Date: Thu, 15 Oct 2015 17:12:59 +0200 From: Andreas Pflug <pgadmin@pse-consulting.de> To: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= <roger.pau@citrix.com>, xen-users@lists.xen.org Cc: FreeBSD XEN <freebsd-xen@freebsd.org> Subject: Re: [Xen-users] forcing HVM to specific network model with PV-aware FreeBSD DomU Message-ID: <561FC27B.5070103@pse-consulting.de> In-Reply-To: <561FBAA4.50700@citrix.com> References: <561F8065.5000807@pse-consulting.de> <561FBAA4.50700@citrix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 15.10.15 um 16:39 schrieb Roger Pau Monné: > Hello, > > Adding the freebsd-xen mailing list since somebody might be able to > provide better advice than me regarding network stuff. > > El 15/10/15 a les 12.31, Andreas Pflug ha escrit: >> Hi! >> >> For quite a while, I've been running several pfSense firewall DomUs up >> to version 2.15 on Xen. Since the FreeBSD kernel 8.3 of pfSense wasn't >> xen-aware the model e1000 was used, and I had all networking features as >> expected though performance was degraded. >> >> When the new pfSense 2.2 was introduced, the kernel changed to FreeBSD >> 10.1 which now (finally!) includes a xen netfront driver, promising a >> vastly improved performance. Unfortunately, its implementation is quite >> sketchy: >> - offloading issues, which can be worked around by disabling tx >> offloading using a custom vif-script > Is this related to the long-standing pf+TSO issues? There's a recent > commit that should solve it: > > https://svnweb.freebsd.org/base?view=revision&revision=289316 > > There seems to be plans to issue an EN for that one, so you might be > able to get it by just using freebsd-update (or whatever pfSense uses) > without having to wait for a new stable release. Yes, this seems to be the issue. > >> - VLANs are not supported. Can be achieved with multiple bridges in >> Dom0, if 8 are enough. If you need more, you're out of luck. >> - ALTQ not supported. No known workaround, preventing any traffic shaping. > Sadly I'm not aware of anyone working on this two items. Any pickers? > >> On the FreeBSD side, it is said that the xn xen netfront driver can't be >> disabled at boot time, unless a custom kernel is built (certainly not >> desirable regarding security updates), so: >> >> How can I disable xen-netback drivers for a specific HVM? It should >> respect the "model=e1000" setting (or maybe virtio?). I'm running Xen >> 4.4 on Debian. > I've recently committed a patch to HEAD in order to disable PV nics or > disks on request: > > https://svnweb.freebsd.org/base?view=revision&revision=286999 > > I will backport it to stable-10 soon to make sure it's on the next > stable release (FreeBSD 10.3). Apart from that, there's not much we can > do now. Ah, while that won't fix the xn driver, it will give us back the en driver. Hopefully it will find its way into pfSense's kernel, I'll drop a note over there. Regards, Andreas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?561FC27B.5070103>