From owner-freebsd-xen@FreeBSD.ORG Mon Sep 8 12:34:27 2014 Return-Path: Delivered-To: freebsd-xen@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A6DD6D14 for ; Mon, 8 Sep 2014 12:34:27 +0000 (UTC) Received: from mail.claresco.hr (zid.claresco.hr [89.201.163.42]) by mx1.freebsd.org (Postfix) with ESMTP id 565DC174C for ; Mon, 8 Sep 2014 12:34:26 +0000 (UTC) Received: from mail.claresco.hr (localhost [127.0.0.1]) by mail.claresco.hr (Postfix) with ESMTP id A23442ADFC0; Mon, 8 Sep 2014 14:24:51 +0200 (CEST) Received: from arch.perpetuum.hr.claresco.hr (unknown [213.191.141.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.claresco.hr (Postfix) with ESMTPSA id 7641E2ADF99; Mon, 8 Sep 2014 14:24:51 +0200 (CEST) From: Marko Lerota To: Roger Pau =?utf-8?Q?Monn=C3=A9?= Subject: Re: Poor disk IO on Xenserver 6.2 In-Reply-To: <5405FD77.2000102@citrix.com> ("Roger Pau \=\?utf-8\?Q\?Monn\?\= \=\?utf-8\?Q\?\=C3\=A9\=22's\?\= message of "Tue, 2 Sep 2014 19:25:11 +0200") Organization: *BSD Users - Fanatics Dept. References: <86lhq7odub.fsf@arch.perpetuum.hr> <5400B39E.3090904@citrix.com> <86tx4un8bd.fsf@cosmos.claresco.hr> <5405FD77.2000102@citrix.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWgnbRLVpRNVY9jMRPh s21jSlEyNVX45Mv4zI+sbUclFAtMVpT8V0lFAAACZ0lEQVR4nG3Tv2vbQBQHcFMogWyeNeVK BLXGl5j6xnABOaNTuXFGmWpwtw519yj4soW6AatT4GKD3+aDZrl/rt/Tr9qlGiz7Pn7v3bsf HVc/NrIiSfElqH53GgijcCqzk/+AmBF5cN0DsFlIRGMh/oHuqxkTM6VlzB4EoZEs2aSZOASb EQJYZpweQshE697GTDndBXtgp9LIT9+OpDGHEfb9knk+nx+jfN1JCVZMCl6XwFm0a2EXztZD 3s4fj47ZbKI2VeBmJImeEfGLJ+M9sDPilX7IB5rN6sdfcGhuoHU+LC4nxfnI7YOJtdb95Gb+ fbgJ2uJ2ZgaA++f5ZzBqNCCYfMTd5q0BfBVNqm7I8gUjQ+YtXotRW6PH9AEj+dKs/KuNQAl5 o/NY+QkonW8aQAl0oXMYPvRiXIM4pRJifbXytnhTA8alBx/jefG2ar3DBlt34/PXz9M+nMVN iNaPUdCApJc2ItejOmLGoK1qQLV9pJmXBnL10DYoBA5aHNfj8ZNwZa5O4CzgTJeilKJmrQJs IHIt1/7/Sg2p3iq/Hz0/5W05rq4M9aN2B5FLohUP4ylVyfxhEIjAs8J4PhIJ9U+CEroogib5 BXAf7bB4vkfAzgPFt1tM9sJZAOH+lCexhwswuNtim4QTZdokqo4o89LkH7V6iFxICeqfp+Wh fmUuGPunLj2Meti6Cn4DjJ/UReROqR+aqawAi/JkfgKE64rrfkhjU8MtT8ivR4S5n6Yo08A7 HvgAlHDWRSGlNSDxwK9HtXy4FS2I60EdUIJM+Ut9OZNJG4CpbEQW1VBQoQoPuBw2EVa4P0u0 TgzQF+VoAAAAAElFTkSuQmCC Date: Mon, 08 Sep 2014 14:24:50 +0200 Message-ID: <86vboy1er1.fsf@arch.perpetuum.hr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP Cc: FreeBSD XEN X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2014 12:34:27 -0000 Roger Pau Monn=C3=A9 writes: > FreeBSD was able to deliver >30000iops in all cases, and the throughput > was around 1000MB/s for all test cases also. On the other hand, Linux > was only able to deliver around 10000iops, with a throughput of > ~400MB/s. This was tested using xen-unstable and a Linux v3.15 Dom0. > > Could you try to run this benchmark on both your FreeBSD and Linux > guests? Please make sure guests are set to use the same amount of > RAM/CPUs. Sorry for late reply.=20 I have installed today new beta version of Xenserver from 2014-09-05 XenServer release 6.4.96-88161c (xenenterprise) uname -a 3.10.0+2 #1 SMP Thu Sep 4 12:04:32 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux Didn't have time to learn fio program so I did simple test with copy-paste. Again on Debian 7.6.0 stable files have been copied=20 at 300MB/s speed while FreeBSD 10 release had 25MB/s.