From owner-freebsd-xen@freebsd.org Thu Oct 15 15:13:10 2015 Return-Path: Delivered-To: freebsd-xen@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B0F72A15F80 for ; Thu, 15 Oct 2015 15:13:10 +0000 (UTC) (envelope-from pgadmin@pse-consulting.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 69D351786 for ; Thu, 15 Oct 2015 15:13:09 +0000 (UTC) (envelope-from pgadmin@pse-consulting.de) Received: from pse.homenet.org ([92.77.248.109]) by mrelayeu.kundenserver.de (mreue104) with ESMTPSA (Nemesis) id 0MTP9j-1aBBbm0rhf-00SR8X; Thu, 15 Oct 2015 17:13:01 +0200 Received: from [192.168.0.8] (helo=pse8.local) by pse.homenet.org with esmtp (Exim 4.84) (envelope-from ) id 1ZmkDE-0003Rv-0o; Thu, 15 Oct 2015 17:13:00 +0200 Subject: Re: [Xen-users] forcing HVM to specific network model with PV-aware FreeBSD DomU To: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= , xen-users@lists.xen.org References: <561F8065.5000807@pse-consulting.de> <561FBAA4.50700@citrix.com> Cc: FreeBSD XEN From: Andreas Pflug X-Enigmail-Draft-Status: N1110 Message-ID: <561FC27B.5070103@pse-consulting.de> Date: Thu, 15 Oct 2015 17:12:59 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <561FBAA4.50700@citrix.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:zTf1i8hYt6v6PkKejrHarePXsq8xevCJY4eR7VnYKCuAL5NY6OZ WmYLStoZagnmTf+KN8SH5qUPGeYeJ6XHzr7gACIUEICxhWeayqieIVSCbSuaqN+B6UgysHn FqVxd3poZo9FD++N/veQdIWkkR4GgmeXGUSNzyF1NNWLFcqGTCskXziq7CRYmnSRnJAVwNW S0kPd7LDp8dAPOGRhJh1g== X-UI-Out-Filterresults: notjunk:1;V01:K0:ODCr7PI/wl8=:JD4wToop6cL5fuPmhAHKyG Loycsu9XzYxAt5bZzi2UtvZRd79MSVJvj3zvs8onhlFHhRUWgciCKpnQ2sZZ23tFgwv11mWMH RRHD0/z8yHJmEiD6/TmCuMWZs6Z7eHuP5BPo7GC0fUQfzpuqZ1LjNG7mhJD1c5VcrxSttyeub tPpcVEts8xBR67iEMEKoPDOKvmktIiDfbI4nLolo2JYZzX7ySsDBo6PFGy5W+OVRqRucwZRvX lPnJarmQpbORPSpWWPkzPCfIWCEhoh5qTU+Epy2evOdm/SaorBd37pBlafTylozAepmzIO6g/ R+Rt8D7km+sHPHzV1jnlEELrMCGYU8pNuRENsrs7ZQtjKGVujhDug2K1WpwyLw4+YFlynkCr8 3zRE2XfuXm3e2MJ/cVDWvApPMCD+ZBamxu/lJZ7uwiD8zRqodwGn5cA384xwFB2u8D+vd99IZ ohAeF7lgfNQ5WlPsJt0sbg/P0C+E3xLEWciGt2ojuz33fWSb0u5YW2hne/f/AJnjDC/OFOfyN bI7u4vt7f9lnC4pTrHLgs+if6CQ8WjcWvQyHjMcY42zEpAR9PE2fhVnXh3KIwVkf5VEuU5aqj G2uNlnABK9NLCeVYa2R71GJUr0gmlUdNv1yFh6wBGyXBFSQckMWH3ZHQlng1+R3L+nuhsr3tc HhfM7yOSEqzaZcrn9xsCQCEupKoX3eOndnVsgQi/XsaKCDzN+EbJDtRgOkZP2j9+dPdXtuOml avJ51+wCfAH5bOVn X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2015 15:13:10 -0000 Am 15.10.15 um 16:39 schrieb Roger Pau Monné: > Hello, > > Adding the freebsd-xen mailing list since somebody might be able to > provide better advice than me regarding network stuff. > > El 15/10/15 a les 12.31, Andreas Pflug ha escrit: >> Hi! >> >> For quite a while, I've been running several pfSense firewall DomUs up >> to version 2.15 on Xen. Since the FreeBSD kernel 8.3 of pfSense wasn't >> xen-aware the model e1000 was used, and I had all networking features as >> expected though performance was degraded. >> >> When the new pfSense 2.2 was introduced, the kernel changed to FreeBSD >> 10.1 which now (finally!) includes a xen netfront driver, promising a >> vastly improved performance. Unfortunately, its implementation is quite >> sketchy: >> - offloading issues, which can be worked around by disabling tx >> offloading using a custom vif-script > Is this related to the long-standing pf+TSO issues? There's a recent > commit that should solve it: > > https://svnweb.freebsd.org/base?view=revision&revision=289316 > > There seems to be plans to issue an EN for that one, so you might be > able to get it by just using freebsd-update (or whatever pfSense uses) > without having to wait for a new stable release. Yes, this seems to be the issue. > >> - VLANs are not supported. Can be achieved with multiple bridges in >> Dom0, if 8 are enough. If you need more, you're out of luck. >> - ALTQ not supported. No known workaround, preventing any traffic shaping. > Sadly I'm not aware of anyone working on this two items. Any pickers? > >> On the FreeBSD side, it is said that the xn xen netfront driver can't be >> disabled at boot time, unless a custom kernel is built (certainly not >> desirable regarding security updates), so: >> >> How can I disable xen-netback drivers for a specific HVM? It should >> respect the "model=e1000" setting (or maybe virtio?). I'm running Xen >> 4.4 on Debian. > I've recently committed a patch to HEAD in order to disable PV nics or > disks on request: > > https://svnweb.freebsd.org/base?view=revision&revision=286999 > > I will backport it to stable-10 soon to make sure it's on the next > stable release (FreeBSD 10.3). Apart from that, there's not much we can > do now. Ah, while that won't fix the xn driver, it will give us back the en driver. Hopefully it will find its way into pfSense's kernel, I'll drop a note over there. Regards, Andreas