access in 2017 and 2015 and no one ever responded.

I guess they do not give access?