=20 I just did:=20 cp some-big-file file1-test and I measured the time from start to finish. Both hosts have the=20 same amount of RAM, DISK and CPUs. I also tested this on 3 different servers. HP ML330, HP DL160 and old Sun X2200. The results are the same.=20 --=20 Marko Lerota Sent from my GNU Emacs/Gnus Mailer From owner-freebsd-xen@FreeBSD.ORG Fri Sep 12 10:33:32 2014 Return-Path: Delivered-To: freebsd-xen@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 883DA4EA for ; Fri, 12 Sep 2014 10:33:32 +0000 (UTC) Received: from mail.claresco.hr (zid.claresco.hr [89.201.163.42]) by mx1.freebsd.org (Postfix) with ESMTP id 3D61DCC4 for ; Fri, 12 Sep 2014 10:33:30 +0000 (UTC) Received: from mail.claresco.hr (localhost [127.0.0.1]) by mail.claresco.hr (Postfix) with ESMTP id 636F52ADFBD for ; Fri, 12 Sep 2014 12:33:22 +0200 (CEST) Received: from arch.perpetuum.hr.claresco.hr (unknown [213.191.141.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.claresco.hr (Postfix) with ESMTPSA id 375A82ADFA9 for ; Fri, 12 Sep 2014 12:33:22 +0200 (CEST) From: Marko Lerota To: FreeBSD XEN Subject: Routing/NAT problem on Xenserver 6.2 with virtual firewall Organization: *BSD Users - Fanatics Dept. User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWgnbRLVpRNVY9jMRPh s21jSlEyNVX45Mv4zI+sbUclFAtMVpT8V0lFAAACZ0lEQVR4nG3Tv2vbQBQHcFMogWyeNeVK BLXGl5j6xnABOaNTuXFGmWpwtw519yj4soW6AatT4GKD3+aDZrl/rt/Tr9qlGiz7Pn7v3bsf HVc/NrIiSfElqH53GgijcCqzk/+AmBF5cN0DsFlIRGMh/oHuqxkTM6VlzB4EoZEs2aSZOASb EQJYZpweQshE697GTDndBXtgp9LIT9+OpDGHEfb9knk+nx+jfN1JCVZMCl6XwFm0a2EXztZD 3s4fj47ZbKI2VeBmJImeEfGLJ+M9sDPilX7IB5rN6sdfcGhuoHU+LC4nxfnI7YOJtdb95Gb+ fbgJ2uJ2ZgaA++f5ZzBqNCCYfMTd5q0BfBVNqm7I8gUjQ+YtXotRW6PH9AEj+dKs/KuNQAl5 o/NY+QkonW8aQAl0oXMYPvRiXIM4pRJifbXytnhTA8alBx/jefG2ar3DBlt34/PXz9M+nMVN iNaPUdCApJc2ItejOmLGoK1qQLV9pJmXBnL10DYoBA5aHNfj8ZNwZa5O4CzgTJeilKJmrQJs IHIt1/7/Sg2p3iq/Hz0/5W05rq4M9aN2B5FLohUP4ylVyfxhEIjAs8J4PhIJ9U+CEroogib5 BXAf7bB4vkfAzgPFt1tM9sJZAOH+lCexhwswuNtim4QTZdokqo4o89LkH7V6iFxICeqfp+Wh fmUuGPunLj2Meti6Cn4DjJ/UReROqR+aqawAi/JkfgKE64rrfkhjU8MtT8ivR4S5n6Yo08A7 HvgAlHDWRSGlNSDxwK9HtXy4FS2I60EdUIJM+Ut9OZNJG4CpbEQW1VBQoQoPuBw2EVa4P0u0 TgzQF+VoAAAAAElFTkSuQmCC Date: Fri, 12 Sep 2014 12:33:21 +0200 Message-ID: <86k359p1qm.fsf@arch.perpetuum.hr> MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2014 10:33:32 -0000 I have two physical Xenservers. Each one of them have two network cards and few virtual machines. On Xenserver1 I have a FreeBSD that acts as a router/firewall. The setup looks like this: Xenserver1 / ---- xn0 Wan Public IP / Virtual FreeBSD1 \ \ ---- xn1 LAN IP 10.0.0.1 Virtual Machines on xen1 --- xn1 LAN IP 10.0.0.4-10 Xenserver2 Virtual Machines on xen2 --- xn1 LAN IP 10.0.0.11-20 All virtual machines from xen2 server can easily go through FreeBSD1 firewall out to the internet and back. But those from xen1 can't. When I create second firewall FreeBSD2 on xen2 like this: Xenserver2 / ---- xn0 Wan Public IP / Virtual FreeBSD2 \ \ ---- xn1 LAN IP 10.0.0.2 Virtual Machines on xen2 --- xn1 LAN IP 10.0.0.11-20 and change default routes of virtual machines on xen1 and xen2 to 10.0.0.2 (FreeBSD2) then virual machines on xen2 can't go out but those from xen1 can. Can somebody help me in this situation? I don't know what's wrong. The firewall/NAT doesn't work if the virtual hosts are on the same machine where firewall is. The funny thing is that ICMP packets are passing through, but ordinary traffic does not. Do I have to change something on Xenserver dom0 or PF firewall? -- Marko Lerota Sent from my GNU Emacs/Gnus Mailer From owner-freebsd-xen@FreeBSD.ORG Fri Sep 12 10:45:35 2014 Return-Path: Delivered-To: freebsd-xen@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 604296A9 for ; Fri, 12 Sep 2014 10:45:35 +0000 (UTC) Received: from mail.tdx.com (mail.tdx.com [62.13.128.18]) by mx1.freebsd.org (Postfix) with ESMTP id 01F7EDAD for ; Fri, 12 Sep 2014 10:45:34 +0000 (UTC) Received: from Mail-PC.tdx.co.uk (storm.tdx.co.uk [62.13.130.251]) (authenticated bits=0) by mail.tdx.com (8.14.3/8.14.3/) with ESMTP id s8CAgjxZ065181 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Sep 2014 11:42:45 +0100 (BST) Date: Fri, 12 Sep 2014 11:42:45 +0100 From: Karl Pielorz To: Marko Lerota , FreeBSD XEN Subject: Re: Routing/NAT problem on Xenserver 6.2 with virtual firewall Message-ID: <9864A2A7BE97EB706ED0FC04@Mail-PC.tdx.co.uk> In-Reply-To: <86k359p1qm.fsf@arch.perpetuum.hr> References: <86k359p1qm.fsf@arch.perpetuum.hr> X-Mailer: Mulberry/4.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2014 10:45:35 -0000 --On 12 September 2014 12:33 +0200 Marko Lerota wrote: > Can somebody help me in this situation? I don't know what's wrong. > The firewall/NAT doesn't work if the virtual hosts are on the same > machine where firewall is. The funny thing is that ICMP packets are > passing through, but ordinary traffic does not. Do I have to change > something on Xenserver dom0 or PF firewall? This is a known bug - see: It's also an absolute PITA :( - It also affects DHCP (as I found out a while ago). You either have to run a separate pool for the 'router' VM's (and setup the VM's accordingly balanced between pools) - or you can run the router VM's in HVM mode only, and they will work (i.e. xn0 etc. become re0 etc.) - performance isn't brilliant in that mode, and also as it's HVM they're not 'agile' (so no xen motion migration, no moving storage while they're running). I'd love to look at this further - but I don't have enough knowledge about either Xen or how the 'netfront' code is handled, and have been unable to find anyone either interested enough to look - or with the time to look :-( You're more than welcome to add a '/me too' to the PR :) -Karl From owner-freebsd-xen@FreeBSD.ORG Fri Sep 12 12:50:27 2014 Return-Path: Delivered-To: freebsd-xen@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AC6EB133 for ; Fri, 12 Sep 2014 12:50:27 +0000 (UTC) Received: from mail.claresco.hr (zid.claresco.hr [89.201.163.42]) by mx1.freebsd.org (Postfix) with ESMTP id 5FDE9BA7 for ; Fri, 12 Sep 2014 12:50:26 +0000 (UTC) Received: from mail.claresco.hr (localhost [127.0.0.1]) by mail.claresco.hr (Postfix) with ESMTP id A196A2ADFCC for ; Fri, 12 Sep 2014 14:50:23 +0200 (CEST) Received: from arch.perpetuum.hr.claresco.hr (unknown [213.191.141.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.claresco.hr (Postfix) with ESMTPSA id 728792ADF95 for ; Fri, 12 Sep 2014 14:50:23 +0200 (CEST) From: Marko Lerota To: FreeBSD XEN Subject: Re: Routing/NAT problem on Xenserver 6.2 with virtual firewall In-Reply-To: <9864A2A7BE97EB706ED0FC04@Mail-PC.tdx.co.uk> (Karl Pielorz's message of "Fri, 12 Sep 2014 11:42:45 +0100") Organization: *BSD Users - Fanatics Dept. References: <86k359p1qm.fsf@arch.perpetuum.hr> <9864A2A7BE97EB706ED0FC04@Mail-PC.tdx.co.uk> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWgnbRLVpRNVY9jMRPh s21jSlEyNVX45Mv4zI+sbUclFAtMVpT8V0lFAAACZ0lEQVR4nG3Tv2vbQBQHcFMogWyeNeVK BLXGl5j6xnABOaNTuXFGmWpwtw519yj4soW6AatT4GKD3+aDZrl/rt/Tr9qlGiz7Pn7v3bsf HVc/NrIiSfElqH53GgijcCqzk/+AmBF5cN0DsFlIRGMh/oHuqxkTM6VlzB4EoZEs2aSZOASb EQJYZpweQshE697GTDndBXtgp9LIT9+OpDGHEfb9knk+nx+jfN1JCVZMCl6XwFm0a2EXztZD 3s4fj47ZbKI2VeBmJImeEfGLJ+M9sDPilX7IB5rN6sdfcGhuoHU+LC4nxfnI7YOJtdb95Gb+ fbgJ2uJ2ZgaA++f5ZzBqNCCYfMTd5q0BfBVNqm7I8gUjQ+YtXotRW6PH9AEj+dKs/KuNQAl5 o/NY+QkonW8aQAl0oXMYPvRiXIM4pRJifbXytnhTA8alBx/jefG2ar3DBlt34/PXz9M+nMVN iNaPUdCApJc2ItejOmLGoK1qQLV9pJmXBnL10DYoBA5aHNfj8ZNwZa5O4CzgTJeilKJmrQJs IHIt1/7/Sg2p3iq/Hz0/5W05rq4M9aN2B5FLohUP4ylVyfxhEIjAs8J4PhIJ9U+CEroogib5 BXAf7bB4vkfAzgPFt1tM9sJZAOH+lCexhwswuNtim4QTZdokqo4o89LkH7V6iFxICeqfp+Wh fmUuGPunLj2Meti6Cn4DjJ/UReROqR+aqawAi/JkfgKE64rrfkhjU8MtT8ivR4S5n6Yo08A7 HvgAlHDWRSGlNSDxwK9HtXy4FS2I60EdUIJM+Ut9OZNJG4CpbEQW1VBQoQoPuBw2EVa4P0u0 TgzQF+VoAAAAAElFTkSuQmCC Date: Fri, 12 Sep 2014 14:50:22 +0200 Message-ID: <86fvfxove9.fsf@arch.perpetuum.hr> MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2014 12:50:27 -0000 Karl Pielorz writes: > This is a known bug - see: > > > > It's also an absolute PITA :( - It also affects DHCP (as I found out a > while ago). > > I'd love to look at this further - but I don't have enough knowledge > about either Xen or how the 'netfront' code is handled, and have been > unable to find anyone either interested enough to look - or with the > time to look :-( > > You're more than welcome to add a '/me too' to the PR :) Thanks Karl. It may be something that is 'easy' to fix. ICMP traffic already goes through. So why not just add TCP/UDP in the code :-) It would be a shame that I have to use Iptables again. Any of the free DEVs are listening? I'm buying a beer :-). -- Marko Lerota Sent from my GNU Emacs/Gnus Mailer From owner-freebsd-xen@FreeBSD.ORG Fri Sep 12 13:47:56 2014 Return-Path: Delivered-To: freebsd-xen@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AFC98DEC for ; Fri, 12 Sep 2014 13:47:56 +0000 (UTC) Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 80A9B197 for ; Fri, 12 Sep 2014 13:47:56 +0000 (UTC) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by gateway2.nyi.internal (Postfix) with ESMTP id 617BA13EF for ; Fri, 12 Sep 2014 09:47:49 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute5.internal (MEProxy); Fri, 12 Sep 2014 09:47:49 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:subject:date:in-reply-to :references; s=smtpout; bh=c4+mm6SIJPifEmYy/mYiMKykdr4=; b=La/Ge sWh0eN4MDEmF7DLUwrrg+9NV65z6IbDbRgSJF+MR6DJWZBzT0FddE0UmDrXalOdF DXj19QDN68CdvNvKK6KpxCYv6CpV4W5R9g3N4rj+iLPNNOo65+hTjafWRnjwxZh0 0dJhawsUuFwLnaRPh49dz/PKvpaDdBVq9Efzfc= Received: by web3.nyi.internal (Postfix, from userid 99) id 1A38910CFCC; Fri, 12 Sep 2014 09:47:49 -0400 (EDT) Message-Id: <1410529669.1815882.166744545.1E24373F@webmail.messagingengine.com> X-Sasl-Enc: yhBYvr6oEpHneY493xcWR0MdIX8VcyKEibmtgR5GEjIF 1410529669 From: Mark Felder To: freebsd-xen@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-6c0f847e Subject: Re: Routing/NAT problem on Xenserver 6.2 with virtual firewall Date: Fri, 12 Sep 2014 08:47:49 -0500 In-Reply-To: <9864A2A7BE97EB706ED0FC04@Mail-PC.tdx.co.uk> References: <86k359p1qm.fsf@arch.perpetuum.hr> <9864A2A7BE97EB706ED0FC04@Mail-PC.tdx.co.uk> X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2014 13:47:56 -0000 On Fri, Sep 12, 2014, at 05:42, Karl Pielorz wrote: > > --On 12 September 2014 12:33 +0200 Marko Lerota > wrote: > > > Can somebody help me in this situation? I don't know what's wrong. > > The firewall/NAT doesn't work if the virtual hosts are on the same > > machine where firewall is. The funny thing is that ICMP packets are > > passing through, but ordinary traffic does not. Do I have to change > > something on Xenserver dom0 or PF firewall? > > This is a known bug - see: > > > > It's also an absolute PITA :( - It also affects DHCP (as I found out a > while ago). > > You either have to run a separate pool for the 'router' VM's (and setup > the > VM's accordingly balanced between pools) - or you can run the router VM's > in HVM mode only, and they will work (i.e. xn0 etc. become re0 etc.) - > performance isn't brilliant in that mode, and also as it's HVM they're > not > 'agile' (so no xen motion migration, no moving storage while they're > running). > I'm confident you could patch out the HVM xn0 but keep the rest of the HVM code so you have fast disk, etc, and you can run the xen tools which then allows you to use XM and XSM :-) I know Roger has given me a patch that does this while we were troubleshooting a performance issue. From owner-freebsd-xen@FreeBSD.ORG Fri Sep 12 15:02:09 2014 Return-Path: Delivered-To: freebsd-xen@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C685E63B; Fri, 12 Sep 2014 15:02:09 +0000 (UTC) Received: from mail.tdx.com (mail.tdx.com [62.13.128.18]) by mx1.freebsd.org (Postfix) with ESMTP id 6646BC18; Fri, 12 Sep 2014 15:02:08 +0000 (UTC) Received: from Mail-PC.tdx.co.uk (storm.tdx.co.uk [62.13.130.251]) (authenticated bits=0) by mail.tdx.com (8.14.3/8.14.3/) with ESMTP id s8CF27xG088877 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Sep 2014 16:02:07 +0100 (BST) Date: Fri, 12 Sep 2014 16:02:07 +0100 From: Karl Pielorz To: Mark Felder , freebsd-xen@freebsd.org Subject: Re: Routing/NAT problem on Xenserver 6.2 with virtual firewall Message-ID: In-Reply-To: <1410529669.1815882.166744545.1E24373F@webmail.messagingengine.com> References: <86k359p1qm.fsf@arch.perpetuum.hr> <9864A2A7BE97EB706ED0FC04@Mail-PC.tdx.co.uk> <1410529669.1815882.166744545.1E24373F@webmail.messagingengine.com> X-Mailer: Mulberry/4.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2014 15:02:09 -0000 --On 12 September 2014 08:47 -0500 Mark Felder wrote: > I'm confident you could patch out the HVM xn0 but keep the rest of the > HVM code so you have fast disk, etc, and you can run the xen tools which > then allows you to use XM and XSM :-) I know Roger has given me a patch > that does this while we were troubleshooting a performance issue. I did ask about that at the time - but it wasn't apparently viable (or easy? - it was a while back!)... It'd be a handy stopgap if it can be done. You suddenly realise how handy migration / motion is - when you can't have it! Our current solution is to have a separate 'HVM' only pool - where all the routing, vpn'ing, firewalling and dhcp FreeBSD VM's hang out. Even with just that workaround we could get rid of that pool, and get our agility back for those VM's... -Karl